Page 1 of 1

Transition to PHP

Posted: Thu Apr 27, 2006 11:08 pm
by alex.barylski
Although it's been a good number of years since I started programming in PHP, there was a time when I thought PHP was more a toy language than a serious development language.

Iteresting read:
http://www.oracle.com/technology/pub/co ... o-php.html

I have to admit, although PHP itself was trivial to learn (being a C style language) there was a huge change in thinking and style of development when making the transition from desktop to web application.

For instance, I never considered application security a big issue as most things I wrote were little utility apps which didn't have a need for ACL's, etc...

Nor was sanitizing data a big deal...about the only thing I worried about was buffer overflows...at that was taken care of for me when I switched to MFC development from C style SDK development.

One of the biggest challenges in web development I have found was the adoption of more planning and application design, etc...

As it's easier in PHP to develope large applications than C++ it's also easier to become tangled with large code bases...

For example, consider an MFC custom control...they can be anywhere from 500 lines to 20,000 lines easy...and they often contain adhoc hacks and esoteric, undocumented techniques...making them very difficult to develop and at times more difficult to understand as an outsider...

Despite all this code & complexity for a single control, it all falls under that custom control...there is no need for MVC, etc...you just need a solid understanding of Windows internals and it's SDK...

Whereas complete applications require an entirely different skillset and thought process...

Custom controls require hacker-ish skills and the ability to understand systems and how the integrate, whereas application development I find requires a more formal approach to solving the problems your faced with. Your more likely to concern yourself with long term maintenance, etc...

As a custom control in Windows parlance has a write once and use it forever feel to it...of course this is only an ideal situation...when windows switched from Win16 to Win32 many controls I am sure had to be re-written :)

Although the Windows API has remained pretty stable for as long as i've been developing software for it. This make writting portable (across Windows OS anyways) controls much easier...

Comments?

Cheers :)

Posted: Thu Apr 27, 2006 11:19 pm
by feyd
My journey was fairly different it appears. I've always had to deal with ACL's, sanitization and the like. This has been in everything I've written from little dos utility functions all the way through applications and games. I always approached it from an "I don't want my code being the weak point for an intrusion to exploit onto the system" kind of stance.

Posted: Fri Apr 28, 2006 12:40 am
by alex.barylski
feyd wrote:My journey was fairly different it appears. I've always had to deal with ACL's, sanitization and the like. This has been in everything I've written from little dos utility functions all the way through applications and games. I always approached it from an "I don't want my code being the weak point for an intrusion to exploit onto the system" kind of stance.
What were you developing? What kind of game needs sanitization or ACL checks? I have only a basic understanding and experience in developing games...nothing 3D except for tinkering with http://www.flightgear.org/ so pardon my ignorance if the list is long and plenty :oops:

From my perspective, from what i've gained listening to your replies, etc...

I got the impression you were a Linux junkie programming daemons or similar thus your API bible like ability to answer questions which conern a specific PHP API???

Under linux I can see how and why you perhaps needed to concern yourself with sanitizing data, etc...at least more so than a custom control under Windows...

I was way more concerned with keeping track of buffer overflows, DC leaks, memory usage/leaks, etc...especially in C without MFC...but even there you have to watch your resources like a hawk, especially with GDI...

Self taught too correct? Ever receive formal training? What did you think?

I've looked into writting a challenge exam for first and second year compsci so I can attend classes this fall for 3rd and 4th...

I'd really like to get into natural language parsing as that area fascinates me...but I think thats more for MSc. degree...as the curiculum for BSc. for most universities i've looked into are within my reach but cover nothng of the sort :(

Cheers :)

Posted: Fri Apr 28, 2006 1:20 am
by feyd
Hockey wrote:What were you developing? What kind of game needs sanitization or ACL checks? I have only a basic understanding and experience in developing games...nothing 3D except for tinkering with http://www.flightgear.org/ so pardon my ignorance if the list is long and plenty :oops:
Most properly written games will, at minimum, deal with ACL. Most of the time it's because the application should act like a proper Windows one, installing registry settings in the correct locations and supporting at least the possibility of running under a different user than the installer.
Hockey wrote:From my perspective, from what i've gained listening to your replies, etc...

