i have created simple php engine, i want that this engine used html/php codes from mysql. Here is this php code and please if you find out some mistakes or bugs, please post here. I realy want to use this code for my website but i want to be sure this code safe and bug fixed, so help!
<?php
session_start();
if (isset($_SESSION['last-update']) and isset($_SESSION['update-num'])){
if ($_SESSION['last-update'] == date('H:i') and $_SESSION['update-num'] > 30){die();}
if ($_SESSION['last-update'] == date('H:i')){$_SESSION['update-num'] = $_SESSION['update-num'] + 1;} else {$_SESSION['last-update'] = date('H:i'); $_SESSION['update-num'] = 0;}
} else {
$_SESSION['last-update'] = date('H:i');
$_SESSION['update-num'] = 0;
}
include("scripts/dbconnect.php");
mysql_select_db("website");
if (isset($_GET['page'])){
if (strlen($_GET['page']) > 50){die("incodrect URL !");}
$result = mysql_query("SELECT * FROM modules WHERE page = ';".mysql_real_escape_string($_GET['page']).";'");
} else {
$result = mysql_query("SELECT * FROM modules WHERE page LIKE ';home;'");
}
$modules = array('top-header1','top-header2','header','bottom-header','top-body1','top-body2','body-top', 'body-left', 'body-center', 'body-right', 'body-bottom', 'bottom-body', 'footer-top', 'footer', 'bottom-footer');
while($row = mysql_fetch_array($result)){
switch ($row['position']){
case 'top-header1':$modules['top-header1'][] = $row['source']; break;
case 'top-header2':$modules['top-header2'][] = $row['source']; break;
case 'header':$modules['header'][] = $row['source']; break;
case 'bottom-header':$modules['bottom-header'][] = $row['source']; break;
case 'top-body1':$modules['top-body1'][] = $row['source']; break;
case 'top-body2':$modules['top-body2'][] = $row['source']; break;
case 'body-top':$modules['body-top'][] = $row['source']; break;
case 'body-left':$modules['body-left'][] = $row['source']; break;
case 'body-center':$modules['body-center'][] = $row['source']; break;
case 'body-right':$modules['body-right'][] = $row['source']; break;
case 'body-bottom':$modules['body-bottom'][] = $row['source']; break;
case 'footer-top':$modules['footer-top'][] = $row['source']; break;
case 'footer':$modules['footer'][] = $row['source']; break;
case 'bottom-footer':$modules['bottom-footer'][] = $row['source']; break;
}
}
mysql_close();
?>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>test</title>
<link rel="stylesheet" type="text/css" href="style/style.css">
</head>
<body>
<div id="root">
<div id="top-header1"><?php if(isset($modules['top-header1'])){foreach($modules['top-header1'] as $value){eval($value);}} ?><div style="clear:both;"></div></div>
<div id="top-header2"><?php if(isset($modules['top-header2'])){foreach($modules['top-header2'] as $value){eval($value);}} ?><div style="clear:both;"></div></div>
<div id="header"><?php if(isset($modules['header'])){foreach($modules['header'] as $value){eval($value);}} ?><div style="clear:both;"></div></div>
<div id="bottom-header"><?php if(isset($modules['bottom-header'])){foreach($modules['bottom-header'] as $value){eval($value);}} ?><div style="clear:both;"></div></div>
<div id="top-body1"><?php if(isset($modules['top-body1'])){foreach($modules['top-body1'] as $value){eval($value);}} ?><div style="clear:both;"></div></div>
<div id="top-body2"><?php if(isset($modules['top-body2'])){foreach($modules['top-body2'] as $value){eval($value);}} ?><div style="clear:both;"></div></div>
<div id="body">
<div id="body-top"><?php if(isset($modules['body-top'])){foreach($modules['body-top'] as $value){eval($value);}} ?><div style="clear:both;"></div></div>
<div id="body-left"><?php if(isset($modules['body-left'])){foreach($modules['body-left'] as $value){eval($value);}} ?><div style="clear:both;"></div></div>
<div id="body-center"><?php if(isset($modules['body-center'])){foreach($modules['body-center'] as $value){eval($value);}} ?><div style="clear:both;"></div></div>
<div id="body-right"><?php if(isset($modules['body-right'])){foreach($modules['body-right'] as $value){eval($value);}} ?><div style="clear:both;"></div></div>
<div id="body-bottom"><?php if(isset($modules['body-bottom'])){foreach($modules['body-bottom'] as $value){eval($value);}} ?><div style="clear:both;"></div></div>
</div>
<div id="footer-top"><?php if(isset($modules['footer-top'])){foreach($modules['footer-top'] as $value){eval($value);}} ?><div style="clear:both;"></div></div>
<div id="footer"><?php if(isset($modules['footer'])){foreach($modules['footer'] as $value){eval($value);}} ?><div style="clear:both;"></div></div>
<div id="bottom-footer"><?php if(isset($modules['bottom-footer'])){foreach($modules['bottom-footer'] as $value){eval($value);}} ?><div style="clear:both;"></div></div>
</div>
</body>
</html>
2 Answers 2
I would recommend against storing PHP code for your website in database fields. It will make it very difficult to maintain in the future.
Also, be sure that if someone has an active session from 11:50 PM until 12:05 AM the next day, that your $_SESSION['last-update'] values will work as expected. Timestamps are typically stored as Unix timestamps with date('U'), which corrects this issue.
Is this supposed to be templating engine? In that case you are doing it wrong. You might want to read this article.
Ass for the code:
why there is possible to encounter
die()at the top of the code?please, stop using
mysql_*functions when writing new code. They are no longer maintained and the community has begun the deprecation process. See the red box? Instead you should learn how to use prepared statements and utilize either PDO or MySQLi. If you can't decide which, this article should help you. If you pick PDO, you find a good tutorial here.the
switchstatement should be replaced with:if ( in_array($row['position'], $modules) ) { $modules[ $row['position' ]][] = $row['source'] }do not use
eval()do not put HTML, PHP and SQL in same file
incorrectwrong \$\endgroup\$