Richard, THANK YOU!!! I agree -- this method provides many security vulnerabilities and I appreciate the warning. The database is definitely secure -- from web-surfers and others. Also, I intend to parse the information going into the database myself -- using a simple parse engine I will create -- before making it accessible to PHP later. :) I have designed a class-oriented language based on PHP, and these are the functions I want available to my clients. I will filter out all other commands that could be considered malicious. They will only have access to the functions and variables used in the class language I wrote when I am done. What do you think? Thankz again! Rob List: php-general Subject: Re: [PHP] PHP Parse MySQL Field??? From: "Richard Lynch" <[EMAIL PROTECTED]> Date: 2001-01-20 9:27:12 [Download message RAW] >I have a BLOB field in a MySQL database that I want >to parse into my page using PHP. >For instance, in this field might be the following: > ><? echo "test"; ?> > >So when I access this field in PHP I want it to display "test". > >Is this possible? Yeah. That's called "eval" (short for 'evaluate') Basically you can make PHP execute arbitrary chunks of more PHP code. NOTE: Letting web-surfers insert PHP code into your database to be evaluated later is really high on the Bad Idea list... Actually, doing this on a web-site where you're not pretty sure the database itself is pretty secure from not only surfers but also other potentially malicious co-users on the same box... It's just too easy for them to be able to put mean code in your database... http://php.net/eval I *think* it goes like this: <?php $php = 'echo "Hi";'; eval($php); ?> Never used it myself...
