I have a PHP file that echoes a variable:
<?=echo $myVariable;?>
$myVariable is data that I pull from a MySQL variable and it may include code like php echo itself in it:
<div dir="rtl">
Hello $data['assigned_vars']['first_name'];<br />
your email <?=$data['assigned_vars']['email'];?><br />
your password <?=$data['assigned_vars']['user_password'];?>
</div>
I'm using ob buffering to store the entire string and then return. How can I execute the PHP code inside the PHP string?
You can use eval function,but it makes big security problem for you.
echo eval($string);
but security exception can occurred here,for example following code.
$string = "base64_decode(bXlzcV9xdWVyeSgnREVMRVRFICogRlJPTSBVU0VSJyk7)";
//mysql_query('DELETE * FROM USER');
echo eval($string);
and it empty your USER table.
i think that i found my solution. i can just file_put_contents to create temporary html file, then simply include it and then delete the file