Don't do this. MySQL events as all other types of stored routines (triggers, functions and procedures) are not meant to be used to call external processes. Instead whole point of stored routines is in keeping all the db processing compartmentalized from the outside world.
And even though you can technicaly do this, it doesn't mean that it's a right thing to do. Your sample code is a great illustration that it's absolutely meaningless. You start a php just to make a connection back to the database and insert a row which you could've done easily just issuing insert in the event itself.
If you have a need to periodically run a php script use a specifically designed tool for that - OS scheduler cron
or in your case Windows Task Scheduler.
If on the other hand all your script doing is manipulating data in your database and doesn't need any interaction with OS other than through build it statements (like LOAD DATA
or SELECT INTO OUTFILE
) just do it properly in your event.
Besides the usage of sys_exec
UDF is a huge security hazard for your DB instance! In case you didn't read or forget about it here is A Note of Caution from a library documentation
Be very careful in deciding whether you need this function. UDFs are available to all database users - you cannot grant EXECUTE privileges for them. As the commandstring passed to sys_exec can do pretty much everything, exposing the function poses a very real security hazard.
Even for a benign user, it is possible to accidentally do a lot of damage with it. The call will be executed with the privileges of the os user that runs MySQL, so it is entirely feasible to delete MySQL's data directory, or worse.
The function is intended for specialized MySQL applications where one needs extended control over the operating system. Currently, we do not have UDF's for ftp, email and http, and this function can be used to implement such functionality in case it is really necessary (datawarehouse staging areas could be a case in example).
You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using AppArmor.