How best to show PHP source? (was: One page, multiple submit buttons)

I'm just a beginner at PHP, but already I found an almost trivial
script to add to the top of a PHP script to enable showing its
source.
See tinyurl.com/xspamx for an example of this.
Maybe anybody submitting their own PHP code for critique here
should be asked to put this kind of self-showing script (with or
without the Turing test first), to guarantee that the source we are
viewing is exactly the script that's online currently?
From: Jerry Stuckle <jstuck...@xxxxxxxxxxxxx>
It's a nice idea, but there are advantages to having the code in
the newsgroup - for instance, it's here for eternity, and others
can look at it and reference it in the future. Putting it on a web
site makes that impossible.

Agreed. There's a trade-off between the two ways of presenting
code. Anything posted to a newsgroup is a "snapshot" of what the
code looked like at the moment it was copied from the Web site and
pasted into the posting, whereas my self-source-showing trick
*always* gives the current source active on the Web site at the
moment you look at it. Discussing the posted snapshot has the
advantage that you have a stable target for discussion, but the
disadvantage that long after a bug has been fixed in the live
source you may still be beating a dead horse discussing the code
before the bug got fixed. Also, newsgroup snapshots of Web pages
aren't a really good way to document the source because although
almost everyone knows how to use the Web a majority of people
nowadays have never heard of newsgroups and a large minority
haven't even heard of Google Groups (a service that includes both
newsgroups and private Google e-mail forums). Thus posting the
source *only* in a newsgroup, not available directly from the Web
page, greatly reduces the readership of the online "tutorial".
Posting a "snapshot" of the code in a newsgroup has one other
advantage, that it can be formally cited as a "reference", in a
subsequent article (both online and in the print media), just as a
newspaper/magazine article or book can be cited.

Considering all these pros/cons, I think the best approach is to do
the self-documentating trick I proposed *all* the time, but also to
post a snapshot of the source to a newsgroup any time it's
appropriate, such as when asking the newsgroup members for help
with a coding problem, or when somebody in the newsgroup has
formally expressed interest in having the full source posted.
Unfortunately it's not clear (to me) that it's **permitted** to
post full source of software applications in a *discussion*
newsgroup, as opposed to a "binaries" newsgroup. Yeah, these aren't
binaries in the sense of uu-encoded or base64-encoded compiled
executables, they are sources, but I think the rule about not
posting full software-application source, only snippets of code, to
non-"binary" newsgroups, would apply here. See also below for one
more argument in favor of posting "snapshot" (full soruce, or just
the relevant snippet) to a discussion forum (newsgroup or other).

Additionally, there are a lot of sites out there which try to
load trojans and other malware on your site; newsgroups are a
common place to advertise those sites and try to get people to the
site.

Yeah, the bad guys make everyone so suspicious that they're afraid
to look at anything legitimate for fear it might not really be
legitimate. Is there any good newsgroup article describing how to
disable *all* means by which a trojan might be accidently
downloaded from a Web page, including animated GIFs, JavaScript,
Java applets, plug-ins, etc. etc. etc. etc.? (A Web site that
documents how to protect oneself from Web-site-download trojans
would defeat the purpose of course, because a link to a supposed
how-to-protect Web site might actually be a link to a malware Web
site in disguise, and any decently paranoid person would refuse to
follow the link from the newsgroup article from the alleged
how-to-protect Web site.) One nice thing about a PHP page that
self-documents is that none of the malware-enabling features are
needed, just plain old HTML at the client (browser) end, such as
lynx on Unix/Linux, is suffficient to both exercise the PHP script
and view the source (via my trick). If the full-browsers such as
MS-IE and Mozilla Firefox etc. are inherently vulnerable to being
tricked into downloading and immediately executing trojans, maybe a
standard rule should be that *everyone* on the net should get a
Unix/Linux shell account and *always* use lynx (or equivalent) to
view Web pages, and *only* switch to a full browser when there's an
explicit need to do so, and *only* use such full browser on trusted
Web sites that are known not to ever try to download trojans.

It's also harder to comment on code when it's not in the
newsgroup, especially if you want the comments inline.

Well, nothing is stopping anyone from clicking on the link to see
the source, then copying the source into NotePad or equivalent text
editor, block-quoting the parts of the source one wants to comment
on, editing the comments after each block of quoted source, and
copy-and-paste to the newsgroup posting mechanism. Yeah, it's a bit
more work than clicking the "follow-up" ilnk in the old-fashioned
newsreader or the "reply to group" button in Google Groups,
where "> " indentation of each line happens automatically, so all
you need do is delete the parts you *don't* want to comment on
(which some people find a horrible burden, so they always quote the
***entire*** source of the article they're responding to, even if
their comment is just one or two lines in response to two or three
lines of original text).

Alternately, nothing (except rules against posting full source to
non-"binary" newsgroups) is stopping anyone from "carrying" the
full text of the PHP source in a standalone article, then
immediately using newsreader or Google Groups to followup one's own
article to auto-indent and allow adding non-indented comments.

There are even more reasons for putting it in the newsgroup, but
this is a start.

I think this is a healthy start to discussion of pros/cons of the
various methods of documentating source (self-documenting PHP [1]
as I proposed here, separate-documentation script [2] as I did
previously in my Hello-CGI tutorials, and posting full source to
newsgroup as you proposed), and I'd be pleased if you would post
any additional reasons in this thread, or better set up a Web page
documenting *all* your reasons for source-to-newsgroup as well as
*all* my reasons for either of the alternatives and post link to
your Web page in this thread. Hmm, there ought to be a FAQ for this
newsgroup. I wonder if such pros/cons are already described there.
Looking now ... Oops, I forgot to change the GG sequence from
default "Sort by relevance" (most relevant at top) to "Sort by
date" (most recent at top), so the top article that turned up was
in 2004
<http://groups.google.com/group/comp.lang.php/browse_thread/thread/9f89d5329a1c7572/3da695bca7ccdf75?hl=en&q=faq+group:comp.lang.php#3da695bca7ccdf75>
when somebody suggested putting the FAQ in a MySQL database and
using PHP to make the queries, and somebody else suggested going to
www.php-faq.com (which might download a trojan per your earlier
expression of paranoia on behalf of others unwilling to follow such
a link) and four other Web sites with more obscure names (which
even *I* would be afraid to go to if I weren't here on Unix with
lynx which is safe from Web-downloadable trojans). Looking at that
first FAQ site now
1. http://www.php-faq.com/
haven't found anything about
self-source-showing scripts like mine, nor anything more generally
about where best to post or show source, but there's a really good
section on security for PHP applications, with one awful typo:
Also, be careful with scripts you grab from the web. Read through
them, and make sure there [sic] safe before you put them into your
publically available web site.
Another typo in the section on *not* emitting any HTML to browser
before a headers() call:
... The other solution is to using [sic] a
templates class to separate the code from html and only output at the
end of the script -- that way you haven't sent any output and are in
complete control.
2. http://www.dclp-faq.de/
This Web site is totally broken, can't be used from lynx at all.

3. http://php.faqts.com/
Very good site, lots of questions answered, but no mention of my
type of deliberate self-documentating PHP demos:

Linkname: FAQTs - Knowledge Base - View Entry - How do I download PHP
File from other site? I heard that it can be downloaded in it's
source code.
URL:
http://www.faqts.com/knowledge_base/view.phtml/aid/16316/fid/51
PHP is parsed server side meaning before it leaves the web server,
therefore you cannot view the source on a properly set up web server,
unless it is defined as a phps Source file, IE only if the source is
meant to be viewed. This is barring some sort of a security exploit of
course.
(This would be an appropriate place to suggest ways that a PHP demo
file can self-document, such as my proposed trick.)

