Results 1 to 4 of 4

Thread: Adding PHP code into wordpress widgets

  1. #1
    Join Date
    Jun 2012
    Location
    California
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Adding PHP code into wordpress widgets

    Hello friends, is there a way to insert PHP code into Wordpress text widgets? Please tell me how to do it.

  2. #2
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    My guess is no. Wordpress is based on PHP, but it probably doesn't allow PHP code within something that is used inside it-- that would likely require using eval() which is a potential security risk.

    In theory, it's possible for wordpress to do this-- but I don't think it does.

    Have you checked the manual/support site for this?
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  3. #3
    Join Date
    Mar 2011
    Location
    N 11░ 19' 0.0012 E 142░ 15' 0
    Posts
    1,529
    Thanks
    41
    Thanked 89 Times in 88 Posts
    Blog Entries
    3

    Default

    Brainsmith, do you mean like this -
    http://wordpress.org/extend/plugins/php-code-widget/
    ?

    Edit -
    Read traq's post and don't use this
    Last edited by keyboard; 12-04-2012 at 06:08 AM.

  4. #4
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    Just FYI, this falls into the incredibly stupid category.

    Quote Originally Posted by execphp.php [line 42]
    PHP Code:
    eval('?>'.$text); 
    Makes things really easy to hack.
    Even easier to mess things up accidentally, all by yourself.

    Quote Originally Posted by php.net
    Caution

    The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.

    This "useful widget" ignores both of those warnings. It takes unfiltered user input and treats it like trusted PHP code.
    It is a very serious security risk.

    If you don't believe me, ask around.

    You do not want to "execute arbitrary PHP code."
    Last edited by traq; 12-04-2012 at 06:07 AM.

Similar Threads

  1. Replies: 0
    Last Post: 03-10-2012, 03:32 PM
  2. Random Order Script, Wordpress, and code placement
    By Carver in forum Dynamic Drive scripts help
    Replies: 2
    Last Post: 10-06-2011, 11:00 PM
  3. Editting Twitter widgets?
    By jhatter in forum Other
    Replies: 0
    Last Post: 07-01-2011, 04:29 PM
  4. Replies: 4
    Last Post: 09-08-2008, 02:40 AM
  5. Web 2.0 | Widgets
    By Flying Monkeys in forum PHP
    Replies: 0
    Last Post: 06-09-2008, 04:05 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •