pritam79 Posted June 11, 2009 Share Posted June 11, 2009 Hi everyone,I would like to know if programming for the web using PHP needs some language standards to be maintained. Do I need to use high end PHP scripting or simple scripting to perform the same task. What should a inexperienced programmer opt for to develop for the web? <?phpinclude "header2.php";?><div id="content"><?php//include function files for this application require("PDMS_fns.php"); // start session which may be needed later // start it now because it must go before headers session_start(); check_valid_user(); global $valid_user; if(!filled_out($_POST)) { echo "<br><br><center>You have not filled out the form completely-<a href='add_contact_form.php'>retry</a></center>."; exit; } // do the validation for email if (!valid_email($_POST['c_email'])) { echo "<br><br><center>Not a valid email address</center>"; exit; } $conn = db_connect(); if(!$conn) { echo "<br><center>Could not connect to database server- retry</center>"; exit; } $result = mysql_query("SELECT * FROM contacts WHERE username='$valid_user'"); if(!$result) { echo "<br><center>Could not execute query</center>"; exit; } // if ok put in db $result = mysql_query("INSERT into contacts(C_ID, username, first_name, last_name, c_title, company, c_email, home_phone, work_phone, cell_phone, website, street, city, state, country, zip) values('', '$valid_user','$_POST[first_name]', '$_POST[last_name]', '$_POST[c_title]', '$_POST[company]', '$_POST[c_email]', '$_POST[home_phone]', '$_POST[work_phone]', '$_POST[cell_phone]', '$_POST[website]', '$_POST[street]', '$_POST[city]', '$_POST[state]', '$_POST[country]', '$_POST[zip]')"); if(!$result) { echo "<br><br><center>Could not add-try again</center>"; exit; } if($result) { ?> <html> <body> <table align="center" style="height: 366px"> <tr> <td style="width: 491px; text-align: center; " rowspan="7"> </td> <td style="width: 732px; text-align: left; height: 54px;"><b>First name</b> : <?php echo "$_POST[first_name]";?> </td> <td style="width: 734px; text-align: left; height: 54px;"><b>Cell phone</b> : <?php echo "$_POST[cell_phone]"; ?></td> </tr> <tr> <td style="width: 732px; text-align: left; height: 54px;"><b>Last name</b> : <?php echo "$_POST[last_name]"; ?></td> <td style="width: 734px; text-align: left; height: 54px;"><b>Website</b> : <?php echo "$_POST[website]"; ?></td> </tr> <tr> <td style="width: 732px; text-align: left; height: 54px;"><b>Title</b> : <?php echo "$_POST[c_title]"; ?></td> <td style="width: 734px; text-align: left; height: 54px;"><b>Street</b> : <?php echo "$_POST[street]"; ?></td> </tr> <tr> <td style="width: 732px; text-align: left; height: 54px;"><b>Company</b> : <?php echo "$_POST[company]"; ?></td> <td style="width: 734px; text-align: left; height: 54px;"><b>City</b> : <?php echo "$_POST[city]"; ?></td> </tr> <tr> <td style="width: 732px; text-align: left; height: 54px;"><b>E-mail</b> : <?php echo "$_POST[c_email]"; ?></td> <td style="width: 734px; text-align: left; height: 54px;"><b>State</b> : <?php echo "$_POST[state]"; ?></td> </tr> <tr> <td style="width: 732px; text-align: left; height: 55px;"><b>Home phone</b> : <?php echo "$_POST[home_phone]"; ?></td> <td style="width: 734px; text-align: left; height: 55px;"><b>Country</b> : <?php echo "$_POST[country]"; ?></td> </tr> <tr> <td style="width: 732px; text-align: left; height: 55px;"><b>Work phone</b> : <?php echo "$_POST[work_phone]"; ?></td> <td style="width: 734px; text-align: left; height: 55px;"><b>Zip</b> : <?php echo "$_POST[zip]"; ?></td></tr> </table> </body> </html> <?php } else { // otherwise, provide link back, tell them to try again echo "<p><br><br><center>Addition failed- <a href='add_contact_form.php'>Retry</a></center></p>"; exit(); }?></div> Most of the sites coded in php use high end coding, i would like to know if the sites developed using simple scripting like the above code would work on the web or there is lot to be done with this simple coding. Are there any loopholes with the code.Please suggest something and the steps to be taken to use high end php coding. What is the proper learning resource one should use in order to learn and use php for the web? What are the tutorials? thanks Link to comment Share on other sites More sharing options...
