Hey all,
Since I taught myself PHP and don't have much sophisticated knowledge about coding in it, I was wondering if I could ask a few questions to get more familiar with universal methods of coding.
I run a website service with various features, including uploading files, analyzing page statistics, posting message, etc. The way I have structured the website is as follows:
members/upload
members/stats
members/posting
Is the lack of obscurity a problem to begin with? In each directory I have a home page (upload.php, stats.php, posting.php) and I have a 'test' file to actually run code when they submit the form (upload_test.php, stats_test.php, posting_test.php). In each 'test' file I have various different functions I can execute. For example, in the posting_test.php, function 1 will remove a post, function 2 will add a post, function 3 will remove all posts, etc.
So, when somebody submits a certain form on posting_test.php, here is what the form action tag looks like: <form action="posting_test.php?code=1" method="post"> (for example, this is for removing a post).
So my posting_test.php file is separated into codes (code1 remove post, code2 add post, code3 remove all posts), propagated through the URL (is this a big mistake?) and I simply post the respective code under if($code==1){<<CODE HERE>>} if($code==2){<<CODE HERE>>} etc.
Is there a problem with the way I have this set up?
Thanks!
-influx
General PHP Structure Question
Moderator: General Moderators
if you do have it set up that way.. accepting variables through the URL, make sure that each user has the proper permission to do what they are doing.
For example, if they are going to remove all posts, check that the author of the post matches their username login credentials (assuming you have a login)
For example, if they are going to remove all posts, check that the author of the post matches their username login credentials (assuming you have a login)
Code: Select all
$result = mysql_fetch_assoc(mysql_query("SELECT author FROM table WHERE id = '".$_GET['postid']."'"));
if($result['author'] != $_COOKIE['username'])
{
die("you cannt remove other users posts.");
} ELSE
{
// remove posts
}Oh, easy enough, thanks!
Now, one last question. What if I am not using a form and have a link like: <a href="post_test.php?code=2>Remove this post</a>
Is there any way I can propagate this using $_POST instead of $_GET?
Also, I noticed that in your example you used COOKIE to store the username, is that better than SESSION? I didn't think it was..
Thanks!
-influx
Now, one last question. What if I am not using a form and have a link like: <a href="post_test.php?code=2>Remove this post</a>
Is there any way I can propagate this using $_POST instead of $_GET?
Also, I noticed that in your example you used COOKIE to store the username, is that better than SESSION? I didn't think it was..
Thanks!
-influx