'. t('The PHP filter adds the ability to include PHP code in posts. PHP is a general-purpose scripting language widely-used for web development; the content management system used by this website has been developed using PHP.') .'

'; $output .= '

'. t('Through the PHP filter, users with the proper permission may include custom PHP code within a page of this site. While this is a powerful and flexible feature if used by a trusted user with PHP experience, it is a significant and dangerous security risk in the hands of a malicious user. Even a trusted user may accidentally compromise the site by entering malformed or incorrect PHP code. Only the most trusted users should be granted permission to use the PHP filter, and all PHP code added through the PHP filter should be carefully examined before use.') .'

'; $output .= '

'. t('Drupal.org offers some example PHP snippets, or you can create your own with some PHP experience and knowledge of the Drupal system.', array('@drupal' => url('http://drupal.org'), '@php-snippets' => url('http://drupal.org/handbook/customization/php-snippets'))) .'

'; return $output; } } /** * Implementation of hook_filter_tips(). */ function php_filter_tips($delta, $format, $long = false) { global $base_url; if ($delta == 0) { switch ($long) { case 0: return t('You may post PHP code. You should include <?php ?> tags.'); case 1: return t('

Using custom PHP code

If you know how to script in PHP, Drupal gives you the power to embed any script you like. It will be executed when the page is viewed and dynamically embedded into the page. This gives you amazing flexibility and power, but of course with that comes danger and insecurity if you don\'t write good code. If you are not familiar with PHP, SQL or with the site engine, avoid experimenting with PHP because you can corrupt your database or render your site insecure or even unusable! If you don\'t plan to do fancy stuff with your content then you\'re probably better off with straight HTML.

Remember that the code within each PHP item must be valid PHP code - including things like correctly terminating statements with a semicolon. It is highly recommended that you develop your code separately using a simple test script on top of a test database before migrating to your production environment.

Notes:

You can use global variables, such as configuration parameters, within the scope of your PHP code but remember that global variables which have been given values in your code will retain these values in the engine afterwards.
register_globals is now set to off by default. If you need form information you need to get it from the "superglobals" $_POST, $_GET, etc.
You can either use the print or return statement to output the actual content for your item.

A basic example:

You want to have a box with the title "Welcome" that you use to greet your visitors. The content for this box could be created by going:
print t("Welcome visitor, ... welcome message goes here ...");
If we are however dealing with a registered user, we can customize the message by using:
global $user;
if ($user->uid) {
  print t("Welcome $user->name, ... welcome message goes here ...");
}
else {
  print t("Welcome visitor, ... welcome message goes here ...");
}

For more in-depth examples, we recommend that you check the existing Drupal code and use it as a starting point, especially for sidebar boxes.

'); } } } /** * Implementation of hook_filter(). Contains a basic PHP evaluator. * * Executes PHP code. Use with care. */ function php_filter($op, $delta = 0, $format = -1, $text = '') { switch ($op) { case 'list': return array(0 => t('PHP evaluator')); case 'no cache': // No caching for the PHP evaluator. return $delta == 0; case 'description': return t('Executes a piece of PHP code. The usage of this filter should be restricted to administrators only!'); case 'process': return drupal_eval($text); default: return $text; } }