0

Hi,

I am making a mini cms for managing my website and to increase my php skills so I wrote some code to give out the result of a query by using mysql_result(..,..,..); but when I tried to echo it out, the php code which is stored in my database doesn't get executed as usual. Is there anything to let the code run normally within an echo or use something like eval.

Please don't refer me to the php manual. I aplologize for this.

Here is my code which echoes it out.

<p align='left'>
	<font size='2' face='Verdana' color='gray' >
		<?php echo $mysql_result; ?>
	</font>
</p>

In case if you want the whole source code then feel free to ask me.

Thanks in advance,
Nahiyan

Edited by Nahiyan: n/a

7
Contributors
20
Replies
21
Views
6 Years
Discussion Span
Last Post by leakbali
0

Use print_r($mysql_result) to se what $mysql_result realy contains. Maybe it is an array.

0

I already tried print_r(); but it doesn't seem to work.

Okay... You should try out something like <?php echo 'text'; ?> around your echo to test if the problem is in your variable or in your setup.

If these echoes work you should paste more of your code here because then the $mysql_result is empty...

0

Okay... You should try out something like <?php echo 'text'; ?> around your echo to test if the problem is in your variable or in your setup.

If these echoes work you should paste more of your code here because then the $mysql_result is empty...

I tried your trick but unfortunately

<?php echo "<?php echo 'test'; ?>"; ?>

doesn't work.

0

I tried your trick but unfortunately

<?php echo "<?php echo 'test'; ?>"; ?>

doesn't work.

No no...

<?php echo 'test'; ?>
<?php print_r($mysql_result); ?>
<?php echo 'test'; ?>

What is the output?

0

I get an output:

"test Content test " if it's "Content" in the field I am using mysql_result to display of my database but if I put php code such as "<?php echo 'Test'; ?>" I get an output "test test"

Edited by Nahiyan: n/a

0

Hi,

I am making a mini cms for managing my website and to increase my php skills so I wrote some code to give out the result of a query by using mysql_result(..,..,..); but when I tried to echo it out, the php code which is stored in my database doesn't get executed as usual. Is there anything to let the code run normally within an echo or use something like eval.

Please don't refer me to the php manual. I aplologize for this.

Here is my code which echoes it out.

<p align='left'>
	<font size='2' face='Verdana' color='gray' >
		<?php echo $mysql_result; ?>
	</font>
</p>

In case if you want the whole source code then feel free to ask me.

Thanks in advance,
Nahiyan

Please give your query code, and what you store in $mysql_result

0

requesting full code post.
It appears as though that there is nothing in your $mysql_result variable.

0

So here is the full source code:
I have changed the code a bit and made a function called "getfield" to make everything look clean.

<?php
require 'connect.inc.php';

function getfield($field, $id){
	$query = "SELECT `$field` FROM `onwebed_pages` WHERE `id`='$id'";
	if ($mysql_query = mysql_query($query)){
		if (mysql_num_rows($mysql_query)==1){
			return mysql_result($mysql_query, 0, $field);
		}else{
			return false;
		}
	}else{
		die (mysql_error());
	}
}

if (isset($_GET['p']) && !empty($_GET['p'])){
	$p = $_GET['p'];
	$name = getfield('name', $p);
	$title = getfield('title', $p);
	$content = getfield('content', $p);
	?>

		<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
		<html><head><title><?php echo $title; ?></title>

