Menu
▾
▴
chiphpug-discuss
|
From: Andy C. <bng...@gm...> - 2009-07-22 15:52:30
|
Here's the situation. I'm designing a database based page generation system for my website. That is, HTML and possibly PHP code is stored in a MySQL table as raw text. A query will pull the text out of the table and render it as HTML and PHP. It renders the HTML, but it won't render the PHP Code (it appears in my source code when I "view source" in my browser). I have tried the "eval()" command, but that doesn't seem to work. Any thoughts? Thanks much, Andy Carlson Carlson Technology --------------------------------------------------- "Man's conquest of Nature turns out, in the moment of its consummation, to be Nature's conquest of Man." -- C.S. Lewis --------------------------------------------------- "The ubiquity of the Internet is more important than the technology of the Internet" -- Jeff Bezos |
|
From: junkmail <jun...@2z...> - 2009-07-22 16:03:36
|
Have you tried wrapping the code with htmlentities($codeVar). If I had to guess I would say the <?php tags are being parsed by the browser and hiding the contents Andy Carlson wrote: > Here's the situation. I'm designing a database based page generation system > for my website. That is, HTML and possibly PHP code is stored in a MySQL > table as raw text. A query will pull the text out of the table and render > it as HTML and PHP. It renders the HTML, but it won't render the PHP Code > (it appears in my source code when I "view source" in my browser). > > I have tried the "eval()" command, but that doesn't seem to work. Any > thoughts? Thanks much, > > Andy Carlson > Carlson Technology > --------------------------------------------------- > "Man's conquest of Nature turns out, in the moment of its consummation, to > be Nature's conquest of Man." -- C.S. Lewis > --------------------------------------------------- > "The ubiquity of the Internet is more important than the technology of the > Internet" -- Jeff Bezos > ------------------------------------------------------------------------------ > _______________________________________________ > chiPHPug-discuss mailing list > chi...@li... > https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss > > |
|
From: Trevor O. <tr...@gm...> - 2009-07-22 16:15:43
|
I think he wants the php to be parsed server-side, not displayed client-side 2009/7/22 junkmail <jun...@2z...> > Have you tried wrapping the code with htmlentities($codeVar). > > If I had to guess I would say the <?php tags are being parsed by the > browser and hiding the contents > > > Andy Carlson wrote: > > Here's the situation. I'm designing a database based page generation > system > > for my website. That is, HTML and possibly PHP code is stored in a MySQL > > table as raw text. A query will pull the text out of the table and > render > > it as HTML and PHP. It renders the HTML, but it won't render the PHP > Code > > (it appears in my source code when I "view source" in my browser). > > > > I have tried the "eval()" command, but that doesn't seem to work. Any > > thoughts? Thanks much, > > > > Andy Carlson > > Carlson Technology > > --------------------------------------------------- > > "Man's conquest of Nature turns out, in the moment of its consummation, > to > > be Nature's conquest of Man." -- C.S. Lewis > > --------------------------------------------------- > > "The ubiquity of the Internet is more important than the technology of > the > > Internet" -- Jeff Bezos > > > ------------------------------------------------------------------------------ > > _______________________________________________ > > chiPHPug-discuss mailing list > > chi...@li... > > https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss > > > > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > chiPHPug-discuss mailing list > chi...@li... > https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss > -- -Trevor Oldak |
|
From: Andy C. <bng...@gm...> - 2009-07-22 16:32:35
|
That appears to only work with HTML ASCII characters. like converting < to < Thanks, Andy Carlson Carlson Technology --------------------------------------------------- "Man's conquest of Nature turns out, in the moment of its consummation, to be Nature's conquest of Man." -- C.S. Lewis --------------------------------------------------- "The ubiquity of the Internet is more important than the technology of the Internet" -- Jeff Bezos On Wed, Jul 22, 2009 at 10:59 AM, junkmail <jun...@2z...> wrote: > Have you tried wrapping the code with htmlentities($codeVar). > > If I had to guess I would say the <?php tags are being parsed by the > browser and hiding the contents > > > Andy Carlson wrote: > > Here's the situation. I'm designing a database based page generation > system > > for my website. That is, HTML and possibly PHP code is stored in a MySQL > > table as raw text. A query will pull the text out of the table and > render > > it as HTML and PHP. It renders the HTML, but it won't render the PHP > Code > > (it appears in my source code when I "view source" in my browser). > > > > I have tried the "eval()" command, but that doesn't seem to work. Any > > thoughts? Thanks much, > > > > Andy Carlson > > Carlson Technology > > --------------------------------------------------- > > "Man's conquest of Nature turns out, in the moment of its consummation, > to > > be Nature's conquest of Man." -- C.S. Lewis > > --------------------------------------------------- > > "The ubiquity of the Internet is more important than the technology of > the > > Internet" -- Jeff Bezos > > > ------------------------------------------------------------------------------ > > _______________________________________________ > > chiPHPug-discuss mailing list > > chi...@li... > > https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss > > > > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > chiPHPug-discuss mailing list > chi...@li... > https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss > |
|
From: Trevor O. <tr...@gm...> - 2009-07-22 16:04:46
|
Only method I came up to do it on my blog was sort of a hack. I run a
regular expression on the text to pick up the contents of all php tags
(assuming php tags start with <?php and end with ?>. No other php tags),
then I run this function on it:
function evaluate_php($php){
ob_start();
eval($php);
$output = ob_get_contents();
ob_end_clean();
return $output;
}
One thing to note with this is that it is potentially VERY insecure. If
anyone else can add or change content, they can basically take over your
server, so be careful with forms, and don't run comments through the same
function.
