WordPress filters all content to make sure that no one uses posts and page content to insert malicious code in the database. This means that you can write basic HTML in your posts, but you cannot write PHP code.
To better understand shortcodes, lets take a look at the background of why they were added in the first place.
content in WordPress posts, pages, and sidebar widgets. They are displayed inside square brackets like this:
But what if you wanted to run some custom code inside your posts to display related posts, banner ads, contact forms, galleries, etc?