1

I'm doing something where I need to store if statements in a mysql database. I need to pull these statements and use them, each one is an algorithm that I'm testing. I know you can store an if statement in a variable like "$abc = $x > 1 && $f == 1;" and if you run if($abc) {} it will work, I figured I could do the same here, but when I run if($abc) with $abc being an if statement from the database it's not working, it's running the code within the if statement because $abc exists. Code is as follows...

$getAlgorithms = mysqli_query($mysql_connect, "SELECT * FROM `algorithms2`");
 while($algorithms = mysqli_fetch_array($getAlgorithms)) {
  $algorithmID = $algorithms['id'];
  $algorithm = $algorithms['algorithm'];
   if($algorithm) { 
    echo("HELLO WORLD");
   }  
}

dummy example of what $algorithms['algorithm']; would pull: $r >= $var_x && $z <= $var_y && $lz >= $var_c

I'd really appreciate the help, this is very important. If you have any questions please ask.

NOTE: This is a 100% internal platform

Improve this question
2
  • Hi, can you try with json_encode() and json_decode(). While storing the data, usejson_encode() and while retrieving the data use json_decode() Commented Aug 22, 2015 at 3:38
  • 1
    If it's not user-supplied formulas, you're basically looking for eval("return $algo;") Commented Aug 22, 2015 at 3:40

3 Answers 3

Reset to default
1

Your code needs to make use of eval() to work as-is:

$getAlgorithms = mysqli_query($mysql_connect, "SELECT * FROM `algorithms2`");
 while($algorithms = mysqli_fetch_array($getAlgorithms)) {
  $algorithmID = $algorithms['id'];
  $algorithm = $algorithms['algorithm'];
   if(eval("return {$algorithm};")) { 
    echo("HELLO WORLD");
   }  
}

However, executing arbitrary code from an external source (the database) is potentially a horrible security risk: just because you're expecting $algorithm to be a benign arithmetic expression doesn't mean that it can't be a malicious function call or other statement, for example if someone can enter system('rm -rf /') as the algorithm into your database, you're probably going to have a bad day.

Without knowing the precise problem you're trying to solve, it's hard to suggest a better solution, but I'd favour putting the "algorithms" in an array or other hard-coded data-structure within your code rather than the database, it's far safer as anyone who can alter that list can already execute arbitrary code.

For further reference: http://php.net/manual/en/function.eval.php

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I believe eval() is the solution, note this is a 100% internal platform, no outside access.
Also, I can't put them in arrays, it's about 8mm statements/"algorithms", kills performance
Hah, true enough, PHP array handling is notoriously slow. A hard-coded list or a white-list of acceptable expressions was only a suggestion for security reasons.
1

Sounds like you're looking for eval(), but note that it is especially dangerous to use if there's any chance someone besides you will be creating the strings. There is probably a better, safer way to achieve whatever it is you are trying to do here.

Improve this answer

3 Comments

It's 100% completely internal, I'll give that a try.
I believe that is the answer will accept when testing is complete, it runs through about 8mm*10k*130ish statements
I had to accept Sam's answer because he included a full code sample so future users understand
0

Store the If condion in your db as string. And then execute it using eval() php function .

usage 

   mixed eval ( string $code )

PHP eval documentation

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.