|
|
Posted by Toby Inkster on 10/06/46 11:23
Safalra wrote:
> I'd go with SSI for anything that doesn't require PHP features. I
> believe it is parsed slightly faster because of its simpler syntax (I'm
> sure someone will correct my if I'm wrong). Plus more hosts support SSI
> (with no security issues) than PHP (with some security issues).
I agree with you that it's faster and slightly more secure, but I don't
agree that the OP should stick with SSI.
PHP will give him a lot more flexibility in the future -- a lot more
chance to experiment with new things : searches, login accounts, contact
forms, etc.
mod_php's slow down over SSI is only slight, and unless he's using a
complete dinosaur of a web server, it should barely register a difference.
For what he's talking about doing, security issues don't even come into
it. It's only when you start doing things like this that security becomes
an issue:
<?php
$page = $_GET['page'];
$file = 'content/' . $page . '.php';
include($file);
?>
(and in this case there's an easy fix...
<?php
$page = $_GET['page'];
if (preg_match('/\./',$page))
{
print "SECURITY ALERT!";
exit;
}
$file = 'content/' . $page . '.php';
include($file);
?>
..)
--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Navigation:
[Reply to this message]
|