[thelist] PHP and storing Javascript code in MySQL

Matt Warden mwarden at gmail.com
Wed Aug 2 18:34:44 CDT 2006

On 8/1/06, Pamela Riesmeyer <pjries at comcast.net> wrote:
> Hi List,
> I'm looking for resources to demonstrate why it's a bad idea to store
> JavaScript code in a MySQL database  - at least I'm assuming that
> this is a security risk.

Doubtful. Storing in a database is storing to disk.

> It's a pretty simple setup.. a form
> containing a select element is the only user input. That input is
> used to query the database and the data is displayed on the page
> using PHP. The suggestion was made to include JavaScript in the
> database entry to allow for a link with an onclick toggle tthat would
> show and hide portions of the page.
> I'm on the "let's not do this, there must be a better way" side, but
> I could use some stronger arguments, other than "I think it's a bad
> idea" to back up my recommendation.

I'm more on the "just because you can do it, doesn't mean you should"
side. Have you asked these people what the point of doing this is? I
don't see anything in your problem description, as you have presented
it, that points to any benefit to storing static JavaScript code in
the database.

Keep the code in one place, unless there is some overly compelling
reason to do otherwise. This will save your company a lot of money in
the long and short run.

Matt Warden
Cleveland, OH, USA

This email proudly and graciously contributes to entropy.

More information about the thelist mailing list