PHP Code in MySQL
I've read that you could store PHP code in a MySQL database, then at runtime retrieve it via a query and run it with eval().
This would prove very useful for a project I'm working on, but I don't trust the safety of the eval() function.
The MySQL database will only be accessable by the admin. You'd have to crack it to access it otherwise. If you can crack it, then there's no point in worrying about eval() being used against you (the site is already lost).
How badly does using eval() threaten security in this type of situation ?
|