使用保存在数据库中的PHP代码
[英]Use PHP code that is saved in a database
问题描述
I have this code: 
我有以下代码:
<!DOCTYPE html>
<html>
<?php require_once('./module/mod_head.php'); ?>
<body>
<?php require_once('./core/imp/navbar.inc.php'); ?>
<div class="container" style="margin-bottom: 50px;">
<?php include('./module/mod_preview.php'); ?>
</div>
<div class="container-fluid">
<?php include_once('./module/mod_block_whoami.php') ?>
<div class="collapse" id="summaryId">
<?php include_once('./module/mod_block_summary.php'); ?>
</div>
</div>
<?php require_once('./core/imp/footer.inc.php'); ?>
</body>
</html>
Now this code is saved in a database. 现在,此代码已保存在数据库中。
The problem is I want that code to be used as it would be the only code in my index.php file. 问题是我希望使用该代码,因为它将是index.php文件中的唯一代码。
But as I said before it is saved in a database and to get that code I need to use php and then the code will be saved in an php variable and echoing that would be like: 但是正如我之前所说的那样,将其保存在数据库中并获取该代码,我需要使用php,然后将代码保存在一个php变量中,并进行类似的回显:
<?php echo "<html><?php echo "<morehtml>blablabla</morehtml>"; ?></html>"; ?>
I thought of creating a temporary file that gets overwritten whith the code and then included by the index.php file or whatever file needs to get code from the database. 我想到创建一个临时文件,该文件将被代码覆盖,然后包含在index.php文件或从数据库中获取代码的任何文件中。
However I don't know if that is a good idea or if there are any better ways to get php code from an MySQL database and using it. 但是我不知道这是一个好主意还是有更好的方法从MySQL数据库获取php代码并使用它。
2 个解决方案
解决方案1
1 2015-11-21 15:44:37
PHP offers the eval($string) function. PHP提供了eval($string)函数。 It runs the code in the string you pass it. 它在您传递的字符串中运行代码。 So, it would be a simple matter to read code from a MySQL database and run it. 因此,从MySQL数据库读取代码并运行它很简单。
But, is this a good idea? 但是,这是个好主意吗? Many people don't think so, because it makes it easy for a badguy to pwn your application. 许多人不这么认为,因为这使一个错误的人很容易将您的应用程序打包。
解决方案2
1 已采纳 2015-11-21 15:56:40
If you want to use php code from database, try eval (Evaluate a string as PHP code). 如果要使用数据库中的php代码,请尝试eval (将字符串评估为PHP代码)。
$sting // your variable with the data from the DB
<?=eval('?>' . $sting . '<?') ?>
But this is dangerous, from documentation: 但这很危险,从文档中可以看出:
"The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand." “ eval()语言构造非常危险,因为它允许执行任意PHP代码。因此,不鼓励使用它。如果您已经仔细验证了除了使用该构造之外没有其他选择,请特别注意不要传递任何用户在未事先正确验证的情况下向其中提供了数据。”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.