2-in-1 pages is it bad practice ?
Moderator: General Moderators
2-in-1 pages is it bad practice ?
Hi all,
Is it bad to use 2-in-1 pages ? I tend to use them for admin edit pages so if i click on a link or fill out a form it will link to itself but then show a second part of the page which is only visible when you click the link or fill out the form.
What is your views on this?
Rippie
Is it bad to use 2-in-1 pages ? I tend to use them for admin edit pages so if i click on a link or fill out a form it will link to itself but then show a second part of the page which is only visible when you click the link or fill out the form.
What is your views on this?
Rippie
Re: 2-in-1 pages is it bad practice ?
I do this frequently, as long as the scripts are relatively small & simple. I find it easier this way because I can keep all involved logic in 1 php (the form/input and the processing parts often have some overlap).
Re: 2-in-1 pages is it bad practice ?
Do you ever have a action file that you include and then do your actions from there ? was thinking about this the other day if that would be any better.
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: 2-in-1 pages is it bad practice ?
I use the same principle, but only in admin pages. Any page that an unknown visitor will handle i tend to refer to an 'action' page. Except for error reporting, that i leave on the 'form' page so the user know what they did and don't have to navigate back to the previous page to rectify the mistake.Rippie wrote:Is it bad to use 2-in-1 pages ?
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Re: 2-in-1 pages is it bad practice ?
Thank you very much guys, this has helped me 
can you recommend any php security additions to make sure that users cant mess up with login forms etc? So far i am using stripslashes(); on my $_POST vars and before they go into mysql i do a mysql_real_escape_string(); on them as well.
Any advise is appreciated.
can you recommend any php security additions to make sure that users cant mess up with login forms etc? So far i am using stripslashes(); on my $_POST vars and before they go into mysql i do a mysql_real_escape_string(); on them as well.
Any advise is appreciated.
- flying_circus
- Forum Regular
- Posts: 732
- Joined: Wed Mar 05, 2008 10:23 pm
- Location: Sunriver, OR
Re: 2-in-1 pages is it bad practice ?
Are Magic Quotes enabled on your server?Rippie wrote:So far i am using stripslashes(); on my $_POST vars
What are you doing for data validation?
Re: 2-in-1 pages is it bad practice ?
Magic Quotes are not enabled. and other than checking that my variables are not empty and if there already is something in the DB with same details. I dont do other validation yet.Are Magic Quotes enabled on your server?
What are you doing for data validation?
- flying_circus
- Forum Regular
- Posts: 732
- Joined: Wed Mar 05, 2008 10:23 pm
- Location: Sunriver, OR
Re: 2-in-1 pages is it bad practice ?
Why stripslashes then?Rippie wrote:Magic Quotes are not enabled.
- hypedupdawg
- Forum Commoner
- Posts: 74
- Joined: Sat Apr 10, 2010 5:21 am
Re: 2-in-1 pages is it bad practice ?
It would be good to get into the habit of using regex expressions for your validation; there is an entire forum dedicated to it here, and another good website is here.
A good example that I use frequently is checking for a colour code (e.g. FFCC66) by using the regex for six hexadecimal digits:Remember always to do validation in PHP at the start of the script / page, as javascript can be easily disabled or bypassed.
EDIT: I should mention the syntax used for regex expressions, which is:
preg_match(regex_string, test_string)
A good example that I use frequently is checking for a colour code (e.g. FFCC66) by using the regex for six hexadecimal digits:
Code: Select all
if(preg_match('/^[0-9a-fA-F]{6}$/', $_GET['bg'])==1)
{
//some code here
}
else
{
//some errors here
}EDIT: I should mention the syntax used for regex expressions, which is:
preg_match(regex_string, test_string)