patternphpMinor
PHP simple engine
Viewed 0 times
enginephpsimple
Problem
i have created simple php engine, i want that this engine used html/php codes from mysql. Here is this php code and please if you find out some mistakes or bugs, please post here. I realy want to use this code for my website but i want to be sure this code safe and bug fixed, so help!
```
30){die();}
if ($_SESSION['last-update'] == date('H:i')){$_SESSION['update-num'] = $_SESSION['update-num'] + 1;} else {$_SESSION['last-update'] = date('H:i'); $_SESSION['update-num'] = 0;}
} else {
$_SESSION['last-update'] = date('H:i');
$_SESSION['update-num'] = 0;
}
include("scripts/dbconnect.php");
mysql_select_db("website");
if (isset($_GET['page'])){
if (strlen($_GET['page']) > 50){die("incodrect URL !");}
$result = mysql_query("SELECT * FROM modules WHERE page = ';".mysql_real_escape_string($_GET['page']).";'");
} else {
$result = mysql_query("SELECT * FROM modules WHERE page LIKE ';home;'");
}
$modules = array('top-header1','top-header2','header','bottom-header','top-body1','top-body2','body-top', 'body-left', 'body-center', 'body-right', 'body-bottom', 'bottom-body', 'footer-top', 'footer', 'bottom-footer');
while($row = mysql_fetch_array($result)){
switch ($row['position']){
case 'top-header1':$modules['top-header1'][] = $row['source']; break;
case 'top-header2':$modules['top-header2'][] = $row['source']; break;
case 'header':$modules['header'][] = $row['source']; break;
case 'bottom-header':$modules['bottom-header'][] = $row['source']; break;
case 'top-body1':$modules['top-body1'][] = $row['source']; break;
case 'top-body2':$modules['top-body2'][] = $row['source']; break;
case 'body-top':$modules['body-top'][] = $row['source']; break;
case 'body-left':$modules['body-left'][] = $row['source']; break;
case 'body-center':$modules['body-center'][] = $row['source']; break;
case 'body-right':$modules['body-right'][] = $row['source']; break;
case 'body-bottom':$m
```
30){die();}
if ($_SESSION['last-update'] == date('H:i')){$_SESSION['update-num'] = $_SESSION['update-num'] + 1;} else {$_SESSION['last-update'] = date('H:i'); $_SESSION['update-num'] = 0;}
} else {
$_SESSION['last-update'] = date('H:i');
$_SESSION['update-num'] = 0;
}
include("scripts/dbconnect.php");
mysql_select_db("website");
if (isset($_GET['page'])){
if (strlen($_GET['page']) > 50){die("incodrect URL !");}
$result = mysql_query("SELECT * FROM modules WHERE page = ';".mysql_real_escape_string($_GET['page']).";'");
} else {
$result = mysql_query("SELECT * FROM modules WHERE page LIKE ';home;'");
}
$modules = array('top-header1','top-header2','header','bottom-header','top-body1','top-body2','body-top', 'body-left', 'body-center', 'body-right', 'body-bottom', 'bottom-body', 'footer-top', 'footer', 'bottom-footer');
while($row = mysql_fetch_array($result)){
switch ($row['position']){
case 'top-header1':$modules['top-header1'][] = $row['source']; break;
case 'top-header2':$modules['top-header2'][] = $row['source']; break;
case 'header':$modules['header'][] = $row['source']; break;
case 'bottom-header':$modules['bottom-header'][] = $row['source']; break;
case 'top-body1':$modules['top-body1'][] = $row['source']; break;
case 'top-body2':$modules['top-body2'][] = $row['source']; break;
case 'body-top':$modules['body-top'][] = $row['source']; break;
case 'body-left':$modules['body-left'][] = $row['source']; break;
case 'body-center':$modules['body-center'][] = $row['source']; break;
case 'body-right':$modules['body-right'][] = $row['source']; break;
case 'body-bottom':$m
Solution
I would recommend against storing PHP code for your website in database fields. It will make it very difficult to maintain in the future.
Also, be sure that if someone has an active session from 11:50 PM until 12:05 AM the next day, that your $_SESSION['last-update'] values will work as expected. Timestamps are typically stored as Unix timestamps with date('U'), which corrects this issue.
Also, be sure that if someone has an active session from 11:50 PM until 12:05 AM the next day, that your $_SESSION['last-update'] values will work as expected. Timestamps are typically stored as Unix timestamps with date('U'), which corrects this issue.
Context
StackExchange Code Review Q#2947, answer score: 3
Revisions (0)
No revisions yet.