Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I was wondering if it was possible to allow people to write and execute PHP code from my website without the use of "eval" due to risks.
I have googled around and I did find some answers, just not the answers I was looking for (call_user_func).
This is not what I am looking for as it does not allow people to run a full PHP script.
It's a small group of people executing it so server load will not be an issue.
edit 1: Users should not be able to corrup/delete files;
Users should be able to create complete scripts.;
Users should be able to run html code but trigger php as soon as php tags are used.
You can write your own wrapper process around php that uses ptrace to control the execution of the child php process to prevent it from opening file handles, connecting to the network, etc.
That way, even if people decide to try using malicious code in eval, the system calls will be blocked on the native level.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I want to make sure visitors to my site can't see the PHP code that's generating the page. Here is a reference: http://may.edu.np/tmp/
Can anyone explain to me how server-side scripts are interpreted and how the result is delivered to the end user?
If I understand your question correctly, no one should be able to access your source code so long as they don't have access to the server. When a browser makes a request for a .php file to the server, the server knows that it must first interpret the script and then send the output from your echo statements and/or inline HTML. As far as I know, there's no way for the user to "trick" the server into sending it as plain text, so I wouldn't worry about that. Also, as long as you disable error reporting, no one should even know you're running php, as there's no ".php" in the URL. Hope this helps :)
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
I know that php is a scripting language. But some of php codes/docs, like when i tried to use magic methods, still use the "script" word. Like the __invoke() method that is called when "a script tries to call an object as a function". Here, in "script tries" - what exactly does "script" here refer to?
A script is a pretty vague term, generally, a script is a group of code that preforms in and around a root goal, like a script to generate a json file that has some input parameters which slightly modify the final output.
In PHP, you might have one main script in your project, or you may have many fragments - there is not hard line that says what is a script.
You may even call other scripts from yours; voting to close as opinion based.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I want to type php coding in textarea, then after submit it should run the php coding and produce result. Is this possible ?
To upload changes in live, I need to get two level approve, If any errors occur i could't fix it quickly, If above thing is possible I can enable error log, dynamically print array and so on...
Yes, you can POST value of textarea and then evaluate its content as PHP code using eval function, but make sure you restrict access to this feature, because it's very dangerous if you allow random people to use it. You can even simulate something like online php compiler using AJAX calls.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I'm learning php and website development in general. Currently I'm trying to write a script in php that would access a website as Internet Explorer (important) and look for a specified word/pattern everywhere possible. Simply parsing doesn't do the job.
The thing is, I can do that manually - I open website X and press F12 in Internet Explorer->debugging section and I search there. However I have no idea how to implement such a thing in php or any other language.
TL:DR
Need to extract data from a webpage the same way I do it manually (explained in paragraph above). However, simply parsing doesn't do the job. I need to achieve that in php or some other server side language.
In addition to limited approaches such as file_get_contents followed by a string search (or XML parser), you can look into more feature rich libraries such as the SimpleTest Scriptable Web Browser.
You'll want to modify the user agent string in order to simulate a request from Internet Explorer.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I'm currently working on a project that uses MySQL for configuration, but now I'm starting to think it could slow down page loads.
So my question is, would it be better to store configuration options (that are read almost every page load) inside an XML/JSON file, or a MySQL database?
Thanks.
One thing to conside is how much config data there is, and perhaps how often it is likely to change. If the amount of data is small, then saving this in a database (if your not already using a db for anything else), would be overkill, equally maintaining a db for something that gets changed once every 6 months would probably be a waste of resources.
I think this depends on your projects. If you want someone else to configure the application through the UI you can put the configurations into the database.
If its just you and some developers, and changes are not made frequently, put them in a file.