Include content, or include header and footer?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
conthox
Forum Commoner
Posts: 39
Joined: Tue Jun 25, 2002 1:44 pm
Location: Sweden

Include content, or include header and footer?

Post by conthox »

I wonder, what's the best thing to do? Thinking about including the content of a page

Code: Select all

<?php
//The menu and header

include "news.php"

//footer

?>
or including the header and a footer


Code: Select all

<?php
include "header.php";

//page content

include "footer.php";
?>
What do you think?
User avatar
Takuma
Forum Regular
Posts: 931
Joined: Sun Aug 04, 2002 10:24 am
Location: UK
Contact:

Post by Takuma »

I use the bottom... I think there isn't a difference between these two.
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

There isn't really a 'best' thing to do for every situation. Some people will do it one way and some will do it another. There are pluses and minuses to each approach so you should investigate these and then make your decision based on what you think will work best for you. I personally prefer the first approach of drawing content into a template but it is just a personal preference.

Mac
conthox
Forum Commoner
Posts: 39
Joined: Tue Jun 25, 2002 1:44 pm
Location: Sweden

Post by conthox »

Ok, the thing is, I've heard that it is greater security in the second one, because the page.php?id=news gives the visitor the possibility to decide what to be included.

But, there is fewer files with the first one.
User avatar
Takuma
Forum Regular
Posts: 931
Joined: Sun Aug 04, 2002 10:24 am
Location: UK
Contact:

Post by Takuma »

If you use $_POST, or $_GET you could stop that.

Here's the code to stop it.

Code: Select all

&lt;?php
if(count($_POST) &gt; 0) {
  echo "Invalid Access";
}
if(count($_GET) &gt; 0) {
  echo "invadali Acess";
}
?&gt;
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Takuma wrote:If you use $_POST, or $_GET you could stop that.

Here's the code to stop it.

Code: Select all

&lt;?php
if(count($_POST) &gt; 0) {
  echo "Invalid Access";
}
if(count($_GET) &gt; 0) {
  echo "invadali Acess";
}
?&gt;
I don't think you quite got what was meant - if you have page.php?id=news and someone modifies that to page.php?id=http://www.myhackersite.com/mynastypageofcode then if you are just doing:

Code: Select all

&lt;?php
/* Header */

include $_GET&#1111;'id'].'.php';

/* Footer */
?&gt;
in your page.php page then the person could possibly insert their own code into your page. So counting the number of elements of $_GET and $_POST isn't going to do anything to make that page more secure.
conthox wrote:Ok, the thing is, I've heard that it is greater security in the second one, because the page.php?id=news gives the visitor the possibility to decide what to be included.
What would give the first more security is some checking before you include the page. If you haven't got many maybe you could contain them in an array and check the value of $_GET['id'] to make sure it is in the array. You could also potentially use a database to store information about each page, in the process of retrieving that you could check whether $_GET['id'] exists in your site. The most important thing that needs to be done is to check to make sure that the information that is being taken from the query string contains no unexpected characters that would not be allowed in a filename. Just doing

Code: Select all

include $_GET&#1111;'id'].'.php';
should be avoided.

Mac
Coco
Forum Contributor
Posts: 339
Joined: Sat Sep 07, 2002 5:28 am
Location: Leeds, UK
Contact:

Post by Coco »

well personally i use include header + footer...

basically the idea with that being that i can edit the default style easily but override it where necessary
and also i have been using redirect ehaders a fair bit so its easier because i can just shift the header include down
conthox
Forum Commoner
Posts: 39
Joined: Tue Jun 25, 2002 1:44 pm
Location: Sweden

Post by conthox »

Ok, thank you all for all replies!
Coco
Forum Contributor
Posts: 339
Joined: Sat Sep 07, 2002 5:28 am
Location: Leeds, UK
Contact:

Post by Coco »

welcome... basically you should do which of the 2 you feel more comfortable with :)

per aspera ad sierra
Post Reply