PHP security & compatiability warning

  • Elantrix

    .html extensions still can parse php if configured properly, but some hosts only parse .php extension as PHP or strictly parse .html as strict html markup, plus dont always relie on .htaccess files, all webhosts have some difference in configuration.

    This can lead to users being able to see the code and incompatibility issues. So you should have all your PHP files, including .inc files (eg .inc.php) as .php (ESPECIALLY the config file)

    You should separte the logic from the design, remember the 3-tier design. Like in your case have the code first, then at the end have all the html.

    You need to define EVERY functions IPO (Input Process Output) and comment a lot more, a lot of the code is cryptic to other developers who have never seen this code before.

    Other then that, looks like a pretty good tool to
    search website with.

    • astellar

      You are absolutely right about .php extension! Fixed.

      Code miss some key comments, true. I will try to fix this in mean time.

      About 3-tier design. I plan to add separate templates using php templates or my own template library (the key difference between them is dreamvawer-compatible SSI processing). But anyway it is already in ToDo :)

      Thanks a lot for useful advice!