Self-Verified page Vs. Using external script (newbie question)

[thomas.edison]

Hi, I am very new to PHP (and web developing generally, as well). I have been passing through two different ways of verifying user input in a PHP webpage:

 

1- By calling a different script file, where the verification logic code is listed and then recall the referer $_SERVER['HTTP_REFERER'] page and pass the result using $_SESSION. (I understood this is basically done to avoid repeating the action in the code with every refreshment of the browser window).

 

2- By enclosing the verification logic code withing the same PHP page, so the page is a big mix of HTML & PHP. (I understood this is basically done, in order to keep the user input without using $_SESSION and it should save one trip of data transfer.)

 

    For me, I see both are working; still I want to learn the best coding practices. So your advice is appreciated, and please feel free to correct my, if I missed something about both methods.

 

 

[KevinM1]

#2 is more widely used.  You also seem to have some confusion about how the HTTP request cycle works.

 

Disregarding caching, there's no difference between requesting a new page or the same page.  A HTTP request is made to the server, and a new page is served to the browser.  The process is exactly the same. 

 

You're not saving ANYTHING in either option.  In option #1, your external validation file will still be executed every time the form is submitted.  In option #2, you're requesting a new copy of the current page, which is functionality the same as sending the data to a separate file.

 

The ONLY difference between the two - assuming #2 is structured properly - is an if-conditional that runs the form processing code if the page was accessed via POST.  Which is, of course, negligible.