I just want some general advice really.
I've got a simple bit of PHP which I am using in the game I am designing and wonder the best way to utilise it.
I'm a very new PHP programmer so I know very little about things like includes etc.
The bit of code in question generates a random driver for the player (it's a motor racing game) and they will have a button/link to click on their team page to hire and fire drivers.
So when they click the button I want the code to be called, the driver displayed on the page and the data written to the database.
I could simply transfer the whole script over so it's all in one script but wondered if there was a more elegant way to do it, such as an includes or is it possible to have "external functions".
Any advice about which method is best is appreciated thanks.
Includes or not?
Moderator: General Moderators
-
davidjwest
- Forum Commoner
- Posts: 67
- Joined: Sat Nov 06, 2004 5:26 am
- Location: Leeds, Yorkshire, England
its common practice to have a file w/ COMMONLY used functions/classes in it, and include that unconditionally.
it just makes for less cluttered/easier to manage code
then only include more code if you need it for that page request
if your not sure if the code will need to be used for the current request, using a conditional include is generally a good idea.
includes do take extra resources, so dont start doing 25 includes per script.
its a balance youll need to consider. like lets say you have 10,000 lines of code, and 9 out of 10 page request only use 2000 lines of that code.
you would want to break it down into smaller files, and include only if needed.
functions should generally be used for anything that is likely to be done more than 1 time in a script.
im being very general here, to everything ive said there will of course be exceptions.
heres some dos and donts
the reason you dont want to do that, is because while you may be expecting the user to click the url
your_script.php?action=fire
they could enter a url like
your_script.php?action=../../../file_they_shouldnt_access
and so on.
you will likely see lots of tutorials doing just that, and it is terrible.
it just makes for less cluttered/easier to manage code
then only include more code if you need it for that page request
if your not sure if the code will need to be used for the current request, using a conditional include is generally a good idea.
includes do take extra resources, so dont start doing 25 includes per script.
its a balance youll need to consider. like lets say you have 10,000 lines of code, and 9 out of 10 page request only use 2000 lines of that code.
you would want to break it down into smaller files, and include only if needed.
functions should generally be used for anything that is likely to be done more than 1 time in a script.
im being very general here, to everything ive said there will of course be exceptions.
heres some dos and donts
Code: Select all
// DO
if (isSet($_GET['action'])) {
if ($GET['action'] == 'hire') {
include('includes/hire.php');
} elseif ($GET['action'] == 'fire') {
include('includes/fire.php');
}
}
// DONT!!!!
include('includes/' . $_GET['action'] . '.php');the reason you dont want to do that, is because while you may be expecting the user to click the url
your_script.php?action=fire
they could enter a url like
your_script.php?action=../../../file_they_shouldnt_access
and so on.
you will likely see lots of tutorials doing just that, and it is terrible.
Something i like to do is have an array of possible values ...
Basically I use this because its very easy to expand, and I usually use it for my main page, and the constantly expanding amount of pages... so this is very simple and safe to use.
Code: Select all
<?php
$values = array( "Hire", "Fire" );
if ( in_array($_GET['action'], $values )
include("includes/".$_GET['action'].".php");
?>