Jump to content

Coding Standards


pritam79
 Share

Recommended Posts

Hi everyone,I would like to know if programming for the web using PHP needs some language standards to be maintained. Do I need to use high end PHP scripting or simple scripting to perform the same task. What should a inexperienced programmer opt for to develop for the web?

<?phpinclude "header2.php";?><div id="content"><?php//include function files for this application  require("PDMS_fns.php");  // start session which may be needed later  // start it now because it must go before headers  session_start();  check_valid_user();  global $valid_user;  if(!filled_out($_POST))   {	 echo "<br><br><center>You have not filled out the form completely-<a href='add_contact_form.php'>retry</a></center>.";	 exit;   }  // do the validation for email  if (!valid_email($_POST['c_email']))  {	echo "<br><br><center>Not a valid email address</center>";	exit;  }	  $conn = db_connect();	 if(!$conn)	 {		 echo "<br><center>Could not connect to database server- retry</center>";		 exit;	 }	 $result = mysql_query("SELECT * FROM contacts WHERE username='$valid_user'");	   if(!$result)		{		 echo "<br><center>Could not execute query</center>";		 exit;		}	// if ok put in db	 	 $result = mysql_query("INSERT into contacts(C_ID, username, first_name, last_name, c_title, company, c_email, home_phone, work_phone, cell_phone, website, street, city, state, country, zip) values('', '$valid_user','$_POST[first_name]', '$_POST[last_name]', '$_POST[c_title]', '$_POST[company]', '$_POST[c_email]', '$_POST[home_phone]', '$_POST[work_phone]', '$_POST[cell_phone]', '$_POST[website]', '$_POST[street]', '$_POST[city]', '$_POST[state]', '$_POST[country]', '$_POST[zip]')");	 	   if(!$result)		{		 echo "<br><br><center>Could not add-try again</center>";		 exit;		}	   if($result)		{		?>		<html>		<body>		 <table align="center" style="height: 366px">	<tr>		<td style="width: 491px; text-align: center; " rowspan="7"> </td>		<td style="width: 732px; text-align: left; height: 54px;"><b>First name</b> :		<?php echo "$_POST[first_name]";?>		</td>		<td style="width: 734px; text-align: left; height: 54px;"><b>Cell phone</b> : 		<?php echo "$_POST[cell_phone]"; ?></td>	</tr>	<tr>		<td style="width: 732px; text-align: left; height: 54px;"><b>Last name</b> : 		<?php echo "$_POST[last_name]"; ?></td>		<td style="width: 734px; text-align: left; height: 54px;"><b>Website</b> : 		<?php echo "$_POST[website]"; ?></td>	</tr>	<tr>		<td style="width: 732px; text-align: left; height: 54px;"><b>Title</b> : 		<?php echo "$_POST[c_title]"; ?></td>		<td style="width: 734px; text-align: left; height: 54px;"><b>Street</b> : 		<?php echo "$_POST[street]"; ?></td>	</tr>	<tr>		<td style="width: 732px; text-align: left; height: 54px;"><b>Company</b> : 		<?php echo "$_POST[company]"; ?></td>		<td style="width: 734px; text-align: left; height: 54px;"><b>City</b> : 		<?php echo "$_POST[city]"; ?></td>	</tr>	<tr>		<td style="width: 732px; text-align: left; height: 54px;"><b>E-mail</b> : 		<?php echo "$_POST[c_email]"; ?></td>		<td style="width: 734px; text-align: left; height: 54px;"><b>State</b> : 		<?php echo "$_POST[state]"; ?></td>	</tr>	<tr>		<td style="width: 732px; text-align: left; height: 55px;"><b>Home phone</b> : 		<?php echo "$_POST[home_phone]"; ?></td>		<td style="width: 734px; text-align: left; height: 55px;"><b>Country</b> : 		<?php echo "$_POST[country]"; ?></td>	</tr>	<tr>		<td style="width: 732px; text-align: left; height: 55px;"><b>Work phone</b> : 		<?php echo "$_POST[work_phone]"; ?></td>		<td style="width: 734px; text-align: left; height: 55px;"><b>Zip</b> : 		<?php echo "$_POST[zip]"; ?></td></tr>		</table>		</body>		</html>		<?php		}  	   else		{		  // otherwise, provide link back,  tell them to try again		echo "<p><br><br><center>Addition failed- <a href='add_contact_form.php'>Retry</a></center></p>";   exit();  }?></div>

Most of the sites coded in php use high end coding, i would like to know if the sites developed using simple scripting like the above code would work on the web or there is lot to be done with this simple coding. Are there any loopholes with the code.Please suggest something and the steps to be taken to use high end php coding. What is the proper learning resource one should use in order to learn and use php for the web? What are the tutorials? thanks

Edited by pritam79
Link to comment
Share on other sites

That code seems fine, what you're talking about are design patterns. When I started with PHP my code looked pretty similar to that, it was a bunch of HTML mixed around with PHP. That works, but as you get experience doing that stuff you'll learn that it takes more effort to maintain the site if you want to change things because the HTML is so integrated with the PHP. Eventually you'll probably want to move to a template-based design pattern or something else that abstracts the presentation from the programming logic. Now I have a whole set of classes and things I've written over the years that I use to get started on a new project, so I learned what works and what doesn't and what I need to do in order to create a site that's as flexible as possible to expand on later.Don't feel like you need to understand everything before you get started, the most important thing is to get started in the first place. You'll learn things like this just by getting experience using the language. Once I get a little farther on my latest project I'll probably end up posting all of the code I use to start a project if people want to see how I do it.

Link to comment
Share on other sites

The best way to get an idea of "professional" code is to look at some of the big open source projects, like phpBB or Wordpress. They have some nice login scripts.By the way, technically a "web standard" is a set of guidelines put forward in a document published by the W3C. Good coding practices are not "standards", as such, they are just conventions that are useful to follow.

Link to comment
Share on other sites

That code seems fine, what you're talking about are design patterns. When I started with PHP my code looked pretty similar to that, it was a bunch of HTML mixed around with PHP. That works, but as you get experience doing that stuff you'll learn that it takes more effort to maintain the site if you want to change things because the HTML is so integrated with the PHP. Eventually you'll probably want to move to a template-based design pattern or something else that abstracts the presentation from the programming logic. Now I have a whole set of classes and things I've written over the years that I use to get started on a new project, so I learned what works and what doesn't and what I need to do in order to create a site that's as flexible as possible to expand on later.
So if a novice programmer writes some similar code like the one above for a site and uploads it on the web will there be any problems with the site like security, maintenance, bugs etc.? Or will the site run properly just like any other on the web?
Link to comment
Share on other sites

That code does have a few security issues, I can't tell if it has more. There might be an issue in check_valid_user, and it might be an issue how $valid_user is getting set, where it's coming from. For the SQL statements, you need to use mysql_real_escape_string if you're adding any user-supplied data to the query. Since you have data there coming from $_POST, you need to escape it. If you don't then people can use SQL attacks against your code.

result = mysql_query("INSERT into contacts(C_ID, username, first_name, last_name, c_title, company, c_email, home_phone, work_phone, cell_phone, website, street, city, state, country, zip) values('', '$valid_user','" . mysql_real_escape_string($_POST['first_name']) . "', ...

$valid_user might need to be escaped also, but like I said I can't tell how it's getting set or where it's coming from.

Link to comment
Share on other sites

  • 2 weeks later...
That code does have a few security issues
OK, my code above definitely has some loopholes when compared with the kind of coding standards followed in real life web programming. But if a newbie wants to build a PHP site with the coding standard above, and uploads it on the web, will that be OK or before running it successfully on the web one has to reach the standard of coding used in open source projects, like phpBB, Wordpress etc? Thanks
Link to comment
Share on other sites

There are no actual "standards". There are just different ways to do things. Some are more efficient than others.You can upload whatever you like, it will work for any visitors on your site.

Link to comment
Share on other sites

Programming doesn't have standards, just design patterns and paradigms. Typically you would stick to one paradigm, but PHP allows you to write both object-oriented and procedural code. Even some PHP function have an object-oriented way and a procedural way.http://en.wikipedia.org/wiki/Design_patter...mputer_science)http://en.wikipedia.org/wiki/Programming_paradigm

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...