wordpress

How To Run PHP Code in WordPress Posts and Pages

By Agbonghama Collins

For a number of reasons, WordPress is an extremely popular CMS the least of which are not its ease of use, user interface, and features that are geared towards both publishers and programmers.

As a PHP developer and as a blogger, there are times I want to execute a line of PHP code within an article. By default, you cannot execute PHP in WordPress posts and pages (though you can do so with HTML, CSS and JavaScript).

Since WordPress doesn’t parse PHP in post and pages, I typically create a PHP file and then link to it within my article.

In this two part series, we are going to take a look at how to execute PHP from within WordPress posts and pages.


In this first part of the series, I will explain the process that’s required to execute PHP within our posts in pages. In the second part of this series, we’ll take at some demo code for how to actually make this happen.

How It Works

As you know, include() or require() is used to include and optionally execute PHP code within an existing template.

Similarly, to execute PHP in WordPress posts and pages, we will create a file in a folder in our WordPress installation directory that contains the PHP code to be executed, and then we’ll include the file in the the post or page using the shortcodes plugin that we’ll be building in this series.

The WordPress Shortcode Plugin

It is impossible to use include() or require() function to include and execute PHP file in post types in WordPress because the code is not parsed by PHP when it’s added via the TinyMCE editor; however, with a shortcode, we can make this happen.

To demonstrate how to do this, let’s create a plugin.

First, include the plugin header. The plugin header – which is a a PHP comment block – it was allows WordPress to recognize our plugin.

<?php
/*
  Plugin Name: Run PHP code in Post & Page
  Plugin URI: http://code.tutsplus.com
  Description: Run PHP code in WordPress
  Author: Agbonghama Collins
  Version: 1.0
  Author URI: http://tech4sky.com/
 */

Next, make a call to the add_shortcode function. This function is responsible for actually registering a shortcode with WordPress.

It accepts two argument: the shortcode tag and the callback function to run when the shortcode is called.

add_shortcode( 'phpcode', 'php_include' );

And finally, the shortcode callback function.

function php_include( $attr ) {

    $file = $attr['file'];
    $upload_dir = wp_upload_dir();
    $folder = $upload_dir['basedir'] . '/php-content'. "/$file.php";

    ob_start();
    include ( $folder );
    
    return ob_get_clean();
    
}

Looking at the shortcode function php_include, you could see the shortcode include files from php-content located in wp-content/uploads.
We were able to programatically obtain the using WordPress wp_upload_dir() helper function.

The syntax for the shortcode is [phpcode file="dance"] where the value of attribute file is the PHP file to be included located in /wp-content/uploads/php-content folder.

Using the Shortcode Plugin to Execute PHP

To demonstrate how the Shortcode function works, we are going to create a simple tool that rewrite words backward powered by PHP’s strrev().
Below is the code for the tool to be included in a WordPress post.

<form method="post">
    <textarea name="string"><?php echo ( isset( $_POST['string'] ) ) ? $_POST['string'] : null ;?></textarea>
	<br />
	<input type="submit" name="submit" value="Reverse"/>
</form>

<?php
if ( isset( $_POST['submit'] ) && empty( $_POST['string'] ) ) {
	echo "Field should not be left empty";
} elseif ( isset( $_POST['submit'] ) && ( $_POST['string'] ) ) {
	echo '<div>Copy Result</div>';
	echo '<textarea>';
	echo htmlspecialchars( strrev( $_POST['string'] ) );
	echo '</textarea>';
}

Create a PHP file in /wp-content/uploads/php-content and save the above code snippet in it. let’s call the file wordsbackward.php.

To execute the PHP file, add the short code [phpcode file="wordsbackward"] to the post or page.
Preview the post in your browser and you should see the executed PHP code as shown in the image below.

Conclusion

It’s extremely important to note that if you run a multi-author blog, giving the privilege for authors to execute PHP in post can be a security risk, so you will want to make sure that there is a a security measure in place.

For many, having to create a plugin that leverages shortcodes, separate files, and so on is much more complicated than, say, adding code directly into the WordPress editor. In the next part of the series, we’ll be creating a more advanced version of the plugin that will allow us to do all of the file management from within the WordPress dashboard.

Source: Nettuts+


0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.