Extension 5: How to use PHP in table cells

February 14th, 2010 by Tobias Leave a reply »

This post in my WP-Table Reloaded Extension series should be very useful to a lot of people, taking into consideration the questions I receive on this. Using the code from below, you will extend WP-Table Reloaded so that PHP code in table cells will be parsed and executed. This is useful for dynamic content generation or integration of other plugins’ features.

To get started with WP-Table Reloaded Extensions, you should read the introduction and follow the included instructions. You will also find links to the other presented Extensions there.

Security Warning

Before I start, let me explain, why you should only use this Extension, if you are really sure that you need it and if you really know what you are doing: PHP code is very mighty. Due to the structure of PHP and the HTTP request handling, code that is run from within the table lives in the same “area” as the WordPress (or plugin) PHP code and thus has the same rights and possibilities. However, it is not solely controlled by the admin as the plugin or WP core files usually are.
This is especially critical if you have multiple users registered in your WordPress site: Anyone who can edit tables of WP-Table Reloaded will be able to insert (and with that cause execution of) PHP code. And with that, he can do a lot of bad things, if he wanted! What this means: If you want to use this Extension, make sure that only people who you trust can edit tables in WP-Table Reloaded (using the corresponding setting in the “Plugin Options”). Preferably this should be only admins of your site. Again: Treat this step seriously! Neither WP-Table Reloaded nor the Extension do any checks on whether a user has the right to insert PHP code! Again: If a user can edit tables, he will be able to enter any PHP code he wants! (Obviously, all of this is no problem, if you are the only registered person in your WordPress site.)

I will not take any responsibility if this feature is misused!

If you can, you should avoid using this Extension, i.e. by developing your own Shortcode (remember: Those also work in tables!) as you’ll have control of the underlaying PHP code and not the user who edits a table.

For the PHP developers: The Extension uses PHP’s eval() function. That function takes a string (in our case the cell content) and executes it as PHP. Due to the internal structure of WordPress Shortcodes, we need some output buffering around that function, so that any outputs will not be sent to the browser directly, but together with the output of the [[table id=N /]] Shortcode. (Take this into consideration before using the Extension, as output buffering on a large number of cells might slighty increase the time needed to render a table and the load on your webspace or server.)
Additionally, on certain hosts, the eval() function might be disabled due to security reasons.

Now lets come to the actual code of the Extension:

 * Executes PHP code in table cells
 * @author Tobias Baethge
 * @see https://tobias.baethge.com/2010/02/extension-5-how-to-use-php-in-table-cells/
function wp_table_reloaded_execute_php_in_cells( $cell_content ) {
    eval( '?>' . $cell_content );
    $output = ob_get_clean();
    return $output;
add_filter( 'wp_table_reloaded_cell_content', 'wp_table_reloaded_execute_php_in_cells' );

The code form above just needs to be copied into the file “wp-table-reloaded-extensions.php”, created according to these instructions (after the Plugin Header comment, but before the closing PHP bracket ?>). Then, just activate the new plugin “WP-Table Reloaded Extensions”, if you haven’t. That’s it! :-)

To use PHP in a table, you can now enter commands into your table cells. They have to be valid PHP syntax, including the opening and closing brackets (<?php and ?>). In those commands, you can use the regular echo function to output text. Any text that is not within the brackets will be printed as-is.

If you like this series of Extensions, I’m happy about any feedback, and especially about further suggestions!

Previous posts in this series that might interest you: