Be aware that if you're not very sure of the source of the values comming back from your database you're treading in dangerous waters. If a malicious entity can get their own values in there somehow, th3y wI11 0wN J00 (especially since it looks like you're subsequently planning on passing values to system()).

It's better practice to keep your code and data seperate (c.f. use strict "refs" :). Perhaps create different modules implementing an interface, and then use data from your database to select from that (limited, controlled) set of modules.