Thread: Redirect or not

Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    34
    Rep Power
    2

    Redirect or not


    Hello,

    I am new to the web programming. I have a simple question here.

    I have a User Registration Form register.php. Right now, I am Redirecting to a register-msg.php page, when the user clicks the Register button. register-msg.php displays the registration successful message "A new user Registered".

    Code:
    RedirectToURL("./register-msg.php");
    But I have seen people doing the same thing using the register.php alone. In such case, the entire page content will be inside a <div> and upon successful submission of Registering, we will set the display style of the div to 'none' and the "A new user Registered" message will be displayed by displaying another div.


    Code:
    		<div class="err">        
    		<?php
    		if($success){
    		?>
    		<b>Account Info Updated Successfully.</b>
    		<?php
    		}else{
    		?>
    		<b><?= $editaccount_error_msg; ?></b>
    		<?php
    		}
    		?>
    		</div>        
    
    <div style="display:<?= $submitted_dstyle ?>">
    
            <label  for="name" >Name</label>
            <input class="text" name="name" id="name" type="text" title="Type your full name" 
    .......
    ........
    submitted_dstyle will be set to none on successful submission.

    My question is: Which of these methods is technically good and usually followed in web programming ? The second method reduces the number of pages (used to display messages), but will that make any issues (may be with $_POST values or something) ?

    Please suggest. Thanks.
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    this display: none stuff is certainly not how to do it. If parts of the content are not supposed to show up, then you don't deliver them at all. Sending "dead content" to the client makes no sense and just wastes bandwith.

    So that's not an option. You either use one script which generates different contents (like either a form or a success message). Or you use two different scripts.

    I'd generally favor a single script. Putting trivial content into a separate script isn't very useful. It also doesn't make sense to expose a script which is only a step of a process. I mean, your users certainly don't wanna call "sucess.php" directly -- but a separate script would allow that.

    Indendently of this question, you should always do a redirect after a POST request. Otherwise you'll run into trouble if your users try to reload the page. See the Post/Redirect/Get pattern. In other words, don't output the success message right after you've received the data. Instead, redirect to the same script.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    34
    Rep Power
    2
    Originally Posted by Jacques1
    Hi,

    So that's not an option. You either use one script which generates different contents (like either a form or a success message). Or you use two different scripts.

    I'd generally favor a single script. Putting trivial content into a separate script isn't very useful. It also doesn't make sense to expose a script which is only a step of a process. I mean, your users certainly don't wanna call "sucess.php" directly -- but a separate script would allow that.
    Right now I am using different php pages for showing the success messages. Like register-msg.php, edit-msg.php, contactus-msg.php etc. for register.php, edit.php, contactus.php respectively. But I am checking if the session variable if those msg pages are called directly. So you want me to combine all success messages and make one php like success-msg.php and display the corresponding success message by passing a value to success-msg.php. Am I correct ?

    Indendently of this question, you should always do a redirect after a POST request. Otherwise you'll run into trouble if your users try to reload the page. See the Post/Redirect/Get pattern. In other words, don't output the success message right after you've received the data. Instead, redirect to the same script.
    Right now, I am not redirecting to any page (by calling header("Location: $url"); ). The following is the code for the EditUserInfo page. If I redirect to the same script, then after the submit, the form will be displayed along with the success message right ?

    Code:
    $editaccount_error_msg = "";
    $reseller_dstyle = "block";
    $submitted_dstyle = "block";
    $success = false;
    
    if(isset($_POST['submitted']))
    {
    	//works if the form is submitted
    	if(!$fgmembersite->UpdateUserInfo())
    	{
    		$editaccount_error_msg = $fgmembersite->GetErrorMessage();
    		if($fgmembersite->GetUserType() == "reseller") 
    		{
    			$reseller_dstyle = "none";
    		}
    	}
    	else
    	{
    		//user info updation success. So hide the div to display the success message.
    		$submitted_dstyle = "none"; //hides the entire content of the webpage.
    		$success = true;
    		
    	}
    	
    }
    else 
    {
    	//works if the form is not submitted. (when the page loads initially)
    	if($fgmembersite->GetUserType() == "reseller")
    	{
    		$reseller_dstyle = "none"; //this div hides the unwanted textboxes for the reseller.
    	}
    	
    	if(!$fgmembersite->ReadUserInfo())
    	{
    		$editaccount_error_msg = $fgmembersite->GetErrorMessage();
    	}
    }
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by aniyanrajan6
    So you want me to combine all success messages and make one php like success-msg.php and display the corresponding success message by passing a value to success-msg.php. Am I correct ?
    No, I'm saying that each error message should be generated by the script which is responsible for the overall process. So you have one register.php which handles the registration and generates the registration success message at the end. And you have one edit.php for the edit process including the success message etc.



    Originally Posted by aniyanrajan6
    Right now, I am not redirecting to any page (by calling header("Location: $url"); ). The following is the code for the EditUserInfo page. If I redirect to the same script, then after the submit, the form will be displayed along with the success message right ?
    If that's what you want, you can do it like that. But it probably makes more sense to only display the success message. Simply set a session value like "has_just_registered" right before you redirect and check this value in the script. If it's set, then you display the message (and unset the value). If it's not set, you display the form.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    34
    Rep Power
    2
    Originally Posted by Jacques1
    No, I'm saying that each error message should be generated by the script which is responsible for the overall process. So you have one register.php which handles the registration and generates the registration success message at the end. And you have one edit.php for the edit process including the success message etc.


    If that's what you want, you can do it like that. But it probably makes more sense to only display the success message. Simply set a session value like "has_just_registered" right before you redirect and check this value in the script. If it's set, then you display the message (and unset the value). If it's not set, you display the form.
    So in the above two paragraphs, you are talking about redirecting to the same php page, right ? (success message, error message and the form are in the same php file).
  10. #6
  11. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Yes.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2009
    Posts
    696
    Rep Power
    7
    And just to maybe toss in an example of something I may do to stay within a single file. I meerly build my page via the address. The first main items being as: ?loc=modName&action=something The 'loc' provides a modules to tell my index.php which is the single file that run every page which modue to load into the main content area. The 'action' provides the script knowledge at to what we truely wish to do. In the example below, if someone has click Add New.. button, the 'case' will use the action=new to define variables, and possibly an action. The same form gets used lower in the page, but puilt differently base on what is filled in here. Once submitted, it comes back to this same page, but with a action=create. Now it will meerly run its proccess to enter the new info info the page in the background and redirect back to this page again, but action=viewa.

    PHP Code:
    $action = $_GET['action'];
    switch($action) {
      case "add":
        $purchString = "";
        $submit = " Click This Button to Create Prospective Contract ";
        $formAction = "?loc=serv&action=create";
        break;
      case "create":
        $PStamp = new DateTime();
        $distrib = (isset($_POST['distrib']) ? 1 : 0);
        $BStatus = ($distrib == 1 ? 0 : 1);
        $BNote =  ($distrib == 1 ? 'Sold by Distributor - No Bonus for this contract.' : NULL);
        $statement = $link->prepare("INSERT INTO `servicecontracts` (`CID`, `MID`, `PStamp`, `PUID`, `PTID`, `Distributor`, `BStatus`, `BNote`) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
        $statement->bind_param('iisiiiis', $_POST['CID'], $_POST['MID'], $PStamp->format('Y-m-d H:i:s'), $_SESSION['ID'], $_POST['PTID'], $distrib, $BStatus, $BNote);
        $statement->execute();
        $statement->close();
        $statement = $link->prepare("SELECT `ID` FROM `servicecontracts` WHERE `PStamp` = ?");
        $statement->bind_param('s', $PStamp->format('Y-m-d H:i:s'));
        $statement->execute();
        $statement->bind_result($col1);
        while ($statement->fetch()) { $ID = $col1; }
        $statement->close(); ?>
        <script type="text/javascript">
          <!--
          window.location = "?loc=serv&action=viewa&id=<?php echo $_GET['id']; ?>"
          //-->
        </script><?php
        
    break;
      case 
    "viewa":
        
    $ID $_GET['id'];
        
    $var setVars($ID);
        
    $purchString "This Prospective Contract has been purchased and changed to an Active Contract.";
        
    $formAction "?loc=serv&action=accounting&id=" $ID;
        break;
    He who knows not and knows not he knows not: he is a fool - shun him. He who knows not and knows he knows not: he is simple - teach him. He who knows and knows not he knows: he is asleep - wake him. He who knows and knows he knows: he is wise - follow him
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    34
    Rep Power
    2
    Originally Posted by Jacques1
    Yes.
    So even if I redirect to the same page after POST, still I have to hide / show the div's for the form and for the messages right ? I think this is the only way to do it, even if it happens after a Redirect.

    This contradicts with what you said:
    Code:
    this display: none stuff is certainly not how to do it. If parts of the content are not supposed to show up, then you don't deliver them at all. Sending "dead content" to the client makes no sense and just wastes bandwith.
    Please clarify. Thanks.
  16. #9
  17. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by aniyanrajan6
    So even if I redirect to the same page after POST, still I have to hide / show the div's for the form and for the messages right ?
    No. I wonder how you even got to this idea.

    PHP is fully responsible for generating the page content that gets sent back to the client, right? This means the same script can generate completely different contents. For example, the same test.php could randomly choose between sending an HTML document, a Word file or the picture of a cute kitten. You're free to send any content you want.

    In your case, you either want a form or a message. So you write your script in such a way that it will either send a form or a message:

    PHP Code:
    <?php if ($display == 'success_message'): ?>
        <p>You've been registered successfully!</p>
    <?php else: ?>    
        <h1>Register at my cool new site!</h1>
        <form action="register.php" method="post">
            
        </form>
    <?php endif; ?>
    Why would you hide the other content as opposed to simply not sending it in the first place?
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  18. #10
  19. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    34
    Rep Power
    2
    Oh, now I got your point. You are talking about generating the page content dynamically. I mean everything inside <?PHP tag. I never thought of that. In my webpages, I have been trying to separate the PHP and HTML. I followed the design of

    https://github.com/simfatic/RegistrationForm

    So I always did the following kind of coding. In this, the success messages are displayed in the redirected thank-you.html and the error messages on the same page.

    Code:
    <?PHP
    require_once("./include/membersite_config.php");
    
    if(isset($_POST['submitted']))
    {
       if($fgmembersite->RegisterUser())
       {
            $fgmembersite->RedirectToURL("thank-you.html");
       }
    }
    
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
    <head>
        <meta http-equiv='Content-Type' content='text/html; charset=utf-8'/>
        <title>Register</title>
        <link rel="STYLESHEET" type="text/css" href="style/fg_membersite.css" />
        <script type='text/javascript' src='scripts/gen_validatorv31.js'></script>
        <link rel="STYLESHEET" type="text/css" href="style/pwdwidget.css" />
        <script src="scripts/pwdwidget.js" type="text/javascript"></script>      
    </head>
    <body>
    
    <!-- Form Code Start -->
    <div id='fg_membersite'>
    <form id='register' action='<?php echo $fgmembersite->GetSelfScript(); ?>' method='post' accept-charset='UTF-8'>
    <fieldset >
    <legend>Register</legend>
    
    <input type='hidden' name='submitted' id='submitted' value='1'/>
    
    <div class='short_explanation'>* required fields</div>
    <input type='text'  class='spmhidip' name='<?php echo $fgmembersite->GetSpamTrapInputName(); ?>' />
    
    <div><span class='error'><?php echo $fgmembersite->GetErrorMessage(); ?></span></div>
    <div class='container'>
        <label for='name' >Your Full Name*: </label><br/>
        <input type='text' name='name' id='name' value='<?php echo $fgmembersite->SafeDisplay('name') ?>' maxlength="50" /><br/>
        <span id='register_name_errorloc' class='error'></span>
    </div>
    <div class='container'>
        <label for='email' >Email Address*:</label><br/>
        <input type='text' name='email' id='email' value='<?php echo $fgmembersite->SafeDisplay('email') ?>' maxlength="50" /><br/>
        <span id='register_email_errorloc' class='error'></span>
    </div>
    <div class='container'>
        <label for='username' >UserName*:</label><br/>
        <input type='text' name='username' id='username' value='<?php echo $fgmembersite->SafeDisplay('username') ?>' maxlength="50" /><br/>
        <span id='register_username_errorloc' class='error'></span>
    </div>
    <div class='container' style='height:80px;'>
        <label for='password' >Password*:</label><br/>
        <div class='pwdwidgetdiv' id='thepwddiv' ></div>
        <noscript>
        <input type='password' name='password' id='password' maxlength="50" />
        </noscript>    
        <div id='register_password_errorloc' class='error' style='clear:both'></div>
    </div>
    
    <div class='container'>
        <input type='submit' name='Submit' value='Submit' />
    </div>
    
    </fieldset>
    </form>
    <!-- client-side Form Validations:
    Uses the excellent form validation script from JavaScript-coder.com-->
    
    <script type='text/javascript'>
    // <![CDATA[
        var pwdwidget = new PasswordWidget('thepwddiv','password');
        pwdwidget.MakePWDWidget();
        
        var frmvalidator  = new Validator("register");
        frmvalidator.EnableOnPageErrorDisplay();
        frmvalidator.EnableMsgsTogether();
        frmvalidator.addValidation("name","req","Please provide your name");
    
        frmvalidator.addValidation("email","req","Please provide your email address");
    
        frmvalidator.addValidation("email","email","Please provide a valid email address");
    
        frmvalidator.addValidation("username","req","Please provide a username");
        
        frmvalidator.addValidation("password","req","Please provide a password");
    
    // ]]>
    </script>
    
    <!--
    Form Code End (see html-form-guide.com for more info.)
    -->
    
    </body>
    </html>
    So if I understand you correctly, I need to change the design, so that what ever contents (form or messages) displayed on the page should come from the <?PHP if-else, right ? Like the following - Just display the headers and footers as static content outside the php tag. Thanks.

    Code:
    <?PHP
    require_once("./include/membersite_config.php");
    
    if(isset($_POST['submitted']))
    {
       if($fgmembersite->RegisterUser())
       {
            $fgmembersite->RedirectToURL("http://www.mydomian/register.php");
       }
       else
       {
    	//Copy paste the entire HTML code for the error messages here
       }
    }
    
    if ($display == 'success_message')
    {
    	//display the success message here.
    }
    else
    {
    
    	//Copy paste the entire form code here. (Initial Displaying)
    }
    
    ?>
    
    
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
    <head>
        <meta http-equiv='Content-Type' content='text/html; charset=utf-8'/>
        <title>Register</title>
        <link rel="STYLESHEET" type="text/css" href="style/fg_membersite.css" />
        <script type='text/javascript' src='scripts/gen_validatorv31.js'></script>
        <link rel="STYLESHEET" type="text/css" href="style/pwdwidget.css" />
        <script src="scripts/pwdwidget.js" type="text/javascript"></script>      
    </head>
    <body>
    
    <!-- client-side Form Validations:
    Uses the excellent form validation script from JavaScript-coder.com-->
    
    <script type='text/javascript'>
    // <![CDATA[
        var pwdwidget = new PasswordWidget('thepwddiv','password');
        pwdwidget.MakePWDWidget();
        
        var frmvalidator  = new Validator("register");
        frmvalidator.EnableOnPageErrorDisplay();
        frmvalidator.EnableMsgsTogether();
        frmvalidator.addValidation("name","req","Please provide your name");
    
        frmvalidator.addValidation("email","req","Please provide your email address");
    
        frmvalidator.addValidation("email","email","Please provide a valid email address");
    
        frmvalidator.addValidation("username","req","Please provide a username");
        
        frmvalidator.addValidation("password","req","Please provide a password");
    
    // ]]>
    </script>
    
    <!--
    Form Code End (see html-form-guide.com for more info.)
    -->
    
    </body>
    </html>
  20. #11
  21. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    You don't need to write the HTML directly into the PHP code. Putting it into separate files is actually good practice.

    In modern applications, you usually have a separate folder of HTML templates written in a template language like Twig. Those files contain HTML and possibly placeholders and simple control structures (if statements, loops etc.). Your main script then uses the templates to dynamically render the output.

    So your PHP script would contain pure PHP. And all the HTML is in the template files.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  22. #12
  23. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    34
    Rep Power
    2
    Originally Posted by Jacques1
    You don't need to write the HTML directly into the PHP code. Putting it into separate files is actually good practice.
    Yes, a separate file would be better for each piece of HTML code. Otherwise I have to use an echo for each line of HTML inside the php tag:

    Code:
    if ($success == true)
    {
    	//display the success message here.
    	Echo "<div class='contents'>";
    	Echo "<h1>Contact Us</h1>";
    	Echo "<p style='color:red'><b>Thank you for contacting us. We will get back to you soon.</b></p>";
    	
    	Echo "</div><!-- contents -->";	
    }
    else
    {
    
    	//Copy paste the entire form code here. (Initial Displaying)
    }
    So if I put all my HTML code in a separate file (may be 3 or 4 files, to use in different places in php), how can I include the html file in php ? Sorry, I am a newbie in php and html. Thanks.
  24. #13
  25. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by aniyanrajan6
    So if I put all my HTML code in a separate file (may be 3 or 4 files, to use in different places in php), how can I include the html file in php ?
    You cannot do this with static HTML files, because you need to be able to insert dynamic content into the HTML. Just look at your HTML above: There are PHP variables everywhere.

