[RESOLVED] PHP code inside mysql row - How to have it executed when pulled out?

curb

The data column has a php code inside:

hello, I'm <?=rand(12,28);?> years old.

I'm pulling the row and it outputs the exact data. How can I have it execute the php before outputting so it can look like:

hello, I'm 18 years old.

dagon

while it can be one its nearly always a bad idea to do that, have a look at template engines for some better options.

Res

As Dagon said it's a really really bad idea to do what you're asking. You should only do it when you have NO other options, and you can 100% trust your input (Only you use the server and its local host, even then I would find another way)

I'll point you in the direction of the manual with another reiteration of the warning, you will want to find a different way to do this.

http://www.phpbuilder.com/manual/function.eval.php

$str = "hello, I'm <? rand(12,28);?> years old.";
$str = str_replace('<?', '".', $str);
$str = str_replace('?>', '."', $str);
$str = str_replace(';', '', $str);
echo $str. "<br/>";
eval("\$str = \"$str\";");
echo $str. "<br/>";

The obvious concern here is that if you are accepting user input then evaluating what comes out, I can do some very evil things.

curb

Thank you guys for the heads up. This will only run by me and my localhost.