January 5th, 2014, 01:22 PM
User access to PHP variables names
I have a PHP application that generates documentation from fields in a MySQL database.
The end users have the ability to enter data records with names, addressees, sales information, etc. and this data then appears on pages in a web site.
On some pages, I have a "page edit" function that allows the end user to change some of the text on that page. I am using CKEditor for this function and it works very well.
One thing, I have not yet allowed however if for end users to use the MySQL field names (PHP variables) in the text. I have tried this by simply adding "$first_name" (as an example) in the text I am editing in CKEditor, This obviously does not work as a variable and simply adds the explicit text "$first_name" into the body of the text.
How can I use CKEditor to embed a variable name into text which is then stored in a MySQL field?
Is that even possible?
January 5th, 2014, 03:19 PM
I guess the real question is "How do I store a variable name in a MySQL field so that it's treated as a variable, not a string?"
January 5th, 2014, 04:12 PM
A string is a string, there's nothing you can do about that.
If you want to treat the content in a special way, you need to process it. Just look at how this forum does it: We can insert certain tags into our post, and then the forum software will make the text bold, insert an image element or whatever.
It's the same thing with your variables. You should actually use special tags as well, because the PHP variable syntax is hard to distinguish from normal text and can lead to users accidentally creating variables.
And of course you need to be very, very careful with the values you give your users access to. You don't want people to insert $admin_password into their page.