0

can i create a page with a simple text area form, which will be entered PHP CODE and then, when i click to submit, it executes it? just like a Script page?

and most of all it is secure to put it? even in a admin protected page?

thankyou!

Improve this question
3
  • Yes, you can!!! Actually, there is no reason to ask exact the same twice. Commented Jan 11, 2011 at 4:33
  • possible duplicate of Does a code in php inside an if that allows only admin to execute is protected? Commented Jan 11, 2011 at 4:35
  • its a different question! that question is for overall admin pages, this one is if is possible and secure to do a execute-script page. Commented Jan 11, 2011 at 4:40

3 Answers 3

Reset to default
2

You sure can:

eval($_POST['txtScript']); //post method, with textarea named txtScript

However, it is extremely dangerous to permit this. Someone could wipe the current working directory via array_map("unlink", glob('*.*')); among the many, many other malicious things that could be done.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

If you are allowing someone to author PHP code on a form and then, on submission, taking that PHP code and executing it, you're opening yourself up to HUGE, HUGE security risks. Is it possible to do? Sure, but I would highly recommend against doing it.

If you're absolutely sure you need to do this, read about the eval function. PHP: eval

Improve this answer

Comments

0

you want to use PHP:eval, and no it is not safe even behind a login wall. Better put some predefined function that can be logged.

And of course, by definition anything you put as accessible is quite unsafe anyway.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.