Re: PHP Forms And self posting
- From: "black ares" <matematicianu2003@xxxxxxxxxxx>
- To: <programmingblind@xxxxxxxxxxxxx>
- Date: Sun, 30 May 2010 08:52:54 +0300
from a design point of view, to have one page to collect data, same page to
process it, eventualy, to have all processing of a site in a single php script,
is wrong.
The antipatern is called god class.
The problems are:
1. Maintainability. If you want to change something you have to search/find
that portion of code to change and most times when processing of multiple
things are in the same script, the flow is no so well intuitive and changing
something could affect easily other parts.
2. Reusability, when you put all in a page/script, and if you have some other
pages/scripts needing some logic you encapsuled in that first page, you must
rewrite it, or reorganise that first page to pull out the comon code.
For example validations like e-mails, card numbers etc, are supposed to be used
in more than one page.
3. Encapsulation, writting all in a single page/script, could easily to get
errors, because you have access at all things there and can use part of flows
inapropiate.
4. Performance, when you put all things in a script/page, the processing of
that page/script takes more time, than processing a little page.
----- Original Message -----
From: D!J!X!
To: programmingblind@xxxxxxxxxxxxx
Sent: Saturday, May 29, 2010 9:54 PM
Subject: RE: PHP Forms And self posting
Well one of the most prevelling arguements is not to trust anything in the
$_SERVER global, something i sort of knew and wasn't planning on doing. Another
thing i've noticed is the use php_self seems to have some issues under apache?
From what i've read people use php_self and $_SERVER together to post back, and
that's "asking for trouble." And then there is the action="" method, which some
browsers don't like, and again, i wouldn't use. I propose a direct url to the
same page for processing.
Other than that i haven't found anything that states a huge concern with
security. The data i'm sending is not sensitive like ssn or ccn or things of
that nature.
HTH, D!J!X!
------------------------------------------------------------------------------
From: programmingblind-bounce@xxxxxxxxxxxxx
[mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of Jared Wright
Sent: Saturday, May 29, 2010 3:20 AM
To: programmingblind@xxxxxxxxxxxxx
Subject: Re: PHP Forms And self posting
I'd be interested in anything you come up with that can explain why this
might be a bad idea. I have always used them without much hesitation.
On 5/29/2010 12:01 AM, D!J!X! wrote:
Hey guys, i'm finishing up a site here and was just wondering, i've been
reading online and it seems that some people strongly suggest against having
php forms post back to themselves for error displaying and correction and
processing. I can sort of understand why, but then again it seems that a lot of
people are using it and recommend it, w3c included. Does anybody have any
comments/opinions they can share that would help me shed some light on this
matter? Self posting would make my life easier, but i have a solution that
separates processing from the actual form page, except that there's a bit of
code involved to redisplay the form with values filled in, error messages
displayed etc. Any thoughts, comments, articles on the topic?
THX, D!J!X!
Other related posts:
