PhpTag | Jacob Emerick's Blog

Why You Should Build Your Own Darn Framework (Usually)

I've always been a big fan of writing my own website frameworks. It's how I learned to code, writing and re-writing a specialized PHP framework in an iterative, agile-like development process. There have been times when I've worked within standard systems (Zend, Code Ignitor, Wordpress, etc) but I try to avoid them on personal projects. PHP has a lot of flexibility in terms of allowing a developer set their own standards and I have a very unique style and approach to custom projects that I bring to my code. Also, I have some issues with using a pre-built framework.

Too Much Functionality

Some frameworks are very abstracted out with functionality for multiple data source drivers and DOM helpers (cough cough Zend). While it is impressive how much thought went into these large, comprehensive frameworks, there is often far too much logic there for a standard web project. As an example, one of the previous systems I worked with (heavy-traffic, front-facing site) was based off of the Zend Framework. Each page load included over 300 scripts ...

• Tags:
• best practice
• php
• security

Abstract Form Handling

I've already gone over some basic form handling and form best practices with my last few posts, but building with an object-orientated MVC starts to throw forms into a different light. It's very easy to abstract out forms with their repetitive logic patterns, something that I've recently done on one of my side projects. While I don't want to explain the code line-by-line, this post will go over some of the basic thought processes and steps I took to make my abstracted form handler.

Form Wrapper

The first logic I worked out was the definition of a form. To create each new form, I create a new class that is abstracting off a base pattern. Each form class defines form elements within a standard 'get' method. This way I can call on individual form elements easily or call the entire class to pull the whole form. Example...

• Tags:
• abstraction
• form
• oop
• php

Best Practices with Forms

The last post about PHP form handling (forms with php) focused on the basics - the HTML syntax and simple PHP necessary for an operating form. There were several pieces that I glossed over in the explanation for the setup of that form that I want to go over in more detail now. You can create a form using many different techniques... but some practices are better than others.

Use Standard Elements

By using Javascript or tweaking HTML elements you can create a working form without the standard form elements (input, textarea, checkbox, etc). Normal HTML form elements often have annoying default styles added to them by different browsers that may conflict with your design. While it may seem like a good idea to hack their behavior, there are two reasons why you shouldn't.

First, if you don't provide graceful degradation, there's a good chance that your tweaks may make your form unusable by more basic browsers and systems (like screen readers!). Second, users are used to certain ...

• Tags:
• best practice
• form
• php

Basic Forms with PHP

HTML forms are a great way to collect information directly from your users. There are plenty of input options available, even for the most basic, non-javascript enhanced forms. This post will go over the steps for creating, validating, and handling an elementary contact form with PHP and HTML.

We'll have to make a few basic assumptions before beginning. First, we'll assume that the page the form is displayed on can be executed with PHP. This could mean that either the page has a 'php' extension or the web server is configured to run this file as PHP, regardless of the file extension. Second, we'll assume that there is no conversion tracking (that is, analytics tracking the number of page visits vs the number of form submissions). This will make our submit logic a bit simpler. Finally, we will not be doing any javascript or ajax trickery. All the fields and submit request are handled as browser defaults.

Our initial step involves setting up a basic html form. We'll be submitting via the 'post' method, which passes the form parameters ...

• Tags:
• form
• introduction
• php

Connecting to a MySQL Database with PHP

Working directly with the database is something I rarely do any more with the applications I work with. Instead of creating a raw connection and pulling data directly, I usually utilize some sort of customized data layer. (If you don't know what a data layer is, imagine creating a PHP application with no queries. You still have data being pulled, usually from MySQL table, but the data storage and structure is kept independent of your application. When done correctly, this can help immensely with code cleanliness and development.) However, setting up a connection and pulling information is still an important skill set, so here is a post about the basics. If you're looking for information that is more basic than a PHP-MySQL connection, you can read my series on the basics of the SQL language.

There are several ways to connect to a table, but I'd highly recommend using the MySQL Improved Extension, or mysqli, as a simple but powerful way to connect to your MySQL ...

