2-in-1 pages is it bad practice ?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Rippie
Forum Commoner
Posts: 76
Joined: Sun Jan 10, 2010 11:32 am
Location: Nottingham

2-in-1 pages is it bad practice ?

Post by Rippie »

Hi all,

Is it bad to use 2-in-1 pages ? I tend to use them for admin edit pages so if i click on a link or fill out a form it will link to itself but then show a second part of the page which is only visible when you click the link or fill out the form.

What is your views on this?

Rippie
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: 2-in-1 pages is it bad practice ?

Post by Apollo »

I do this frequently, as long as the scripts are relatively small & simple. I find it easier this way because I can keep all involved logic in 1 php (the form/input and the processing parts often have some overlap).
Rippie
Forum Commoner
Posts: 76
Joined: Sun Jan 10, 2010 11:32 am
Location: Nottingham

Re: 2-in-1 pages is it bad practice ?

Post by Rippie »

Do you ever have a action file that you include and then do your actions from there ? was thinking about this the other day if that would be any better.
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: 2-in-1 pages is it bad practice ?

Post by social_experiment »

Rippie wrote:Is it bad to use 2-in-1 pages ?
I use the same principle, but only in admin pages. Any page that an unknown visitor will handle i tend to refer to an 'action' page. Except for error reporting, that i leave on the 'form' page so the user know what they did and don't have to navigate back to the previous page to rectify the mistake.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Rippie
Forum Commoner
Posts: 76
Joined: Sun Jan 10, 2010 11:32 am
Location: Nottingham

Re: 2-in-1 pages is it bad practice ?

Post by Rippie »

Thank you very much guys, this has helped me :)

can you recommend any php security additions to make sure that users cant mess up with login forms etc? So far i am using stripslashes(); on my $_POST vars and before they go into mysql i do a mysql_real_escape_string(); on them as well.

Any advise is appreciated.
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: 2-in-1 pages is it bad practice ?

Post by flying_circus »

Rippie wrote:So far i am using stripslashes(); on my $_POST vars
Are Magic Quotes enabled on your server?

What are you doing for data validation?
Rippie
Forum Commoner
Posts: 76
Joined: Sun Jan 10, 2010 11:32 am
Location: Nottingham

Re: 2-in-1 pages is it bad practice ?

Post by Rippie »

Are Magic Quotes enabled on your server?

What are you doing for data validation?
Magic Quotes are not enabled. and other than checking that my variables are not empty and if there already is something in the DB with same details. I dont do other validation yet.
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: 2-in-1 pages is it bad practice ?

Post by flying_circus »

Rippie wrote:Magic Quotes are not enabled.
Why stripslashes then?
User avatar
hypedupdawg
Forum Commoner
Posts: 74
Joined: Sat Apr 10, 2010 5:21 am

Re: 2-in-1 pages is it bad practice ?

Post by hypedupdawg »

It would be good to get into the habit of using regex expressions for your validation; there is an entire forum dedicated to it here, and another good website is here.

A good example that I use frequently is checking for a colour code (e.g. FFCC66) by using the regex for six hexadecimal digits:

Code: Select all

if(preg_match('/^[0-9a-fA-F]{6}$/', $_GET['bg'])==1)
			{
			//some code here
			}
else
			{
			//some errors here
			}
Remember always to do validation in PHP at the start of the script / page, as javascript can be easily disabled or bypassed.

EDIT: I should mention the syntax used for regex expressions, which is:

preg_match(regex_string, test_string)
Post Reply