473,372 Members | 884 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,372 software developers and data experts.

Include Content pages in Master page

I am looking for feedback on an approach to using PHP.

Below is a stripped down version of a Home page: "index.php".

The content of the site is displayed in the middle of the page and
is "included" via "Page1.htm", "Page2.htm", or "Page3.htm".

The page to be "included" is specified via the QueryString
which is specified in the navigational hyper links;
for example, "index.php?Page1".
<html>
<head>
<title><?php echo $_SERVER["PHP_SELF"] ?></title>
</head>
<body>
<table border="0" cellspacing="0" cellpadding="0" width="100%"
height="100%">
<tr>
<td bgcolor="green" colspan="3">&nbsp;</td>
</tr>
<tr>
<td bgcolor="red" width="5"%>&nbsp;</td>
<td bgcolor="white" width="90%">
<p align="center">
<a href="index.php?Page1">Page 1</a|
<a href="index.php?Page2">Page 1</a|
<a href="index.php?Page3">Page 3</a>
<hr>
</p>
<!-- Content Below -->
<?php
$QS = $_SERVER["QUERY_STRING"];
echo $QS;
if ($QS == "Page1") include "Page1.htm";
elseif ($QS == "Page2") include "Page2.htm";
elseif ($QS == "Page3") include "Page3.htm";
else include "Page1.htm";
?>
<!-- Content Above -->
<br><br>
</td>
<td bgcolor="blue" width="5%">&nbsp;</td>
</tr>
<tr>
<td bgcolor="yellow" colspan="3">&nbsp;</td>
</tr>
</table>
</body>
</html>

One advantage I see to this approach is that the "content" pages
are isolated from the "master" page and can be easily maintained.

One disadvantage I see to this approach is that search engines
would not be able to catalog the site beyond the Home page.

Are there other disadvantages (or other considerations) that I don't see?

Thanks in advance.

P.S. I am new to PHP but have worked with ASP for years.
Jan 12 '07 #1
11 17806
McKirahan schreef:
I am looking for feedback on an approach to using PHP.

Below is a stripped down version of a Home page: "index.php".

The content of the site is displayed in the middle of the page and
is "included" via "Page1.htm", "Page2.htm", or "Page3.htm".

The page to be "included" is specified via the QueryString
which is specified in the navigational hyper links;
for example, "index.php?Page1".
<html>
<head>
<title><?php echo $_SERVER["PHP_SELF"] ?></title>
</head>
<body>
<table border="0" cellspacing="0" cellpadding="0" width="100%"
height="100%">
<tr>
<td bgcolor="green" colspan="3">&nbsp;</td>
</tr>
<tr>
<td bgcolor="red" width="5"%>&nbsp;</td>
<td bgcolor="white" width="90%">
<p align="center">
<a href="index.php?Page1">Page 1</a|
<a href="index.php?Page2">Page 1</a|
<a href="index.php?Page3">Page 3</a>
<hr>
</p>
<!-- Content Below -->
<?php
$QS = $_SERVER["QUERY_STRING"];
echo $QS;
if ($QS == "Page1") include "Page1.htm";
elseif ($QS == "Page2") include "Page2.htm";
elseif ($QS == "Page3") include "Page3.htm";
else include "Page1.htm";
?>
<!-- Content Above -->
<br><br>
</td>
<td bgcolor="blue" width="5%">&nbsp;</td>
</tr>
<tr>
<td bgcolor="yellow" colspan="3">&nbsp;</td>
</tr>
</table>
</body>
</html>

One advantage I see to this approach is that the "content" pages
are isolated from the "master" page and can be easily maintained.

One disadvantage I see to this approach is that search engines
would not be able to catalog the site beyond the Home page.
Why wouldn't a search engine be able to catalog ?

