I use Yii in my project and want realize event model with callbacks. I made "Event" model in MySQL and want store anonymous functions in many fields, for example,
**Event model in Yii**
id - int
name - varchar(255)
beforeEvent - text
In "afterEvent" field stored function:
function(){echo 'afterEvent #1';}
Then i fetch all events and try call "afterEvent" function:
$events = Event::model()->findAll();
foreach ($events as $event)
{
$event->beforeEvent();
}
As i haven't that method in model Event, i made proxy method
public function beforeEvent() { call_user_func($this->beforeEvent); }
Problem in error:
call_user_func() expects parameter 1 to be a valid callback, function 'function(){ echo 'afterEvent of event #1 done'; }' not found or invalid function name
Found 1 solution: in proxy-method beforeEvent() use create_function function like this:
public function beforeEvent(array $params){
$callback = create_function('$params', $this->beforeEvent);
$callback($params);
}
but in manual said:
This function internally performs an eval() and as such has the same security issues as eval(). Additionally it has bad performance and memory usage characteristics. If you are using PHP 5.3.0 or newer a native anonymous function should be used instead.
and we khow that eval is evil. How can i use anonymous function in this situation?
Don't store code in the database. There's only a finite number of things that can happen after an event, and the functions for those are somewhere in your code base to begin with. There's no need to copy them into the database and then try to evaluate them from there. Just store an identifier for what you want to happen at a certain event (e.g. sendEmail), then call the appropriate function for that action in your code.
This is also a lot saner with regards to being able to refactor your code. Imagine you have to rewrite something that would break a million callback functions stored in your database... not a fun situation. The data is your asset, the code is just what makes this asset accessible. As a rule of thumb, always keep in the back of your head "What if I strike gold with this project, suddenly need to scale to 100x the size and I hire an agency to rewrite everything in more scalable platform X over night, could I simply continue using the same data?" Therefore the data should be platform agnostic. Storing executable code in the database isn't.
You are right, you should avoid eval.
I would use the other types of PHP callables and serialize them in the beforeEvent column using serialize.
Then you will be able to call them as you proposed:
public function beforeEvent() { call_user_func($this->beforeEvent); }
Anonymous functions cannot be serialized (yet).