2009/7/22 Andy Carlson <bng...@gm...>
> Here's the situation. I'm designing a database based page generation
> system
> for my website. That is, HTML and possibly PHP code is stored in a MySQL
> table as raw text. A query will pull the text out of the table and render
> it as HTML and PHP. It renders the HTML, but it won't render the PHP Code
> (it appears in my source code when I "view source" in my browser).
>
> I have tried the "eval()" command, but that doesn't seem to work. Any
> thoughts? Thanks much,
>
> Andy Carlson
> Carlson Technology
> ---------------------------------------------------
> "Man's conquest of Nature turns out, in the moment of its consummation, to
> be Nature's conquest of Man." -- C.S. Lewis
> ---------------------------------------------------
> "The ubiquity of the Internet is more important than the technology of the
> Internet" -- Jeff Bezos
>
> ------------------------------------------------------------------------------
> _______________________________________________
> chiPHPug-discuss mailing list
> chi...@li...
> https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss
>
--
-Trevor Oldak
|
|
From: Andy C. <bng...@gm...> - 2009-07-22 16:38:50
|
That doesn't appear to work (for me anyway).
would you just echo the returned value of the function?
Andy Carlson
Carlson Technology
(815) 875-2824
41° 22' 35" N 89° 28' 10" W
---------------------------------------------------
"Man's conquest of Nature turns out, in the moment of its consummation, to
be Nature's conquest of Man." -- C.S. Lewis
---------------------------------------------------
"The ubiquity of the Internet is more important than the technology of the
Internet" -- Jeff Bezos
On Wed, Jul 22, 2009 at 11:04 AM, Trevor Oldak <tr...@gm...> wrote:
> Only method I came up to do it on my blog was sort of a hack. I run a
> regular expression on the text to pick up the contents of all php tags
> (assuming php tags start with <?php and end with ?>. No other php tags),
> then I run this function on it:
>
> function evaluate_php($php){
> ob_start();
> eval($php);
> $output = ob_get_contents();
> ob_end_clean();
> return $output;
> }
>
> One thing to note with this is that it is potentially VERY insecure. If
> anyone else can add or change content, they can basically take over your
> server, so be careful with forms, and don't run comments through the same
> function.
>
>
>
> 2009/7/22 Andy Carlson <bng...@gm...>
>
> > Here's the situation. I'm designing a database based page generation
> > system
> > for my website. That is, HTML and possibly PHP code is stored in a MySQL
> > table as raw text. A query will pull the text out of the table and
> render
> > it as HTML and PHP. It renders the HTML, but it won't render the PHP
> Code
> > (it appears in my source code when I "view source" in my browser).
> >
> > I have tried the "eval()" command, but that doesn't seem to work. Any
> > thoughts? Thanks much,
> >
> > Andy Carlson
> > Carlson Technology
> > ---------------------------------------------------
> > "Man's conquest of Nature turns out, in the moment of its consummation,
> to
> > be Nature's conquest of Man." -- C.S. Lewis
> > ---------------------------------------------------
> > "The ubiquity of the Internet is more important than the technology of
> the
> > Internet" -- Jeff Bezos
> >
> >
> ------------------------------------------------------------------------------
> > _______________________________________________
> > chiPHPug-discuss mailing list
> > chi...@li...
> > https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss
> >
>
>
>
> --
> -Trevor Oldak
>
> ------------------------------------------------------------------------------
> _______________________________________________
> chiPHPug-discuss mailing list
> chi...@li...
> https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss
>
|
|
From: Trevor O. <tr...@gm...> - 2009-07-22 16:44:58
|
I use preg_replace_callback with evaluate_php as the function to replace the
PHP code within the text.
