1

I've got 2 methods of storing pages. The first is simple; store it in a file. The second is to store it in the database which is I'm having issues with.
The whole "system" is based around an "engine" which outputs the page by injecting it into a HTML template. To put it simply: the code must be executed before it reaches the engine. Hopefully this will make a little more sense with some code.
page.class.php 

...
// Page was found in the database
            $this->name = $pageVariables['name'];
            $this->requiredAuth = $pageVariables['requiredAuth'];
            if ($parsed) {
                ob_start();
                echo $pageVariables['content'];
                $this->contents = ob_get_clean();
                var_dump($this->contents);
            } else {
                $this->contents = $pageVariables['content'];
            }
...
// File exists on the system, load it
                $fileContents = file_get_contents($this->url);
                if ($parsed) {
                    ob_start();
                    include($this->url);
                    $this->contents = ob_get_clean();
var_dump($this-contents);
                    if (isset($pageName)) {
                        $this->name = $pageName;
                    }
                    if (isset($requiredAuth)) {
                        $this->requiredAuth = $requiredAuth;
                    }
                    if (isset($useEngine)) {
                        $this->useEngine = $useEngine;
                    }
                } else {
                    $this->contents = $fileContents;
                }

The if ($parsed) {...} is there so the page can be fetched un-parsed for editing purposes.
Obviously that is a cut down version, but I hope that shows enough.
If I load a page with the code

Hello World<br>
<?php echo 'Hello World'; ?>

from the database the output I get is

Hello World<br>
<?php echo 'Hello World'; ?>

however, the same code stored in a file outputs

    Hello World
    Hello World

I have tried using eval(), but that will only evaluate PHP code, and fails when I include the HTML/PHP mixture.
Maybe there's a better way of going about this (storing it, executing etc), but this is the issue as I currently see it.

Joseph Duffy
  • 4,566
  • 9
  • 38
  • 68

2 Answers2

4

You could use PHP's eval to run code stored on a database.

$code = get_code_from_db();
eval($code); // will evaluate (run) code stored in $code variable

Careful though. eval is a function that needs to be treated carefully. It could be the source of bugs, security holes, you name it, if you don't think about the implications of the stored code.

Pablo Santa Cruz
  • 176,835
  • 32
  • 241
  • 292
  • I was hoping to not use `eval()` for the reasons you mentioned, but even so it does not work for me: `Parse error: syntax error, unexpected T_STRING in /var/www/cms/includes/page.class.php(71) : eval()'d code on line 1` – Joseph Duffy Sep 03 '12 at 16:52
  • It's not working because you probably have a SYNTAX ERROR stored on your database. You will need `eval` to run PHP code. You won't be able to do it otherwise. Unless you take a VEEEERY DIFFERENT approach. (i.e. using templates on the database and parsing/processing them on your PHP, not PHP directly) – Pablo Santa Cruz Sep 03 '12 at 16:54
  • Edit: It works if I add `?>` to the start, which isn't a big deal. The code I am using is the same in the database and the file: `Hello World
    `, but the using `eval()` only seems to work if the code is `echo 'Hello World';`. I guess I will have to look at any alternatives.     – Joseph Duffy Sep 03 '12 at 16:57
1

Be careful with eval, this is a good post on why.

A better solution would be to store the page templates in the database and then safely parse them in PHP.

Community
  • 1
  • 1
Andreas Bergström
  • 13,891
  • 5
  • 59
  • 53