Google can follow dynamic urls

For a nicer url use mod rewrite
/mymap/my-title.html /index.php?QS=3 [NC]

or something more dynamic
/page_(.+).php /index.php?QS=$1 [NC]
Are there other disadvantages (or other considerations) that I don't see?
Yup .. duplicate content (index.php?QS=wooooooom)

--
Arjen
http://www.hondenpage.com - Mijn site over honden
Jan 12 '07 #2
On Fri, 12 Jan 2007 06:36:51 +0100, McKirahan <Ne**@McKirahan.comwrote:
I am looking for feedback on an approach to using PHP.

Below is a stripped down version of a Home page: "index.php".

The content of the site is displayed in the middle of the page and
is "included" via "Page1.htm", "Page2.htm", or "Page3.htm".

The page to be "included" is specified via the QueryString
which is specified in the navigational hyper links;
for example, "index.php?Page1".
<html>
<head>
<title><?php echo $_SERVER["PHP_SELF"] ?></title>
</head>
<body>
<table border="0" cellspacing="0" cellpadding="0" width="100%"
height="100%">
<tr>
<td bgcolor="green" colspan="3">&nbsp;</td>
</tr>
<tr>
<td bgcolor="red" width="5"%>&nbsp;</td>
<td bgcolor="white" width="90%">
<p align="center">
<a href="index.php?Page1">Page 1</a|
<a href="index.php?Page2">Page 1</a|
<a href="index.php?Page3">Page 3</a>
<hr>
</p>
<!-- Content Below -->
<?php
$QS = $_SERVER["QUERY_STRING"];
echo $QS;
if ($QS == "Page1") include "Page1.htm";
elseif ($QS == "Page2") include "Page2.htm";
elseif ($QS == "Page3") include "Page3.htm";
else include "Page1.htm";
?>
<!-- Content Above -->
<br><br>
</td>
<td bgcolor="blue" width="5%">&nbsp;</td>
</tr>
<tr>
<td bgcolor="yellow" colspan="3">&nbsp;</td>
</tr>
</table>
</body>
</html>

One advantage I see to this approach is that the "content" pages
are isolated from the "master" page and can be easily maintained.

One disadvantage I see to this approach is that search engines
would not be able to catalog the site beyond the Home page.

Are there other disadvantages (or other considerations) that I don't see?

Thanks in advance.

P.S. I am new to PHP but have worked with ASP for years.

1) Good search engines *cough*Google*cough* will take the querystring into
consideration while indexing.
2) For sake of ease, scalability, and security you may want to build a
querystring like ?id=1, instead of ?page1. Then you can read the page id
with $_GET['id'].
3) Using this method of including, you should perform a check on file
existence.

--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
Jan 12 '07 #3
2) For sake of ease, scalability, and security you may want to build a
querystring like ?id=1, instead of ?page1. Then you can read the page id
with $_GET['id'].
3) Using this method of including, you should perform a check on file
existence.
Well in this case a page is not included directly according to the qs,
but the qs rather defines what page is included. If I understand
correctly, there could be:

if( $qs == "Contact" || $qs == "ContactInfo" ) {
include('NoneOfYourBusiness.htm');
}

So the value of qs might have nothing to do with the included file's
name. At least that is what I understood.

Jan 12 '07 #4
"OmegaJunior" <om*********@spamremove.home.nlwrote in message
news:op***************@cp139795-a.landg1.lb.home.nl...
On Fri, 12 Jan 2007 06:36:51 +0100, McKirahan <Ne**@McKirahan.comwrote:
I am looking for feedback on an approach to using PHP.

Below is a stripped down version of a Home page: "index.php".

The content of the site is displayed in the middle of the page and
is "included" via "Page1.htm", "Page2.htm", or "Page3.htm".

The page to be "included" is specified via the QueryString
which is specified in the navigational hyper links;
for example, "index.php?Page1".
[snip]

One advantage I see to this approach is that the "content" pages
are isolated from the "master" page and can be easily maintained.

One disadvantage I see to this approach is that search engines
would not be able to catalog the site beyond the Home page.