		<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" />
		<link rel="stylesheet" href="styles.css" />
		</head>
		<body>
		<div id="conteneur">
		<div id="header"><?php echo $name; ?></div>
		<div id="haut">
		<ul class="menuhaut">
		<li><a href="">Home</a></li>
		</ul>
		</div>
		<div id="centre">
		<h1><?php echo $name; ?></h1>
		<?php print_r($content); ?>
		<br />
		<ul>
		</ul>
		<br />
		<ol>
		</ol>
		</div>
		<div id="pied"><span style="text-decoration: underline;">Copyright&nbsp;</span></div>
		</div>
		</body></html>
<?php
	echo "<p align='right'><a href='/cms/edit.php?p=$p'>Edit this page</a></p>";
	}else{
		die();
	}
?>
1

wow, that is a database killer, three calls hitting the same table (not recommended). It is also prone to mysql injection attack. For coding purposes I never run my queries on a web page I only handle data. I always run queries in class code that is separate from my main pages. I could build you a killer class and show you the way if you tell me all of the fields on your onwebed_pages table. also, can you clarify your issue, is there an error? you could put an or die() on your query call

mysql_query($query) or die(mysql_error());
// is there an error?  if you have no data it appears as though you have no connection, so are you even connecting to the db.  check your connection.inc code and put a or die() on your connection statement maybe there is an error there.
mysql_connect(host,user,pass) or die(mysql_error());
2

here ya go... check this out, the only thing you have to modify is the database connection code. you may want to use your 'connect.inc.php'; or just use the 'DEFINE' variables in the class: so here is a quick class that will handle the data for your page.

<?php
// begin generated class -->
/*
*
* -------------------------------------------------------
* CLASSNAME:        onwebed_pages
* GENERATION DATE:  05.08.2011
* CLASS FILE:       C:\wamp\www\PHP_LIB\sql_class_generator\generated_classes\onwebed_pages.class.php
* FOR MYSQL TABLE:  onwebed_pages
* FOR MYSQL DB:     test
* -------------------------------------------------------
* CODE GENERATED BY:
* MY PHP-MYSQL-CLASS GENERATOR
* from: >> www.voegeli.li >> 
* CLASS MODIFIED AND EXTENDED BY:
* dmd
* -------------------------------------------------------
*
*/
//include_once("resources/class.database.php");
// This is where I define by database for the entire class, you can use your database class, you just have to modify the connection
// code below when calling the database.
define(DB_HOST,'host');
define(DB_USER,'user');
define(DB_PASS,'pass');
define(DB_BASE,'onwebed_pages');	
 
// **********************
// CLASS DECLARATION
// **********************
// class : begin
class onwebed_pages { 
// **********************
// ATTRIBUTE DECLARATION
// **********************

	var $id;   // KEY ATTR. WITH AUTOINCREMENT
	var $name;   // (normal Attribute)
	var $title;   // (normal Attribute)
	var $content;   // (normal Attribute)

    //var $database; // Instance of class database
// **********************
// CONSTRUCTOR METHOD
// **********************
	
	/**
	* @author - 
	* @type	- public
	* @desc	- constructor
	* @param - onwebed_pages
	* @return - Instance of $class
	* @vers	- 1
	* @Mod - 
	**/
	function onwebed_pages() {
		// $this->database = new Database();
	}
// **********************
// GETTER METHODS
// **********************

	
	/**
	* @author - 
	* @type	- public
	* @desc	- get variable value
	* @param - get_id()
	* @return - variable
	* @vers	- 1
	* @Mod - 
	**/
	function get_id() {
		return $this->id;
	}
	
	/**
	* @author - 
	* @type	- public
	* @desc	- get variable value
	* @param - get_name()
	* @return - variable
	* @vers	- 1
	* @Mod - 
	**/
	function get_name() {
		return $this->name;
	}
	
	/**
	* @author - 
	* @type	- public
	* @desc	- get variable value
	* @param - get_title()
	* @return - variable
	* @vers	- 1
	* @Mod - 
	**/
	function get_title() {
		return $this->title;
	}
	
	/**
	* @author - 
	* @type	- public
	* @desc	- get variable value
	* @param - get_content()
	* @return - variable
	* @vers	- 1
	* @Mod - 
	**/
	function get_content() {
		return $this->content;
	}
	// **********************
	// SETTER METHODS
	// **********************
	
