What is the best (secure) way to run PHP code on a Drupal 8 system?

Question

I am pretty new with Drupal. I have installed Drupal 8.17 on my webserver and now I am configuring it.

It runs on Ubuntu 16.04 with Apache 2.4 and PHP-7.0, the DBMS is PostgreSQL 9.5.

I would like to execute some PHP code is some pages. I have read that there was PHP Filter in Drupal 7, but it is now moved to modules and it warns user than:

Warning Enabling this module can cause security and performance issues as it allows users to execute PHP code on your site. There are better alternatives out there that do not expose such vulnerabilities on your site.

But I cannot find any alternative over the web. Then I found Drupal SE, and I am asking for user advice: What is the best way (I mean secure way) to run PHP code on a Drupal 8 system?

I must connect another PostgreSQL DB, perform query on it and display results in Drupal. Essentially this will be done in pages that only administrator can read an modify.

Answer 1

Some Drupal devs are keen on never putting PHP code in the Database, but this means you will have to know the intricacies of Drupal 8 in order to figure out how to expose what you need by creating a custom module. This can be a time sink if you just want to do something super simple.

But if you aren't that hardcore, turning on the PHP is fine if you just don't have the time or need to create a custom module to say print something out from the $user array.

I personally just use the PHP module on my sites. It's quick and efficient vs making a custom module. Obviously deciding on which approach to take depends on the site and client your working with. Does it have valuable user data? Does it have millions of user hits a day? Or is it just a purely informational site with only a few hits a day? Do you think the client would mess around with other parts of the site or are they just purely just updating content?