Parse .html Pages For Php Code

[Robert]

Ok, need to know if I'm opening up a can of worms . I know how to make changes to .htaccess file to get server to handle .html pages with php code.

I know static .html page will load faster but having php capabilities gives me the ability to add cool features without having to go in and rename the page from page.html to page.php

Other than the slight speed issue and probably a bit more load on the server, are there other issues I should worry about?

[torka]

None that I'm aware of right offhand. I do this for a couple of older sites of mine (originally coded in HTML, now using PHP, didn't want to have to change all those long-time "trusted" URLs). I haven't noticed any issues.

--Torka

[Robert]

Quote:

Originally Posted by torka

I haven't noticed any issues.

Excellent.

[StupidScript]

Sorry for the late response ...

Quote:

Other than the slight speed issue and probably a bit more load on the server, are there other issues I should worry about?

Nobody will notice any difference in speed, Robert. If you have a VERY high-load server (~1M hits per day), you may be able to use a refined benchmarking application to detect the difference in delivery times, but they'll be on the order of microseconds. Otherwise, there are no noticeable differences in server performance when you include .html files in your PHP pre-processing. Torka's note is dead-on, too ... SEs won't even flinch, if your rankings were based on .html files that are now being parsed by PHP.

[_detz_]

One thing some people have to worry about is security. Usually most things block people from posting php code or uploading php scripts but not html. If someone has access to upload html files or if you allow dynamic content(comments, etc..) that people can submit you might open up a security whole. Just something to keep in the back of your mind.

[StupidScript]

Excellent point, _detz_. Robert, don't abandon good user input validation techniques in your enthusiasm for converting the site. You probably don't want to allow .html uploads, or at least run any .html upload through basic PHP protection:

Code:

$upfile_content=htmlspecialchars(str_replace("$","",$upfile_content));

or similar.

[Robert]

Y'all totally rock! Thanks for the feedback.

Dumb question... would allowing blog comments expose us to problems? An example of what we are doing is here:

http://www.searchengineguide.com/sea...ws/010488.html

(scroll down to see the comment form)

We don't allow people to include html in their comments but we do have it set to automatically make URLs clickable.

[StupidScript]

Quote:

would allowing blog comments expose us to problems

As long as you treat those entries as user input (natch), you should be fine. I would suggest using the filters to remove/entitize PHP-like code, in addition to HTML code, like <? ?> for instance. (PHP's htmlspecialchars() works well for this, converting < et al. into the appropriate HTML entities.) The reason is that once the comment goes live, the PHP code would be live, too. Which brings me to a personal preference regarding URLs in posts; I'm not in favor of making them clickable. It does make it easier for others to get to a reference, but it also opens up spamming and malware doors. While interested people will still copy-and-paste the URLs into their browsers, spiders won't be tricked into visiting a p0wnt site. That's just my preference, though.