	/**
	* @author - 
	* @type	- public
	* @desc	- set variable value
	* @param - set_id($val)
	* @return - void
	* @vers	- 1
	* @Mod - 
	**/
	function set_id($val) {
		$this->id = $val;
	}
	
	/**
	* @author - 
	* @type	- public
	* @desc	- set variable value
	* @param - set_name($val)
	* @return - void
	* @vers	- 1
	* @Mod - 
	**/
	function set_name($val) {
		$this->name = $val;
	}
	
	/**
	* @author - 
	* @type	- public
	* @desc	- set variable value
	* @param - set_title($val)
	* @return - void
	* @vers	- 1
	* @Mod - 
	**/
	function set_title($val) {
		$this->title = $val;
	}
	
	/**
	* @author - 
	* @type	- public
	* @desc	- set variable value
	* @param - set_content($val)
	* @return - void
	* @vers	- 1
	* @Mod - 
	**/
	function set_content($val) {
		$this->content = $val;
	}
	// **********************
	// print_to_screen()
	// **********************
	function print_to_screen() { 
		echo "id = ". $this->id ." \n";
		echo "name = ". $this->name ." \n";
		echo "title = ". $this->title ." \n";
		echo "content = ". $this->content ." \n"; 
		echo "end p_t_s function \n "; 
	}
	
	
	// **********************
	// process a form $_POST()
	// **********************
	function process_form_post($_POST) { 
		$this;
		if (!empty($_POST['id'])) { 
			$this->set_id($_POST['id']);
		}
		if (!empty($_POST['name'])) { 
			$this->set_name($_POST['name']);
		}
		if (!empty($_POST['title'])) { 
			$this->set_title($_POST['title']);
		}
		if (!empty($_POST['content'])) { 
			$this->set_content($_POST['content']);
		} 
		//echo "end post function \n "; 
		// no do something with your data, like insert it.
		//$this->insert();
		return $this;
	}
	
	// **********************
	// INSERT
	// **********************
	
	/**
	* @author - 
	* @type	- public
	* @desc	- insert this object
	* @param - insert
	* @return - boolean
	* @vers	- 1
	* @Mod - 
	**/
	function insert() {
		$this->id = ""; // clear key for autoincrement
		$sql = "INSERT INTO onwebed_pages ( name,title,content ) VALUES ( '".$this->slashes($this->name)."','".$this->slashes($this->title)."','".$this->slashes($this->content)."' )";
		$dblink = null;
		try	{
			$dblink = mysql_connect(DB_HOST,DB_USER,DB_PASS);
			mysql_select_db(DB_BASE,$dblink);
		} catch(Exception $ex) {
			echo "Could not connect to " . DB_HOST . ":" . DB_BASE . "\n";
			echo "Error: " . $ex->message;
			exit;
		}
		
		$retid = mysql_query($sql,$dblink) or die(mysql_error());
		if (!$retid) { 
			echo( mysql_error()); 
		}		
		$this->id = mysql_insert_id($dblink);
		
		if(is_resource($dblink)) {		
			mysql_close($dblink);
		}		
		return $retid;
		
	}

	// **********************
	// UPDATE
	// **********************
	
	/**
	* @author - 
	* @type	- public
	* @desc	- update this object
	* @param - update($id)
	* @return - boolean
	* @vers	- 1
	* @Mod - 
	**/
	function update($id) {
		$sql = " UPDATE onwebed_pages SET  name = '$this->name',title = '$this->title',content = '$this->content' WHERE id = $id ";
		$dblink = null;
		try	{
			$dblink = mysql_connect(DB_HOST,DB_USER,DB_PASS);
			mysql_select_db(DB_BASE,$dblink);
		} catch(Exception $ex) {
			echo "Could not connect to " . DB_HOST . ":" . DB_BASE . "\n";
			echo "Error: " . $ex->message;
			exit;
		}
		
