Dangerous php functions

Question

I\'m storing php functions to a mySQL database from user input, these functions need to be able to be executed.

As we know, this could and will allow Mr hacker to tu

Answer 1

I'm storing php functions to a mySQL database from user input, these functions need to be able to be executed.

This is an awful idea. It'll be very difficult to compile a list of "safe" functions and PHP is full of local vulnerabilities that could be exploited by anyone knowledgeable enough.

Even white-listing would be very difficult; it would be difficult to detect code like $a = 'exe'; $a .= 'c'; $a('echo foo'); would be calling exec. Consider an alternative strategy that doesn't involve storing executable code.