Execute php script from mysql row

Question

Is there any way to execute a php script that is set in a mysql row?

For example I've got a table in my database with: id,script

Every row has his own ID & script, I want to make a PHP loop to execute all the rows with the PHP script in it.

Answer 1

It's generally a bad idea to do something like this, as it can allow for some major security vulnerabilities.

A better idea is usually to have an ID to ActionID table which your PHP script can use to validate the action before ultimately executing it. For example:

$actions = array('somescript.php','someotherscript.php','another.php');

$rows = query("SELECT ActionId FROM table");

foreach ($rows as $row) {
    if (exists($actions[$row['ActionId']]))
        include $actions[$row['ActionId']];
    }
}

This effectively prevents the issue of executing arbitrary code. You can only do one of a set number of predefined things.

Even having and executing file paths in a table can be dangerous.

If you absolutely have to, then the eval function that was previously mentioned is probably what you are looking for. But I would discourage you from using it.

Answer 2

You can use this :

eval('your script');

CAUTION The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.

http://php.net/manual/en/function.eval.php

Answer 3

depends on how you have it stored in the db ... if it is raw php code you could do

$rows = whatever_query_type_you_are_using("SELECT script from table where id > 10");

foreach($rows as $row){
    exec('php '.escapeshellcmd($row['script'])); 
}

or if it is pointing to a page something like this would work

foreach($rows as $row){
    exec('php -f '.$row['script']);
}