Using PHP in posts

Started by Bijan641, March 27, 2010, 11:47:31 PM

Previous topic - Next topic

Bijan641

Hey, I know this has probably been asked before but its impossible to search for this question and get accurate results. I was wondering if it is possible to use php in your posts. I want to display a lot of images and I was using a loop to show it. I was trying it in html tags, but it doesn't work.

hadesflames


live627

The BB code for PHP only color codes the code and the mod only adds a buttin that inputs the tag for you


Actually parsing PHP code in a post. That WILL compromise your website!

hadesflames

I'm not sure what this mod does exactly, but I would assume it would parse php, judging from its name. If that's the case, then this mod should only work for admins. If not, then using such a mod is indeed a HUGE security risk. But I doubt it since 1, it's an approved mod, and 2, it's made by an smf customizer.

Bijan641

That mod only adds colorized code.

I was thinking that since the html tags are only open to admins, that we could use them and than parse php through the post.

hadesflames

You can't parse php with the html bbcode, and there's no mod that does this from my searches, so I guess you could try requesting such a mod. Don't know how it would fair in the approval process.

MrPhil

The mod in question creates an editor button for the [php] tag, such as:
[php]<?php echo "PHP tag"?>[/php]
producing
<?php echo "PHP tag"?>
It does not evaluate (execute) PHP code, although it does appear to be parsed to some extent (to assign different colors).

The text of a post is read out of the database, passed through parse_bbc() to change BBCode tags into HTML tags for display, and sent out to the browser. I suppose it might be possible to write a mod to add a new [eval] tag that would take PHP code and feed it to eval(). Due to the extremely high security risk, use of this tag would have to be restricted to the admin, just as with [html].

Depending on what you're looking to do, a more specialized tag than "eval" might be feasible (and less dangerous). E.g., an [image_array] tag might be written to handle a whole bunch of images in one go, presumably working off some base name pattern. In other topics on this subject, some have suggested a <script> tag to handle much of the work on the browser side (but that still requires either a custom BBCode tag or admin permission to use [html]).

Bijan641

Thanks for you help guys. I'll mark this as solved even though I already went ahead and listed all the pics manually.

Advertisement: