In this thread, I posted a question after our site got hacked. In it, a couple posters said that what I see in Dreamweaver is not what is actually on the host. I understand that the preview/design pane only interprets HTML and shows placeholders for PHP, but I work almost exclusively in Code View.
This sets me into a flummoxed panic. I’m not a “real” programmer. I can do a lot, from basic pages and basic JavaScript form validation, tying everything into a MySQL database, setting cookies, etc., but I’m not a real programmer, so not being able to see everything that’s going on means I could be missing out on a lot of things (vulnerabilities, etc.)
I do know that Dreamweaver’s file pane doesn’t show the check in/out lock files (I use an FTP client to see what’s actually in the folders), but not what code it doesn’t show.
There was a bit of disagreement in that thread over whether or not Dreamweaver does/does not display everything in a particular file, so I thought to open a new thread specifically to that.
I’ve used Dreamweaver to view hundreds of web pages, and never found one where all the code wasn’t displayed in code view.
However, keep in mind a couple of things:
If you use include files, you don’t see the content of the include file while viewing the file that does the include. You have to view the included file separately.
In Dreamweaver, you are normally viewing a copy of the file on your local network, which is then uploaded to the actual webserver (This is not the case if you use the option to view the remote site, but the default is to view the local drive). If a file that you uploaded was hacked after you uploaded it, you won’t see the changes in the local copy unless you sync your local files with the remote.
Thanks—I thought so too, but the comments from the other thread had me worried.
I was under the impression that when you’re in remote view, you see the file structure on the site but not additional files stored in the same directory locally. When you double click a file to open it, Dreamweaver opens the local copy to work on. I only see an updated/revised remote copy if I ‘get’ it first, overwrite my local copy, then open it. It could be my own settings, just something from MX 2004, or I may be off my rocker.
With php, which you mentioned you can include other files either using ‘require’ or using the ‘include’ command, additionally javascript and css files can be included as part of the html.
When you are in the code view in dreamweaver, you will see all the source in the file, but not the code in the included files.
To see all the code, you need to look in every included file included by php, javascript, css, or in an iframe.
I’m using Dreamweaver 8, and I don’t know if your version handles this differently or not, but mine doesn’t do it quite that way.
In version 8, if you’re in Remote view you see all of, and only, folders and files that have been uploaded to the server. As you said, if there are extra files in your local folder not on the server you don’t see those.
If I open a file in Remote view, that file is first downloaded to my local copy (overwriting it if it exists locally) and then opened. (And you know, now that I think of it I’m surprised that it doesn’t prompt me to confirm the overwrite before it does it. Maybe I turned that off somewhere in the last couple of years and don’t remember it.) So in my version, if you were using Remote View and opened the file, you would see any changes made to the file after it was uploaded.
Obviously, getting the file first would also let you look at the actual version on the server as well.
One other thing to think about is HTML that is created dynamically, using something like PHP or ASP code, particularly if it pulls stored HTML out of a database. It’s conceivable that someone managed to slip some HTML code into your database through a form, and it only shows up at execution time. Looking at the code in Dreamweaver obviously would not show that code saved in a file that was retrieved at execution time.
In this case, pointing your browser at the actual website, displaying the page and doing a view source would show all the code actually sent to the client, whether it was static code or dynamically created. Then you could check your code and see which database file it’s coming from and eliminate it.