"do it all" page structure and things to watch out for?
I'm still getting my feet wet in PHP (my 1st language) and I've reached the competency level where I can code one page that handles all sorts of different related requests. They generally have a structure like this:
<?php include 'include/functions.php'; IF authorized IF submit (add data) ELSE IF update (update data) ELSE IF list (show special data) ELSE IF tab switch (show new area) ELSE display vanilla (show default) ELSE "must be registered/logged-in" ?> <HTML> // snip <?php echo $output; ?> // snip </HTML>
and it all works nicely, and quite quickly which is cool. But I'm still sorta feeling my way in the dark... and would like some input from the pros regarding this type of page design...
- is it a good long-term structure? (it seems easily expanded...)
- are there security risks particular to this design?
- are there corners I should avoid painting myself into?
Just curious about what lies ahead, really...
This design is what starters go to when they advance a little bit. I went the same way having index.php being one big SWITCH statement calling the appropriate functions and templates based on the URL and parameters. This is very very basic step towards MVC design.
I suggest you to start expanding you knowledge in that direction. Reading more about what MVC (Model-View-Controller), how to create one and maintain it. Then you might be interested in experimenting with some MVC frameworks like CakePHP, CodeIgniter, Kohana...
Here are some articles for you:
To answer you:
- No, expect to create a new structure for your next project
- No, just make sure your inputs and actions are valid and allowed
- Yes, thinking that your structure will solve all your requirements forever
Suggestions from Ivo are good bedtime reading material.
I would also add (as you grow):
- You need to break up your functions into logical groups of files.
- Same for the HTML
- Its OK to have afew more files than bending one master controller file to fit all your needs
- Form handling, especially file uploads, sometimes require special handling
- Ajax handling sometimes require special handling
- Storage, both files and databases