Custom PHP code may be embedded in some types of site content, including posts and blocks. While embedding PHP code inside a post or block is a powerful and flexible feature when used by a trusted user with PHP experience, it is a significant and dangerous security risk when used improperly. Even a small mistake when posting PHP code may accidentally compromise your site.
If you are unfamiliar with PHP, SQL, or Drupal, avoid using custom PHP code within posts. Experimenting with PHP may corrupt your database, render your site inoperable, or significantly compromise security.
Notes:
register_globals
is turned off. If you need to use forms, understand and use the functions in the Drupal Form API.print
or return
statement in your code to output content.template.php
file rather than embedding it directly into a post or block.A basic example: Creating a "Welcome" block that greets visitors with a simple message.
Add a custom block to your site, named "Welcome". With its input format set to "PHP code" (or another format supporting PHP input), add the following in the Block body:
print t('Welcome visitor! Thank you for visiting.');
To display the name of a registered user, use this instead:
global $user; if ($user->uid) { print t('Welcome @name! Thank you for visiting.', array('@name' => $user->name)); } else { print t('Welcome visitor! Thank you for visiting.'); }
Drupal.org offers some example PHP snippets, or you can create your own with some PHP experience and knowledge of the Drupal system.
R. Joregensen Antiques offers one of New Englands largest collections of antiques just north of Boston in Wells, Maine. We are proud to be a member of the Antiques Dealers' Association of America, Maine Antiques Dealers Association, and the New Hampshire Antiques Dealer Association.
Copyright © R. Jorgensen Antiques. All rights reserved. | Website by Primal Media.