Designing PHP Applications CHAPTER 1 Features of Practical PHP Applications CHAPTER 2 Understanding and Avoiding Security Risks CHAPTER 3 PHP Best Practices Part I 02 549669 PP01.qxd 4/4/03 9:23 AM Page 1 02 549669 PP01.qxd 4/4/03 9:23 AM Page 2 Chapter 1 Features of Practical PHP Applications IN THIS CHAPTER ◆ Exploring the features of a practical PHP application ◆ Putting the features to work in applications PHP BEGAN AS A PERSONAL home page scripting tool. Today PHP is widely used in both personal and corporate worlds as an efficient Web application platform. In most cases, PHP is introduced in a corporation because of its speed, absence of license fees, and fast development cycle. The last reason (fast development cycle) is often misleading. There is no question that PHP development is often faster than other Web-development platforms like Java. However, the reasons for PHP development’s faster cycle are often questioned by serious non-PHP developers. They claim that PHP development lacks design and often serves as a glue logic scripting platform — thrown together in a hurry. Frankly, I’ve seen many such scripts on many commercial engagements. In this book, I introduce you to a PHP application design that is both well planned and practical, therefore, highly maintainable. Features of a Practical PHP Application When developing a practical PHP application you should strongly consider the fol- lowing features: ◆ An object-oriented code base: Granted, most freely available PHP appli- cations are not object oriented, but hopefully they will change soon. The benefits of object-oriented design outweigh the drawbacks. The primary benefits are a reusable, maintainable code base. You’ll find that there are similar objects in every application you develop, and reusing previously developed, tested, and deployed code gives you faster development time as you develop more and more applications. 3 03 549669 ch01.qxd 4/4/03 9:24 AM Page 3 I developed all the applications in this book using a single object frame- work (discussed in Chapter 4). Being able to develop more than 50 appli- cations using the same framework means that I can easily fix any bugs, because the framework object code base is shared among almost all the applications. ◆ External HTML interfaces using templates: Having user interface ele- ments within an application makes it difficult to adapt to the changing Web landscape. Just as end users like to change their sites’ look and feel, they also like to make sure the application-generated screens match their sites’ overall design. Using external HTML templates to generate applica- tion screens ensures that an end user can easily change the look and feel of the application as frequently as he or she wants. ◆ External configuration: When designing a practical application, the developer must ensure that end-user configuration is not within the code. Keeping it in an external-configuration-only file makes it very easy for end users to customize the application for their sites. The external config- uration file should have site configuration data such as database access information (host name, username, password, port, etc.), path information, template names, etc. ◆ Customizable messages: The messages and error messages shown by the application should be customizable, because a PHP application could find its way into many different locales. A basic internationalization scheme would be to keep all the status and error messages in external files so that they can be customized per the local language. ◆ Relational data storage: Storing data on flat files or comma-separated value (CSV) files is old and a lot less manageable than storing data in a fast relational database such as MySQL. If the Web application collects lots of data points from the Web visitors or customers, using a relational database for storing data is best. Using a database can often increase your data security, because proper database configuration and access control make it difficult for unauthorized users to access the stored data. ◆ Built-in access control: If a Web application has sensitive operations that are to be performed by only a select group of people and not the entire world of Web visitors, then there has to be a way for the application to control access to ensure security. ◆ Portable directory structure: Because most PHP applications are deployed via the Web, it’s important to make the applications easy to install by making the required directory structure as portable as possible. In most cases, the PHP application will run from a directory of its own inside the Web document root directory. 4 Part I: Designing PHP Applications 03 549669 ch01.qxd 4/4/03 9:24 AM Page 4 Employing the Features in Applications Now let’s look at how you can implement those features in PHP applications. Creating object-oriented design The very first step in designing a practical application is to understand the problem you want the application to solve and break down that problem into an object- oriented design. For example, say you’re to develop a Web-based library check-in/checkout sys- tem. In this situation, you have to identify the objects in your problem space. We all know that a library system allows its members to check in and check out books. So the objects that are immediately visible are members (that is, users) and books. Books are organized in categories, which have certain attributes such as name, description, content-maturity ratings (adults, children), and so on. A closer look reveals that a category can be thought of as an object as well. By observing the actual tasks that your application is to perform, you can identify objects in the sys- tem. A good object-oriented design requires a great deal of thinking ahead of cod- ing, which is always the preferred way of developing software. After you have base object architecture of your system, you can determine whether any of your previous work has objects that are needed in your new appli- cation. Perhaps you have an object defined in a class file that can be extended to create a new object in the new problem space. By reusing the existing proven code base, you can reduce your application’s defects probability number significantly. Using external HTML templates Next, you need to consider how user interfaces will be presented and how can you allow for maximum customization that can be done without changing your core code. This is typically done by introducing external HTML templates for interface. For example, instead of using HTML code within your application, you can use HTML templates. HTML templates are used for all application interfaces in this book so that the applications are easy to update in terms of look and feel. To understand the power of external HTML user-interface templates, carefully examine the code in Listing 1-1 and Listing 1-2. Listing 1-1: A PHP Script with Embedded User Interface <?php // Turn on all error reporting error_reporting(E_ALL); Continued Chapter 1: Features of Practical PHP Applications 5 03 549669 ch01.qxd 4/4/03 9:24 AM Page 5 . Designing PHP Applications CHAPTER 1 Features of Practical PHP Applications CHAPTER 2 Understanding and Avoiding Security Risks CHAPTER 3 PHP Best Practices Part I 02 549669. 2 Chapter 1 Features of Practical PHP Applications IN THIS CHAPTER ◆ Exploring the features of a practical PHP application ◆ Putting the features to work in applications PHP BEGAN AS A PERSONAL home. question that PHP development is often faster than other Web-development platforms like Java. However, the reasons for PHP development’s faster cycle are often questioned by serious non -PHP developers.