Geek Answers Handbook

Is there a “right” way to use php?

I learn php just by connecting to it.

I was hoping someone could point me in the right direction regarding security, flow and general best practices?

Thanks.

change -

I guess the best way to talk about what I'm trying to ask is .. What is the best practice:
1.) when processing forms with php, get vs post, $ _REQUEST vs $ _GET and $ _POST
2.) when dynamically creating HTML files (example below)
3.) logins and authentication in the same file as the form creator
4.) Sending email using php

From # 2 above

<?php echo "<h1> Welcome </h1>"; if ($_SESSION['type'] == "admin") { //lots of html in the echo statment echo "tables and admin interface here"; } else { //lots of html in the echo statment echo "tables and user dashboard here"; } ?> --VS-- <h1> Welcome </h1> <?php if ($_SESSION['type'] == "admin") { ?> lots of html in the echo statment tables and admin interface here <?php } else { ?> lots of html in the echo statment ables and user dashboard here <?php } ?> --VS-- <?php if($_SESSION['username']): ?> <p>You are logged in as <?=$_SESSION['username']?></p> <p><a href="?logout=1">Logout</a></p> <?php endif; ?>

ps: Thanks to everyone who has already answered. Can I also find out where the framework fits? I took a class in OOP and we are not familiar with any frameworks.

I read a lot about the concepts of Symfony and zend, but am still confused.

thanks again.

+6
html php zend-framework symfony1
source share
8 answers

The PHP community has never been strong, offering any design recommendations or promoting best practices. In the precancer days, the typical PHP code written by most developers was very amateurish and disorganized - see the Wordpress source code. But PHP is a good language for web applications. It was made for the Internet, and you can write good professional code if you want. This is fashionable bash, but ignore it.

In any case, like the others, you said that it is best to use a framework. As a newbie, it will be important for you to choose a structure that is well-documented and has a strong community that will help you overcome the hump. Here is my summary of the basic php basics:

  • Kohana => good but poorly documented with a weak community. skip it.
  • Zend => the most popular framework for php w / good docs, but another poor performer as it exaggerates objects and templates, trying to be overly entrepreneurial.
  • Cake and Symfony => are 1st generation frameworks and also have a reputation for poor performance. I would have missed both. The new version of Symfony is working, but not ready.
  • Lithium => The latest new structure led by one of the Cake developers. using php 5.3 and claims it is fast. BUT, but not in v.1, and also have bad documents at this point => http://li3.me .

Codeigniter => popular, fast, good docs and communities. very easy to learn. v2.0 has not been officially released, but is ready for use in production and is only php5. You can use the same documentation that is on the CI website for v1.7. The versions are very similar, except, finally, support for 2.0pp php 4. here download for 2.0: http://bitbucket.org/ellislab/codeigniter/

YII => Really gaining momentum, despite the fact that this is a stupid name. This is a fast performer with a lot of documentation and many features. A new book is also coming out. The community is so-so, but growing. This imo structure takes a lot from the rails. It has web code and uses active recording. http://yiiframework.com/

you can create applications much faster with YII due to code and active writing, but it will be a little more complicated than CI. You may find that this gets in your way a little more as you try to do everything like YII. CI is more flexible - it gives you the foundation you need or don't get in your way. So now I would recommend codeigniter.

Good luck

+7
source share

Good programming is not language related. I suggest you start exploring software development concepts such as object-oriented programming, design patterns, problem sharing, reuse, encapsulation, testing, and refactoring. Start with any of them and continue to "plug" in the list, and you get better.

Specific PHP - Find out an accepted coding standard like PEAR or Zend 's. After you have learned some of the concepts, take a good link, such as one of the main frameworks mentioned in other answers: Zend Framework, CakePHP, Symfony among others.

+10
source share

Use a freely accessible structure, for example:

  • Zend framework
  • Cakephp
  • CodeIgniter (see comments)
  • Kohana (From @Alex answer )

and follow the standards indicated in this structure.

+6
source share

Take a look at reliable open source software known for good code.

See the source of Kohana or any other of Billy ONeal 's answer .

