Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Variable formatting in a universal header

9:26 pm on Apr 22, 2014 (gmt 0)

I've created a website for a doctor friend. I have grown weary of having to update all 29 pages each time some information in the header/footer has to be changed, so I am trying to create universal header/footer files. The footer file is no problem, since none of the information varies from one page to the next. The header file, however, is a bit more complicated, as it includes not only the page/site title, but also the site's search box and the site's top level navigation bar.

The latter is what I am having trouble with incorporating into the universal header, since the formatting of the navigation bar varies from page to page (see: www.amoripat.com). That is to say, depending on which page a user is on, the 'tab' for that page in the navigation bar will be formatted differently than the other navigation tabs (the current tab is rendered blue with white text and a red underline, while all other tabs are green with white text and a green underline). In my html code, this formatting is currently controlled using the id="current" command for that particular tab. For example:

<li><a href="index.php"><span>Home</span></a></li>
<li><a href="about.php"><span>About</span></a></li>
<li id="current"><a href="research.php"><span>Research</span></a></li>
<li><a href="resources.php"><span>Resources</span></a></li>
<li><a href="news.php"><span>News</span></a></li>
<li><a href="forum.php"><span>Forum</span></a></li>
<li><a href="contact_amoripat.php"><span>Contact</span></a></li>

I'm assuming that to apply this sort of variable formatting in a universal header, I will need to use some sort of nested, conditional expression (if, then...else if, then...else, etc. Sorry, I learned Pascal coding in college many, many years ago...back in the days of punch cards). Also, I assume that, first of all, I will need some sort of code in the php header file that can parse exactly which page on the website is making the request for the header and pass that along to the conditional expression so that it knows which formating value to select so that the page renders with the proper top level navigation tab highlighted.

The site is hosted on a GoDaddy server using PHP v.5.

I would be very grateful for any help/suggestions!

1:25 am on Apr 23, 2014 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month

The magic words are basename and php_self. These give you, respectively, the name of the current page-- that is, the html/php page that calls your header script, not the file that holds the script itself-- and the full filepath.

For your purposes you probably just need the pagename. Unless a lot of your pages are called "index.html" (physical filename, not URL) because they're in different directories. Then you have to either get creative, or put it in the code manually, like "include blahblah header.php?page=widgets". For just 29 pages, doing this part manually isn't unreasonable.

That's assuming you're using php includes. If the only thing you'll be doing with php is making these navigation headers and footers, it may be simpler to configure both as SSIs. The magic word then becomes ${DOCUMENT_NAME}. I don't know whether parsing a whole page as php is significantly more work for the server than including a file. On the 29-page scale, it's probably more a matter of which form you're more comfortable with.

Either way, the php itself will have an if/then package that can be as simple or as complicated as you like.* Mine just loop through all page titles in a directory, like (cut and paste, sorry):
if ($pagename[$count][0] == $word)
{ echo $pagename[$count][1]; }
{ echo more-complicated-stuff-here }

I may be doing the opposite of what you're aiming for, but the concept is the same: do one thing if the navigation refers to the present page, and do something different for all other pages.

* In my case, "as elegant or as clunky as you like" might be more accurate, because I only speak three words of php. But this is intended to be encouraging, because it shows you just how simple the process it :)
1:56 am on Apr 23, 2014 (gmt 0)

Thank you, Lucy24. It likely will take me a day or two to digest and tinker with all that you have said. Truth be told, I had to look up what SSIs meant (= server side includes). "As elegant or as clunky as you like"...that could definitely be my new mantra for the doctor with regard to his website! ]:-P Thank you for the encouragement...I know it's probably a pretty simple process, as you say...I just have to figure out how to wrap my mind around it! :)
10:10 pm on May 14, 2014 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member


@lucy forgive me for asking; BUT isn't $_SERVER['PHP_SELF'] fraught with security issues? Or has php fixed those security issues recently?

Aye, SSI is rather ikky; I'm trying to sort out a .htaccess /web.config interchange at the moment - why can't apache just be default ha ha!

12:57 am on May 15, 2014 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month

isn't $_SERVER['PHP_SELF'] fraught with security issues?

Probably, but I'm the wrong person to ask: see above about speaking only three words of php ;) I don't think I actually use it anywhere. Like ${DOCUMENT_NAME} it's only needed if you're using the same code in a bunch of different places.

Weird but true: The only time I've ever personally been affected by a "security" issue was in a seemingly benign javascript graphics function. Oh well.
12:57 am on May 15, 2014 (gmt 0)

@Matthew1980...Thanks for the heads up regarding potential security issues. Much appreciated! I have yet to finalize the universal header...I got side-tracked by a recent request from the doctor to incorporate a blog into the website.

2:27 am on May 16, 2014 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

isn't $_SERVER['PHP_SELF'] fraught with security issues?

You just have to be careful where you use it and always validate/sanitize it if you are doing something with it (as with any bit of data that comes from the user). The "problem" with it is that it contains the full URL of the request, including any XSS nastiness.

At one time it was common to see something like:
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">

However, this is bad and a potential security vulnerability.
6:14 am on May 16, 2014 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month

Heh, that's the exact context where I last saw PHP_SELF. And in my case I only have the form on one page, so there was no reason not to give the actual page name. It's not like "contact.html" is likely to change in the near future.
7:39 pm on May 21, 2014 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member

Hiya Guy's,

Thanks for answering my query, I thought that there was something surrounding the use of that super global. I've not done php for 4 years in any anger and just thought I should point out what was drilled into me when I started out in 1999.


Featured Threads

Hot Threads This Week

Hot Threads This Month