Are there other disadvantages (or other considerations) that I don't
see?

Thanks in advance.

P.S. I am new to PHP but have worked with ASP for years.

1) Good search engines *cough*Google*cough* will take the querystring
into consideration while indexing.
2) For sake of ease, scalability, and security you may want to build a
querystring like ?id=1, instead of ?page1. Then you can read the page id
with $_GET['id'].
3) Using this method of including, you should perform a check on file
existence.

Thanks for you reply.
I appreciate your ideas and may use them.

Why is "id=" easier and/or more scalable and/or more secure?
Jan 13 '07 #5
"Arjen" <do**@mail.mewrote in message news:eo**********@brutus.eur.nl...
McKirahan schreef:
I am looking for feedback on an approach to using PHP.

Below is a stripped down version of a Home page: "index.php".

The content of the site is displayed in the middle of the page and
is "included" via "Page1.htm", "Page2.htm", or "Page3.htm".

The page to be "included" is specified via the QueryString
which is specified in the navigational hyper links;
for example, "index.php?Page1".
[snip]

One advantage I see to this approach is that the "content" pages
are isolated from the "master" page and can be easily maintained.

One disadvantage I see to this approach is that search engines
would not be able to catalog the site beyond the Home page.

Why wouldn't a search engine be able to catalog ?

Google can follow dynamic urls

For a nicer url use mod rewrite
/mymap/my-title.html /index.php?QS=3 [NC]

or something more dynamic
/page_(.+).php /index.php?QS=$1 [NC]
Are there other disadvantages (or other considerations) that I don't
see?
>
Yup .. duplicate content (index.php?QS=wooooooom)
Thanks for you reply.

I presumed wrong about the ability of search engines to index the site;
thanks for correcting me.

Not sure what you mean by "duplicate content"?

Also, I'll have to study PHP some more to understand your dynamic url...

Jan 13 '07 #6
I presumed wrong about the ability of search engines to index the site;
thanks for correcting me.

Not sure what you mean by "duplicate content"?
In your example every non existent QS would be the same as your default
page. So you have multiple occurences of your default page. You would
have to set a 301 header for those pages. Some search engines give you a
penalty for duplicate content.
>
Also, I'll have to study PHP some more to understand your dynamic url...
What exactly dont you understand ? I'd be happy to explain :-)

--
Arjen
http://www.hondenpage.com
Jan 13 '07 #7
On Sat, 13 Jan 2007 19:16:08 +0100, McKirahan <Ne**@McKirahan.comwrote:
>
Why is "id=" easier and/or more scalable and/or more secure?

It's more scalable as a querystring parameter like '?id=1' than a full
querystring like '?page1' because it lets you add more parameters to the
querystring than just the querystring itself.

Instead of reading the entire querystring '?page1' using
$_SERVER['QUERY_STRING'] and using the result 'page1' as a single
parameter, you can string several parameters together inside a querystring
using a & as separator like so: '?id=1&sort=a&lang=en' and read each
parameter with $_GET[parametername] like $_GET['id'] (results in '1'),
$_GET['sort'] (results in 'a'), and $_GET['lang'] (results in 'en').

Which parameters you put into the querystring and what your code does with
them, is your choice entirely, hence the scalability.

Look at Google's advanced search, for instance:
http://www.google.com/search?as_q=te...ghts=&safe=off

Everything behind the first ? is the querystring, which contains no less
than 19 parameters (some of which do have values, some of which don't).

