Cookies are used to maintain the concept of a session. If a session cookie is present, the script should perform additional security check to make sure the session is valid.
A validated session often requires a script to retrieve additional information from a database.
The first part of a web script should process at least some of the GET or POST variables passed by GET or POST methods. The key concept is to find out why the script got triggered.
For example, a script can be triggered because someone clicked a hyperlink that specifies some GET variables. Or, a script can be triggered because the submit button of a form is clicked. Or, a script can be triggered because a user types the URL with no GET or POST variables specified.
Once GET/POST variables are recognized, it is time to perform the requested actions if any. For example, a variable may indicate that a row be added to a database. The actions requested by GET/POST variables should be performed before the HTML code is generated. This allows the generated HTML code to report any problem encountered.
When processing GET/POST variables, it is important to first know whether the GET/POST variable exists. If it does exist, then the value of the variable can be examined. The following is a typical control structure to process a particular variable:
Based on the cookies and GET/POST variables, the rest of a web script is responsible to generate the actual content of a page.
There are techniques that help in this process. For example, instead of using print or echo statements to generate HTML code inline, sometimes it is more convenient to use string variables to temporarily contain content that is not ready to be put into the HTML document. Then, at the right point of the HTML code generation, a string used to store content to be emitted can be printed or echoed.