Preserved Topic: PHP include() in MySQL database (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=21169" title="Pages that link to Preserved Topic: PHP include() in MySQL database (Page 1 of 1)" rel="nofollow" >Preserved Topic: PHP include() in MySQL database <span class="small">(Page 1 of 1)</span>\$

marf Bipolar (III) Inmate From: Canada Insane since: Oct 2001	posted 02-24-2004 02:53 ok I have quite a peculiar problem. I have an SQL database table that contains <tables> and <a hrefs> {basically, part of an html page}. Now within this MySQL entry I also have an <? include('test.php'); ?>. All fine supposedly. Well in my index.php, when I call upon the MySQL, I use this code <?php echo $entry_from_mysql; ?> It prints the MySQL table perfectly, But it doesn't interpret the include, or any other <? ?> php. Could it be because im already in a php when im echoing it? Must I use print() instead of echo? Any help. I can give a code sample if you want.
bitdamaged Maniac (V) Mad Scientist From: 100101010011 <-- right about here Insane since: Mar 2000	posted 02-24-2004 03:04 Nope any code within the results will simply be used as a string. There's a couple of ways around this using things like eval with a preg_replace. However, generally I would look at another way of storing your data. Combining evaluated code with display data is a bad practice. .:[ Never resist a perfect moment ]:.
WarMage Maniac (V) Mad Scientist From: Rochester, New York, USA Insane since: May 2000	posted 02-24-2004 03:14 That is breaking the rules! It is simply not following the rules and should not be done for many many many reasons, most of them involving security, and stability. When you echo something or print something you are not executing the code, you are simply echoing the data through whatever pipe you are in for sending your output. You are not sending the data back through the parser. What you can do to get around this is to re-parse your output with a makeshift parser before you echo the data. This means that you have to go through your data and pick out the piece of code which you would like to be a part of your parsed output, pull the necessary data out, and then manually do the code. For example: code: $string = "database query result string" $include_string = ...some regular expresion to extract the include string from $string... include($include_string); I would not reccomend this though. This is not what databases are for. Databases store data, they should not be used to store code. Learn that now, it is really important. Even HTML you should set up your database so that you don't need HTML in your database. If you structure your markup correctly and use some appropriate server side code you should be able to bring you plain ASCII or binary data out of the database and format it correctly. This means you should spend some more time on the architecture side of things before you go jumping into the design end of things. After that, many rules are ment to be bent. This means that it is probably to put minor HTML formatting into your database. If you can output the data into your database, and each entry can stand on its own as a good source of information, then you are well and good. This means that it should be ok to put <p> </p> or <br/> or <em> </em> or <strong> </strong> tags into your database. But that is about as far as I would go. If you are putting your design elements into your database then your are doing something wrong. If you are putting an HTML table into your database, you are doing something really wrong. Take a second to think about how you are handling things. If you are putting server parsed code into your database, you better have a really good reason, and a plan to keep people from using the form to execute arbitrary code on your server machine. Think about this and get back to up. -Dan-
marf Bipolar (III) Inmate From: Canada Insane since: Oct 2001	posted 02-25-2004 02:32 Thanks for the responses. I actually figured out a way, the include(); was including some text from another file that was calling upon a javascript within the html page, so I just made a new function in teh javascript and replaced the include. IT was a quite simple fix after i thought about it. But I learned about htmlentities(); which I am going to integrate into the MySQL writer I have. PHP has so many useful tools . Thanks again for your responses
Tyberius Prime Paranoid (IV) Mad Scientist with Finglongers From: Germany Insane since: Sep 2001	posted 02-25-2004 11:34 I usually invoke html_entities(,ENT_QUOTES) on all data coming from a user site (ie. post, get, cookies) via a loop over the arrays. That way, I don't have to worry about storing them in the database, or in xml, or a html form ,or most about anywhere. Combined with a general print function, that takes care of unhtmlentities if neccessary, that works like a charme.

Preserved Topic: PHP include() in MySQL database (Page 1 of 1)\$

marf
Bipolar (III) Inmate

From: Canada
Insane since: Oct 2001

posted 02-24-2004 02:53

ok I have quite a peculiar problem.

I have an SQL database table that contains <tables> and <a hrefs> {basically, part of an html page}. Now within this MySQL entry I also have an <? include('test.php'); ?>. All fine supposedly. Well in my index.php, when I call upon the MySQL, I use this code <?php echo $entry_from_mysql; ?>
It prints the MySQL table perfectly, But it doesn't interpret the include, or any other <? ?> php. Could it be because im already in a php when im echoing it? Must I use print() instead of echo?

Any help. I can give a code sample if you want.

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted 02-24-2004 03:04

Nope any code within the results will simply be used as a string.

There's a couple of ways around this using things like eval with a preg_replace.

However, generally I would look at another way of storing your data. Combining evaluated code with display data is a bad practice.

.:[ Never resist a perfect moment ]:.

WarMage
Maniac (V) Mad Scientist

From: Rochester, New York, USA
Insane since: May 2000

posted 02-24-2004 03:14

That is breaking the rules!

It is simply not following the rules and should not be done for many many many reasons, most of them involving security, and stability.

When you echo something or print something you are not executing the code, you are simply echoing the data through whatever pipe you are in for sending your output. You are not sending the data back through the parser.

What you can do to get around this is to re-parse your output with a makeshift parser before you echo the data. This means that you have to go through your data and pick out the piece of code which you would like to be a part of your parsed output, pull the necessary data out, and then manually do the code.

For example:

code:

$string = "database query result string"

$include_string = ...some regular expresion to extract the include string from $string...

include($include_string);

I would not reccomend this though. This is not what databases are for. Databases store data, they should not be used to store code. Learn that now, it is really important. Even HTML you should set up your database so that you don't need HTML in your database. If you structure your markup correctly and use some appropriate server side code you should be able to bring you plain ASCII or binary data out of the database and format it correctly.

This means you should spend some more time on the architecture side of things before you go jumping into the design end of things.

After that, many rules are ment to be bent. This means that it is probably to put minor HTML formatting into your database. If you can output the data into your database, and each entry can stand on its own as a good source of information, then you are well and good. This means that it should be ok to put or or or tags into your database. But that is about as far as I would go. If you are putting your design elements into your database then your are doing something wrong. If you are putting an HTML table into your database, you are doing something really wrong. Take a second to think about how you are handling things. If you are putting server parsed code into your database, you better have a really good reason, and a plan to keep people from using the form to execute arbitrary code on your server machine.

Think about this and get back to up.

-Dan-

marf
Bipolar (III) Inmate

From: Canada
Insane since: Oct 2001

posted 02-25-2004 02:32

Thanks for the responses. I actually figured out a way, the include(); was including some text from another file that was calling upon a javascript within the html page, so I just made a new function in teh javascript and replaced the include. IT was a quite simple fix after i thought about it. But I learned about htmlentities(); which I am going to integrate into the MySQL writer I have. PHP has so many useful tools .

Thanks again for your responses

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted 02-25-2004 11:34

I usually invoke html_entities(,ENT_QUOTES) on all data coming from a user site (ie. post, get, cookies) via a loop over the arrays.
That way, I don't have to worry about storing them in the database, or in xml, or a html form ,or most about anywhere. Combined with a general print function, that takes care of unhtmlentities if neccessary, that works like a charme.