justsomeguy Posted June 11, 2009 Share Posted June 11, 2009 That code seems fine, what you're talking about are design patterns. When I started with PHP my code looked pretty similar to that, it was a bunch of HTML mixed around with PHP. That works, but as you get experience doing that stuff you'll learn that it takes more effort to maintain the site if you want to change things because the HTML is so integrated with the PHP. Eventually you'll probably want to move to a template-based design pattern or something else that abstracts the presentation from the programming logic. Now I have a whole set of classes and things I've written over the years that I use to get started on a new project, so I learned what works and what doesn't and what I need to do in order to create a site that's as flexible as possible to expand on later.Don't feel like you need to understand everything before you get started, the most important thing is to get started in the first place. You'll learn things like this just by getting experience using the language. Once I get a little farther on my latest project I'll probably end up posting all of the code I use to start a project if people want to see how I do it. Link to comment Share on other sites More sharing options...
pritam79 Posted June 12, 2009 Author Share Posted June 12, 2009 OK, Could you give me an example of a 'user-registration' form or something similar that meets the web standards like scripts that are used by experienced programmers developing seriously for the web. Link to comment Share on other sites More sharing options...
Synook Posted June 12, 2009 Share Posted June 12, 2009 The best way to get an idea of "professional" code is to look at some of the big open source projects, like phpBB or Wordpress. They have some nice login scripts.By the way, technically a "web standard" is a set of guidelines put forward in a document published by the W3C. Good coding practices are not "standards", as such, they are just conventions that are useful to follow. Link to comment Share on other sites More sharing options...
justsomeguy Posted June 12, 2009 Share Posted June 12, 2009 There's a registration example here:http://w3schools.invisionzone.com/index.php?showtopic=12509 Link to comment Share on other sites More sharing options...
pritam79 Posted June 17, 2009 Author Share Posted June 17, 2009 That code seems fine, what you're talking about are design patterns. When I started with PHP my code looked pretty similar to that, it was a bunch of HTML mixed around with PHP. That works, but as you get experience doing that stuff you'll learn that it takes more effort to maintain the site if you want to change things because the HTML is so integrated with the PHP. Eventually you'll probably want to move to a template-based design pattern or something else that abstracts the presentation from the programming logic. Now I have a whole set of classes and things I've written over the years that I use to get started on a new project, so I learned what works and what doesn't and what I need to do in order to create a site that's as flexible as possible to expand on later.So if a novice programmer writes some similar code like the one above for a site and uploads it on the web will there be any problems with the site like security, maintenance, bugs etc.? Or will the site run properly just like any other on the web? Link to comment Share on other sites More sharing options...
justsomeguy Posted June 17, 2009 Share Posted June 17, 2009 That code does have a few security issues, I can't tell if it has more. There might be an issue in check_valid_user, and it might be an issue how $valid_user is getting set, where it's coming from. For the SQL statements, you need to use mysql_real_escape_string if you're adding any user-supplied data to the query. Since you have data there coming from $_POST, you need to escape it. If you don't then people can use SQL attacks against your code. result = mysql_query("INSERT into contacts(C_ID, username, first_name, last_name, c_title, company, c_email, home_phone, work_phone, cell_phone, website, street, city, state, country, zip) values('', '$valid_user','" . mysql_real_escape_string($_POST['first_name']) . "', ... $valid_user might need to be escaped also, but like I said I can't tell how it's getting set or where it's coming from. Link to comment Share on other sites More sharing options...
pritam79 Posted June 26, 2009 Author Share Posted June 26, 2009 That code does have a few security issuesOK, my code above definitely has some loopholes when compared with the kind of coding standards followed in real life web programming. But if a newbie wants to build a PHP site with the coding standard above, and uploads it on the web, will that be OK or before running it successfully on the web one has to reach the standard of coding used in open source projects, like phpBB, Wordpress etc? Thanks Link to comment Share on other sites More sharing options...
Ingolme Posted June 26, 2009 Share Posted June 26, 2009 There are no actual "standards". There are just different ways to do things. Some are more efficient than others.You can upload whatever you like, it will work for any visitors on your site. Link to comment Share on other sites More sharing options...
justsomeguy Posted June 26, 2009 Share Posted June 26, 2009 Programming doesn't have standards, just design patterns and paradigms. Typically you would stick to one paradigm, but PHP allows you to write both object-oriented and procedural code. Even some PHP function have an object-oriented way and a procedural way.http://en.wikipedia.org/wiki/Design_patter...mputer_science)http://en.wikipedia.org/wiki/Programming_paradigm Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.