Organizational Research By

Surprising Reserch Topic

how do i execute php that is stored in a mysql database

how do i execute php that is stored in a mysql database  using -'php,mysql'

I'm trying to write a page that calls PHP that's stored in a MySQL database. The page that is stored in the MySQL database contains PHP (and HTML) code which I want to run on page load.

How could I go about doing this?

asked Sep 14, 2015 by JonKkz
0 votes

Related Hot Questions

5 Answers

0 votes

You can use the eval command for this. I would recommend against this though, because there's a lot of pitfalls using this approach. Debugging is hard(er), it implies some security risks (bad content in the DB gets executed, uh oh).

See (blogpost by a random person) Eval is Evil for instance. Google for Eval is Evil, and you'll find a lot of examples why you should find another solution.

Addition: Another good article with some references to exploits is this blogpost. Refers to past vBulletin and phpMyAdmin exploits which were caused by improper Eval usage.

answered Sep 14, 2015 by LorBaber
0 votes

eval() function was covered in other responses here. I agree you should limit use of eval unless it is absolutely needed. Instead of having PHP code in db you could have just a class name that has method called, say, execute(). Whenever you need to run your custom PHP code just instantiate the class of name you just fetched from db and run ->execute() on it. It is much cleaner solution and gives you great field of flexibility and improves site security significantly.

answered Sep 14, 2015 by Larhonda28Kx
0 votes


$x // your variable with the data from the DB

Let me know, works great for me in MANY applications, can't help but notice that everyone is quick to say how bad it is, but slow to actually help out with a straight answer...

answered Sep 14, 2015 by Gxjxgsae
0 votes

Have you considered using your Source Control system to store different forks for the various installations (and the modules that differ among them)? That would be one of several best practices for application configuration I can think of. Yours is not an unusual requirement, so it's a problem that's been solved by others in the past; and storing code in a database is one I think you'd have a hard time finding reference to, or being advised as a best practice.

Good thing you posted the clarification. You've probably unintentionally posed an answer in search of a suitable question.

answered Sep 14, 2015 by Bobby9724csr
0 votes

How I did this is to have a field in the database that identified something unique about the block of code needing to be executed. That one word is in the file name of that code. I put the strings together to point to the php file to be included. example:

$lookFor = $row['page'];

include("resources/" . $lookFor . "Codebase.php");

In this way even if a hacker could access you DB he couldn't put malicious code straight in there to be executed. He could perhaps change the reference word, but unless he could actually put a file directly onto the server it would do him no good. If he could put files directly onto the server, you're sunk then anyway if he really wants to be nasty. Just my two cents worth.

And yes, there are reasons you would want to execute stored code, but there are cons.

answered Sep 14, 2015 by GeorgeAnnisr