.php vs. .php?id=x?

La_Parka

What are the comparative advantages and disadvantages that using each system has over the other?

Bunkermaster

ermmm w00t?

explain your question it's a bit vague

La_Parka

OK. What are the positives/negatives of using, say:

A) Making separate .php pages for every page on your site while using includes for certain content.

😎 Just using a single index?id=x system for all of your pages.

w00t!

bastien

a straight .php url uses the post method to move data between pages, no real data limitations, hides the data from the user.

a .php?id=xxx; url is using the url to pass data generated in some format. i have a site where clicking on a picture passes the product name in the url and on the next page, the product name is taken in and used for a query to display more info about the product.

it is simply another method of passing data. it is somewhat less secure as users can see what is being passed, there is aslo a limitation of about 2000 characters that can be passed through the url...this ueses the get method to pass the data from a form...thouhg links can be built to use this method

there are very few perfomance issues around using one over the other...

generally the rule is:
lots of data - post method
secured data - names, address, credit card #s - post method
search data - get method
simple data - product ids, image names, etc - get mthod of form
dymanic link with insensitive data - pass in URL

hth

Bunkermaster

what I do is use a template for the similar pages (or the batchlike pages) and call them with params or when I want to increase maintenability on a specific tricky page I do seperate file.
Depends on how often you'll have to maintain the code really (IMHO).

La_Parka

So, I take it putting sensitive MySQL information embeded in a PHP script using the .php?id=x method would be none too wise?

Bunkermaster

passing sensitive information as a param is a no no but in any even you have to check who asks for what in the params. I always hackproof the params on my apps so peeps asking info they should not ask about get sent to hit the road

La_Parka

Originally posted by Bunkermaster
passing sensitive information as a param is a no no but in any even you have to check who asks for what in the params. I always hackproof the params on my apps so peeps asking info they should not ask about get sent to hit the road

Well I'm refferring to inserting a pre-written PHP poll script from HotScripts.com into a .php file, which I would use as on the index?id=x page as an <?php require ?> file.

Bunkermaster

the require command doesn't execute anything but always includes the code contained in the file to the calling script. It is a serverside process and you can't include a PHP file with parameters. If that is what you meant.

siwis

Bunkermaster, that's not strictly true.

If the required file is set up to receive a passed variable, whether it be using GET or POST, you may simply declare the value of that variable before issuing the require():

Lets assume we are going to require() index.php which will possibly be expecting a GET style variable (index.php?poll_id=2)

simply declare :

$poll_id = "2";
require ("index.php");

The value of $poll_id iss declared as far as index php is concerned and it is parsed in exactly the same way as if it had been called via the browser.

Bunkermaster

ok what if it expects a GET var and looks for $_GET[ "poll_id" ]?

siwis

Well, in that case I would asume that you could modify the line at the head of index.php which assigns $poll_id = $GET['poll_id'}; as:

<?PHP
if (!isset($poll_id)) {
$poll_id = $_GET['poll_id'};
};
?>