Php is it better to submit to process.php or self?_问答_开发者

Php is it better to submit to process.php or self?

开发者 https://www.devze.com 2023-03-30 07:03 出处：网络

I have often wondered what is more secure, efficient and generally better? If I have a login form, is it best to create a separate php file to handle the processing then redirect back to login page a

I have often wondered what is more secure, efficient and generally better?

If I have a login form, is it best to create a separate php file to handle the processing then redirect back to login page after it's finished. Or is it best t开发者_如何学运维o do all the work on the same page?

Is there a general rule for this, or I'd it just personal preference?

What you choose is up to you. However, the Post-Redirect-Get pattern (PRG) is commonly used in PHP. With it, you post your form to a handling script which does not produce output. You may use the same handling script for many different forms, if you have a means to distinguish between them. After processing the POST, the handler script redirects back to the form page, or another page.

The PRG pattern helps to avoid problems with the browser back button and form resubmission.

This is not a direct answer to your question, but still it's food for thought.

Nowadays, many PHP applications decouple the routing (the url's) and the php files. In my applications, I only have one php file that is accessible to the public, this is called the frontcontroller.

An excellent php 5.3 (and future practices-proof) example can be found in Silex, a small framework that mainly implements a frontcontroller, a router (that makes sure the url /login will go to your login page), and some basic needs for simple websites.

See: http://silex-project.org/

My belief is it's personal preference. I typically have an "Actions" script that handles all the behind-the-scenes work. This also keeps the logic all in one place, which I am a fan of. It also separates front-end code from back-end code.

But it's really up to you. If you believe "submit a form.php" should contain all the logic related to submitting a form, and "Register.php" should contain only registration logic, that is fine too.

As related to security, it's still the submission of information, regardless the endpoint. You can layer it with SSL if you want to be safer, but it still has to be sent somewhere.

It would be better to handle the request in a separate file.

That way the code would be better maintainable / more logical placed.

It's even better to do this for all your code.

A well known / often used pattern for this is the MVC pattern which separates logic from presentation.

For more info see: http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller