PHP/MySQL INSERT

PHP is a very flexible language. Maybe too flexible. There are a lot of ways to skin a cat. Some ways are a lot better than others, and some have security vulnerabilites.

After a day of monitoring web development forums it's quickly become apparent that beginners get very confused about MySQL.

In this post I will focus on inserting data into a database. There are a few different ways to insert data into a database. Imagine we are capturing some user data. This is how I would do it:


 Now there are a few things going on here:

  • the query is broken up onto multiple lines and indented for readability.
  • sql syntax is in uppercase, again for readability
  • using NOW() instead of timestamps
  • using a custom function called escape which is just a wrapper for mysql_real_escape_string; to save typing
  • Using concatenation for readability.
  • custom error handler - which in my case sends me an email to notify me of problems.

Security

The escape function is VERY important as it will prevent basic sql injection attacks. A lot of beginners forget this.

You should avoid printing error messages to the screen, as this can aid hackers. So try not to use "or die(mysql_error())". Instead use a custom error handler as demonstrated above.




18/05/2009 permalink | Posted in web development | 11 Comments »

Web Development Forums

I've recently joined a bunch of web development forums to see if can help PHP rookies and simultaneously get my name about. I don't tend to post questions in forms that much because I can normally figure stuff out or find the answer on google. So instead I'm looking to answer some questions and play a more active role in the PHP community.

These are the forums I've joined:

Of these so far sitepoint seems to be the most active and interesting.



17/05/2009 permalink | Posted in web development | 248 Comments »

Plesk 9.2.1 Migration Problems

I think it was around Plesk 8.3 where everything in Plesk worked just about perfect. Since then Plesk 9 came out. I rushed to upgrade to Plesk 9 as soon as it was available. It had no discernible benefits and broke a lot of things like:

  • stopping email from working
  • automatically suspending domains when they went over quota
  • new interface where it's almost impossible to find anything
  • missing icons in said crappy interface

I managed to sort most of these out but if this wasn't enough in version 9 they had omitted the Plesk migration manager. Now this is pretty fundamental for transferring sites to different servers. You can supposedly do this with the backup/ restore program but it's a lot more complicated and buggy in my experience.

So anyway 5 months later we have Plesk 9.2.1 which has migration manager.

I migrated close to 100 domains. The migration was absolute hell and took the best part of 12 hours. Here's what I've learned about migration manager in Plesk 9.2.1:
  • Plesk Migration Manager won't anticipate lack of resources like domain limit/ disk space. So make sure you have plenty of both before you start.
  • when initiating a migration "host inaccessible" can also mean login incorrect
  • IP's must be set to shared to be picked up by the migration manager.
  • if an IP is in use, Plesk won't let you change it to shared. altho you can over-ride this in the MySQL table called ip_pool.
  • spam white-lists and black-lists are not migrated.
  • mysql stored procedures are not migrated.
  • after migration many sites were defaulting to the default plesk page. I had to stop/start them to get them to work.
  • when stopping/starting close to 100 domains at once Plesk freezes up and can take literally hours to recover.
  • one site in particular wouldn't migrate. it kept coming up with migration failed. i tried 5 times with different settings. Maybe because it was .tv - there isn't anything else perculiar about that domain. I finally managed to transfer it using the backup / restore facility..
  • Some folders were created with incorrect permissions. This is easy to fix - but I'm not sure why that should happen.

Everything seems to be working ok now. I think I will wait a while and monitor the plesk forums before I upgrade to the next version of Plesk.



13/05/2009 permalink | Posted in general | 4 Comments »

Smarty Templating System

After working on several projects with web designers it soon became apparent that after I'd added my programming it became very difficult for the designer to maintain. What I needed was a way to separate the programming from the design. It was around then that I came across Smarty - PHP templating system. At the time Smarty was an official sub-project of PHP which gave it a big boost over it's competitors in my eyes.

I used smarty in a few projects and quite liked it. It was like learning a new language as there is quite a lot of new functions to learn. Some of these functions are great but some are just equivalents of PHP functions because PHP can't be used directly in a template. I also had some issues to overcome - like making sure certain pages didn't get cached and that all variables had been correctly declared - or else they would not appear on the page.

 I found that altho the pages were easier to edit than what I had done before they still had a few issues for designers. A lot of designers use dreamweaver and were put off when the CSS and images weren't displaying in design mode because the template was in a different path. Also whereas before PHP blocks would be hidden behind a PHP icon, now the Smarty code was fully displayed and looked like page content and could be mistakenly edited. The idea behind Smarty code is that it's supposed to be easier to understand for designers. In practice I've found that designers probably don't fully understand code however it's presented / and nor should they need to.

Smarty added a bit of bloat to my projects and also became another thing to maintain - having to upgrade all projects with the latest version of smarty and hoping nothing breaks. And a few times I'd been caught out when projects had moved servers and I hadn't checked the permissions on the template cache folder - which isn't always obvious to spot.

So because of these issues, I stopped using Smarty and developed my own templating system which is a lot simpler and is all done in PHP and doesn't require you to learn a new language. It's friendlier for designers and has some built-in SEO goodness like search engine friendly URLs, automated page titles and dynamic sitemaps. I've since re-written all active projects that used Smarty to take advantage of this new format.

On reflection Smarty was not the best solution for me. However it did teach me the fundamental importance of keeping code separate from design. I also learned from it some fantastic functions for dealing with html drop-downs and date/time selections which I've subsequently adapted and use in my own projects. So while I wouldn't recommend it, I've definitely benefited from the experience.



08/05/2009 permalink | Posted in web development | 0 Comments »

Why Choose PHP?

There are a fair few choices of server side languages to choose from the grandaddy perl to relatively new trendy languages like ruby or python. Somewhere in the middle is PHP.

