PHP in templates- yay or nay?

While it is possible to use php in templates (if the allow_php config override is used), it’s not recommended. Performance, accessibility for less technical users, and security are all in play. Plus it’s usually just as easy to spin up an add-on.

Piling on to add agreement. Allowing PHP in templates opens up a huge entry point for malicious players and makes debugging said PHP a nightmare. Avoid at all costs. As the above said, “spin up an add-on” instead. Always.

While the issues raised above are all accurate – security, debug-ability, performance (sometimes) – I would argue there’s a middle ground here:

• For people using EE for the first time, there’s often a temptation to use PHP in the template because that’s familiar ground, when often there’s an EE-tag-native way, or a great possibly free add-on, that would make the PHP unnecessary. It’s worth the time to investigate that path.

• For advanced users, PHP in the template is really not that much faster than creating your own add-on and then it’s future-proof, re-useable, safer, etc. etc. Writing huge tools across templates is much harder than creating a packaged add-on.

But there are definitely those times when doing one particular something in a particular template with some custom PHP is absolutely the most efficient and effective way to solve a problem in the moment. So It’s not that PHP-in-template is always a bad idea. It’s just that usually there are better ways to get the outcome you want.