#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2004
    Location
    Boston, MA USA
    Posts
    390
    Rep Power
    47

    User access to PHP variables names


    Hi:

    I have a PHP application that generates documentation from fields in a MySQL database.

    The end users have the ability to enter data records with names, addressees, sales information, etc. and this data then appears on pages in a web site.

    On some pages, I have a "page edit" function that allows the end user to change some of the text on that page. I am using CKEditor for this function and it works very well.

    One thing, I have not yet allowed however if for end users to use the MySQL field names (PHP variables) in the text. I have tried this by simply adding "$first_name" (as an example) in the text I am editing in CKEditor, This obviously does not work as a variable and simply adds the explicit text "$first_name" into the body of the text.

    How can I use CKEditor to embed a variable name into text which is then stored in a MySQL field?

    Is that even possible?

    Thanks
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2004
    Location
    Boston, MA USA
    Posts
    390
    Rep Power
    47
    I guess the real question is "How do I store a variable name in a MySQL field so that it's treated as a variable, not a string?"

    Anyone?
  4. #3
  5. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    A string is a string, there's nothing you can do about that.

    If you want to treat the content in a special way, you need to process it. Just look at how this forum does it: We can insert certain tags into our post, and then the forum software will make the text bold, insert an image element or whatever.

    It's the same thing with your variables. You should actually use special tags as well, because the PHP variable syntax is hard to distinguish from normal text and can lead to users accidentally creating variables.

    And of course you need to be very, very careful with the values you give your users access to. You don't want people to insert $admin_password into their page.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".

IMN logo majestic logo threadwatch logo seochat tools logo