CODEWITHSUNDEEP
phpmysqlvariables
abel
abel

Reputation: 2383

Saving value as a variable name in database

Database Table company_info

-----------------------------
| companyname | companytype |
-----------------------------
| Company One | Blah        |
-----------------------------
| Company Two | Blah2       |
-----------------------------

Database Table invoice_template

-----------------------------
| Header      | bgcolor     |
-----------------------------
| $company    | Red         |
-----------------------------
| $company    | Biege       |
-----------------------------

PHP file common_include.php

$company = ... //FROM db table company_info field companyname

PHP file invoice.php

include('common_include.php');
$header = ... //FROM db table invoice_template field header
echo "Header is ". $header;
echo "<br/>Company is ". $company; //$company is defined in common_include.php

OUTPUT of invoice.php when company logged in is for eg.Company One

Header is $company
Company is Company One

Question: How do I get the $company in the output to be shown as Company one? i.e How do I get the output from MySQL DB to be treated as a variable?

Upvotes: 1

Views: 1188

Answers (3)

DisgruntledGoat
DisgruntledGoat

Reputation: 72580

If $header is set to the literal string value $company and the variable $company is set to the string Company One then this should work:

echo "Header is ". $$header; // outputs 'Header is Company One'

However, as others have said, this is not a good idea, particularly for security.

Upvotes: 1

Bouke
Bouke

Reputation: 12198

The solution would be eval("echo $header"), although you should NEVER EVER want to resort to such solutions. You should -in my opinion- move all company related data into the database.

Update You shouldn't put $company in your database. Relational databases should be relational. That means, primary keys and foreign keys. Data should then be looked up by it's relation. See also how an ORM would work in this situation:

echo $invoice_template->getCompany()->getName();

Upvotes: 2

tdammers
tdammers

Reputation: 20706

You don't want to do this. You're just opening up too many potential vulnerabilities mixing code and data like that - just imagine what happens when an attacker gains access to your database (either directly or through SQL injection) and puts all sorts of crazy PHP code into that column? Using just a single vulnerability like this, an attacker might be able to take over the entire server. What you want is probably a combination of a proper database structure, using joins to query for related information in one go, and maybe a simple text search-and-replace (using str_replace or maybe even preg_replace) to fill text templates with actual data.

Upvotes: 1

Related Questions