I got the impression you were a Linux junkie programming daemons or similar thus your API bible like ability to answer questions which conern a specific PHP API???
I have done a bit of daemon work, although little of my programming has been done on Linux. :)
Hockey wrote:Under linux I can see how and why you perhaps needed to concern yourself with sanitizing data, etc...at least more so than a custom control under Windows...
I always wrote the code to handle taking anything, dealing with it as best as possible, instead of blowing up or other less desirable behaviour.
Hockey wrote:I was way more concerned with keeping track of buffer overflows, DC leaks, memory usage/leaks, etc...especially in C without MFC...but even there you have to watch your resources like a hawk, especially with GDI...
Yep, I remember those days. Sometimes miss them, too. Am I a masochist? Maybe. :twisted:
Hockey wrote:Self taught too correct? Ever receive formal training? What did you think?
Aside from a tiny bit of high school education in C and even less in C++, I am self taught, yes. Because of certain issues, I don't play ball in school well for reasons entirely outside of my control. So this coming semester will be an interesting experience once again. :roll:
Hockey wrote:I've looked into writting a challenge exam for first and second year compsci so I can attend classes this fall for 3rd and 4th...

I'd really like to get into natural language parsing as that area fascinates me...but I think thats more for MSc. degree...as the curiculum for BSc. for most universities i've looked into are within my reach but cover nothng of the sort :(
Studies in creating languages and lexical parsing such as that are, last I saw, more of the Masters and up category of playtime. I do have some books on that stuff from school though, so I know it's taught at certain levels. Although since it was a video game school, it differs wildly from a regular teaching schedule. Interestingly challenging, no doubt.

Posted: Fri Apr 28, 2006 1:49 am
by alex.barylski
Most properly written games will, at minimum, deal with ACL. Most of the time it's because the application should act like a proper Windows one, installing registry settings in the correct locations and supporting at least the possibility of running under a different user than the installer.
Meh...I've always left that to Installers :roll:
Yep, I remember those days. Sometimes miss them, too. Am I a masochist? Maybe
Naw...I still program in MFC regularly...dude you should check out the codeproject...the most amazing coding site on the planet...unreal how many stupid smart guys are on there...timvw told me a while back he recently checked it out, if I remember correctly, he was quite impressed. :)

Although the nostalgia of being one of the original members is long since past...there isn't so much competition to be number one poster, most popular, etc...anymore I find...as there are just waaaay to many members...anytime of day...at least 3000 at one time...it's nutts...
Aside from a tiny bit of high school education in C and even less in C++, I am self taught, yes. Because of certain issues, I don't play ball in school well for reasons entirely outside of my control. So this coming semester will be an interesting experience once again
I was never a fan myself...I called it quits more than once and have still to graduate fully... :P So your taking classes now then? What are you studying?

Don't mean to sound nosey...just curious...don't have to answer...but I like hearing others success stories when their history is similar to mine is all :)

Similar in the sense were both self taught from early childhood, started in C/C++ and worked our way to PHP somehow :oops:

The one thing I liked about C/C++ is there is less contest and argument, especially when you get down and dirty like hooking, etc...if people really have no clue, they can't answer with negative criticism...on the flip side...answers to esoteric questions are *very hard* to come by...

For instance, try finding someone who knows anything about IWebBrowser2 and it's supporting interfaces using ATL...I asked questions for about 6 months with no answers...that sucked!!! :P
Studies in creating languages and lexical parsing such as that are, last I saw, more of the Masters and up category of playtime. I do have some books on that stuff from school though, so I know it's taught at certain levels. Although since it was a video game school, it differs wildly from a regular teaching schedule. Interestingly challenging, no doubt.
Oddly, what really got me fired up about it was several attempts to absorb Donald Knuths book on NLP...

That guy is such a smarty pants it drove me nutts...I had to reference dictionary.com every second word :P

Honestly...why complicate an already stupidly complicated subject...

Don't answer that :P I've been in this disscussion about a dozen times on CP and realize and accept his standpoint.

But the preface suggests the reading is for those studying NLP or average laymen...of which I fall under the latter categorey and I had a helluva time following...so much math... :?

I like Math, I'm just not very good at it...

Cheers :)