Can I use for customize reports generators?

[LuanMaik]

I have many customers and each one need a customizate reports. It's inviable create one code report to each one.

I think to create a report crud with a text editor box, in this box I will write the php code to run in phpSandbox (with restric environment obviosly) to agroup the mysql results (sql query would run out of sandbox and inject the result in phpSandbox) and build the report as my costumer wish.

Conclusion: I would use the phpSandbox(with restric environment) only to handle the pdf/excel generator to build the report.

Could I do that? Could have any security problem?

Code to run in sandbox:

$registers = sort($mysqlResultsInjected);

$excel = new Excel();

foreach($registers as $register) {
   $excel->row([$register->id, $register->name]);
}

$excel->output();

[fieryprophet]

Your best bet to run something in this scenario would be to run it in an isolated container (e.g. Docker/rkt/lxd, etc.) so any malicious use of the code would only trash the container (which can be reset easily or even between requests) rather than potentially affecting the entire system. This library is designed to sandbox PHP code that comes from untrusted sources in very limited and well-defined scenarios and does not provide any encapsulation of the surrounding environment.