-1

hi I am working on a great website (social network with php) and I've decided to create only one php page, (index.php), but this php page will contain php if conditions and statments of the $_GET value,and will display the page requered (but in the same page index.php).

This means that the code(javascript+xhtml+php) will be very huge (nearly all the project in one page).

I will also use the Htaccess to rewrite the urls of those pages to avoid any malicious requests (so it will appear just like a normal website).

But, before doing so, I just want to know about the advantages and downsides of this technique, seeing it from all other sides (security, server resources, etc...)

thank you

shamittomar
  • 46,210
  • 12
  • 74
  • 78
SmootQ
  • 2,096
  • 7
  • 33
  • 58
  • 3
    This is ill-advised. It predates today's modular based structure. Why would you want to go back to something so archaic? –  Dec 11 '10 at 19:56
  • @armando I just want to avoid spreading my project in many directories wich may cause some bugs in security, saying that it's about a social network – SmootQ Dec 11 '10 at 19:59
  • 7
    This. I don't even... – shamittomar Dec 11 '10 at 20:04
  • it's better to keep your security in mind, but to still keep your project flexible, maintainable, and efficient. –  Dec 11 '10 at 20:54
  • 1
    Just because it's a bad idea doesn't mean people should downvote the question. He's actively asking for feedback on the disadvantages of this approach, which means it's reasonable to come to us for advice. He's not the first person to have this idea, either, so the question could be useful for others before they head down this road. – Justin Morgan - On strike Jan 14 '11 at 16:00
  • It's nice to see my level back in 2010 :D, It was indeed a stupid question from me. I spent the last years, working on professional projects, with Symfony2 & Zend, I upgraded my level. But it's really good to check stackoverflow for my thinking back in 4 years ago. Really stupid – SmootQ Jun 15 '14 at 23:15

7 Answers7

7

I think what you're trying to do is organize your code properly and effectively, which I commend.

However if I understand correctly, you're going to put all of your javascript, html, and PHP in one file, which is really bad. You want your code to be modular, not lumped together in a single file.

I think you should look into using a framework (eg Zend) - PHP frameworks are specifically designed to help your code remain organized, modular, and secure. Your intent (organizing your code effectively) is great, but your idea for how to organize your code isn't very good. If you're absolutely adament about not using a framework (for example if this is a learning/school project), you should at least make sure you're following best practices.

Cam
  • 14,930
  • 16
  • 77
  • 128
  • Can the downvoters explain themselves? I'm not sure what's wrong with my answer. Thanks! – Cam Dec 11 '10 at 20:01
  • I can say that you've understood my question.. but what I want is controlling the website page by only php if statments . in the same page,... if so, how to use into a zend framework – SmootQ Dec 11 '10 at 20:01
  • 2
    @Simo: Well you don't _have_ to use Zend, first of all. There are many other options out there for frameworks, so shop around before you pick one! Furthermore, I may have underestimated how new you are to PHP - I think you might be best to not use a framework for now, and try to learn some best-practices. The idea of one entry point is good, but you should spread out your code over multiple files. – Cam Dec 11 '10 at 20:04
4

Came by this question searching so since the best answer is old, here is more modern one, from this question

Why use a single index.php page for entire site?

A front controller (index.php) ensures that everything that is common to the whole site (e.g. authentication) is always correctly handled, regardless of which page you request. If you have 50 different PHP files scattered all over the place, it's difficult to manage that. And what if you decide to change the order in which the common library files get loaded? If you have just one file, you can change it in one place. If you have 50 different entry points, you need to change all of them.

Someone might say that loading all the common stuff all the time is a waste of resources and you should only load the files that are needed for this particular page. True. But today's PHP frameworks make heavy use of OOP and autoloading, so this "waste" doesn't exist anymore.

A front controller also makes it very easy for you to have pretty URLs in your site, because you are absolutely free to use whatever URL you feel like and send it to whatever controller/method you need. Otherwise you're stuck with every URL ending in .php followed by an ugly list of query strings, and the only way to avoid this is to use even uglier rewrite rules in your .htaccess file. Even WordPress, which has dozens of different entry points (especially in the admin section), forces most common requests to go through index.php so that you can have a flexible permalink format.

