Personally, I'd feel better with the code base in a set of files (e.g. where normal version control and debugging tools normally work). If you want to make sure you have proper "referential integrity" between names of procedures in your database and the names of module files in your code base, I expect that would be fairly easy to handle in any of at least a few different ways.

Using a "require" statement with a properly untainted/validated module name would seem like the safest, most accountable way to execute code in a data-dependent run-time environment.

Another issue to ponder (which might favor storing code as files rather than table fields): compare how write-access is controlled in the two storage methods, and who has that access. Which one are you more comfortable with, in terms of being sure that five minutes/hours/days/weeks from now, your code will still be there?

It's true that access control in the database can be controlled in lots of interesting ways, but is your setup one of the relatively rare cases where DBAs actually implement detailed specifications for access permissions on particular fields of particular tables for particular users on a regular basis, and do you consider that method of control to be preferable (all things considered) than what you get with normal file-permission settings? I expect some people would answer "yes", but not most people.