Welcome Guest, Not a member yet? Register   Sign In
Loading views from Database??
#1

[eluser]sirtea[/eluser]
Hi,

I need to load my views from a database.
I have read this topic
http://codeigniter.com/wiki/Database_Views/
and, apart it's broken, after repairing enough,
i have seen that only manages the php code.
¿how can a view be retrieved from the database and parsed to php?

what i have:
Code:
//somefile:
//<p>Hello, &lt;?php echo $name; ?&gt;!</p>
//end-of-somefile
$this->load->view("somefile", array("name" => "Gerard"));

what i want:
Code:
$view = "<p>Hello, &lt;?php echo $name; ?&gt;!</p>";
$this->load->view_from_string($view);

following the source code, what codeigniter does is:
Code:
$data = array("name" => "Gerard"); // this is from the controller
extract($data);
include("template.php");

but if i do:
Code:
$data = array("name" => "Gerard");
extract($data);
$template = "<p>Hello, &lt;?php echo $name; ?&gt;!<p>";
print $template;
the result is "<p>Hello, &lt;?php echo Gerard; ?&gt;!<p>"
making it unable to create a custom library

¿any ideas?
#2

[eluser]mddd[/eluser]
The include function loads a file and executes it as a php file.
Your print command simple prints out a piece of text. That text happens to contain some things like &lt;?php but is still just text.
If you want to execute a string of text as php, use the eval() function. It takes a string and runs it as php code.

Note: this command will start executing from the start of the string. So if your string contains html, you must first stop php from executing, using ?&gt;.
Also note: if the strings (views) are editable by users, this is extremely dangerous. People could put all kinds of php code in there, and your script will execute it!

My conclusion: don't use views from a database unless there is no other way. It has downsides like security and also it slows the site down because you are loading the data every time you show the page.
#3

[eluser]sirtea[/eluser]
eval(): just what i was looking for!

the views will be created ONLY by the admin, who knows what is doing; They will assume the security risks.
I am only trying to avoid using template engines like smarty (what i have now), or the codeigniter's (they need IFs and other control structures). They know PHP but they don't want to learn smarty languaje.

They really need uploading templates, and every template engine is so vulnerable...
They will have complete access to the php files, so if they want, they can trash the system pretty easily.

Just pray, my friend...
#4

[eluser]mddd[/eluser]
The security risk is okay then.
But I would still say why not just upload the views to the views folder?
A CodeIgniter view is not using a templating language, it is just a php file like any other.




Theme © iAndrew 2016 - Forum software by © MyBB