tags:

views:

67

answers:

3
Q: 

PHP in Wordpress Posts - Is this okay?

I've been working with some long lists of information and I've come up with a good way to post it in various formats on my wordpress blog posts.

I installed the exec-PHP plugin, which allows you to run php in posts. I then created a new table (NEWTABLE) in my wordpress database and filled that table with names, scores, and other stuff.

I was then able to use some pretty simple code to display the information in a wordpress post. Below is an example, but you could really do whatever you wanted. My question is - is there a problem with doing this? with security? or memory? I could just type out all the information in each post, but this is really much nicer. Any thoughts are appreciated.

<?php
$theResult = mysql_query("SELECT * FROM NEWTABLE WHERE Score < 100  ORDER BY LastName");

while($row = mysql_fetch_array($theResult))
  {
  echo $row['FirstName'];
  echo " " . $row['LastName'];
  echo " " . $row['Score'];
  echo "<br />";
  }

?>
+4  A: 

It is definitely dicey from a security perspective. Anyone who gets an admin logon to your site can run arbitrary queries on your database.

Not to mention the possibility of you typing the wrong query and nuking your db. Unlikely, but still a risk.

Probably the best way to do this would be to write a plugin that runs that query and displays the result when you put a certain tag in the post.

Alternatively, if this happens for every post, then you could use a template tag in the theme or a setting in the admin area.

Greg  2010-05-24 19:50:06
Removing my answer and upping this one instead. I knew there was a way around it with a plugin...
BoltClock  2010-05-24 19:52:22
Thanks Greg. I think I've done a pretty good job of securing my site and database with passwords and .htaccess, so I'll give this a try. I don't really know how to write plugins.
Thomas  2010-05-25 14:51:18
A: 

WordPress › Sniplets « WordPress Plugins works with PHP in a kind of "shortcode" fashion. And if you need to run php in pages (as opposed to posts), run it in a page template: Page Templates « WordPress Codex

songdogtech  2010-05-24 20:52:42
+4  A: 

This is what shortcodes are for: http://codex.wordpress.org/Shortcode_API

Gipetto  2010-05-24 23:34:46
Thanks Gipetto - this is really cool to know!
Thomas  2010-05-25 14:51:56

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL