Re: Newbie questions for the PHP5 experts in this ng
- From: Josse Barrera <say.somethingnice@xxxxxxxxx>
- Date: Fri, 30 Dec 2005 19:15:08 +0000 (UTC)
Balazs Wellisch wrote:
Question 1:
===========
Is there any such thing as a PHP application (or are PHP solutions just a bunch of "loosely coupled" scripts thrown together)?
It sounds to me like what you're asking for is a framework. Frameworks provide a logical grouping of PHP scripts. Remember that PHP is a scripting language. Unlike C++ which gets compiled into a single executable it really is a bunch of "loosely coupled" scripts. A framework will organize these scripts into logical sets of modules that, when written correctly, can ease the development and maintenance of the application.
The best frameworks take advantage of the Model-View-Controller (MVC) design pattern. MVC separates data objects (model), the presentation layer (view), and the business logic (controller). There is a lot of good info on MVC out there. A quick Google search should help you out.
There are several frameworks out there which I have used. The most robust is Struts, but I have not seen a good enough PHP port of it yet.
I've used Fusebox (www.fusebox.org) with quite a bit of success. It is quite powerful when combined with FLiP, the Fusebox Lifecycle Process.
There are numerous other frameworks out there and of course you can roll your own. I would strongly suggest that you find one you feel comfortable with and develop all your applications within it. This will speed up your development immensely as you start effectively reusing code from modules you write. It will also help with debugging, unit testing and readability of your code.
Question 2:
=============
Assuming there IS such a thing as a PHP application, how does one go about putting one together?. In the C++ world, there is the concept of libraries, in Java there are packages, In .Net there are assemblies.
i). How do PHP solutions logically partition functionality?.
Writing extensions in C seems to be one way to go, but apart from that being overkill, I my ISP may not even allow me to load my extension. There must be a simpler way to partition logic surely ?.
Again, follow the principles of MVC!
Question 3:
==============
I have seen a few examples that seem to partition functionality by splitting objects into various files (a bit like the use of header files in C/C++), along with a liberal showering of calls to include() in the code - however, unlike header files, the files "included" contain not just the class definitions etc, but also (more critically), the implementation (i.e. any business logic that may show how your system may be compromised).
Be careful! There is a LOT of garbage PHP code out there. There are a lot of people who go into PHP scripting without having any idea of software engineering or programming principles. Don't end up following the wrong example.
i). Is it possible to have your "header" files (i.e. class implementation source code) stored in a directory location that is hidden in some way - the main goal is to thwart any hacker who may simply look at your include() method calls, casually navigate to the appropriate directories and peruse your source code at his/her leisure.
Yes. You can also encrypt your PHP files if you want. Take a look at Zend.
ii). There are potential issues about using include().
a). I remember reading somewhere that you have a performance hit (I/O bottleneck) every time you call include
Not really true. There is a small I/O hit but most of the pages get cached anyway so this is not that much of a problem in a well configured system. Again, take a look at Zend and their free Optimizer. http://www.zend.com/store/products/zend-optimizer.php
The bigger problem is that using a lot of includes all over the place is like using a bunch of GOTOs. Remember that BASIC nightmare?
b). There are potential security issues - You can't use include() if you use a function called something like basedir() (or something - sorry, I don't remember the function name). But this function allows one to restrict users from accessing files above the parent of a specified directory. Any (informed) feedback on this will be much appreciated.
You can include files from anywhere on the server. You can even include files from an entirely different server through a URL. What matters is that the included file's permissions are set up correctly. They should be readable by the apache process only. And you can always use Zend Encoder or something similar to encrypt the code in these files.
Your bigger problem will be the security of your database. I'm assuming you will be storing login information in a database? In this case you have to make sure your db is configured properly and sensitive information, such as passwords, etc., is encrypted.
You will also have to make sure that your sessions management is configured properly. Do not pass IDs along in the URL and use SSL where possible. Do not use global variables, etc.
I would be very pleased to get informed feedback on this last question (Q3) in particular because the thought of having code that shows a hacker how authentication or licensing (for example) is implemented at the server side does not bear thinking about. I look forward to hearing from the PHP5 gurus in this ng.
Well, although I've been doing web development for over 10 years now, I've only been working with PHP for about 5. So, I consider myself more of a novice than a guru, but I hope this was helpful.
Balazs
Thank you very, very much Balazs, this has been *very* helpful. Your 10yrs experience clearly shows. Mucho gracias !.
.
- References:
- Newbie questions for the PHP5 experts in this ng
- From: Josse Barrera
- Re: Newbie questions for the PHP5 experts in this ng
- From: Balazs Wellisch
- Newbie questions for the PHP5 experts in this ng
- Prev by Date: Re: is there any XSLT php engines, that are pure php, no dlls?
- Next by Date: SQL Function works in 5.0, not 4.4.1
- Previous by thread: Re: Newbie questions for the PHP5 experts in this ng
- Next by thread: Re: How can I get just one row from selected column?
- Index(es):
Relevant Pages
|
