Advanced Php Final

8/12/2019 Advanced Php Final

1/97

2006 Agathon Grouphttp://www.agathongroup.com/talks/gospelcon06/advancedphp/

Advanced PHP

Peter Green and Joel Boonstra

Agathon Group

Originally presented at Gospelcon 2006


2/97

Introduction


3/97

Security, reusability, efficiency


4/97


Any problem worth solving is worthsolving the right way


5/97



Solving a problem the right way is hard


6/97



Solving a problem the right way is hard

Solving the same hard problem morethan once is silly


7/97

Techniques


8/97

Techniques

Directory organization


9/97

Techniques


Using pre-written libraries


10/97

Techniques


Using pre-written libraries

Writing your own libraries


11/97

Tools


12/97

Tools

PEAR: a code repository for PHP


13/97

Tools

PEAR: a code repository for PHPSmarty: a template language for PHP


14/97


15/97

Tools

PEAR: a code repository for PHPSmarty: a template language for PHP

php.ini: your friend in site organization

various PHP functions for securing data


16/97

Step 0: Organizing your directory


17/97


18/97

Concepts covered


19/97

Concepts covered

Slow down, you move too fast!


20/97

Concepts covered

Slow down, you move too fast!Separation of logic from presentation


21/97


22/97

Concepts covered

Slow down, you move too fast!Separation of logic from presentation

Prevent access to sensitive files

Self-contained, portable development


23/97

PHP settings, functions, libraries


24/97


php.ini: include_path: normalize includes


25/97



php.ini: auto_prepend_file: apply a commonsettings file to all PHP files


26/97




function: ini_set(): access php.ini values


27/97




function: ini_set(): access php.ini values

library: Smarty: templating


28/97


29/97


30/97


31/97

php.ini


32/97

private/lib/auto_prepend.php


33/97

index.php


34/97


35/97

Lets take a look


36/97

[ page source ]

St 1 C ti il f


37/97

Step 1: Creating email forms


38/97

Concepts covered


39/97

Concepts covered

Centralized form processing script


40/97

Concepts covered

Centralized form processing script

Modular form processing, based onfunction


41/97

Tools used


42/97

Tools used

Smarty!


43/97

Tools used

Smarty!

Smartys html_optionsand related functionsfor quickly creating forms


44/97

PHP used


45/97

PHP used

mail(): basic function to send email


46/97

PHP used

mail(): basic function to send emailinclude_once(), require_once(): load in acommon set of functions


47/97

PHP used

mail(): basic function to send emailinclude_once(), require_once(): load in acommon set of functions

Superglobals ($_GET, $_POST, $_REQUEST)


48/97


49/97

contact php


50/97

contact.php

i t /t l t / / t t t l ht l


51/97

private/templates/pages/contact.tpl.html


52/97


53/97

private/lib/form_functions.inc.php


54/97


55/97

Lets take a look


56/97


57/97

Concepts covered


58/97

Concepts covered

Extending the centralized form processing

script to handle a new function


59/97

Concepts covered



Checking database error statuses


60/97

Concepts covered



Checking database error statuses

Centralized, separate config file for DBsettings


61/97

Tools used


62/97

Tools used

PEAR::MDB2 for unified, abstracteddatabase access


63/97

Tools used

PEAR::MDB2 for unified, abstracteddatabase access

Superior to mysql_* and mysqli_* calls!


64/97


65/97

private/templates/pages/event/add tpl html


66/97

private/templates/pages/event/add.tpl.html

bin/form_processor.php


67/97

p p p

bin/form_processor.php


68/97

p p p



69/97

p p p


70/97

private/lib/db.inc.php


71/97


72/97

Lets take a look

private/templates/pages/event/add tpl html


73/97

private/templates/pages/event/add.tpl.html

Step 3: Sanitizing input


74/97

p g p


75/97

Concepts covered


76/97

Concepts covered

Implementing data sanitation


77/97

Tools used


78/97

Tools used

library: PHP::Compat: using futurefunctions now (e.g., array_walk_recursive())


79/97

Tools used

library: PHP::Compat: using futurefunctions now (e.g., array_walk_recursive())

library: PEAR::Mail: send email without

worrying about spammers


80/97

PHP used


81/97

PHP used

get_magic_quotes_gpc()


82/97

PHP used


create_function()


83/97

PHP used


create_function()

stripslashes()


84/97

private/lib/auto_prepend.php


85/97

(excerpt)

private/lib/common_functions.inc.php


86/97

(old & busted)

private/lib/common_functions.inc.php


87/97

(new hotness)



88/97

old & busted:



89/97

old & busted:

new hotness:



90/97

(old & busted)



91/97

(new hotness)

Next steps


92/97


93/97

Concepts (not) covered


94/97


MVC, REST, and other useful acronyms


95/97



Dynamically loading based onREQUEST_URI and/or PATH_INFO


96/97



Dynamically loading based onREQUEST_URI and/or PATH_INFO

Live and development sites: one codebase


97/97

Advanced PHP

Peter Green and Joel Boonstra

Agathon Group

Originally presented at Gospelcon 2006

Advanced Php Final

Documents

Transcript of Advanced Php Final