Linkname: FAQTs - Knowledge Base - View Entry - can a user read the
source code of PHP script you have successfully installed?
URL:
http://www.faqts.com/knowledge_base/view.phtml/aid/37351/fid/51
Related. Perhaps those two questions should be merged?

4. http://in.php.net/FAQ.php
(OK site, no relevant sections.)

5. http://www.alt-php-faq.org/
(OK site, no relevant sections.)

Now to correct my mistake and set GG to show most recent first.
Hmm, no article of the past year that clearly tells where FAQ to be
found, only side-discussion about problem with one of the five
sites I listed above. In conclusion, this newsgroup doesn't have a
periodic posting, not weekly, not even monthly, telling where to
find the current "official" FAQ for the newsgroup, i.e. there *is*
*no* FAQ for this newsgroup, at least it looks that way.

Switching to Google Web (not Groups) search for: PHP FAQ Nothing I
haven't already seen above, except documentation about PHP code to
implement an automated FAQ repository, which is the opposite of
what I'm looking for. (I'm looking for a FAQ about PHP, not PHP
code about implementing FAQs.)

So, you want to put together all the pros/cons of the various ways
to document PHP source code examples, in a Web page answering the
question
"I want to show everybody the source of a PHP script I wrote.
How best to do it, without compromising the source-privacy of my
*other* scripts on the same Web site?"
then submit it to whoever maintains faqts.com ?

By the way, a year or more ago I tried a different trick, on Unix,
creating a directory link whereby the same exact disk file was
presented as foo.php (server-interpreted, result then sent to HTTP
client) and foo.txt (copied verbatim to HTTP client), but I
couldn't get that trick to work. I tried always making a second
copy of the file every time I edited it, but it was too much
trouble remembering to cp foo.php foo.txt every time I did an edit.
I finally ended up with a separate shell script that simply sent
HTTP text/plain header followed by the source of whatever script,
then decided that I might as well show directory protections in the
same script, hence the examples in my Hello-CGI tutorial [2].

[1] <http://tinyurl.com/xspamx> redirects to:
<http://rem.intarweb.org/FirCon/sampleTuringTest.php>

[2] <http://www.rawbw.com/~rem/HelloPlus/hellos.html> (for desktop/laptop)
<http://www.rawbw.com/~rem/WAP/HelloPlus/wHellos.html> (for cellphone)


OT:
Linkname: Free PHP MYSQL Hosting
URL: http://www.chipmunk-scripts.com/phphosts.php
A lot of free PHP/MySQL hosting sites. Is this good info or not?
Hmm, the info looks bogus or out of date. I tried clicking on one
link and now lynx is hung "Looking up www.1111mb.com" because DNS
for that hostname doesn't exist. A minute or so later, lynx DNS
finally timed out, so next I tried to report the dead host, but
that's not possible from lynx:
File that you are currently viewing
Linkname: Free PHP MYSQL Hosting
URL: http://www.chipmunk-scripts.com/deadhost.php?hostname=1111mb
Reason why being reported:
DNS for that hostname fails.____________
________________________________________
________________________________________
________________________________________
________________________________________
Please type in the verification code below:
[hostveri.jpeg]
____________________
submit
Anybody with a regular Web browser want to verify that DNS fails
and type the text in the JPEG image and report it?

I clicked on another link, and lynx hung again "Looking up
www.9999mb.com". It's still hung, but dialup/VT100 modem lost
carrier so I gotta re-dial into shell account and log back in and
reattach my 'screen' and by the time I do all that maybe it will
have timed out.

Yeah, timed out now.
Third time's the charm, this host is up:
<http://www.freehostinn.com/>
except this Web site seems to be bogus:
[ist2_746781_female_student.jpg]
____________________ [blank.gif]-Submit

Strike three on that alleged list of free PHP/MySQL hosting sites.
.

Quantcast