Almost all web frameworks in other languages use single points of entry -- or more accurately, a single script is called to bootstrap a process which then communicates with the web server. Django works like that. CherryPy works like that. It's very natural to do it this way in Python. The only widely used language that allows web applications to be written any other way (except when used as an old-style CGI script) is PHP. In PHP, you can give any file a .php extension and it'll be executed by the web server. This is very powerful, and it makes PHP easy to learn. But once you go past a certain level of complexity, the single-point-of-entry approach begins to look a lot more attractive.

Community
  • 1
  • 1
Anddo
  • 2,144
  • 1
  • 14
  • 33
  • 1
    Thanks for your reply, it's been 10 years. I can't believe I asked this question haha. +1 Thanks – SmootQ Mar 20 '21 at 14:02
4

This approach is not good because of server resource usage. In order to get access to say jQuery.js your web server is going to:

  1. Determine that jQuery.js actually passes through index.php
  2. Pass index.php through the php parser
  3. Wait for php to generate a response.
  4. Serve that response.

Or, you could serve it this:

  1. Determine jQuery.js exists in /var/www/mysite/jQuery.js
  2. Serve it as the response.

Likewise for anything that's "static" i.e. isn't generated from PHP directly. The bigger the number of ifs in the PHP script, the more tests will need be done to find your file.

You do not need to pass your static content through some form of url routing; only your dynamic content. For real speed, its better to generate responses ready as well, called caching, particularly if the dynamic content is expensive in terms of cpu cycles to generate. Other caching techniques include leaving frequently accessed database data in memory, which is what memcached does.

If you're developing a social network, these things really do matter. Heck, facebook wrote a PHP-to-C++ compiler to save clock cycles.

I second the framework recommendation because it really will make code organisation easier and might integrate with a caching-based solution.

In terms of PHP frameworks, there are many. Here's a list of many web application frameworks in many languages and from the same page, the PHP ones. Take a look and decide which you like best. That's what I did and I ended up learning Python to use Django.

  • Perfect Reply, but the head tag(css,title,javascript,meta) code is nearly the same in the pages, so why should I insert it in the if statement? – SmootQ Dec 11 '10 at 20:20
  • @Simo You said you'd serve everything via index.php (all in one file). Assuming you're going to have separate files created via a routing mechanism (using an if or switch to differentiate different requests for different uris) you'd be serving up your javascript this way too. –  Dec 11 '10 at 20:32
  • @Simo the fact that the files are nearly the same across the pages is *the point*. Files like javascript routines want to be served up as fast as possible without going through the PHP processor (unlike your method). Same for images. Now, frameworks provide what is called templating so that you don't need to repeat the same html over and over again. –  Dec 11 '10 at 20:34
  • it's nice to check this naive question I asked 10 years ago. It is really a naive question, I can't believe I am the same person :D – SmootQ Mar 20 '21 at 14:01
3

It will be a hell of a mess.

You also wont be able to upgrade parts of the website or work on them without messing with the whole thing.

You will not be able to apply some programming architecture like MVC.

It could theoretically be faster, because you have only one file that needs to be fetched from disk, but only under the assumption that all or at least almost all the code is going to be executed.

So you will have to load and compile the whole file for every single request, also the parts that are not needed. so it will slow you down.

What you however CAN do is have a single point of entry where all requests originate from. That helps controlling a lot and is called a bootstrap file.

But most importantly:

alt text

code_burgar
  • 12,025
  • 4
  • 35
  • 53
The Surrican
  • 29,118
  • 24
  • 122
  • 168
  • 3
    Yea, as if stackoverflow needed to be more like 312098129083290183102 forums that exist on the intertubes. – code_burgar Dec 11 '10 at 20:06
  • haha, I really feel ashamed when I checked this question I asked 11 years ago. It is a bad question. Thanks for the answer :) Best ! – SmootQ Mar 20 '21 at 14:05
1

Why would you want that?

From what I know most CMSes (and probably all modern ones) are made so that the requested page is the same index.php, but that file is just a dispatcher to other sections. The code is written properly in different files that are built together with includes.

