Site navigation using PHP

Recoil_UK

Hi guys

I,m so new to this programming you wouldnt believe, so I thought I would post on here for some help from the experts.

What I want to do is this.....

Design a website that will use PHP and a MySQL backend for all information.

Use a template based system where all pages will be derived from templates and MySQL.

Ideally use php variables parsed in the url for site navigation, and to use sessions to store state information and a cookie to store the session id, which will be encrypted using md5. (Is this good, security wise).

What i,m looking for is help to actually design the templates, I have a very rough idea on how this should work, but I cant seem to find any info on parsing multiple variables in the url, just a single one.

If anyone can help, or point me in the right direction for a tutorial that would be great.

Thx guys

MrAlaska

Multiple variables in the URL are no problem, although you are limited to 255 characters, but you can work around that if you are careful with your vaiable names.

What do you mean by 'good enough' on security? Sessions are fairly secure but can still be compromised.

Recoil_UK

Hi thx for the reply

What I mean is, is putting the session id in the cookie a good way to go about it? possible even? because I was thinking it would be more secure than simply putting the username and password in there, and also if all the info needed was in the session anyway then if the user didnt except cookie,s I believe that its simple enough to then use the PHPSESSID in the url.

The way I want the site to work is this....

The user requests the default webpage .. index.php

On the page there is a number of links.

The user would then follow a link, so a review for instance.

I want the url to contain....

a) The template $template
b) The review id $reviewid

both of which were found out from the access to index.php from a Mysql search.

How would one go about sorting something like that out?

Thx again

MrAlaska

The session ID will ususally go into a cookie by default, depending on how you have your ini file set up. Sessions pretty much take care of themselves in PHP, you don't even need to know the session id, just let the server take care of it. I would never store an unencrypted password on the cookie, you will find sessions are more secure than cookies as a place to store variables.

Of course, I am speaking from a perspective of one who does not use sessions so I might have some details wrong on how to use them. I personally am inclined to turn sessions off, store my own unique id in a cookie, and handle the server side variables on my own for performance purposes, but that is the topic of another discussion which is still not resolved.

As far as generating the links on the fly, that is pretty simple, but your questions are kind of general to be addressing specifics. You need to pick a spot and dive in.

Basically, when they go to the index page you would query the database for available information then generate the links dynamically from your database by looping through the available records and output the html to make the links.

You would make eacha link reflect the data in that row, for instance:
<?php
echo "<a href='$template?reviewid=$reviewid&extra=$whatever'>$review_name</a>";
?>

When the user goes to $template, that page would check for an ID, then build a query based on the submitted information, query the database and output the results.