When a page containing scripts is opened in edit mode, scripts within the page are indicated by red placeholders.
The placeholder can be expanded by dragging the corner whilst you are logged-in but the editor is turned off. The code shown in the placeholder is readonly. To edit the script, turn editing on, right-click the placeholder and select Properties. Here you can change the contents. The Name, Columns and Rows fields are normally left blank. Your script should be surrounded by <?php...?> or <script>...</script> tags as appropriate.
Be aware that it is possible to delete a script placeholder, and doing so deletes the script. If this happens accidentally, use Ctrl-Z to recover it.
Presently the editor has no button to create a script placeholder. One might be added at some point in the future. However, it is very easy to create a placeholder by going into source edit mode and entering a pair of script start and end tags with whatever code you like between them. When the sourcecode changes are committed back into the GUI editor, the script tags will automatically invoke a placeholder. You can also copy and paste an existing placeholder with Ctrl-C, CtrlV to create a second script.
Scripts do not run when in admin/editing mode. (If they did, you would be editing the results of script processing instead of the file as it is, and that would lead to some very confusing and possibly content-damaging situations.) To test your script whilst still in edit mode, use the Preview button, which is to the right of the Save button. Provided you don't press Save, previewing will not change the onsite version of the page.
It is suggested that placeholders should contain only a small amount of code, any complex code being in a php include or linked js file, called from the placeholder.
As of v2.2, online script editing is only permitted for Managers and Administrators. (Security levels 4 & 5) It is felt that this is a more secure arrangement. Note that because of this change, if you log on directly to the page whose scripts you want to edit, the page will automatically refresh in order to enter script-editing mode. If you do not have permission to edit scripted pages, then at this point you will see an 'access denied' notice instead of the page.
If desired, the permission required to edit scripts can be reduced to Editor or Writer level. It is controlled by the inline_scripts item in the [editing] section of siteini.php.
Note that Mara processes scripts by 'playing' the respective files into a webserver buffer, before collating the output and sending it to the browser. Thus, php code in the theme, and php in the page are effectively running in separate processes, and thus one will not necessarily 'see' any globals or public functions created or modified by the other. Both the theme and page can access system globals and functions, and changes to globals made by the page will precede the running of theme scripts. (which might be the reverse of what you expect)
As of Mara 2.01 beta, scripts can be edited with php5.2 or later. This change was made to allow use on some hosts which have yet to adopt php5.3
An ordinary textarea is not a placeholder, and will not function as such.
php in pages is intrinsically more secure in that it cannot be directly browsed, and recent Mara versions require a login to view or edit the programming content of pages containing php code.