2006 Agathon Group

http://www.agathongroup.com/talks/gospelcon06/advancedphp/
Advanced PHP
Peter Green and Joel Boonstra
Agathon Group
Originally presented at Gospelcon 2006
Introduction
Security, reusability, efciency
Security, reusability, efciency
Any problem worth solving is worth
solving the right way
Security, reusability, efciency
Any problem worth solving is worth
solving the right way
Solving a problem the right way is hard
Security, reusability, efciency
Any problem worth solving is worth
solving the right way
Solving a problem the right way is hard
Solving the same hard problem more
than once is silly
Techniques
Techniques
Directory organization
Techniques
Directory organization
Using pre-written libraries
Techniques
Directory organization
Using pre-written libraries
Writing your own libraries
Tools
Tools
PEAR: a code repository for PHP
Tools
PEAR: a code repository for PHP
Smarty: a template language for PHP
Tools
PEAR: a code repository for PHP
Smarty: a template language for PHP
php.ini: your friend in site organization
Tools
PEAR: a code repository for PHP
Smarty: a template language for PHP
php.ini: your friend in site organization
various PHP functions for securing data
Step 0: Organizing your directory
Concepts covered
Concepts covered
Slow down, you move too fast!
Concepts covered
Slow down, you move too fast!
Separation of logic from presentation
Concepts covered
Slow down, you move too fast!
Separation of logic from presentation
Prevent access to sensitive les
Concepts covered
Slow down, you move too fast!
Separation of logic from presentation
Prevent access to sensitive les
Self-contained, portable development
PHP settings, functions, libraries
PHP settings, functions, libraries
php.ini: include_path: normalize includes
PHP settings, functions, libraries
php.ini: include_path: normalize includes
php.ini: auto_prepend_file: apply a common
settings le to all PHP les
PHP settings, functions, libraries
php.ini: include_path: normalize includes
php.ini: auto_prepend_file: apply a common
settings le to all PHP les
function: ini_set(): access php.ini values
PHP settings, functions, libraries
php.ini: include_path: normalize includes
php.ini: auto_prepend_file: apply a common
settings le to all PHP les
function: ini_set(): access php.ini values
library: Smarty: templating
php.ini
private/lib/auto_prepend.php
index.php
private/templates/pages/index.tpl.html
Lets take a look
[ page source ]
Step 1: Creating email forms
Concepts covered
Concepts covered
Centralized form processing script
Concepts covered
Centralized form processing script
Modular form processing, based on
function
Tools used
Tools used
Smarty!
Tools used
Smarty!
Smartys html_options and related functions
for quickly creating forms
PHP used
PHP used
mail(): basic function to send email
PHP used
mail(): basic function to send email
include_once(), require_once(): load in a
common set of functions
PHP used
mail(): basic function to send email
include_once(), require_once(): load in a
common set of functions
Superglobals ($_GET, $_POST, $_REQUEST)
contact.php
private/templates/pages/contact.tpl.html
bin/form_processor.php
private/lib/form_functions.inc.php
Lets take a look
Step 2: Adding database interaction
Concepts covered
Concepts covered
Extending the centralized form processing
script to handle a new function
Concepts covered
Extending the centralized form processing
script to handle a new function
Checking database error statuses
Concepts covered
Extending the centralized form processing
script to handle a new function
Checking database error statuses
Centralized, separate cong le for DB
settings
Tools used
Tools used
PEAR::MDB2 for unied, abstracted
database access
Tools used
PEAR::MDB2 for unied, abstracted
database access
Superior to mysql_* and mysqli_* calls!
private/templates/pages/event/add.tpl.html
bin/form_processor.php
bin/form_processor.php
private/lib/form_functions.inc.php
private/lib/db.inc.php
Lets take a look
private/templates/pages/event/add.tpl.html
Step 3: Sanitizing input
Concepts covered
Concepts covered
Implementing data sanitation
Tools used
Tools used
library: PHP::Compat: using future
functions now (e.g., array_walk_recursive())
Tools used
library: PHP::Compat: using future
functions now (e.g., array_walk_recursive())
library: PEAR::Mail: send email without
worrying about spammers
PHP used
PHP used
get_magic_quotes_gpc()
PHP used
get_magic_quotes_gpc()
create_function()
PHP used
get_magic_quotes_gpc()
create_function()
stripslashes()
PHP used
get_magic_quotes_gpc()
create_function()
stripslashes()
strip_tags()
private/lib/auto_prepend.php
(excerpt)
private/lib/common_functions.inc.php
(old & busted)
private/lib/common_functions.inc.php
(new hotness)
private/lib/form_functions.inc.php
old & busted:
private/lib/form_functions.inc.php
old & busted:
new hotness:
private/lib/form_functions.inc.php
(old & busted)
private/lib/form_functions.inc.php
(new hotness)
Next steps
Concepts (not) covered
Concepts (not) covered
MVC, REST, and other useful acronyms
Concepts (not) covered
MVC, REST, and other useful acronyms
Dynamically loading based on
REQUEST_URI and/or PATH_INFO
Concepts (not) covered
MVC, REST, and other useful acronyms
Dynamically loading based on
REQUEST_URI and/or PATH_INFO
Live and development sites: one codebase
2006 Agathon Group
http://www.agathongroup.com/talks/gospelcon06/advancedphp/
Advanced PHP
Peter Green and Joel Boonstra
Agathon Group
Originally presented at Gospelcon 2006