How to run PHP securely in a page?

  • I access GSuite with gam, a command line utility, as well as put rows in a user-defined table in the WP database.

    Since the web page only renders what I tell it to, is this enough? I currently execute the scripts as the web user (www-data), and the code is in the middle of the page, determining the SQL query & results they see (based on GS parameters gathered via gam)…

    Currently extremely pleased with:

    PHP Code For Posts
    Network Active
    Insert and Execute PHP Code in WordPress Content. This plugin also enables shortcodes for the text widget.
    Version 2.1.3.1 | By Jamie Fraser

Viewing 1 replies (of 1 total)
  • Moderator bcworkz

    (@bcworkz)

    Any data from outside of what you directly control must be handled properly. This includes any themes or plugins or any other executable code on your server. Your PHP page is only one small part of the security equation. Every aspect needs to be secure, an attacker only needs one weakness for success. Without knowing what data you are dealing with nor what it’s source is, it’s impossible to answer your question. Maybe these links will help:
    Validating Sanitizing and Escaping User Data
    Data Validation
    Securing Input

Viewing 1 replies (of 1 total)
  • The topic ‘How to run PHP securely in a page?’ is closed to new replies.