Security comes in because of the way you intend to use the parameter
value. If you would simply code
include($_SERVER['QUERY_STRING']);
you open up your code for all kinds of injection. Rule of thumb: don't
trust a visitor's input. What prevents a malevolent visitor from
requesting '?config.ini' or '?.htaccess' ? Nothing, because they can enter
it using their browser's address bar. But we can check for their input and
allow only those values we trust, like so:

$idPageToInclude = $_GET['id']; /* parameter named 'id' by choice,
could've just as easily be named 'page' */
if (is_numeric($idPageToInclude)) { //If I'd want to accept only numbers,
for instance
$pathPageToInclude = 'page'.$idPageToInclude.'html'; //Create the
complete file name
if (file_exists($pathPageToInclude)) { //Make sure it exists
include($pathPageToInclude);
} else {
print('File not found.');
}
}

Why do I want to accept numbers as input only? Because that way I can
prevent that a malevolent user tries to pass something like
'/../../passwords.xml/' into the querystring.

Hope this helps!

--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
Jan 13 '07 #8
Message-ID: <op***************@cp139795-a.landg1.lb.home.nlfrom
OmegaJunior contained the following:
>On Sat, 13 Jan 2007 19:16:08 +0100, McKirahan <Ne**@McKirahan.comwrote:
>>
Why is "id=" easier and/or more scalable and/or more secure?


It's more scalable as a querystring parameter like '?id=1' than a full
querystring like '?page1' because it lets you add more parameters to the
querystring than just the querystring itself.
Up to a point. You could, of course do ?ham-eggs-cheese and explode the
query string to get three different variables
>
....
>Security comes in because of the way you intend to use the parameter
value. If you would simply code
include($_SERVER['QUERY_STRING']);
you open up your code for all kinds of injection. Rule of thumb: don't
trust a visitor's input. What prevents a malevolent visitor from
requesting '?config.ini' or '?.htaccess' ? Nothing, because they can enter
it using their browser's address bar. But we can check for their input and
allow only those values we trust, like so:

$idPageToInclude = $_GET['id']; /* parameter named 'id' by choice,
could've just as easily be named 'page' */
if (is_numeric($idPageToInclude)) { //If I'd want to accept only numbers,
for instance
$pathPageToInclude = 'page'.$idPageToInclude.'html'; //Create the
complete file name
if (file_exists($pathPageToInclude)) { //Make sure it exists
include($pathPageToInclude);
} else {
print('File not found.');
}
}
I think it's a bit simpler to use an array (ie you can use your existing
filenames)

$page=array(1=>'page1.php',2=>'page2.php',3=>'anyp age.php');

if(isset($_GET['id'])){
$PageToInclude=(isset($page[$_GET['id']]))?$page[$_GET['id']]:"errorpage.php";
//errorpage.php included if someone messes with the url.
include($PageToInclude);
}
--
Geoff Berrow 0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011
Jan 14 '07 #9
"Arjen" <do**@mail.mewrote in message
news:45***********************@news.wanadoo.nl...
I presumed wrong about the ability of search engines to index the site;
thanks for correcting me.

Not sure what you mean by "duplicate content"?

In your example every non existent QS would be the same as your default
page. So you have multiple occurences of your default page. You would
have to set a 301 header for those pages. Some search engines give you a
penalty for duplicate content.
>
Also, I'll have to study PHP some more to understand your dynamic
url...
>
What exactly dont you understand ? I'd be happy to explain :-)
I don't understand this suggestion:
or something more dynamic
/page_(.+).php /index.php?QS=$1 [NC]
What does (.+) do?
Why two ".php" filenames?
Where does $1 come from?
What does [NC} mean?

Sorry, I'm new to PHP.

Any website or reading suggestions?
I do use http://www.php.net

Thanks.
Jan 14 '07 #10
"OmegaJunior" <om*********@spamremove.home.nlwrote in message
news:op***************@cp139795-a.landg1.lb.home.nl...
On Sat, 13 Jan 2007 19:16:08 +0100, McKirahan <Ne**@McKirahan.comwrote:

Why is "id=" easier and/or more scalable and/or more secure?

It's more scalable as a querystring parameter like '?id=1' than a full
querystring like '?page1' because it lets you add more parameters to the
querystring than just the querystring itself.
I understand; however, I only intend to pass a page reference.

