We use cookies to improve your experience. No personal information is gathered and we don't serve ads. Cookies Policy.

ExpressionEngine
Log In Sign Up

Allow PHP in posts.

Development and Programming

Lisa Wess's avatar
Lisa Wess
20,502 posts
15 years ago
Lisa Wess's avatar Lisa Wess

See What is a full server path.

Especially if you’re going to have other people editing these entries you do not want entries parsing PHP. Otherwise whomever can edit can output every detail of your PHP/MySQL environment and this opens up a huge security hole.

Why not have the PHP code in the template and an entry with just the values, then feed the custom field values into your PHP. Much safer and easily updated.

       

Reply

Sign In To Reply

ExpressionEngine Home Features Pro Contact Version Support
Learn Docs University Forums
Resources Support Add-Ons Partners Blog
Privacy Terms Trademark Use License

Packet Tide owns and develops ExpressionEngine. © Packet Tide, All Rights Reserved.