    You have two possibilities: You either stick to the current mixture of PHP and HTML and only put static content (like the success message) into separate files. That would actually be almost identical to your current code, except that you would replace the redirect with readfile().

    Or you use a dedicated template engine like Twig which allows you to insert variables into the HTML and do basic programming tasks. You may also use PHP itself as a template engine, but that's not something I recommend.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  26. #14
  27. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    34
    Rep Power
    2
    Originally Posted by Jacques1
    You cannot do this with static HTML files, because you need to be able to insert dynamic content into the HTML. Just look at your HTML above: There are PHP variables everywhere.

    You have two possibilities: You either stick to the current mixture of PHP and HTML and only put static content (like the success message) into separate files. That would actually be almost identical to your current code, except that you would replace the redirect with readfile().
    Yes, unfortunately I have inline php code with HTML. So it is not possible to move the entire <form> to a different .html file. But I can save the code in <form> as a .php file and then include it in the main php code. As follows. Will this method work ? (I did a quick change, but didn't tested it properly. Anyway, it displays the page properly.)

    Code:
    <?PHP
    require_once("./include/header.php");
    require_once("./include/membersite_config.php");
    
    session_start();
    $captcha_error_msg = "";
    $login_error_msg = "";
    $sendemail_error_msg = "";
    $success = false;
    
    
    if(isset($_POST['submitted']))
    {
    	/** Validate captcha */
    	if (!empty($_REQUEST['captcha'])) {
    	    if (empty($_SESSION['captcha']) || trim(strtolower($_REQUEST['captcha'])) != $_SESSION['captcha']) {
    	        /* Invalid captcha */
    			$captcha_error_msg = "Invalid captcha";
    
    	    } else {
    	        /* Valid captcha */
    	       if($fgmembersite->SendContactUsEmail())
    		   {
    		        $success = true;
    		   		$fgmembersite->RedirectToURL("http://www.mydomain.com/contact.php");
    		        exit();
    		   }
    		   else
    		   {
    		   		$sendemail_error_msg = $fgmembersite->GetErrorMessage();
    		   }		   
    	    }
    	
    	    unset($_SESSION['captcha']);
    	}
    }
    
    if(isset($_POST['loginpressed']))
    {
    
       if($fgmembersite->Login())
       {
    	   	$fgmembersite->RedirectToURL("http://www.mydomain.com/workbench.php");
    	   	exit();
       	
       }
       else
       {
       		$login_error_msg = $fgmembersite->GetErrorMessage();
       }     
    }
    
    if ($success == true)
    {
    	//display the success message here.
    
    	Echo "<p style='color:red'><b>Thank you for contacting us. We will get back to you soon.</b></p>";
    }
    else
    {
    
    	//Copy paste the entire form code here. (Initial Displaying)
    	require_once("contact-form.php");
    }
    
    ?>
    
    
    <?php
    include ("./login.php");
    include ("./include/footer.php");
    ?>
  28. #15
  29. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    That's what I meant with: You can use PHP itself as a template engine.

    So, yes, this works. And it's probably the easiest solution for now. But as your application and your templates get more complex, you'll quickly find out that PHP isn't the right tool for this task. It simply isn't a template engine -- at least not a good one.

    To name just a few problems you'll sooner or later encounter with PHP templates:

    • The templates generally aren't isolated from the main script. They have full access to everything that resides in the script, which is the straight path to security issues and debugging hell.
    • There are no restrictions on what the templates can do. They're supposed to only generate HTML, but nothing prevents them from, say, writing to the database. This means you need a lot of discipline to restrict yourself. Otherwise, you'll quickly end up cluttering your "templates" with program logic.
    • PHP totally lacks all modern template features. There's no automatic escaping, no layout logic, nothing. For example, modern template engine let you define a basic layout with all the <html>, <head> etc. and then extend it in the other templates. This isn't possible with PHP. The best you can do is this header/footer hack.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo