Dangerous php functions

Question

I\'m storing php functions to a mySQL database from user input, these functions need to be able to be executed.

As we know, this could and will allow Mr hacker to tu

Answer 1

You should NEVER run a function that is defined by user input. There are millions of ways that a user could disguise a function name that you can not stop. For example you can save a function name into a variable and run the function with the variable.

That is perfectly valid. And if you think you can test for functions run from variables, there are ways around that using chr(), concatenation, hex...etc.