-2

database has php value saved like that as string

<?php $s = 'my name is'; ?>

and what am trying to do is calling the value as php code and want when type echo $s; to print my name is but now it's given my empty value see the code below to get what i mean

<?php
  $b = '<?php $s = 'my name is';?>';
  echo $b; //empty value
?>
Mouner Mostafa
  • 132
  • 4
  • 18
  • 7
    Why are you echoing PHP code within PHP code? Why are you storing PHP code in your database? This is **extremely dangerous** and probably a super bad idea. – tadman Sep 23 '16 at 19:43
  • 1
    trying to create php online editor – Mouner Mostafa Sep 23 '16 at 19:43
  • 1
    You really don't want to go down that road. If you want to, write your code out to files and let PHP do the rest. Keep in mind if you can't secure everything about this system you're just begging for your site to get cracked wide open. This would be a dream for someone trying to deploy hostile code. – tadman Sep 23 '16 at 19:44
  • so there's no way to get it works as a value from database ? – Mouner Mostafa Sep 23 '16 at 19:47
  • Not without employing a bunch of super dangerous, highly risky things which I won't even discuss here because they're just asking for trouble. Make your editor work with files on disk, not in a database, and your PHP runtime will take care of the rest. – tadman Sep 23 '16 at 19:50
  • 1
    Just commenting here to give an emphasis to the "extremely dangerous" part on @tadman's first comment. Doing this, indeed, extremely dangerous! – Diego Bauleo Sep 23 '16 at 19:56
  • @MounerMostafa try look for `eval` function http://stackoverflow.com/questions/41406/how-do-i-execute-php-that-is-stored-in-a-mysql-database – Fabio Gonzaga Sep 23 '16 at 20:24
  • #fabio thank u it's work with me – Mouner Mostafa Sep 23 '16 at 20:29

2 Answers2

1

Sounds like you're talking about eval() - but I'd be wary of using it. If you do, be extremely careful.

"If eval() is the answer, you're almost certainly asking the wrong question." -Rasmus Lerdorf

You'd probably need to strip the <?php and ?> tags, and watch for double quotes surrounding variables you don't want to replace:

$s=0;
eval('$s = "my name is";');
echo $s;
lookdad
  • 98
  • 7
0

PHP is not recursively embeddable:

$b = '<?php $s = 'my name is';?>';

That's not PHP code in there. it's some text with the letters <, ?, p, etc...

And you ARE getting output. But you're viewing it in a browser, so the <?php ... ?> gets rendered as an unknown/illegal html tag and simply not displayed. If you'd bothered doing even the most basic of debugging, e.g. "view source", you'd have seen your PHP "code" there.

Marc B
  • 356,200
  • 43
  • 426
  • 500