PHP is open source and has been ported to many operating systems including linux. windows and mac. This open source philosophy extends to a wealth of free resources including tutorials, classes and components. There is some fantastic open source PHP software such as phpBB, phpMyAdmin and JpGraph. This is in stark contrast to the closed source ASP which many basic components are paid-for.

PHP is a C-based language so if you have any experience with C or other C-based languages like JavaScript you should find the syntax easy to learn. Debugging is normally pretty easy as error messages are straight-forward and clearly identity where and what error occurred.

PHP is all about rapid application development. There are a number of built-in extensions and out-of-the-box you can use PHP to manipulate images, send emails, execute shell commands and much much more.

The hardest thing about PHP is learning all the different functions - there are thousands of them. And they don't all follow the same naming convention e.g. addslashes() / str_replace(). Luckily the php.net website is at hand. It provides comprehensive easy-to-follow documentation on all functions with clear examples. There is also a lot of crucial information and sample code in the comments.

In summary PHP is a great choice. It's free, well-supported and easy to learn. Long live PHP!



07/05/2009 permalink | Posted in web development | 23 Comments »

drupal / joomla / mambo etc

There is quite a bit of hype surrounding open source systems like

  • drupal
  • joomla
  • mambo
  • etc

I've looked into them but have so far avoided using them.

I'm not against these systems per se. I think they are good for non-profits or sites with limited budgets. They allow peeps who aren't web developers to create and manage their own fairly sophisticated web-sites. But this is also part of the problem, it's almost like Frontpage for PHP. It allows them to create a functional system very easily. But as soon as they have to customise it in a way which wasn't originally intended; they start hitting brick walls. Either that or the systems are over-complicated to use.

Every website is different. And a lot of websites have unique features which are different to any other site. At some point you have to get down and dirty and write some proper code and not expect a system to do it all for you.

And what happens if the system you are using is no longer supported, or an upgrade comes along that breaks your existing site or modules?

So what's the alternative?

Well here's what I do. I've developed a generic/ flexible CMS system that I use for a back-end on all my CMS projects. The front-end is always coded from scratch. This gives the designers complete freedom to design the site anyway they see fit and I integrate the CMS into their design. Over the years I've developed a core library that speeds up development by taking care of ecommerce/ account logins etc. But at all times I've got complete control over the functionality.

some interesting quotes from a slashdot article on drupal:

Recently we managed to phase out our corporate drupal-based site. It was close to impossible to upgrade from Drupal 4.x up to 5.x (and 6.x) because of custom modules and we have no human resources to recode someone's crap from version to version every year.


Don't even talk about "Joomla" and "Mambo". They're a nightmare to maintain, and a royal pain in the ASS for building an SEO friendly site with friendly URL's that don't look like a matrix reloaded computer screenshot.


The problem is, the moment you make the mistake of thinking you're going to add fields to modules, apply true custom skins to them, rearrange their content, etc. on top of an already largely built framework, it very quickly falls apart. You get two choices at that point: add on systems that kinda sorta give you some of what you need but still leave you limited or hacking in to the source code that's really not built with that kind of customization in mind.


I spent months with Drupal, tracking the boards, reading the docs, listening to many podcast series. But I came away feeling that, despite its many features and modules, it's quite kludgey.

And this one:

http://books.slashdot.org/article.pl?sid=09/05/18/139218&from=rss

I'm so tired of taking over sites where the former "developer" used a Drupal or Joomla installation.

It is inevitable that the requirements of a custom web app will eventually exceed the capability of these systems. Knowledge of a particular CMS does not a developer make! These are tools in a toolbox and should be used as such. I hate it when people sell themselves as freelance "programmers", but really they only know how to use a particular CMS. So lets write a book and encourage this behavior - bluagh..


I still have some websites lingering around that use Joomla but I am very much dissociated with that CMS, infact any CMS nowadays. I find the issues that these systems bring to the table far outweigh any little added productivity that a small group can sustain. There are teams of script kiddies from Asia and elsewhere scouring online websites for these systems to prove just how easy they are to hack into. If you have an online database with confidential client information, you are in trouble.


 The problem with popular CMS systems today stems from the tight coupling of back-end architecture and front-end architecture.

Remove the coupling, and the need for a book on Front End Drupal vanishes, leaving us with a simple API which we can integrate with our own custom or third party front-end.



06/05/2009 permalink | Posted in web development | 45 Comments »

PHP short tags are ok

PHP code blocks are usually started one or two ways. Either by using the full PHP tag: <?php or the short-hand tag, which is just <?. The short-hand tag allows you to do: <?=$var;?> which is the equivalent of <?php echo $var;?>. This is a lot more concise and when you develop as much as I do it's a real time-saver and is more readable.

PHP short tags are enabled by default in PHP although they are officially discouraged because of a potential collision with xml. XML blocks start with <?xml

The other arguments against short-tags is portability. Some web hosts won't have short-tags enabled by default. This is pretty easy to remedy - either by editing the php.ini file or adding a htaccess file.

Now some PHP purists will say that anyone who uses short tags is error prone or antiquated. This is simply unfounded as short tags are not deprecated and as long as you are aware of the shortcomings; won't cause you any more errors..

PHP6 is going to be a major shake up to PHP - a lot of things are going to go like safe-mode / register globals etc. But it would appear that short-tags will be staying. Probably due to the sheer amount of code and rebel coders that rely on them.

Now for super-standards-compliant perfecto projects it may be sensible to use the full PHP tags. But for standard every day use, short tags are ok - so don't let the nay-sayers put you off.



01/05/2009 permalink | Posted in web development | 0 Comments »


Bookmark and Share

About me

Adam Jimenez is a freelance web developer who has been professionally developing websites since 2000.

Find me


Projects


Archive