0

Hi this is scorpionz:

I need to know how to insert PHP block in database using PHP, because i am generating random tables.
So i need that to insert:

Here is the query:

<?php

$sql_insert_revisions	=	'INSERT INTO node_revisions(nid,vid,uid,title,body,teaser,TIMESTAMP,FORMAT)
VALUES
('.$nid_ins.','.$vid_ins.','.$user_id.','.$ad_title_view.',
'"<?php  $block = module_invoke('block', 'block', 'VIEW', 66);  print $block['content'];?>"',
'"<?php  $block = module_invoke('block', 'block', 'VIEW', 66);  print $block['content']; ?>"',1248762134,3)';

?>

Any response will be highly aprreciated:

Regards
scorpionz

Edited by scorpionz: n/a

2
Contributors
2
Replies
7
Views
8 Years
Discussion Span
Last Post by scorpionz
0

Hi this is scorpionz:

I need to know how to insert PHP block in database using PHP, because i am generating random tables.
So i need that to insert:

Here is the query:

<?php

$sql_insert_revisions	=	'INSERT INTO node_revisions(nid,vid,uid,title,body,teaser,TIMESTAMP,FORMAT)
VALUES
('.$nid_ins.','.$vid_ins.','.$user_id.','.$ad_title_view.',
'"<?php  $block = module_invoke('block', 'block', 'VIEW', 66);  print $block['content'];?>"',
'"<?php  $block = module_invoke('block', 'block', 'VIEW', 66);  print $block['content']; ?>"',1248762134,3)';

?>

Any response will be highly aprreciated:

Regards
scorpionz

Save the PHP you want to insert in a variable. That way you can automatically escape it using mysql_real_escape_string() or similar.

Eg:

$content = "<?php  $block = module_invoke('block', 'block', 'VIEW', 66);  print $block['content'];?>";

$content = mysql_real_escape_string($content, $db_resource);

Note: Why are you saving PHP to the database? Usually you should save it to a file instead. That way you don't have to use eval() on it later, just an include() on the file.

If you save in DB, make sure you don't have any SQL injections. Otherwise you've create a remote code execution vulnerability.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.