Reputation: 75
Php page to execute a script
can i create a page with a simple text area form, which will be entered PHP CODE and then, when i click to submit, it executes it? just like a Script page?
and most of all it is secure to put it? even in a admin protected page?
thankyou!
Upvotes: 0
Views: 137
Answers (3)
Reputation: 20592
You sure can:
eval($_POST['txtScript']); //post method, with textarea named txtScript
However, it is extremely dangerous to permit this. Someone could wipe the current working directory via array_map("unlink", glob('*.*')); among the many, many other malicious things that could be done.
Upvotes: 2
Reputation: 4750
you want to use PHP:eval, and no it is not safe even behind a login wall. Better put some predefined function that can be logged.
And of course, by definition anything you put as accessible is quite unsafe anyway.
Upvotes: 0
Reputation: 22947
If you are allowing someone to author PHP code on a form and then, on submission, taking that PHP code and executing it, you're opening yourself up to HUGE, HUGE security risks. Is it possible to do? Sure, but I would highly recommend against doing it.
If you're absolutely sure you need to do this, read about the eval function. PHP: eval
Upvotes: 1