Is there much I need to know about storing mixed PHP/HTML text in a mysql database table, and then using eval() to execute it?
All I managed to find so far is that I should store it in a blob.
A TEXT or BLOB column will do. Only difference is BLOB is case sensitive.
Do I need to escape characters, or perform any other filtering/conversions before I store it in the database? Similarly, what steps would people recommend when pulling the data out, before executing it?
You're inserting a string, so you need to run addslashes on the data before you insert it in your query. You don't have to do anything after pulling it out, just stick it in eval().
Just be smart about all this and make sure you're really controlling what's being passed to eval(). If you're not careful and let user input go directly to eval(), you could be in for some trouble. :)
-- ---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
