Few HTML/PHP Questions

[Slogan]

Right, I'm not really sure how to put this, so I'm just going to lay it out and hope for the best.

Basically I've designed a website (about 6 pages consisting of tables, images and text, nothing fancy!).

I've did it all in HTML and although it's not the most professional website you'll see - I'm happy enough with it how it looks/performs.

However, after creating the site (more or less), it became apparent that I might want to insert a few php scripts. And this is where the problem lies.

You'll have to excuse my ignorance as I know little about making a website (this is my first built from scratch) but do I insert the PHP script into the required page, then save that page as a .PHP file? As opposed to a .HTML file.

If that is the case, would it matter to have one or two pages were .PHP and the rest of the website was .HTML? Or would it make sense to have them all as .PHP files?

Lastly, what are the biggest risks, hacker wise - when it comes to making a website?

I understand FTP folder permissions can be a bit of a bugger when not configured correctly - but should I have much to worry about with a few simple tables, images, text and one or two script/s (from a reliable source) or is that more related to people who are running a lot of complicated scripts, where there may be more loopholes for an attacker to gain entry?

Thanks for any advice.

 

[LazyManc]

First, make sure your webhost has php support. Most will do these days, with the exception of some of the freebie ISP based hosting.

You can insert php anywhere into a web page using

<?php

at the start and

?>

at the end of the code block.

Renaming the file to .php tells the webserver to parse the document for php scripts and run them - if there are no scripts, or if the document also contains pieces of html, then this will be sent normally, which means that you can rename all your pages to php even if they contain just pure html for consistancy. You can of course just leave the non-scripted bits as html if you wish.

There are also ways to make your webserver parse .html docs for php scripts, or indeed any extention you care to choose, but it's generally a bad idea as there can be perormance issues if it's parsing a lot of pages unecessarily.

Hacker wise, the risks only come in to play when you allow some form of input to your website, either via forms or uploading of files. It's generally a good idea not to trust any input provided by users of the site - you can remove any dangerous bits with a few of the inbuilt php functions - see http://robm.me.uk/articles/php-security/ for more info.

Generally your ftp server will be configured correctly - it's a major risk for the host not to have this sorted, so you probably won't have to worry about this side of things. Most of the time you wont need to change anything unless your scripts require write access to a folder.

 

[zetec452]

www.w3schools.com is a good place to start learning php.

There are more in the sticky.

 

[Slogan]

Cheers LazyM and Jon.

Unfortunately I don't really have the mental capacity to learn coding - I've made this website in Dreamweaver so that goes a long way to explain where I am.

I was just looking to know what would make sense in terms of having a php script in one or two of the pages. I wasn't exactly sure which way to go and having a .php page, then an .html page varying throughout the site, just looks a bit unprofessional.