What sort of benefits do you get from making a site in php instead of html?

page looks better? if you made the same page in php and then one in html aswell.

thanks for all comments :) hopefully....



ice
:wave:

if you made the same page in PHP and HTML, it'll look exactly the same. PHP is a totally new language that alows you do to totally different things.

Firstly you have to understand that PHP is interpreted by the server, as opposed to HTML is interpreted by the browser. This means that PHP code is totally secure (unless you give a hacker an exploit of course).

When people use PHP for their sites, there are many reasons for it.
It allows you to use databases very easily. This gives functionality to websites that could not exist with HTML alone. PHP also gives you the chance to validate user input without them being able to see what it's being validated with. basically, you can password protect pages securely.

Do you know JavaScript/VBScript? As they are totally differenet from HTML, so is PHP. Except PHP is different on a whole new level. Use google to find some basic tutorials on it so you can see the true power of PHP.

heh i know a bit of jscript and vbscript.

I just seen lots of exploits and sort for php boards and figured well hey it must not be too safe...but i guess popularity brings security risks aswell.

thnx for reply , ill go read up on a lil php :p


ice
:wave:

The main thing worth noting is that when you use PHP you are generating HTML. This way your site is still using HTML just the pages are dynamic unlike a html which is static. mind PHP isn't limited to generating HTMl code it can also generate images or other stuff ;).

I even use it to create JavaScript of one of my sites.

The reason people can exploit PHP is due to stupidity in the author.

In search forms, the authors often forget to strip the user input of harmful characters. This allows a hacker to carefully craft what is called an SQL injection. For example, if you enter:
' OR =1--
into a search form and you get a mysql error (not one that that says "you have typed in something wrong", but one that even gives the line it messed up on), then you know that the author never stripped the input of the dangerous characters. the ' in this case. You can then edit the SQL injection so that you can get the thing to give you passwords/email addresses etc.

Another common exploit is people making a view source script in PHP.
If you find a PHP view source script that works like this:
source.php?url=www.google.com
and that gives you the source of www.google.com. Well fine, it works as it should. now change the query string to this:
source.php?url=/index.php
If the author was stupid, then the visitor could get the raw code (including PHP code) of the index.php file (or any other file on the server).

Most forums are written by proffessionals though. Professionals don't mess up nearly as often. I've found plenty of guestbooks that accept HTML tags which are very vulnerable, but they weren't written in PHP.

Considering how easy it is to secure your pages, it's suprising how insecure many sites are.

Anyways, enough from me. you go do a basic tutorial.

Oh, one last thing. If you haven't already insatleld PHP on your PC (which you need to do to test it), then I suggest that you use EasyPHP. it's very easy to install and it comes with PHP, mysql, phpMyAdmin and other stuff too (probably).