Edit: If you're afraid your included scripts are vulnerable the solutions is trivial. Put them outside of the web root.

Simplistic example:

<?php

/* This folder shouldn't even be in the site root, 
it should be in a totally different place on the server 
so there is no way someone could request something from it */
$safeRoot = '/path/to/safe/folder/';

include $safeRoot.'all_pages_need_this.php'; // aka The Bootstrap //

switch($_GET['page']){
    case 'home':
        include $safeRoot.'home.module.php';
        break;
   case 'blog':
        include $safeRoot.'blog.module.php';
        break;
   case 'store':
        include $safeRoot.'store.module.php';
        break;
   default:
       include $safeRoot.'404.module.php';
}
Alin Purcaru
  • 43,655
  • 12
  • 77
  • 90
  • I just want my project to be in one directory, not in many directories, that maybe will cause some bugs. (many files=many directories= more danger) – SmootQ Dec 11 '10 at 20:07
  • 2
    @Simo: That's entirely false. Organizing your code throughout files will make your code easier to maintain if done properly, which will cause your code to be more secure. Lumping your code into a single file doesn't magically secure it. – Cam Dec 11 '10 at 20:08
  • That is not true. Also you can put all your included code in a safe place that isn't accessible by a browser (HTTP request). I'll change the answer to illustrate this. – Alin Purcaru Dec 11 '10 at 20:08
  • you mean to use a robots.txt to make those files away from search engines? – SmootQ Dec 11 '10 at 20:25
  • 1
    Those files will not be accessible by a HTTP request. You can do this by either putting them outside the server's HTTP folder, or by having a .htaccess with `Deny All` in it. – Alin Purcaru Dec 11 '10 at 20:36
  • Now after 11 years I see that my question is really silly, doing everything in one page hurts modularity and Clean Arch, design patterns, and everything. I remember I asked this question as part of a project for my studies, I was lazy enough to not want to use different specialized directories for different modules. – SmootQ Mar 20 '21 at 14:07
0

What you are referring to is called single point of entry and is something many web applications (most notably the ones built following the MVC pattern) use.

The code of your point of entry file doesn't have to be huge as you can simply include() other files as needed. For example:

<?php 

if ($_GET['module'] == 'messages') {
  include('inbox.php');
} 

if ($_GET['module'] == 'profile') {
  include('profile.php');
} etc..
code_burgar
  • 12,025
  • 4
  • 35
  • 53
  • this looks very ugly. So for every page you want to add you need to alter the code and include another conditional statement? ... think os some route management. but please dont include files based on the request uri. – The Surrican Dec 11 '10 at 20:01
  • 3
    @Joe Hopfgartner: The fact that it looks ugly is irrelevant. This is a basic example of how single point of entry doesn't have to mean gigantic God files. Feel free to post an answer with a better, maybe regex based MVC-ish URL router. – code_burgar Dec 11 '10 at 20:07
  • No I wont make include files based on the request. even the include function I wont use it .. I will write the different code between pages in the if statement (but not for where the code is the same.) – SmootQ Dec 11 '10 at 20:11
  • its not the looks that is ugly but how you have to deal with it in practice. "sorry chef, need to set the whole page on maintance because i need to change the url from about-us to who-we-are" – The Surrican Dec 11 '10 at 20:12
  • @Joe Hopfgartner: Please do read my reply to your first comment. – code_burgar Dec 11 '10 at 20:16
0

This means that the code(javascript+xhtml+php) will be very huge (nearly all the project in one page). Yes and it'll be slow.

So you're not going to have any HTML cacheing?
It's all purely in one file, hard to update and slow to interpret? geesh, good luck.

BotNet
  • 2,759
  • 2
  • 16
  • 17
  • 2
    simo: i don't think your question should have been downvoted, i think it's a legitimate question, but this is the old style of doing things. –  Dec 11 '10 at 20:56
  • Thank you my friend, but If you ask me, this question should be downvoted. I was a beginner back then (it's been 11 years), and now I see why doing that is a very bad idea. Best ! – SmootQ Mar 20 '21 at 14:03