I modified evalutate_php a little bit to be a little more straightforward. I
removed the first line: $php = $php[1];
2009/7/22 Andy Carlson <bng...@gm...>
> That doesn't appear to work (for me anyway).
>
> would you just echo the returned value of the function?
>
> Andy Carlson
> Carlson Technology
> (815) 875-2824
> 41° 22' 35" N 89° 28' 10" W
> ---------------------------------------------------
> "Man's conquest of Nature turns out, in the moment of its consummation, to
> be Nature's conquest of Man." -- C.S. Lewis
> ---------------------------------------------------
> "The ubiquity of the Internet is more important than the technology of the
> Internet" -- Jeff Bezos
>
>
> On Wed, Jul 22, 2009 at 11:04 AM, Trevor Oldak <tr...@gm...> wrote:
>
> > Only method I came up to do it on my blog was sort of a hack. I run a
> > regular expression on the text to pick up the contents of all php tags
> > (assuming php tags start with <?php and end with ?>. No other php tags),
> > then I run this function on it:
> >
> > function evaluate_php($php){
> > ob_start();
> > eval($php);
> > $output = ob_get_contents();
> > ob_end_clean();
> > return $output;
> > }
> >
> > One thing to note with this is that it is potentially VERY insecure. If
> > anyone else can add or change content, they can basically take over your
> > server, so be careful with forms, and don't run comments through the same
> > function.
> >
> >
> >
> > 2009/7/22 Andy Carlson <bng...@gm...>
> >
> > > Here's the situation. I'm designing a database based page generation
> > > system
> > > for my website. That is, HTML and possibly PHP code is stored in a
> MySQL
> > > table as raw text. A query will pull the text out of the table and
> > render
> > > it as HTML and PHP. It renders the HTML, but it won't render the PHP
> > Code
> > > (it appears in my source code when I "view source" in my browser).
> > >
> > > I have tried the "eval()" command, but that doesn't seem to work. Any
> > > thoughts? Thanks much,
> > >
> > > Andy Carlson
> > > Carlson Technology
> > > ---------------------------------------------------
> > > "Man's conquest of Nature turns out, in the moment of its consummation,
> > to
> > > be Nature's conquest of Man." -- C.S. Lewis
> > > ---------------------------------------------------
> > > "The ubiquity of the Internet is more important than the technology of
> > the
> > > Internet" -- Jeff Bezos
> > >
> > >
> >
> ------------------------------------------------------------------------------
> > > _______________________________________________
> > > chiPHPug-discuss mailing list
> > > chi...@li...
> > > https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss
> > >
> >
> >
> >
> > --
> > -Trevor Oldak
> >
> >
> ------------------------------------------------------------------------------
> > _______________________________________________
> > chiPHPug-discuss mailing list
> > chi...@li...
> > https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss
> >
>
> ------------------------------------------------------------------------------
> _______________________________________________
> chiPHPug-discuss mailing list
> chi...@li...
> https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss
>
--
-Trevor Oldak
|
|
From: matt d. <mm_...@ya...> - 2009-07-22 16:53:21
|
Perhaps if you sent the actual code...
________________________________
From: Andy Carlson <bng...@gm...>
To: Chicago PHP User Group <chi...@li...>
Sent: Wednesday, July 22, 2009 11:38:27 AM
Subject: Re: [chiPHPug-discuss] PHP Code in a string
That doesn't appear to work (for me anyway).
would you just echo the returned value of the function?
Andy Carlson
Carlson Technology
(815) 875-2824
41° 22' 35" N 89° 28' 10" W
---------------------------------------------------
"Man's conquest of Nature turns out, in the moment of its consummation, to
be Nature's conquest of Man." -- C.S. Lewis
---------------------------------------------------
"The ubiquity of the Internet is more important than the technology of the
Internet" -- Jeff Bezos
On Wed, Jul 22, 2009 at 11:04 AM, Trevor Oldak <tr...@gm...> wrote:
> Only method I came up to do it on my blog was sort of a hack. I run a
> regular expression on the text to pick up the contents of all php tags
> (assuming php tags start with <?php and end with ?>. No other php tags),
> then I run this function on it:
>
> function evaluate_php($php){
> ob_start();
> eval($php);
> $output = ob_get_contents();
> ob_end_clean();
> return $output;
> }
>
> One thing to note with this is that it is potentially VERY insecure. If
> anyone else can add or change content, they can basically take over your
> server, so be careful with forms, and don't run comments through the same
> function.
>
>
>
> 2009/7/22 Andy Carlson <bng...@gm...>
>
> > Here's the situation. I'm designing a database based page generation
> > system
> > for my website. That is, HTML and possibly PHP code is stored in a MySQL
> > table as raw text. A query will pull the text out of the table and
> render
> > it as HTML and PHP. It renders the HTML, but it won't render the PHP
> Code
> > (it appears in my source code when I "view source" in my browser).
