Web design PHP etiquette question

Toggle sidebar Toggle sidebar
A

Alex

Diamond Member
Oct 26, 1999
6,995
0
0
(as soon as I get my hosting sorted out I'll put my site on the web so you can actually see what I'm talking about)

I'm using PHP & includes to have a multi-lingual website and since it is relatively small (there are 6 small sections and a welcome page) I decided to have all of the website on 1 php file. since the layout is exactly the same and only the content changes from one page to another, I decided it would be easier to use _GET and _SESSION variables to determine what section the user is going to and displaying the content dynamically using PHP, so the user never actually leaves Index.php.

In order to allow for better bookmarking I made sure to use _GET extensively so, in effect, the user can actually bookmark different sections of the site.

Are there any downsides to this design choice? I realize that if the site grows I might have some trouble maintaining it but really it isn't expected to get much bigger than it already is..
 
T

troytime

Golden Member
Jan 3, 2006
1,996
1
0
just make the navigational files includes and have a seperate page for each section/page on the site

that way you'll have friendly urls AND ease of making edits

i don't see ANY positives for the one file does it all style
 
A

Alex

Diamond Member
Oct 26, 1999
6,995
0
0
Originally posted by: troytime
just make the navigational files includes and have a seperate page for each section/page on the site

that way you'll have friendly urls AND ease of making edits

i don't see ANY positives for the one file does it all style
Click to expand...

you could be right... :)

one advantage in my books is that the entire site is smaller, but I guess if i just included the content and had different php files for each section it wouldn't make much of a difference.
 
J

jjones

Lifer
Oct 9, 2001
15,424
2
0
Whatever you choose to do, just be sure that the variables you are using are validated before using them. This is especially important with get variables as the user can see exactly what you are expecting in the URL and can then provide their own values to see if you have any script vulnerabilities. If you are using get variables to call includes, be extra careful with that. Try to avoid using the actual variable. Instead, use the variable to specify which predetermined value will be used. Usually you can do this by putting the expected values in an array and then deciding which one will be used by the get variable. The include would use the value from the array, rather the the get variable value.

As for using one page for all, doesn't really make any difference on such a small site as far as I can tell.
 
A

Alex

Diamond Member
Oct 26, 1999
6,995
0
0
Originally posted by: jjones
Whatever you choose to do, just be sure that the variables you are using are validated before using them. This is especially important with get variables as the user can see exactly what you are expecting in the URL and can then provide their own values to see if you have any script vulnerabilities. If you are using get variables to call includes, be extra careful with that. Try to avoid using the actual variable. Instead, use the variable to specify which predetermined value will be used. Usually you can do this by putting the expected values in an array and then deciding which one will be used by the get variable. The include would use the value from the array, rather the the get variable value.

As for using one page for all, doesn't really make any difference on such a small site as far as I can tell.
Click to expand...

As far as putting the expected values in the array and then deciding from the _GET variable, isn't that just redundant? If someone alters the _GET variable, if its a valid one it will still get validated.

the way i'm doing it is:

the navigation is controlled by _SESSION and if _GET changes to one of the valid values then _SESSION changes too and the files are included by the _SESSION array values.

i use that so that language settings are remembered when changing page section.
 
J

jjones

Lifer
Oct 9, 2001
15,424
2
0
Well, I think you are probably okay if you are using a preset array of session variables for the includes, and just using get to determine which session array set to use. As long as these values are all set by you, I'm pretty sure you won't have security issues. That's pretty much the same as to what I was referring to.
 
A

Alex

Diamond Member
Oct 26, 1999
6,995
0
0
fair enough! :)

thx dude from your posts I can see you know a whole lot about php :D
 
J

jjones

Lifer
Oct 9, 2001
15,424
2
0
Yeah, the one thing you don't want to do is something like include($_GET['myPage']).

Bah, I only know a little php, but I keep learning. :D
 
A

Alex

Diamond Member
Oct 26, 1999
6,995
0
0
Originally posted by: jjones
Yeah, the one thing you don't want to do is something like include($_GET['myPage']).

Bah, I only know a little php, but I keep learning. :D
Click to expand...

hehehehe ;)

:beer:
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom