PHP Developers Network
http://forums.devnetwork.net/

New to web developing.. Am I doing things right?
http://forums.devnetwork.net/viewtopic.php?f=50&t=139551
Page 1 of 1

Author:  SaW1337 [ Thu Apr 17, 2014 9:03 pm ]
Post subject:  New to web developing.. Am I doing things right?

Hello,
I'm new to webdev and still trying to understand what to do and what not to do..
Last night I wrote a small script to help myself with keeping all the notes and ideas in one place. I'm using PHP/HTML/JS(jQuery+ajax) only, whole script is written in one file (except for jquery).
Script took me 2 hours to write, for me it looks like I have done everything correctly, but I doubt it. Could I please get some critique and tips on what (if) I'm doing wrong?

Script:
Syntax: [ Download ] [ Hide ]
<?php
$con=mysqli_connect("-","-","-","-");
if(isset($_POST["data"])){
        $data=explode(":",$_POST["data"]);
        if($data[0]==1 && preg_match('/^[0-9]*$/', $data[1]))
                if (mysqli_query($con,"DELETE FROM tracker WHERE id=$data[1]")) echo "<span style=\"color:green\">Entry with id ".$data[1]." deleted!";
        die;
}
if(isset($_POST["edit"]) && preg_match('/^[0-9]*$/', $_POST["id"])) {
        if (mysqli_query($con,"UPDATE tracker SET data='".mysqli_real_escape_string($con,$_POST["value"])."' WHERE id=$_POST[edit]")) echo $_POST["value"];
        die;
}
echo "<head>
        <link href=\"http://fonts.googleapis.com/css?family=Prociono\" rel=\"stylesheet\" type=\"text/css\">
        <script src=\"http://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js\"></script>
        <script src=\"js.js\"></script>
        <style>
                body { background: url(http://i.imgur.com/6RNBEba.jpg) no-repeat black fixed ; color:white; }
        </style>
        <script>
                $(document).ready(function(){
                $('.edit_area').editable('tracker.php', {
                        id: 'edit',
                        name: 'value',
                        type: 'textarea',
                        cancel: 'Cancel',
                        submit: 'OK',
                        event: 'dblclick',
                        indicator: '<img src=\"http://www.appelsiini.net/projects/jeditable/img/indicator.gif\">',
                        tooltip: 'Click to edit...'
                });
                        $(\".ajax\").click(function(e){
                                var r=confirm('Are you sure you want to delete this record?');
                                if (r==true)
                                {
                                        $.ajax({
                                                type: 'POST',
                                                url: 'tracker.php',
                                                data: { data: $(this).attr('value')},
                                                success:function(result){
                                                        $('#result').html(result);
                                                        $('#saraksts').html('<font color=\"white\">Loading..</color>');
                                                        $.ajax({
                                                                type: 'POST',
                                                                url: 'tracker.php',
                                                                data: { load: 'saraksts'},
                                                                success:function(result){ $('#saraksts').html(result); }
                                                        });                                                            
                                                }
                                        });
                                }
                        });
                });
        </script>
</head>"
;
echo "<body>";
if($_POST["submit"]) mysqli_query($con,"INSERT INTO tracker (type,data,time,deleted) VALUES (".mysqli_real_escape_string($con,$_POST["type"]).", '".mysqli_real_escape_string($con,$_POST["text"])."',".time().", 0)");
if(!$_POST["load"]) echo "<center>
        <form action=\"tracker.php\" method=\"POST\">
                <select name=\"type\" style=\"color: white; background-color: #1F1F00\">
                        <option value=\"1\">Note</option>
                        <option value=\"2\">Important</option>
                        <option value=\"3\">Idea</option>
                </select><br/>
                <textarea name=\"text\" rows=\"4\" cols=\"50\" style=\"color: white; background-color: #1F1F00\"></textarea><br/>
                <input type=\"submit\" name=\"submit\" value=\"Submit\" style=\"color: white; background-color: #1F1F00\">
        </form>
        <div id='result'></div>
</center>"
;
$t=mysqli_query($con,"SELECT * FROM tracker WHERE deleted=FALSE ORDER BY time DESC"); if(mysqli_num_rows($t)){
        echo "<div id=\"saraksts\" align='center' style='width:800px; margin: auto'><table style=\"width:100%;border-collapse: collapse; \">";
        $c; $cc;
        while ($t2 = mysqli_fetch_array($t)) {
        if($c) { $c=FALSE; $cc="#191919"; } else { $c=TRUE; $cc="#303030"; }
        if($t2[2]==1) $ccc="#0066FF"; elseif($t2[2]==2) $ccc="#FF0000"; elseif($t2[2]==3) $ccc="#00FF00";
        echo "<tr>
                <td style=\"background-color:"
.$ccc.";width:0.5%;\"></td>
                <td style=\"background-color:#1F1F00; width:20%; color:white; border-bottom:dashed grey; border-width:1px;\">
                        <a class='ajax' value='1:"
.$t2[1]."'>[<span style=\"color:red\">X</span>]</a> ".date("Y/m/d H:i:s",$t2[4])."
                </td>
                <td style=\"color:white; font-family: 'Prociono', serif; border-bottom:dashed grey; border-width:1px; background-color:"
.$cc.";opacity:0.85;\">
                        <div id='"
.$t2[1]."' class=\"edit_area\">".str_replace("\\", "", $t2[3])."</div>
                </td>
        </tr>"
;
        }
        echo "</table></div></body>";
}

