the code to execute. this code has to return something, means some text or html. so return a string. ok? you may not echo here! if no string is returned, nothing is spitted out to the browser.
no shell commands are allowed. db/file access is allowed. usually a string, can be a hash because it's language dependant.