How to Execute PHP That Is Stored in a MySQL Database

How do I execute PHP that is stored in a MySQL database?

You can use the eval command for this. I would recommend against this though, because there's a lot of pitfalls using this approach. Debugging is hard(er), it implies some security risks (bad content in the DB gets executed, uh oh).

See When is eval evil in php? for instance. Google for Eval is Evil, and you'll find a lot of examples why you should find another solution.

Addition: Another good article with some references to exploits is this blogpost. Refers to past vBulletin and phpMyAdmin exploits which were caused by improper Eval usage.

Execute PHP code stored in a database

You could use PHP's eval to run code stored on a database.

$code = get_code_from_db();
eval($code); // will evaluate (run) code stored in $code variable

Careful though. eval is a function that needs to be treated carefully. It could be the source of bugs, security holes, you name it, if you don't think about the implications of the stored code.

Run PHP code stored in a database

Sounds like you're talking about eval() - but I'd be wary of using it. If you do, be extremely careful.

"If eval() is the answer, you're almost certainly asking the wrong question." -Rasmus Lerdorf

You'd probably need to strip the <?php and ?> tags, and watch for double quotes surrounding variables you don't want to replace:

$s=0;
eval('$s = "my name is";');
echo $s;

How to execute a PHP function which is stored in MySQL database

You could use eval() like this:

$result = mysqli_query($connection, "SELECT * FROM `modules` WHERE uid=2 LIMIT 0, 30");
$row = mysqli_fetch_assoc($result);
$function = $row['source'];

eval('?>' . $function . '<?php');

I strongly disadvise you to store your functions in a database though, since it brings in a huge security risk. Instead, you could do it like this:

uid | moduleName  | source             | responsiveCode | active 
---------------------------------------------------------------- 
2   | Testimonial | this is a function | 12             | 0

$result = mysqli_query($connection, "SELECT * FROM `modules` WHERE uid=2 LIMIT 0, 30");
$row = mysqli_fetch_assoc($result);
echo $row['source'] . getUrl(); //will still print the same

Is there any way I can execute a PHP script from MySQL?

It's possible, See the MySQL FAQ for an explanation of how

Can triggers call an external application through a UDF?

But it's likely to be bad design on your part if you have to resort to this

Run PHP code from Database Query result

You can execute it in two ways:

  1. use the eval('here comes the text you get from db') function.
  2. you can write the text to a file and then call the file.

Store PHP code on MySQL and get it to run


$str = '<?php echo "string"; ?>'; // Your DB content

eval("?> $str <?php ");

Related Topics

Workaround For Basic Syntax Not Being Parsed

What Are the Differences Between Composer Update and Composer Install

PHP Short Hash Like Url-Shortening Websites

Merging Arrays With the Same Keys

Preserve Key Order (Stable Sort) When Sorting With PHP'S Uasort

Fatal Error: Cannot Use Object of Type MySQLi_Result

Verify Receipt For in App Purchase

How to Use PHPexcel to Read Data and Insert into Database

How to Set the Default Value of a Timestamp Column to the Current Timestamp With Laravel Migrations

Codeigniter: "The Filetype You Are Attempting to Upload Is Not Allowed."

PHP Is Confused When Adding and Concatenating

MySQLi_Stmt::Bind_Param(): Number of Elements in Type Definition String Doesn't Match Number of Bind Variables

Curl Error: Recv Failure: Connection Reset by Peer - PHP Curl

How to Retrieve Request Payload

Difference Between Session_Unset() and Session_Destroy() in PHP

String With Array Structure to Array

Initializing PHP Class Property Declarations With Simple Expressions Yields Syntax Error

How to Setup Elasticsearch Index Structure With Multiple Entity Bindings


Leave a reply



Submit