I wrote it for personal use only.

Author:  Celauran [ Sat Apr 19, 2014 4:48 pm ]
Post subject:  Re: New to web developing.. Am I doing things right?


Author:  SaW1337 [ Mon Apr 21, 2014 10:50 am ]
Post subject:  Re: New to web developing.. Am I doing things right?


Author:  Celauran [ Mon Apr 21, 2014 11:10 am ]
Post subject:  Re: New to web developing.. Am I doing things right?


Author:  SaW1337 [ Thu Jul 10, 2014 6:55 pm ]
Post subject:  Re: New to web developing.. Am I doing things right?

Hello again.. Been reading and learning PHP for some time now.
I made login and autologin 2 in 1 (for my upcoming script). I still don't use braces for single function, somehow I don't like it and it improves readability for me.

What makes me wonder is..
1) Is this script safe (I know security is an illusion, but against majority of hackers)?
2) I'm storing logins in MySQLi Engine=MEMORY (ram) so it reads login faster.. is this a right thing to do, or is mysql caching good enough?

Script: http://pastebin.com/eqw42TMd (no html)

Author:  Celauran [ Thu Jul 10, 2014 7:16 pm ]
Post subject:  Re: New to web developing.. Am I doing things right?

Syntax: [ Download ] [ Hide ]
$password=isset($_POST['password']) ? $_POST['password'] : $_SESSION["password"];
...
mysqli_prepare($con, "SELECT u_id FROM accounts WHERE u_username=? AND u_password=? LIMIT 1")
...
mysqli_stmt_bind_param($sql, "ss", $username, $password);

Looks like you're storing passwords in plain text. If your database is ever compromised, you have potentially hurt your users. People shouldn't use the same password on multiple sites, but they do. Hash your passwords. .

Syntax: [ Download ] [ Hide ]
if(!ctype_alnum($username.$password)) $err[].="Username and Password must contain only alphanumeric symbols!";

You also don't want to put unnecessary restrictions on passwords. Requiring a digit and a special character? OK. Makes sense. Forbidding special characters reduces the number of possible passwords, making cracking them easier.

Author:  Christopher [ Thu Jul 10, 2014 10:32 pm ]
Post subject:  Re: New to web developing.. Am I doing things right?

One of the biggest things you should do is separate your Domain code from your Presentation code. I would recommend putting all the code the loads/saves data to the tracker table into a Tracker or TrackerModel class. It should have methods like insert(), update(), delete() and findAvailable() (not sure what deleted=FALSE means!?). Then have your page templates access that object. It will keep all code together for reuse, refactoring, etc.

Author:  SaW1337 [ Fri Jul 11, 2014 5:18 am ]
Post subject:  Re: New to web developing.. Am I doing things right?


Author:  Christopher [ Fri Jul 11, 2014 1:13 pm ]
Post subject:  Re: New to web developing.. Am I doing things right?


Author:  SaW1337 [ Sat Jul 12, 2014 8:34 am ]
Post subject:  Re: New to web developing.. Am I doing things right?

Could you please explain further and maybe give some example or some article? If you're correct, my findings about OOP were horrible and maybe I really should learn it.

Author:  Christopher [ Sat Jul 12, 2014 12:42 pm ]
Post subject:  Re: New to web developing.. Am I doing things right?

You don't need to go OOP crazy or be an OOP zealot (please don't), but limiting yourself to only part of a language's syntax -- especially a very useful part -- is unwise. At its simplest, the class construct is a nice way to namespace functions. Objects are essentially data structures with a namespace of functions that go with them. It is very useful to pass around data structures instead of having lots of individual variables littering your code. And since the advent of OO, there are a bunch of useful design concepts (and may reusable good design practices called patterns) that OO enables. These simply expand the available tools you can use to solve software problems. There's neither magic nor politics behind OO -- they are just practical part programming.

Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/