		$retid = mysql_query($sql,$dblink) or die(mysql_error());
		if (!$retid) { 
			echo( mysql_error()); 
		}		
		
		if(is_resource($dblink)) {		
			mysql_close($dblink);
		}				
		return $retid;

	}

	// **********************
	// SELECT METHOD / LOAD
	// **********************
	
	/**
	* @author - 
	* @type	- public
	* @desc	- load this object
	* @param - select_by_id($id)
	* @return - sets this object from "$id"
	* @vers	- 1
	* @Mod - 
	**/
	function select_by_id($id) {
		$dblink = null;
		try	{
			$dblink = mysql_connect(DB_HOST,DB_USER,DB_PASS);
			mysql_select_db(DB_BASE,$dblink);
		} catch(Exception $ex) {
			echo "Could not connect to " . DB_HOST . ":" . DB_BASE . "\n";
			echo "Error: " . $ex->message;
			exit;
		}
		$sql =  "SELECT * FROM onwebed_pages WHERE id = '".$this->slashes($id)."'";
		
		$retid = mysql_query($sql,$dblink) or die(mysql_error());
		if (!$retid) { 
			echo( mysql_error()); 
		}
		if ($row = mysql_fetch_array($retid)) {	

			$this->id = $row['id'];
			$this->name = $row['name'];
			$this->title = $row['title'];
			$this->content = $row['content'];
		}
		
		if(is_resource($dblink)) {		
			mysql_close($dblink);
		}
		return $this;
	}
	// **********************
	// DELETE
	// **********************
	
	/**
	* @author - 
	* @type	- public
	* @desc	- delete this object
	* @param - delete($id)
	* @return - boolean
	* @vers	- 1
	* @Mod - 
	**/
	function delete($id) {
		$dblink = null;
		try	{
			$dblink = mysql_connect(DB_HOST,DB_USER,DB_PASS);
			mysql_select_db(DB_BASE,$dblink);
		} catch(Exception $ex) {
			echo "Could not connect to " . DB_HOST . ":" . DB_BASE . "\n";
			echo "Error: " . $ex->message;
			exit;
		}
		$sql = "DELETE FROM onwebed_pages WHERE id = $id;";
		
		$retid = mysql_query($sql,$dblink) or die(mysql_error());
		if (!$retid) { 
			echo( mysql_error()); 
		}
		
		if(is_resource($dblink)) {		
			mysql_close($dblink);
		}
		return $retid;
	
	}

	/**
	* @author - 
	* @type	- public
	* @desc	- $str
	* @param - adding slashes if necessary
	* @return - db safe string
	* @vers	- 1
	* @Mod - 
	**/
	function slashes($str) {
		//if ((get_magic_quotes_gpc()) && (!empty($str))) {
		if (!empty($str)) {
			return addslashes($str);
		} else {
			return $str;
		}
	}
	/**************************************************************/
	/*          ADD YOUR CUSTOM FUNCTIONS BELOW			       */
	/**************************************************************/
// class : end
}
?>

and change your webpage to:

<?php
		// require 'connect.inc.php';  this can actually be moved inside of your class call, no reason to connect to db on a page.
	require 'onwebed_pages.class.php'
	if (isset($_GET['p']) && !empty($_GET['p'])){
		// you never know what people will type into a url, they might replace a 1 with the word xyz ... anything...
		$p = $_GET['p'];
	} else {
		// might as well default and show them a page instead of die() in your else below.
		$p = 1;
	}
	// just making sure...  reference possible bad number coming in the _GET
	if ($p >=1 ) {
		// initialize your class
	 	$init = new onwebed_pages();
		// get the data, 
		$page = $init->select_by_id($p);
		// your object is now held in the $page variable...
		?>
		