> >
> > I have tried the "eval()" command, but that doesn't seem to work. Any
> > thoughts? Thanks much,
> >
> > Andy Carlson
> > Carlson Technology
> > ---------------------------------------------------
> > "Man's conquest of Nature turns out, in the moment of its consummation,
> to
> > be Nature's conquest of Man." -- C.S. Lewis
> > ---------------------------------------------------
> > "The ubiquity of the Internet is more important than the technology of
> the
> > Internet" -- Jeff Bezos
> >
> >
> ------------------------------------------------------------------------------
> > _______________________________________________
> > chiPHPug-discuss mailing list
> > chi...@li...
> > https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss
> >
>
>
>
> --
> -Trevor Oldak
>
> ------------------------------------------------------------------------------
> _______________________________________________
> chiPHPug-discuss mailing list
> chi...@li...
> https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss
>
------------------------------------------------------------------------------
_______________________________________________
chiPHPug-discuss mailing list
chi...@li...
https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss
|
|
From: matt d. <mm_...@ya...> - 2009-07-22 16:47:48
|
How are you using eval? echo eval($code)? I would say code in a database is never a great idea unless you enjoy mysteries. ________________________________ From: Andy Carlson <bng...@gm...> To: Chicago PHP User Group <chi...@li...> Sent: Wednesday, July 22, 2009 10:52:03 AM Subject: [chiPHPug-discuss] PHP Code in a string Here's the situation. I'm designing a database based page generation system for my website. That is, HTML and possibly PHP code is stored in a MySQL table as raw text. A query will pull the text out of the table and render it as HTML and PHP. It renders the HTML, but it won't render the PHP Code (it appears in my source code when I "view source" in my browser). I have tried the "eval()" command, but that doesn't seem to work. Any thoughts? Thanks much, Andy Carlson Carlson Technology --------------------------------------------------- "Man's conquest of Nature turns out, in the moment of its consummation, to be Nature's conquest of Man." -- C.S. Lewis --------------------------------------------------- "The ubiquity of the Internet is more important than the technology of the Internet" -- Jeff Bezos ------------------------------------------------------------------------------ _______________________________________________ chiPHPug-discuss mailing list chi...@li... https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss |
|
From: Jason R. <ja...@ho...> - 2009-07-22 16:56:26
|
first let me say this is very bad and you are going to have to be EXTREMELY security focussed with that setup. but here is a slow, painful hack that will be easy to implement: 1) fetch html/php string from DB (is it stored with slashes, escape entities, etc?). 2) write string to tempfile 3) call include on tempfile slow and ugly but easy to implement Andy Carlson wrote: > Here's the situation. I'm designing a database based page generation system > for my website. That is, HTML and possibly PHP code is stored in a MySQL > table as raw text. A query will pull the text out of the table and render > it as HTML and PHP. It renders the HTML, but it won't render the PHP Code > (it appears in my source code when I "view source" in my browser). > > I have tried the "eval()" command, but that doesn't seem to work. Any > thoughts? Thanks much, > > Andy Carlson > Carlson Technology > --------------------------------------------------- > "Man's conquest of Nature turns out, in the moment of its consummation, to > be Nature's conquest of Man." -- C.S. Lewis > --------------------------------------------------- > "The ubiquity of the Internet is more important than the technology of the > Internet" -- Jeff Bezos > ------------------------------------------------------------------------------ > _______________________________________________ > chiPHPug-discuss mailing list > chi...@li... > https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss |
|
From: Arlo L. <ar...@ar...> - 2009-07-22 16:57:31
|
Hi Andy,
> Here's the situation. I'm designing a database based page generation system
> for my website. That is, HTML and possibly PHP code is stored in a MySQL
> table as raw text. A query will pull the text out of the table and render
> it as HTML and PHP. It renders the HTML, but it won't render the PHP Code
> (it appears in my source code when I "view source" in my browser).
>
> I have tried the "eval()" command, but that doesn't seem to work. Any
> thoughts? Thanks much,
Does this work?
eval("?".">".$content);
I have a web templating system similar to what you described and that's how
I do it there.
Cheers,
-Arlo
_______________________________
Arlo Leach
773.769.6106
http://arlomedia.com
|
|
From: Jason R. <ja...@ho...> - 2009-07-22 17:05:37
|
are my emails not getting through to list? |
|
From: junkmail <jun...@2z...> - 2009-07-22 18:01:26
|
You're good. Jason Rexilius wrote: > are my emails not getting through to list? > > ------------------------------------------------------------------------------ > _______________________________________________ > chiPHPug-discuss mailing list > chi...@li... > https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss > > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X