0

I am trying to make use of someone else's cms design as he stores his page content inside mysql table. i updated table manually and inserted following code: 

<?php echo (int)$height ?>

Output page like said doesn't interpret code but rather displays it as a plain text.

This is how this guy fetch his content data:

echo html_entity_decode(stripcslashes(FetchFromTable("tbl_page","page_content","page_id", $_GET['page_id'])));

Any help appreciated.

Thanks

Improve this question
1
  • it doesn't produce PHP related output but instead it just displays <?php echo (int)$height ?> on the page. Hope that helps. Commented Mar 5, 2012 at 0:39

2 Answers 2

Reset to default
1

You can't put PHP code into the content of that CMS system. It doesn't support it.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks man. Although I believe you, cause this guy's code is messy, I would appreciate quick why, as I am cooler than him. ;)
@daniel.tosaba because the code doesn't evaluate anything returned from the database.
Any tip to quick fix this?? Can I insert evaluation somewhere in that line of code I posted above??? Thanks
1

Wait, maybe I am just reading this wrong, because it is a bit absurd, but are we talking about php code inside the database?

If that is actually the case, you could change 

echo html_entity_decode(stripcslashes(FetchFromTable("tbl_page","page_content","page_id", $_GET['page_id'])));

to

echo eval("?>".html_entity_decode(stripcslashes(FetchFromTable("tbl_page","page_content","page_id", $_GET['page_id']))));

Though the implications of this are huge, especially if these parts of the database are user editable. You might be opening the application to all kinds of fun hacks.

The proper way would be finding out how he manages dynamic content inside that HTML and do it the same way.

Improve this answer

2 Comments

It works for PHP but now are HTML tags being displayed as plain text. You know how to hack this one??? Thanks man
My bad, I updated the answer. Though it will mess up all backslashes and html encoded characters you enter into the PHP code. Eval does not return its result, it outputs it directly. Also, just to emphasize: YOU SHOULD NOT DO THIS ON A LIVE WEB SITE!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.