I'm currently developing a Web platform app in HTML and PHP stuff. I have to develop a registration/login system, and I'm asking myself a question.
I wrote a login form, and I would like to know if is it better to store it in a php function (with a simple echo("all my login form")) or to store it in a .html file. Obviously, the call or the concerned include() will be written in a if($_session()) statement.
I'm just asking about the correct and logical architecture aspect I should follow.
Because you're designing something serious i recommend you to use include instead of functions. Why?
the html is separated from php stuff
cleaner, highlighted html files in web editors
you avoid once and for all those double quotes/escapes and such
you give designers a way to change your file at will; a designer will not touch PHPs.
easier to update files; think templates
an include() can still go onto a function if you insist :)
IMHO, and regardless of language, an include should never have side effects other than importing variables and functions into the current scope.
Hence if you do use an include, it should contain a function that when called produces output. The mere act of calling include should not generate any output.
Include would "include" new code every time it is called. The normal way is to define a function in a php file and require it, before you use it anywhere with require_once, so you would only load the functiondefinition once and could use it everywhere.
You should put in a .html file, it's always better to separate your applications logic and presentation code.
Also, consider using a template engine.
It is better to include in most cases but it depends on how big the file is that u have called
well calling functions again and again each time you wont even like .
well in one of cases u can call a function if its short and not called on other pages
but if u want to implement a logic everywhere like check login ,logout then include is the way to go .
It is better to use include() for your registration system by which you can get a function just by calling it and you don't have to create it at any other pages .just include it and all work is done.this method reduce the redundancy problem and make you code short & simple.
I use include() but tend to name the files blah.template.php instead of .html.
Then, within the template, I can use simple looping, variable substitution, and simple if-else statements.
If the project is larger, I use a minimal templating class that wraps the call to include(). This class, among other things, wraps the call with ob_start() and ob_get_clean() (I think those are the calls) and allows getting the template's output as a string.
Also, for repetitive bits of HTML code, I think it's legit to use "picture functions" that return the HTML code. Picture functions allow you to parameterize the code and add some logic.
Related
I wish to store certain pieces of code in database tables as templates but I am unsure as to whether they are going to create problems or not. I keep reading mixed messages from various different people in different posts and I am just not happy that I am clear on this subject.
I have already worked out that you cannot really echo/ print PHP into a webpage. Obviously you can echo strings of HTML but it becomes awkward when you try to do it with PHP code. The only way I have managed to do this is through eval which is apparently bad in most cases... so I am using another method to implement the templates (i.e. writing a php file to be used as an include file)
The main question I am asking is: is there really a problem with storing the PHP code strings (which include SQL statements) inside text type fields (mediumtext, longtext etc) in tables? Could those SQL statements ever do anything like execute actual actions or would they just remain as text strings?
Just to clarify, the reason I am storing strings of code is because they are templates to be used should the web administrator wish to allocate them to a specific area (div) of the pages.
Use SMARTY or Twig template engine. This will neatly solve your problem and you will not need to store anything in the database. It will also keep your PHP code completely separate from your HTML.
Another option is to use
I can see the need for code in the database for instance if you have multiple sites and want to do a source control between them, and not use any 3rd party software.. I would store in a database and then write the code on to a actual physical page, then run the php from that page...
Do not do this. If your database is ever compromised and someone injects malicious PHP, it may be executed. You should store the templates as files and call them when needed.
And you actually can echo/print PHP. You would do it using eval.
The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.
I have searched and found another with quite close question but the result was YUI Compressor and I didn't find that useful.
I use php to obfuscate my JavaScript code but it is not enough. I need a php script that I can run and then rename all functions and variables to random names (only letters) and ofcause before I obfuscate.
I have seen a few but they are either standalone programs like Java or something you need to pay for, and I can't use that.
Does anyone know a class or code snippet that might be able to do that?
And if the YUI Compressor actually can do that, can anyone point out some help to how I implement it into php?
After writing this long-winded response I began to wonder why you need to obfuscate javascript code in the first place? Javascript code is by nature public and anyone looking at your page can see the result. If you have secret/proprietary things you need to do, look into something like AJAX or otherwise making a callback to your server to do the processing and have it spit out the results for javascript. Any processing you do in javascript will be visible by anyone. Obfuscating just makes debugging harder, and isn't guaranteed to keep someone from cracking the code.
In general use javascript to control presentation, parse results from a server call into the document, and validate user input. Anything secret you want done, do on the server side where they can't see the exact code that is going on.
And with that off my chest here is my response if you still want to go the renaming route:
I haven't taken the time to Google what a YUI compressor is yet, but what you're describing sounds like you would need to parse any javascript and from there go about renaming functions and variables. I see a few issues
If/when your javascript uses built-in variable names like document or window and like-wise built-in functions like .getElementById(). Those you can't touch or the script can't do what it was meant to do.
Javascripts are executed in the context of the browser and might use functions/variables from other javascript files ex an HTML like
<script type="text/javascript" src="a.js"></script>
<script type="text/javascript" src="b.js"></script>
Since b.js was included after a.js, b.js can refer to and use any functions or variables in a.js thus if you scramble the names you will have to make sure any references made in b.js are updated to your new names appropriately.
