« 
 »
Jan 16 2010

PHP Design Patterns – How to Properly Create a Website Index Page

Posted by Spyros in PHP Programming, tags: , , , ,

If you are a newcomer to PHP programming but an experienced programmer overall, chances are that you find PHP pretty simple to program with. PHP is actually a combination of C++ and Perl, created so that we can write our websites along with database management and more.

In PHP, there is a very important difference between writing code and writing good code. Of course, this is true for every programming language, let alone PHP. Knowing how to properly design your website’s index page is the first and important step towards creating a solid website.

The Amateur Way to Write Your Index Page

The typical way to write your index page, if you are not really that knowledgeable in PHP, is just go about coding whatever there is for the index page. For instance, suppose that our index page has a login form and some introductory text. Our approach would be to just write the code for the index page and then, for every link on that page, create another page. This would mean that we now have an index.php page, a contact.php page, a mail.php page and more.

Don’t feel bad if you do it this way. I’ve done it myself and every new PHP programmer has done so as well. However, it’s time to learn of a more efficient way to code in PHP.

The “index.php?page=home” Way

Have you noticed that many websites follow this pattern ? Instead of having a home.php page, you see something like “index.php?page=home”. The same happens for every page of the website. What happens is that the index.php page includes the code of the other webpages, as asked. The variable page that you notice in the url is actually a typical $_GET type global variable that you can read in order to identify what is the page that the browser asks for. Here is the actual code of a typical index page :


$page = isset($_REQUEST['page']) ? $_REQUEST['page'] : 'home';

switch($page)
{
    case 'home':           break;
    case 'mail':           break;
    case 'contact':        break;
    default:
        $page = 'home';
}

include("$page.php");

This is a very basic example as you see. The index page just gets the $_REQUEST['page'] global variable ($_REQUEST is a union of $_GET and $_POST, retrieves whatever is available). Now the switch starts. But why have a switch and not just include the php page ? Well, this is actually a security measure against file inclusion attacks. It is always good to handle unexpected input. If an attacker somehow manages to upload a new php page, say hello.php, this index page, without the switch structure, would execute it normally when instructed with index.php?page='hello'. However, if the switch is there, hello.php never gets executed. Instead, the default home.php gets executed. This is always a very good practice and you should really stick to it. Of course, there is much more in protecting PHP code, but this is a small addition as well.

You could now go about creating your own template for writing websites. Remember that it is very important that you know of the essential PHP requirements in order to write much more efficiently than usual. Also, if you are not familiar with it, pay special attention to Smarty and learn to use it to create your templates.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Random Posts

This entry was posted on Saturday, January 16th, 2010 at 10:19 pm and is filed under PHP Programming. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

11 Responses to “PHP Design Patterns – How to Properly Create a Website Index Page”
  1. Lena & Dima says:
    January 17, 2010 at 5:29 pm

    Thanks for your article. It was very interesting to read about how php works (I can’t say that I already feel like an expert:)), but it really grasped me).

    Lena & Dima
    Publishers, InternetBusinessBTS.com

  2. posadzki przemysłowe says:
    April 3, 2010 at 6:24 pm

    Aw, this was a really quality post. In theory I’d like to write like this also – taking time and real effort to make a good article… but what can I say… I procrastinate alot and never seem to get anything done… Regards

  3. Rachat de credit says:
    August 3, 2010 at 4:44 am

    Very good article about php. Very useful, thanks

  4. Samira Yousefi Blog | Blog | PHP techniques to save your time and effort says:
    August 20, 2011 at 10:51 am

    [...] Creating your website index page is the first thing to do for every website that you create. I’ve actually created a post that will help you properly create a website index page. [...]

  5. Starlays says:
    November 3, 2011 at 9:41 am

    Hello.
    First of all thank you for your nice tutorial, it is very useful to me.
    I have to say that you should change $_REQUEST to $_GET or $_POST because $_REQUEST contains more that $_GET and $_POST in it and this will open an security hole in your app.

    Cheers.

  6. Spyros says:
    November 3, 2011 at 1:56 pm

    @Starlays : It is not a security hole. I don’t really mean to go on a long discussion about this, but if you search online and see how $_REQUEST works, you will discover that it is not insecure at all.

  7. Stefan says:
    November 18, 2011 at 4:42 am

    Hey Spyros,
    the $_REQUEST variable is coming up lots lately, i disagree with the usage of it as well, but at least i’ll let you know why.
    First of all you have to know what $_REQUEST includes, and for some reasons most developers don’t know that it contains $_COOKIE as well.
    about the security..well the main problem is that $_COOKIE will overwrite $_POST/$_GET in your $_REQUEST.
    so lets say I infect your browser with a cookie action=logout, that means $_REQUEST['action'] will contain logout until you remove the cookie..never mind if your form will sent another action.

    i was trying to say the same thing on the other post, but since you shut off the comment function i wasn’t able to :)

    best regards.

  8. Spyros says:
    November 18, 2011 at 10:10 pm

    @Stefan, i shut the comments there because there was a lot of “talking names” and garbage information. Now, to the point.

    There is absolutely no security problem with $_REQUEST. Whether $_POST, $_GET or $_COOKIE, it’s still user input. It does not matter how it’s sent, it only matters how you process it.

    Injecting a cookie to a session is not PHP’s concern. The same can happen with GET or POST if you infect the html form request.

    IN SHORT : It does not matter where the data comes from, what matters is how you sanitize it.

    It’s a wide misconception that $_REQUEST is less secure than $_POST, but it only brings laughter among my fellow Information Security colleagues :)

  9. Stefan says:
    November 21, 2011 at 7:21 am

    i agree with you, and don’t get me wrong on this one, i wasn’t saying $_REQUEST is less secure, cos it really doesn’t matter if you access the POST data using $_POST or $_REQUEST ($_POST is shorter though :P ). I was just saying i don’t use it because COOKIE values override GET and POST values.
    Anyways, i was just mention it in case you didn’t know it, thats it.
    cheers.

  10. Spyros says:
    November 21, 2011 at 5:14 pm

    @Stefan, in that sense, yeah some people may prefer $_POST over $_REQUEST. I actually knew about the cookie, this was discussed in the other post you referred to as well. It can be overwritten, that is true, but i don’t see absolutely any problem with that. The only thing that can possibly happen is getting a cookie to have the same name as a form parameter. In that sense, which is highly unlikely to happen, but yes, you may want to avoid using $_REQUEST.

    OR, you can change the request_order in PHP.

    Whatever you prefer, one thing is for sure. There is no security threat :)

  11. Mangalore webdesign says:
    December 5, 2011 at 10:47 am

    nice php tutorilas easy to undestand,,,thank you

  12.  
Leave a Reply