PDA

View Full Version : executing php code in a string



Littlened
12 Jul 2006, 07:33 PM
ok, I've got a script that gets data from an sql database and formats it as XML, I've created an XSL sheet to format the xml data. Now, I want to be able to include PHP code within the XSL sheet.

I'm using the following code to merge the xml code (held in a string) with the xsl file held on the server.


// get completed xml document
$xml_string = $doc->dump_mem(true);

// $xml and $xsl contain the XML and XSL data
$arguments = array('/_xml' => $xml_string);

// Allocate a new XSLT processor
$xh = xslt_create();

// Process the document
$result = xslt_process($xh, 'arg:/_xml', $xsl_file, NULL, $arguments);

echo $result;
xslt_free($xh);

I've tried the eval function, but no matter what I do the final result just seems to remove any PHP code from the XSL style sheet, but doesnt seem to parse the PHP code as there is no output.

Anyone any ideas?

Rincewind
13 Jul 2006, 11:48 AM
Completly twisted. You're putting php into xml to send it to a php script which then has to try and turn the xml back into php. Why? No!

Send php to the php script and xml to an xml client such as a web browser. You could send data in a xml streem to the php script but sending php code messed inside xml would just seem madness. As well as the security risk. You should not "execute" anything that came from the outside cause you cold be executing anything!