PHP in Wordpress Posts - Is this okay?

I've been working with some long lists of information and I've come up with a good way to post it in various formats on my wordpress blog posts.

I installed the exec-PHP plugin, which allows you to run php in posts. I then created a new table (NEWTABLE) in my wordpress database and filled that table with names, scores, and other stuff.

I was then able to use some pretty simple code to display the information in a wordpress post. Below is an example, but you could really do whatever you wanted. My question is - is there a problem with doing this? with security? or memory? I could just type out all the information in each post, but this is really much nicer. Any thoughts are appreciated.

<?php
$theResult = mysql_query("SELECT * FROM NEWTABLE WHERE Score < 100  ORDER BY LastName");

while($row = mysql_fetch_array($theResult))开发者_StackOverflow社区
  {
  echo $row['FirstName'];
  echo " " . $row['LastName'];
  echo " " . $row['Score'];
  echo "<br />";
  }

?> 

It is definitely dicey from a security perspective. Anyone who gets an admin logon to your site can run arbitrary queries on your database.

Not to mention the possibility of you typing the wrong query and nuking your db. Unlikely, but still a risk.

Probably the best way to do this would be to write a plugin that runs that query and displays the result when you put a certain tag in the post.

Alternatively, if this happens for every post, then you could use a template tag in the theme or a setting in the admin area.

This is what shortcodes are for: http://codex.wordpress.org/Shortcode_API

WordPress › Sniplets « WordPress Plugins works with PHP in a kind of "shortcode" fashion. And if you need to run php in pages (as opposed to posts), run it in a page template: Page Templates « WordPress Codex