I would not recommend using the CI source as a guide - since I think it still supports PHP4, so some of the code will be useless to study - if you do not plan to write PHP4 code, which is a bad idea if you are just now .

Do not look at WordPress, you will get some terrible habits.

Also, although I am thinking about it, find out about OO and the difference with procedural code.

+5
source share

Why is everyone attacking php? Many great sites run away. At least until they get big enough to merit a major overhaul.

99% of the Internet just throws out sites that don’t get much traffic compared to sites like facebook or amazon, so why should they learn the language more complex, stable or strict if php gets the job done in a cost-effective way that is no less stable or is it safe for what is needed?

Most of the sites I create run away from Kohana - branches from codeigniter. Both are helpful. Who cares if CI uses php4. What if you were hired by a web firm with archaic sites? Guess what - you need to know php4. This complaint is similar to the fact that you no longer need to know what you were offering html ... until you have to develop and code a newsletter template for any large company. So what? Crash course with Google search queries?

I say the correct approach to using PHP is to follow the examples. Yes, Wordpress has some terrible habits, but it works and is only one of the most successful platforms. What does this tell you?

I would say that you could learn a lot from a structure like Kohana - and even CI - since both have decent security methods that aren't hard to follow. Things like database crash and xss filtering. This will bring you into OO programming if you are not familiar, and both have a decent user base so that you are not stuck with no answers.

Do not let these guys scare you. PHP is a good move for beginners. In the end, something like Java or the C lens will be more useful for desktops and applications, but find out when you get there.

+4
source share

In PHP you can code well. Probably the best resource I've seen as far as possible on StackOverflow: look at issues tagged as PHP.

In a specific order, some specific things that will help you along the way from my programming years in PHP:

  • Enable notifications, and then make sure that you are not writing code that runs them. The default installation of PHP does not include notifications, which is great for a production environment, but bad for a development environment. Unfortunately, their default php.ini does not seem to know why it is an example.

  • Similarly, make sure you turn off magic_quotes and register_globals . Both are designed for simpler and naive programming times and today pose more problems than they solve.

  • Initialization of variables before using them. It also means array elements. If your code is not sure if a variable or element exists, use isset() and array_key_exists() .

  • Choose or develop a reasonable coding style and stick to it. You do not need to be thrifty with spaces or line breaks.

  • Check the variables you are looking to be there. It's complicated. A great example of this is HTTP POST processing, which can contain many variable elements. Find out what should be in $_POST and look for it. Do not assume that what is represented will always be what should be represented.

  • On the same lines, check that the values ​​are correct, not the wrong values. If you need a variable to have a real value, look at what the real value is before continuing, and not what might be an invalid value for the throw. For example, if you need a variable that is an integer, and then check it for an integer, do not check for a null string, because a null string is not the only invalid value!

  • Separate database access, logic, and presentation (this is often referred to as Model-View-Controller programming). Another way to do this is that you should not mix code that processes the last POST request with the HTML markup emitted by SQL queries. Most frameworks will provide this.

  • If you do not use the framework that the Object layer provides, you will roll your own SQL. Either use prepared statements, or use your own quote function for strings, not addslashes() .

  • In PHP 4, it was very easy to use a lot of memory because the structures were copied, not specified. PHP 5 pretty much solves this particular problem, but it can happen with strings. It also does not affect the tendency of some APIs to create large structures.

+4
source share

To provide something other than “use the framework” or “look at the structure”, here are the fast PHP rules specific to PHP that I found that are of great importance.

  • Use a PDO and draw it into a class (or use an existing class). Do not use mysql_query or such functions.
  • Logic before exiting. Don't do things like <?php if($x) { ?> HTML here <?php } ?> (Using the HEREDOC syntax helps a lot with this).
  • Using the __autoload magic method to restrict includes

It would be a night and day transformation of the many ugly PHP code I see. Then there are obvious agnostic rules of the language, such as consistent naming conventions, self-documenting code, etc.

+3
source share

First, you should read the php manual, then look at the open source software

0
source share

More articles:


All Articles