1

A bit new to the whole PHP thing.

Just wanna ask, which is better in regards to performance and security. I know both has its pros and cons, but just cant seem to come to a conclusion on which could be better for overall performance and security.

  1. Use a PHP file with loads of functions. So every page I have will "include" the function php file, thus functions can be called in any given page.

OR

  1. Have a PHP file that accept parameter input(not sure if that is what you call it). For example function.PHP?id=100

Any comments?

Thanks everyone :)

Tak4ever
  • 11
  • 1
  • Are you asking which is the best way to organize your helper functions? Because the second way looks more like you want to make an HTTP request and it would not work the way you might think it works. – Felix Kling Jan 19 '11 at 10:02
  • 1
    Please rephrase or show code, especially for what you mean with function.php?id=100 and how that relates to including files. – rik Jan 19 '11 at 10:06
  • Organize, performance ...nothing in particular. The reason why I used to use the 2nd method was because this 2nd method was some what simple and was not present in other languages such as VB or Java (which it is mainly functions or classes based). So was wondering if the 2nd method had any major pros over the 1st method. What I had done before with 2nd method was pass values into a page, the page then process the values and save its result in a session variable/cookie or even pass it back/onto a new page for display. Worked like functions but of course wasnt as flexible as functions. – Tak4ever Jan 19 '11 at 10:14
  • For example: 2nd Method - cart.php?id=100 ====cart.php START==== $_REQUEST['id']; echo $_REQUEST['id']-2; ====cart.php END==== – Tak4ever Jan 19 '11 at 10:19
  • Are you actually looking at the answers you've got? Both of them are good :-) – Flavius Jan 19 '11 at 10:46

3 Answers3

1

The second method is preferred: one index.php file which drives the entire application/website.

As for breaking down the application, you'll use both: parameters in the URL, to decide what is to be done, and helper functions which receive parameters and do their job.

The challenge is to break down the "big problem" in smaller, reusable "sub-problems" and wrap each in a reusable function.

After that, solving the "big problem" is a matter of sticking together function calls, like you do in a puzzle game.

Now, that was the way to go at your beginner level, at a more advanced level you would break it down in an OOP manner, to take advantage of autoloading (read my response there for details).

Right in-between the two levels of experience, you could try first to use a procedural php framework like http://www.limonade-php.net/, and second to understand its code and learn from it. This should put you on the right track for more advanced uses of PHP.

None of your presented options have something particular in respect to security or performance, they're both the same. Breaking it down in functions is a matter of code reusability and maintainability. That being said, the OOP is still better in any regards (again, I'll have to point at my other answer).

As I said, you'll use both, AND you'll have to validate the input (that is, $_REQUEST $_GET, $_POST, $_COOKIE, $_SESSION, $_FILE, (some elements from) $_SERVER). Be careful with XSS (basically, you'll use either strip_tags() or htmlentities() or a combination of the two). That's about the security aspect.

Community
  • 1
  • 1
Flavius
  • 13,566
  • 13
  • 80
  • 126
0

Welcome Tak4evr

I would use Object Orientated design practices over this method. Procedural code, based on many functions is hard to follow and therefore expensive to maintain.

But given the choices I would go with your first option:

Use a PHP file with loads of functions. So every page I have will "include" the function php file, thus functions can be called in any given page.

You would include this file and rather than using function.php?id=100 as you suggested you should use something more descriptive which then uses your functions.

For example use clients.php?id=100 then use clients.php to get the id, and pass that id to one of your functions.

Hope that helps.

Jake N
  • 10,535
  • 11
  • 66
  • 112
  • I would add to that suggestion a recommendation to have several function files (helpers), based on the objects and entities running in the system. – Yishai Landau Jan 19 '11 at 10:10
0

It took me a while to try to work out what you could possibly mean by this question.

Have a PHP file that accept parameter input(not sure if that is what you call it). For example function.PHP?id=100

I guess you mean that you want to be able to include only the relevant parts of PHP code using your own user-defined function.

Unless you're very VERY good at programming, this approach is the wrong way to solve the problem. Have a google for self-modifying code for some discussion on the topic. It opens up huge code injection vulnerabilities and makes debugging the code very hard.

Even if there were no security issues, and no maintenance issues, and you are a guru programmer, the only way to pass parameters into a PHP script is via an HTTP request or by running a program - both have a huge overhead compared with reading the code directly from the local filesystem - so this approach is wrong from the performance point of view.

PHP does have functionality which appears, en face, to be very similar to what you are proposing - the autoloader. However there are some very important differences.

Most of the perfromance related stuff which you can control within PHP (i.e. not the HTTP stuff, not the DB stuff) is the amount of code the interpreter has to parse. So your first approach is flawed from a performance point of view.

The right way to solve the problem is to break down the functionality into related chunks - and keeps these in seperate files, then only include the ones you need for a particular task.

symcbean
  • 47,736
  • 6
  • 59
  • 94