[snip]
Security comes in because of the way you intend to use the parameter
value. If you would simply code
include($_SERVER['QUERY_STRING']);
you open up your code for all kinds of injection. Rule of thumb: don't
trust a visitor's input. What prevents a malevolent visitor from
requesting '?config.ini' or '?.htaccess' ? Nothing, because they can
enter
it using their browser's address bar.
However, I construct the page name from the QueryString;
I don't load whatever is passed in.

[snip]
But we can check for their input and
allow only those values we trust, like so:
if (is_numeric($idPageToInclude)) { //If I'd want to accept only numbers,
I like the numeric only input and will use it.
if (file_exists($pathPageToInclude))
I'll use this too.
Why do I want to accept numbers as input only? Because that way I can
prevent that a malevolent user tries to pass something like
'/../../passwords.xml/' into the querystring.

Hope this helps!
It does! Thanks for the education.

Jan 14 '07 #11
McKirahan schreef:
"Arjen" <do**@mail.mewrote in message
news:45***********************@news.wanadoo.nl...
>>I presumed wrong about the ability of search engines to index the site;
thanks for correcting me.

Not sure what you mean by "duplicate content"?
In your example every non existent QS would be the same as your default
page. So you have multiple occurences of your default page. You would
have to set a 301 header for those pages. Some search engines give you a
penalty for duplicate content.
> >
Also, I'll have to study PHP some more to understand your dynamic
url...
>What exactly dont you understand ? I'd be happy to explain :-)

I don't understand this suggestion:
>or something more dynamic
/page_(.+).php /index.php?QS=$1 [NC]
This is not PHP ... I should have been clearer. This is syntax for
apache's mod rewrite.
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html

It means rewrite pages like this:
/page_1.php ->index.php?qs=1
/page_2.php ->index.php?qs=2
/page_look-im-a-bird.php ->index.php?qs=look-im-a-bird
etc

This is a more friendly way of showing dynamic pages

--
Arjen
http://www.hondenpage.com
Jan 14 '07 #12

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Shaun | last post by:
I am using a base page (I think they're also called master pages) as a base that my webforms inherit from. The base page controls formating and common functions used throughout the site. This all...
1
by: staeri | last post by:
I have one master page with two ContentPlaceHolders. When I open an aspx page in ContentRight I want to have ContentLeft untouched but it always seems to refresh. How can I avoid that? ...
8
by: JT | last post by:
Hi, I have done a fair amount of style editing inline in ASP. I'm now using VS 2005 with a standard web project (not Web Application Project). This is my first foray into CSS in a style sheet...
0
by: Kevin Frey | last post by:
We have a data-centric application where all of the "layout" for each data centric page is to be codified (ie. it is expressed in C# code rather than being expressed declaratively). This...
1
by: | last post by:
Hey all! I'm new to 2.0. I use user controls, and since 99% of browsers have css now, I use absolute positioning to place my user controls.(Top banners, menus on the left side etc). In my case,...
1
by: Asif | last post by:
Hi All, I did follow the MSDN article (http://msdn2.microsoft.com/en-us/ library/ms379585(VS.80).aspx ) for overriding Master Page properties by setting page title and other Meta information(...
6
by: Homer J. Simpson | last post by:
Hi all, I have enough experience with HTML/classic ASP to get by, and I'm trying to learn ASP.NET. Traditionally, I've taken the habit of breaking out extra-long CSS files into multiple,...
6
by: =?Utf-8?B?SmF5IFBvbmR5?= | last post by:
I am trying to access a Public property on a Master Page from a Base Page. On the content pages I have the MasterType Directive set up as follows: <%@ MasterType virtualpath="~/Master.master" %>...
4
by: sandeepsangshetty | last post by:
Hi friends, I designed one master page in my application. Here i am stuck up with hiding the content for the different users login. If the login user is Admin he needs to see some content and...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.