PHP & MySQL saving a formula in the database for report generation

Question

I am developping/maintaining a web application where different reports and web pages on the portal must be generated automatically and depending on the settings and formula methodes set for a period.

For instance, the calculation in one month can be ($a+$b) whereas it can be (($a+$b)/2) in the next month or even ($a+$b)/2*100 for a group/type of individuals in a month...

On top of this, I want the users (Administrators) to be able to setup the formula methods for a specific period of time, but I am failing to reach this goal

I think this must be a good solution because, my application has a computation center that distributes calculation to PDF reports, XLS exports, Live web pages... and the figures in all these places must be accurate and the same

The question now is:

Is there a way of storing the code (php script, code snippet) in the database, along with the date intervals so it can be evaluated "eval()" and perfom the calculations?

If Yes, Is there a way of creating a user interface that will allow the end user (without programming skills) set up the formula?

Any docs? link to read?

For your information, I build my web apps with CodeIgniter PHP framework

Thanks

Answer 1

DO NOT let users write code that gets eval() -ed against your database.

The database is for data. Code is for code.

You'll find writing custom reports in model classes in PHP has these benefits:

• Faster to develop
• Easier to debug
• Faster to run
• Safer to execute with respect to security vulnerabilities

Let users specify criteria, and you write application code to interpret their criteria and map that into the code you have written.

Some of the users' criteria are simply specific values for date ranges and so on, and you can add these as query parameter binding .

Other criteria change the logic of the reporting queries, and for these you need to call a different report-writer that you have coded.

It's not reasonable for users to demand arbitrary flexibility in report-writing. They won't be happy with the result, either with respect to performance or security.