Matt Robinson wrote:
> On 8 Aug 2011, at 22:56, Beth Lee wrote:
>> On Mon, Aug 8, 2011 at 9:51 AM, Matt Robinson <matt@email-addr-hidden> wrote:
>>> On 8 Aug 2011, at 16:33, Beth Lee wrote:
>>>> [bad code! go stand in the corner]
>>> Sorry to run in with all guns blazing, essentially off-topic, but I can't
>>> stress enough how much you should never, ever run the code you've just
>>> written above.
>
>> Good points. And important.
> […]
>> Given that, would this be an improvement, or do you think more needs
>> to be done? It seems like belt-and-suspenders to have the htmlentities
>> statement there too.
>>
>> <?php
>> if (in_array($_GET['page'], array('products', 'about', 'contact')))
>> {
>> include('pages/' . htmlentities($_GET['page'], ENT_QUOTES, 'UTF-8') . '.php');
>> }
>> else
>> {
>> include('pages/frontpage.php');
>> }
>> ?>
>
> The htmlentities() call is unnecessary (and wrong) because once you know it's
> either "products", "about", or "contact", you also know it doesn't have any
> entities, and in any case htmlentities() escapes HTML, not filenames. :)
>
> One simpler approach is to make each page its own PHP file with its own URL
> (e.g. http://example.com/products.php), and then use something like (shameless
> self-promotion) https://github.com/inanimatt/kisskiss-light to wrap the
> current page's content in a template. Then you're not taking user input to
> derive a file to load, and you can wrap pages in a template just by doing a
> require() at the top of each page.
>
> But really, if you're serving flat content in a template you could avoid PHP
> entirely and generate your pages offline (if they aren't dynamic) then upload.
> For most basic sites, using PHP is wasteful and way over the top. :) It breaks
> HTTP caching, and massively reduces the amount of load you can handle. If you
> generate offline, you still have the advantage of being able to keep your
> template and content separate, but you aren't pointlessly regenerating them
> for each request when they probably only update at most a few times a day.
And you can use PHP offline to generate the static pages.
-- David gnome@email-addr-hidden authenticity, honesty, community _______________________________________________ Linux-audio-user mailing list Linux-audio-user@email-addr-hidden http://lists.linuxaudio.org/listinfo/linux-audio-userReceived on Wed Aug 10 00:15:04 2011
This archive was generated by hypermail 2.1.8 : Wed Aug 10 2011 - 00:15:04 EEST