Here are some tips...
Most noob articles you read will contain PHP embedded in HTML files. That feature makes learning PHP much easier than say PERL.
You have a good number of years behind you in other langs like Assembler and COBOL, so basic articles could likely be avoided, cuz you know what if, while, for, etc already do.
Or you'll catch on real quick I'm sure
Anyways, ASAP once your comfortable with working in PHP...basically it's syntax...you probalby want to:
1) Look into using a template engine (Smarty is probably best known). Search google for bTemplate, it's does the same thing, but using native PHP so there is little performance hit and you still accomplish seperation.
2) Not sure if your comfortable with OOP (Doesn't COBOL stand for Common object business oriented language???) but if you are...look into using that ASAP too but also realize that functions still serve a purpose.
Avoid designing classes like:
Code: Select all
class MyClass{
function printHead($value)
{
echo '<div style="text-align: right">My Header: '.$value.'</div>';
}
function printBody($value)
{
echo '<div style="text-align: right">My Body: '.$value.'</div>';
}
function printFoot($value)
{
echo '<div style="text-align: right">My Footer: '.$value.'</div>';
}
}
Thats the worst example of OOP usage in PHP you can imagine...that should be handled by a template engine.
3) loosely typed interpreted languages are neat and gabage collection is neat too, but with that flexibility comes caveats which can't take hours to solve if you come from a compiled strict typed language like C/C++.
Variables in PHP can be empty and NOT set
When debugging you often echo a variable to screen, unlike in compiled langauges where a variable will always have a value in PHP thats not the case.
If you mis-type a variable name by one character, that can be a tricky bug to catch onto, so be sure to practice dillegence when using variable names and writing them out.
4) Sanitize incoming data from GET, COOKIE, POST, REQUEST, etc...
Meaning, if you use GET variables, like a search query criteria, say for example a name in a database...
You should ALWAYS use a principle of least privilege approach on outside data.
At least calling addslashes() to escape your data before sending it to a database for INPUT, SELECT, etc... operations.
If you know the incoming data should only be integer values, I often do the following:
Code: Select all
$var = (int)$_GET['var']; // Explicitly cast variable to integer
You could also use regex to work on alpha-numeric types: for instance if you knew that an incoming data variable was supposed to USA post codes, you could use regex to strip non-essential characters like (* $ ', etc).
Note: You should name your HTML form variables the same name as your associated DB table field names, makes it easier when writing the SQL or maintaining it. Some might argue thats a possible security hole, but effective professional programmers shouldn't believe in security through obscurity
I always bring every incoming variable into local scope, by doing what I demonstarted above with the explicit cast, then I apply addslashes() and/or remove non-essential characters using regex, htmlentities, etc if required. You can focus on this once you start using FORMS.
5) Last but not least, start reading up on regex, if you came from a llinux environment, you might be familiar with them, from using tools like grep or what it's called...???
In any case if you don't have any knowledge about them, read some tutorials on them...cuz they will save you big time, especially in data validation, which I mentioned in point 4.
Using regex it's a breeze to strip non-essential characters from incoming data
6) One more note. Code reuse in PHP is difficult, but not impossible. Make you look into classes which are good examples of OOP usage:
- Smarty
- phpMailer - Make life sending emails WAAAAAY easier (especially if you have attachments, etc)
- AdoDB - Database abstraction layer so you can switch from MySQL to MSSQL with realtive ease.
You can check out PEAR (Google it) it's a massive library of classes which are usually pretty re-usable.
HTH
And remember, participate in this forum often it's helps the community and yourself
Cheers