Page 1 of 1

2-in-1 pages is it bad practice ?

Posted: Fri May 07, 2010 4:33 am
by Rippie
Hi all,

Is it bad to use 2-in-1 pages ? I tend to use them for admin edit pages so if i click on a link or fill out a form it will link to itself but then show a second part of the page which is only visible when you click the link or fill out the form.

What is your views on this?

Rippie

Re: 2-in-1 pages is it bad practice ?

Posted: Fri May 07, 2010 5:20 am
by Apollo
I do this frequently, as long as the scripts are relatively small & simple. I find it easier this way because I can keep all involved logic in 1 php (the form/input and the processing parts often have some overlap).

Re: 2-in-1 pages is it bad practice ?

Posted: Fri May 07, 2010 6:58 am
by Rippie
Do you ever have a action file that you include and then do your actions from there ? was thinking about this the other day if that would be any better.

Re: 2-in-1 pages is it bad practice ?

Posted: Fri May 07, 2010 8:26 am
by social_experiment
Rippie wrote:Is it bad to use 2-in-1 pages ?
I use the same principle, but only in admin pages. Any page that an unknown visitor will handle i tend to refer to an 'action' page. Except for error reporting, that i leave on the 'form' page so the user know what they did and don't have to navigate back to the previous page to rectify the mistake.

Re: 2-in-1 pages is it bad practice ?

Posted: Fri May 07, 2010 9:26 am
by Rippie
Thank you very much guys, this has helped me :)

can you recommend any php security additions to make sure that users cant mess up with login forms etc? So far i am using stripslashes(); on my $_POST vars and before they go into mysql i do a mysql_real_escape_string(); on them as well.

Any advise is appreciated.

Re: 2-in-1 pages is it bad practice ?

Posted: Fri May 07, 2010 9:59 am
by flying_circus
Rippie wrote:So far i am using stripslashes(); on my $_POST vars
Are Magic Quotes enabled on your server?

What are you doing for data validation?

Re: 2-in-1 pages is it bad practice ?

Posted: Fri May 07, 2010 10:26 am
by Rippie
Are Magic Quotes enabled on your server?

What are you doing for data validation?
Magic Quotes are not enabled. and other than checking that my variables are not empty and if there already is something in the DB with same details. I dont do other validation yet.

Re: 2-in-1 pages is it bad practice ?

Posted: Fri May 07, 2010 1:07 pm
by flying_circus
Rippie wrote:Magic Quotes are not enabled.
Why stripslashes then?

Re: 2-in-1 pages is it bad practice ?

Posted: Fri May 07, 2010 4:25 pm
by hypedupdawg
It would be good to get into the habit of using regex expressions for your validation; there is an entire forum dedicated to it here, and another good website is here.

A good example that I use frequently is checking for a colour code (e.g. FFCC66) by using the regex for six hexadecimal digits:

Code: Select all

if(preg_match('/^[0-9a-fA-F]{6}$/', $_GET['bg'])==1)
			{
			//some code here
			}
else
			{
			//some errors here
			}
Remember always to do validation in PHP at the start of the script / page, as javascript can be easily disabled or bypassed.

EDIT: I should mention the syntax used for regex expressions, which is:

preg_match(regex_string, test_string)