Storing PHP code in MYSQL database? Good idea or bad?

[shyne]

Hi

I want to know if storing php code in mysql database is a good idea or bad idea? From the form where the code is actually saved is the admin area where no normal user can access and also it gets inserted using the POST method, so I am guessing an attack is likely to be easy. I just wanted to know as far as the security goes how much risk is involved? What is a good way to storing PHP code in the database?

Thanks

[shyne]

Anyone?

[boogyman]

if you are storing it there for the sake of storing it there, then no!
if its being stored as strictly data, then sure go ahead.

you should by all means store data in your database rather than hard coding page after page after page, however your php should be in their own php file. if you are just looking for better security. Use some scripts that will sanitize the data going to and from the client / user.

there are many many tutorials on the web, use some keywords like php stanitize clean mysql

[djr33]

Probably a very bad idea.

Unless the code itself is actually dynamic, and being edited from the admin control panel, then this is extremely inefficient.

You would need to use eval(), and that is slow.

If you need to store a statement or two, that's fine.

Generally, you should be able to use various statements to make this work, mostly ifs. Just use a keyword from the database, perhaps as a function name.

It would be much more efficient to store the data in a php file and include it, most of the time.