• Resolved Huanyi (Eric)

    (@no249a002)


    Lately, I’ve been curious whether it is safe to save PHP code in the database.
    If it is safe to use Code Snippets as an alternative of editing functions.php, is it safe to use plugins like PHP Execution to store PHP code in the post data as well?
    If it is safe to use Code Snippets but not safe to use PHP Execution, what might be the difference?

Viewing 3 replies - 1 through 3 (of 3 total)
  • IMO it is safer than editing functions.php, because you get the data from database server.

    And this is much easier way because you can easily make different versions and select the best one.

    Plugin with direct PHP is IMO bad. In a Finnish conversation with plugins like PHP Execution are risky. The keymaster recommended not to use those.

    Use Code Snippet and create shortcodes, which is the most safest way, IMO.

    Plugin Author Shea Bunge

    (@bungeshea)

    In theory, I don’t think there’s too much difference between using a custom table or post data table for storage – it’s all down to how the particular method is implemented, as the data is stored in the database either way. There are plugins like Custom CSS (which is now part of Jetpack) which uses a custom post type as the backend for storing data in the database.

    In the case of PHP Execution, it seems to embed code directly in posts and pages. I’d say that, generally speaking, this probably isn’t the best way of doing things, as it essentially means that all content is treated as if it was a PHP file. This raises the likelihood of accidentally including PHP tags containing problematic code inside a post.

    I think it’s very beneficial to have custom code stored in a centralised place – like inside a custom table or a specific post type – where it can be checked and monitored if necessary instead of having it littered through all of the site’s content.

    Thread Starter Huanyi (Eric)

    (@no249a002)

    @tapiohuuhaa Thank you for your kind reply.
    @bungeshea Thank you for your patient explanation, and that really helps me know how this plugin works.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Is it safe to store php code in the database?’ is closed to new replies.