		<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
		<?php  //  now to get your data back reference the $page variable and data container from class ?>
		<html><head><title><?php echo $page->get_title(); ?></title>		
		<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" />
		<link rel="stylesheet" href="styles.css" />
		</head>
		<body>
		<div id="conteneur">
		<div id="header"><?php echo $page->get_name(); ?></div>
		<div id="haut">
		<ul class="menuhaut">
		<li><a href="">Home</a></li>
		</ul>
		</div>
		<div id="centre">
		<?php  //  now to get your data back reference the $page variable and data container from class ?>
		<h1><?php echo $page->get_name(); ?></h1>
		<?php print_r($page->get_content()); ?>
		<br />
		<ul>
		</ul>
		<br />
		<ol>
		</ol>
		</div>
		<div id="pied"><span style="text-decoration: underline;">Copyright&nbsp;</span></div>
		</div>
		</body></html>
		<?php
		echo "<p align='right'><a href='/cms/edit.php?p=$p'>Edit this page</a></p>";
	}else{
		die();
	}
	?>

Now back to your problem... what exactly is the error?

0

Actually I haven't still learned about classes as I am quite new to PHP.
Actually, about detecting p=aabc or something like that, I am not still done coding with it so I hope you will ignore that. I am making this CMS for educational purposes.

My problem is if there is a php code without delimiters in the database field `content`, print_r() displaying the code as a plain text instead of running it.
If I include php delimiters, nothing is displayed at all. How can I get to run the php code stored in the database?

Edited by Nahiyan: n/a

0

I have a file named 'core.inc.php', shall I use it to store all the functions to make replace mysql queries in my web pages? Is there any security issue if I don't use OOP?

0

I'm sure this is alreaedy solved and you haven't closed the thread yet but...

<?php printf($variable) ?> to print a variable... then just require_once the script that makes the $variable


For example


Index.php

<html>
<head>
<?php require_once 'my_script.php' ?>
<title><?php printf($title); ?>
</head>

my_script.php

<?php
$title = "My Blog";
?>

Here is a better example...


The Database

_____________________________
|   id   | username | pass  |
------------------------------
|    1   |    dog   | dogs  |
|    2   |  retard  |  moo  |
|    3   |   yoyo   | ruff  |
|    4   |   coder  | bryan |
|    5   |  rodger  |  timy |
-----------------------------

Now selecting a row and displaying the results

$result = mysql_query("SELECT * FROM table");

while($row = mysql_fetch_array($result))
  {
  echo $row['username'] . " " . $row['pass'];
  echo "<br />";
  }

That should work... lemme know if you need anything else :)

Edited by G&G Designing: n/a

0

You misunderstood my problem.

Suppose I have a variable: $code = "<?php echo "Test"; ?>";

and if am using the following code to run the php code stored in variable $code:

<?php
 printf($code);
?>

The code doesn't get executed. How can I get the code stored in the variable $code to get executed?

My problem is as simple as this.

Edited by Nahiyan: n/a

0

why would you do this? don't store code in a database. store code in a class and call functions to execute it. your problem is that you don't understand fundamental design techniques and that you should not try to store executable code in a database.

0

No, I need to store code in database cause I am making a cms for my managing my website.

What is wrong of storing code in database? If I store code in class then I have to connect to ftp and edit it manually. It takes 5 mins to connect to my ftp server and I don't wanna do that so I decided to store code for my page in database.

0

If I understood correct what you are doing try something like ...

ob_start();
echo $obContents;
$contents = ob_get_contents();
ob_end_clean();
echo $contents;

Where $obContents your table field that has php inside it … (maybe you will need to write first the content to a file and use include maybe not ... but I haven't tried without one )

Edited by jkon: n/a

0

I think problem is from $mysql_query, it is empty. don't use IF,

function getfield($field, $id){
$query = "SELECT `$field` FROM `onwebed_pages` WHERE `id`='$id'";
if (mysql_num_rows($mysql_query)==1){
return mysql_result($mysql_query, 0, $field);
}else{
return false;
}
}
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.