FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » php include, function, ...
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: php include, function, ... [message #177737 is a reply to message #177733] Thu, 19 April 2012 00:55 Go to previous messageGo to previous message
Thomas 'PointedEars'  is currently offline  Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma:
Senior Member
hipa wrote:

> I have a litle page with a form, which inserts an article in a postgres
> db with php.
> The php code is in the html page. Can someone tell me what the best way
> is to exclude the php code from this page. And then just calling it true
> a function or something?

Rather obviously you cannot exclude "the php code" from "this page" unless
"this page" should become static. However, you can move parts of the code
into an include (file). You do not have to call a function, but it helps.

Probably the best way to do this is not only to call a function, but
construct an object as defined by a class, so that it can encapsulate data
(like state) and functionality, and call methods of that object that
implement this functionality, which may include the generation of HTML (in
an MVC-based approach that would be the view's methods).

Bottom line: RTFM.

> […]
> <form action="<?php echo $_SERVER['PHP_SELF']; ?>"

If you use $_SERVER['PHP_SELF'] this way your application is vulnerable to
code injection as that element of the $_SERVER superglobal array includes
the *complete* URI (with the query part). Use $_SERVER['SCRIPT_NAME'], or
htmlspecialchars() to escape $_SERVER['PHP_SELF'], instead (in general,
escape all output in HTML unless you are very sure that escaping is
unnecessary). And use the POST method for requests that change data, so
that those cannot be triggered accidentally while navigating back and
forward (or as part of a low-profile attack).


PointedEars
--
Sometimes, what you learn is wrong. If those wrong ideas are close to the
root of the knowledge tree you build on a particular subject, pruning the
bad branches can sometimes cause the whole tree to collapse.
-- Mike Duffy in cljs, <news:Xns9FB6521286DB8invalidcom(at)94(dot)75(dot)214(dot)39>
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Weird behaviour when adding values to associative arrays
Next Topic: Date/Time warning
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 07:50:47 GMT 2024

Total time taken to generate the page: 0.04936 seconds