• Tags:
• introduction
• php
• sql

The Problem with Assuming

In the days of old (PHP 4) web programmers sometimes resorted to small shortcuts in their code. One of these was register_globals, which extracts the global arrays ($_REQUEST, $_POST, etc) into individual variables, allowing a programmer to write $name instead of $_POST['name']. This is an obvious security flaw - users can easily pass in custom parameters to overwrite variables in the code and cause unforeseen problems. In the below example, if register_globals was turned on in the PHP configuration, a tricky user can pass in a 'access' parameter and do some horrible things.

if($level == 'admin')
{
  $user = 'admin';
  $access = 'everything';
  $restrictions = 'none';
}

if($access == 'everything')
{
  // do some horrible things here
}

This is a good example of a bad programming practice - assuming that things will work the way you expect them to. That is, you assume that a level of 'admin' is the only way the 'access' variable could be set to 'everything'. The security-orientated approach would be to ...

• Tags:
• abstraction
• php
• security

Beginner Web Developer Mistakes

With my introduction into web development coming from a static html/css direction, I've had to overcome several bad coding habits over the years. Most of these started with poor assumptions about the way websites worked. It took a crash course in php programming and a few hard bumps before realizing how wrong my first websites really were. Here are a few of those assumptions and how I built on them to increase my programming skills.

Each URL relates to a unique file on a web server

If you're only used to working with static html files than this assumption is largely true. Every different URL that a user visits on a web page is in reference to a different file on the server. Without any type of scripting, the file is merely a chunck of html and can only be changed by a webmaster physically manipulating the document. My first dynamic website used php include commands to pull a fixed header and footer for all of my pages, allowing me to make global site changes from a single file. When I finally started to learn more about php variables ...

• Tags:
• mvc
• oop
• php

Revisiting the Database Class

Several months ago I wrote a blog post describing how to create a database class that would wrap the native php mysqli connection. You can read that post here. Since that post was written I've learned a lot about proper php classes and realized that I made several mistakes in that blog post that I'd like to revisit.

Singleton

The database class that I wrote constructs a new read/write connection whenever it is instantiated. However, there is nothing unique about this connection - it remains the same no matter how many different instances you have of this class. There should be only one instance of this class in this case. If you have several different connections (say, a different user for each of your databases or schemas) then you'd have to look at passing connection information into the class through a factory class, but this case requires a singleton.

A singleton class is fairly simple to make. By making the __construct method private and ...

• Tags:
• oop
• php
• sql

Intro to SQL Part D

For the last post in this short series on SQL I wanted to explain some more in-depth usage. A technique that I wish I would have started using in my early websites is a centralized script to handle all of my database calls. PHP does have some great functions built in to connect, read, and write using SQL statements (check out mysqli), but it's easy to start copying the same eight to ten lines of code every time you want a piece of data from your tables. A better approach is to handle the queries with a centralized class.

Before anything can be read or written to a table with a SQL statement, you need to create a connection. Your website will be signing as a user with specific privileges. A good technique is to make two users, one that can read and one that can read and write. By using the former user as much as possible and taking extra care with the latter one, you will minimize the possibility of hackers uploading malicious information or dropping whole tables.

Once a connection is made you can start having fun with the database ...

• Tags:
• oop
• php
• sql

Basic Tag Cloud

This post assumes basic understanding of PHP, HTML, and CSS.

Creating my blog by hand gave me the opportunity to work with many features that come standard with online blogging software. I developed tag clouds, post filtering, and the search functions based on the visual functionality that other blogs appeared to have. With this post, I'm going to explain how to make a tag cloud using PHP and CSS that can be implemented on any type of article- or post-based environment.

Most blogs that use tags allow multiple tags per post and tags being placed on multiple posts. The tag not only helps explain what the post is about, but also gives basic navigation based on tag for users interested in a specific blog category. A tag cloud provides the navigation with an additional feature: tags that are used more often in the blog are increased in font size, giving them more weight compared to less-used tags.

The first thing that you'll need is a PHP array of all your blog tags. The creation of this array is wholly dependent on your blog setup ...

• Tags:
• blog
• css
• php