Best way to dynamically update the content on my website

msm722 said:
Here is what I do. You take all content and put them into .php files. You can then include them into your content when a link is clicked. This means you only have 1 page to edit to make changes to the layout.

So in your index.php you place this:
PHP: 
	<?php
	$base = './include';

	if (!isset($_GET['page']) || empty($_GET['page']))   
	{
		$file = "$base/home.php";
	}
	else
	{
		$page = preg_replace('/[\W\.-]/si', '', $_GET['page']);
		$file = "$base/$page.php";
	}

	$file = file_exists($file) ? $file : "$base/404.php";
	require $file; 

	?>

Then links will look like this:

PHP: 
<a href="index.php?page=home" title="Home">Home</a>

All of the content for the homepage will be in ./include/home.php
Click to expand...

Code: 
HTTP 1/1 GET www.yoursite.com/index.php?page=../../../../../../../../../../../../etc/passwd

HELLO PASSWORD FILE!! :D:D:D
 
Inquisitor said:
You shouldn't try to take this URI scheme further than is appropriate though; it only works for hierarchical URI elements.
Click to expand...
Yes that's correct - you don't want to end up devising something like this just for the sake of it:
www.xyz.com/weekend/special/offer/code/
Having a strong structure can help with usability though and it's unusual to encounter a site where hierarchical elements aren't of use.

Randy said:
Have you got any source dis/proving the /bluewidnet vs ?page=bluewidget argument, other than your own tests? I'd be really interested!
Click to expand...
Sure, it's SEOMoz best practice and I think that probably says enough - they pick up on possible duplicate content issues as another concern, which I would also agree with.

If anyone's looking to fix their structure this can work as a quick-fix.

(and yes I probably do pay far too much attention to what SEOMoz say, but come on they're the best!)
 
Last edited:
fini said:
Yes that's correct - you don't want to end up devising something like this just for the sake of it:
www.xyz.com/weekend/special/offer/code/
Having a strong structure can help with usability though and it's unusual to encounter a site where hierarchical elements aren't of use.
Click to expand...

Absolutely. In those rare cases where the URI elements aren't all hierarchical in nature, I usually just tack a regular query string on the end to contain the non-hierarchical bits.
 
RobH said:
But still, your asking for trouble when you let the user control the include file by manipulating the URL.
Click to expand...

Not if you sanitize it properly. This is how every major PHP framework works. As long as you make sure nothing sensitive gets put in the directory that contains the pages/views/controllers/whatever, then there's really nothing that can go wrong.
 
Last edited:
I think i'm going to go the wordpress route as well, my site is very similar to the default wordpress theme so will look into writing my own template and go from there, the links given before are a great help as well :)
 
My vote goes to the msm722 way. Instead of using a get on the URL you can just split the request uri and assign that to variables which will then determine what script is included and what method within that script is called. That gives you urls such as www.yoursite.co.uk/controller/action.

To avoid people using these urls for evil you just make sure that the specific script is present in the directory and that you handle when the file being called doesnt exist.
 
Or why not use a database to store HTML in records, then use a php file that 'writes' the database record to the page (called content.php)? Then use a nice rich text editor (TinyMCE) in some admin pages to write and update your database records?

So your url would be like: www.somesite.com/content.php?content=21 (21 being the ID of the record number).

Just like a CMS but smaller and tailored to your needs.
 
You must log in or register to reply here.
Back
Top Bottom