After reading the thread in the code section here about using a class to generate forms with PHP I was inspired to do the same for as much of my XHTML source as I can. To do this I created three PHP classes that handle building the actual page with a few simple calls. Currently, it is a bit ugly and fault prone and not at all dynamic yet. Hopefully as my utility functions start to fill out I will change that. The only pages at my site that are created in this fashion are the index and the code pages.

OK, my questions.

QUESTION 1:
What is a good way to find out just how much I am feeding someone when they visit a page?

My Thoughts:
As an example my index page is nothing more than php function calls and the actual page content. The size has nothing to do with what is served and the only real way to get the info I want is to either copy the page source (from a view source in my browser) and check it in my editor or add up the numbers from view page info. It is my understanding that the image sizes should only count once and the source size is the served size I am looking for. I could be wrong.

Question 2:
Is there a simple method for checking actual times for page creation?

My Thoughts:
I have seen a number of methods for outputting page generation times here and elsewhere. If I want to check this (perhaps putting it in the footer of my page) would the proper method be to start my time at the entry point to the php script and "stop the timer" just before I build my footer for display? I'm not terribly sure about this one.

Question 3:
Are there security concerns using php to generate pages that I should be addressing?

My Thoughts:
I have read up on taking input (let's say from a form) and using it when generating HTML. Since I am not currently doing this I don't think I have to be concerned with this aspect. No parameters are being passed and any parsing is done internally in my scripts. My intention is to publish my methods and code in case anyone else is interested and I don't want to inadvertantly expose myself (well, my server actually) to abuse. As mentioned, it is my belief that until I start doing something with _POST vars this should be a non-issue.

Any thoughts / things to read up on would be most appreciated. Aside from the popular on-line information I use O'Reilly's Webmaster in a Nutshell and Sams' PHP Developer Cookbook to help along the way. They seem a bit dated but helpful none the less. Feel free to PRO or CON at will. I know I learn from both equally.

Mark

__________________
"Opportunity is missed by most people because it comes dressed in overalls and looks like work."
--Thomas Alva Edison
"Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety."
--Benjamin Franklin
"A happy person is not a person in a certain set of circumstances, but rather a person with a certain set of attitudes."
--Hugh Downs

1. What about strlen()?
2. Here's what I use recently:
   
   PHP Code:

   
   function GIDTimer( $start=0 )
   {
       return( array_sum(explode(' ', microtime(true))) - (float)$start );
   } 
   
   
   

3. It depends, for example a very popular exploit is when you have urls like /index.php?page=aboutus and then the script simply includes a text file based on the value passed in the url. If you don't check to see that file actually exists (within permitted paths), etc., you'll open yourself to a lot of abuse. If you want to be certain, you should perhaps persuade someone you trust to audit the script?

I will fix the issue with the PHP highlighter as soon as possible.

__________________
J de Silva
Learning Journal | GIDForums™ | GIDNetwork™ | GIDWebhosts™ | GIDSearch™

Here's an example snippet of PHP code using the GIDTimer() function above (also, I get to test my fixes to the PHP display box);

__________________
Custom BB codes you can use here:
[HTML] | [C++] | [CSS] | [JAVA] | [PY] | [VB]

After I create the page that will be displayed by throwing all the content containers at my page creator class I have the code,


$page_content is an associative array containing a number of keys of arrays. So to create the actual page doc_make() looks for particular keys (sort of a simple template system) that are the div elements and if they exist and are part of the named page inserts the content into a div and then the arrays of content into p elements.

Based on this, should be able to store the print line in a variable, strlen that before printing. I guess this would give me my code size for the page. The reason I do it this way is all the source code indenting is handled as it is created so when you view source it is easy to read.


I'm going to give this one a try. This bit, (as well as the last post) should do exactly what I am after!


This will be good to keep in mind if and when I move the content to a database of some sort and use the method you describe. Right now, all the URL's are /pagename.php with no query attatched to the end. The script itself is a very (very very) simple frame that sets up error reporting etc, creates the content containers (from a container class) and generates the page. I think it keeps the safety aspect higher that way based on your information. I do end up duplicating some code (maybe 8 to 10 lines) but it will make it simple when I want to update a page. Using my method I simply change a content container when I make changes to a page.


This sounds like a good plan, using my example a simple check for existence will protect against that sort of abuse. I'll have to see if I can find someone to look the scripts over before I post them as an article...


Thanks for the information, now I have more coding to do but it should be simple to include into my current scripts.

Mark

__________________
"Opportunity is missed by most people because it comes dressed in overalls and looks like work."
--Thomas Alva Edison
"Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety."
--Benjamin Franklin
"A happy person is not a person in a certain set of circumstances, but rather a person with a certain set of attitudes."
--Hugh Downs