Posted by Ju Hui on 11/19/11 11:47

Erwin :
I am using a system which using templates design. all layout can
modify from templates, and all templates' html code was saved in mysql
db.
one templete is named headerNavigation. It will show 'Login' or
'Logout', I want to show login if the user doesn't login, and show
logout if the user logined.
I want to judge whether user logined or not by one session value. So I
want to insert php code in this template. normal user can't change my
template.
you said:
execute using explode("**PHP**",$myStr) and a little coding.
I just want to know how to execut php code in a string variable which
contain 'if' 'else' and other php scripts.

I did a test like below:

1 <?
2 $a="if (2>1) echo \"2>>>>1\";";
3 echo eval($a);
4 echo "\n";
5 ?>

the result is :2>>>>1

maybe it's what I need.

any vulnerability in it?

thanks you all.

• Next in forum: Re: Headers??
• Prev in forum: Re: Name of a variable in MySQL field
• Thread view: Re: how to run php code within string?

[Reply to this message]