Depending on how often you are wanting to do this renaming you have a trade off of having the code being cracked easier vs completely trashing the browser cache
Modify the names just once and keep the results - then browsers will cache the responses correctly and your site should work pretty well, however since the names are consistant between calls it will be easier for someone to crack the renaming. Though for this solution you don't necessarily need PHP, just any language or script and run it once
Modify the names per session - probably the best solution and middle of the road though it would require you to keep extra memory associated with each session as to the name changes so any requests for new java script files from the same session get renamed as they should (most modern browsers and server settings will allow for caching of the same named javascript file so as described in point 2 if any functions/variables in a.js are used by another javascript file they will have to be updated accordingly
Modify javascript files per request - this may require you to disable caching of your javascript files as every request for a page will require downloading a new javascript file(s) even if the user reloads the same page. This will lower page loading performance considerably (you have to rename all the functions again and generate a new javascript file, that is then downloaded by the browser and parsed by it) and also increase bandwidth consumption, however no two scripts for a page will be alike.
Overall this doesn't seem like a 1 man (or even 2 or 3 man) project that you want to undertake (unless you have a lot of time on your hands, but then things will have changed), there could be something like this out there already or something close which you could fork off of and modify to your needs. Essentially I think what you are wanting to do would be more work than its worth.
I'm not sure why you want to do this, but it seems like a pretty easy task to do manually.
All you need is to write a function that generates random strings, and in you PHP define variables for all JavaScript functions that you have and have those get assigned random strings. Then just substitute them when you print out your code for the actual JavaScript methods. The only caveat is you need to double check that your random strings aren't ever duplicates. If you can't use numbers (as per your question) then use letters and increment them appending to the back of your random string. So in pseudo code...
$var1 = generateRandomString(); //custom method to create random string and append unique letter at end to guarantee no duplicates.
$function1 = generateRandomString();
and in javascript...
//variable assignment
<?php echo "$var1='foo'"; ?>;
//function definition
function <?php echo "$function1" ; ?>( myArg ){
alert(myArg); //this will alert 'foo'
}
//calling the function
<?php echo "$function1($var1)" ; ?>
etc.
Is it better to have HTML files for including as header and footer in a PHP application instead of PHP files?
I usually do something like the following to keep things neat and consistent:
<?php require_once('includes/header.inc.php'); ?>
<!-- Html here -->
<?php require_once('includes/footer.inc.php'); ?>
If your webapp is written in php I see no reason to deviate away from the php extension as you may want to add some dynamic content into the include at a later date.
including as an header and footer in
php application is good
like
index.php
include_once('header.php');
// your code regarding this page
include_once('footer.php');
It depends - if you have static header and footer html is enough. If you need there any kind of dynamic, then php comes to fight.
when you are building just some very simple php web page i suggest using require_once to include basic layout of the page. It doesnt matter if you are including html or other php code and you should know whether you would benefit from php or not.
Also including html is faster then including php code which is just calling many echos or prints.
Provided you use secure PHP code, it does not make a (significant) difference. I would suggest separating the main application concerns from your header and footer files, to avoid placing costly operations which may be unecessarily repeated in these files. Some guidelines to address possible security issues can be found here: http://phpsec.org/projects/guide/.
If you are using kinds of include for inclusion, the file type doesn't matter, the PHP code in it will execute, if there is one. Note that this is also a subtle security concern.
Because of this, I don't think the file type is relevant in this. The real question is what have you got in the footer and the header, e.g. PHP processing, database calls, ...?
I personally think that is better to require_once your php header and php footer. Maybe it is a bit slower thant hmtml (but not very relevant) but this unnecessary "optimization" doesn't worth the certainly needed php functions used in your header like session_start() or mysql_close() in your footer.
My personal point of view though :)
There is nothing better in including HTML
moreover - a real life will tell you that you can't use plain HTML anyway.
I've answered similar question recently, with strong reasoning: Using PHP include to separate site content
This is what I do
index.php
<?php
include_once('header.php');
//Your code goes here
include_once('footer.php');
?>
and yes it is a better practice to use php files as header and footer.
Hey all. i was wondering what is the best practice to include a footer
in all of my pages. i mean i have about 1000 of them. should i use the
php "include" function: include 'static_footer.html' or is it a bad practice ?
If you have 1000 .php file pages, you may want to look into using an Model-View-Controller solution (like storing the page information in a database and using Code Igniter or something similar to display the information), or a Content Management System of some description.
But, as far as I know, your best bet would be to use the include() function.
include 'footer.php';
There is always the option of using the auto_append_file directive in php.ini to automatically include a file rather than modifying every single page
I believe it is perfectly fine to use an include function. This way, you'll be mimicking a sort of template engine, and it is a good way to avoid using the same code over and over again.
I would say that is definitely a good idea, as it helps adhere to the DRY principle.
Depending on your scenario, it might be worth looking at some php_value setting in a .htaccess file (if you're in a web environment). You can auto_prepend a file to the output, which would save you adding an include statement to every file. This might not suit your needs, but for simple applications, it can.
I'm hosting a multi area solution written in PHP, and each customer has its own template in some HTML files. Now I want these users to be able to use some chunks of dynamic content, but they can't be able to use PHP. I thought something like:
In the HTML file, if I put this:
<ul>[menu-list]</ul>
Will output something like:
<ul><li><a[...]>Home</a></li><li><a[...]>About</a></li>[...]</ul>
Is there any better way of doing it than keep parsing and caching files via file_get_contents() and preg_match_all()?
I want to create about 20 entries like [menu-list], and parsing every file for all of them seems quite expensive to me.
I'd appreciate any suggestion. =D
Perhaps you should consider using a template compiler instead of a template interpreter. That is, instead of each time the page is loaded doing this whole replacement procedure you could simply perform the replacement after the template has been modified. During template editing the cost should be negligible. To implement this compilation you could choose to "compile" in some breadcrumbs so you can go backwards, or you can simply save the original template files for later editing.
Alternatively, you could consider using PHP variable naming conventions and running your templates through an eval, but this poses a number of other issues (like security threats) and doesn't come highly recommended.
Why can't you use Smarty and friends? I would not want to write what you suggest myself.