**Update:** 2.3.1 – Important security fix, should work on PHP4 again. Thanks for all the quick information regarding the break!
runPHP is a [WordPress](http://www.wordpress.org/) plug-in that enables users to embed PHP code directly into their posts.
runPHP 2.3.1 is now available! It *does* work with WordPress 2.2.x; it fixes some important SQL-injection vulnerabilities and should work with PHP4. (Let me know ASAP if it doesn’t!)
### What’s New
* Using a global DEFINE instead of a class static member variable so it works with PHP4 again.
* Adjusted code to catch possible SQL-injection vulnerabilties (Thanks to Benjamin Flesch of [mybeNi websecurity](http://mybeni.rootzilla.de/mybeNi/). )
See the [full changelog](/blog/runphp/runphp-changelog/), or browse our [SVN repository](https://svn.wp-plugins.org/runphp/trunk/).
A forum for discussing issues and experiences with this plugin is available at [www.nosq.com/forum](http://www.nosq.com/forum/). (free, captcha-based registration required) It might be easier to get my attention via the [contact form](/blog/about/) though.
* [runPHP 2.3.1](/download/runPHP2.3.1.zip) – .zip file of latest version – only for WordPress 2.0 or higher
Sorry, but previous (1.5.x) versions of WordPress are no longer supported.
### New Features
* Permission to use runPHP is controlled by Roles and Capabilities
* Configure those permissions in the new runPHP Options page
* Also works in your feeds (RSS, RSS2, Atom, & RDF)
* Better integration with WordPress 2.0 administrative UI
* Internationalization support: English (default), German, and French so far
* Refactored code – friendlier function names, encapsulated in a class
* Now works on PHP4 servers as well! (see caveats, below, though)
## User Manual
See the [runPHP manual](/blog/runphp/runphp-manual/) page.
Also, runPHP has been given its [own page](/blog/runphp/) on this blog. In the future, all updates were be published there, though this entry will remain open for comments.
### Sample Code
<?php $curDate = date('D., F jS Y H:i:s'); echo "\n<p>"; echo 'Right now the server thinks it is ' . $curDate; echo "\n</p>"; ?>
$curDate = date('D., F jS Y H:i:s');
echo ‘Right now the server thinks it is ‘ . $curDate;
### Similar plug-ins
* [EzStatic3](http://redalt.com/wiki/EzStatic3) allows you to embed other HTML or PHP pages into your WordPress posts – this a little different than what runPHP does
* [PhpExec](http://priyadi.net/archives/2005/03/02/wordpress-php-exec-plugin/) does pretty much the same thing runPHP is doing, and some people report better luck getting it to work for them.