Code in db

Hi, i am thinking of putting some php code in my db, the idea behind this is that i will have a table with different gadgets like counter,timer…(id,name,code) and a main task table(id,task,description) that will load different gadgets for every task, like:

[i]task1

description1

timer1

counter1[/i]

[i]task2

description2

counter2

counter3

…[/i]

is this a good idea, or should i use more conventional methods?? I want the ability that users submit their own gadgets.

Any suggestions welcome :)

Thanks

Letting User submit any PHP code is a high security risk, keep that in mind!

As for your question:

How about let the user upload php files with user defined widgets. The database will only contain widget names associated with these files.

like images??

Didn’t think about that. I like the idea.

For security i thought that the admin or moderator must approve it first.

Yes, approving is a good mechanism for that.

Like images. Users can contribute their "widgets", others can select them from the database and use it in any place.

thanks for the quick reply.

One more thing, how to store parametars(the time for timers or number for countrs…) for "gadgets"? I was planing for a few tables:

[b]

user[/b]

[i]id

name

pass

…[/i]

user_has_task (link table)

[i]user_id

task_id[/i]

task

[i]id

task

description[/i]

[b]

task_has_gadget[/b] (link table)

[i]task_id

gadget_id[/i]

[b]

gadget[/b]

[i]id

name

path

[/i]

i was thinking to use a array for parameters of gadgets, the problem is where to put them, in what table?? Any iseas?

well, nice designed you would have a table for the parameters like

parameters

[i]name

value

gadget_id[/i]

But I think you could also store a serialized array anywhere as a quick solution.

For the invocation of your widget/gadget with parameters you can user

http://de2.php.net/manual/en/function.call-user-method-array.php

This way you can use clean parameters on your methods. Please do NOT use on parameter for your widget as array.