Drupal Development (Part 2)

2,656
-1

Published on

A whirlwind tour of Drupal best practices, presented at the Chicago CMS Expo in April 2008. See http://cmsexpo.net for more information.

Published in: Technology
0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,656
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
95
Comments
0
Likes
6
Embeds 0
No embeds

No notes for slide












  • http://www.flickr.com/photos/mhzmaster/1004261881









  • wrote forms in straight html
    duplicated workflow code
    duplicated security code (hopefully)
    hack, hack, hack to customize



    build arrays to describe the form
    use standard workflow (drupal_get_form())
    security is automatic
    THEN render to HTML.


























































































































  • Drupal Development (Part 2)

    1. 1. Drupal Code: Day 2 the good, the bad, and the nerdy
    2. 2. we join our cms, already in progress
    3. 3. drupal core coordinates http://www.flickr.com/photos/35104960@N00/509525572/
    4. 4. drupal announces events
    5. 5. hooks let modules listen
    6. 6. modules react
    7. 7. ...and change behavior http://www.flickr.com/photos/spiicytuna/188111824
    8. 8. happy baby is happy
    9. 9. FormAPI
    10. 10. $form[‘foo’] = array( ‘#type’ => ‘textarea’, ‘#required’ => TRUE, ‘#title’ => t(‘Your foo’), ‘#default_value’ => “Some text…”, ‘#resizable’ => TRUE, );
    11. 11. $form[‘bar’] = array( ‘#type’ => ‘fieldset’, ‘#title’ => t(‘Several bars’), ‘#collapsible’ => TRUE, ‘#collapsed’ => FALSE, );
    12. 12. $form[‘bar’][‘baz’] = array( ‘#type’ => ‘select’, ‘#title’ => t(‘Baz in a bar’), ‘#options’ => array( 1 => t(‘Option one’), 2 => t(‘Option two’), 3 => t(‘Option three’), ), ‘#multiple’ => TRUE, ‘#default_value’ => 2, ‘#weight’ => -10 );
    13. 13. function mymodule_settings_page() { return drupal_get_form(‘mymodule_form’); } function mymodule_form() { $form[‘foo’] = array( ‘#type’ => ‘textarea’, ‘#title’ => t(‘Your foo’), ‘#default_value’ => t(‘Enter your text here…’), ); $form[‘submit’] = array( ‘#type’ => ‘submit’, ‘#value’ => t(‘Pity the foo’), ); return $form; }
    14. 14. function mymodule_settings_page() { return drupal_get_form(‘mymodule_form’); } function mymodule_form() { $form[‘foo’] = array( ‘#type’ => ‘textarea’, ‘#title’ => t(‘Your foo’), ‘#default_value’ => t(‘Enter your text here…’), ); $form[‘submit’] = array( ‘#type’ => ‘submit’, ‘#value’ => t(‘Pity the foo’), ); return $form; }
    15. 15. function mymodule_form_alter($form, &$state, $id) { if ($id == ‘yourmodule_form’) { unset($form[‘your_field’]); $form[‘my_extra_field’] = array( ‘#type’ => ‘textarea’, ‘#title’ => t(‘THIS field is mine.’, ‘#weight’ => -10, ); $form[‘#validate’][] = ‘my_validation_code’; $form[‘#submit’][] = ‘my_submit_code’; } }
    16. 16. function mymodule_form_validate($form, &$state) { if ($state[‘values’][‘foo’] == ‘Yo Momma’) { form_set_error(‘foo’, t(‘Show some respect.’)); } } function mymodule_form_submit($form, &$state) { variable_set(‘my_foo’, $state[‘values’][‘foo’]); }
    17. 17. Key Pieces • Form ID • Form Builder function • Validation functions • Submission functions • “Form State”
    18. 18. happy baby is happy
    19. 19. best practices
    20. 20. best practices
    21. 21. theme()
    22. 22. function build_my_page() { $output = ‘<h3>My stuff</h3>' $records = get_records(); $output .= ‘<ul>’; foreach ($records as $record) { $output .= “<li>”. $record->name .”</li>”; } $output .= ‘</ul>’; return $output; }
    23. 23. function build_my_page() { $output = ‘<h3>My stuff</h3>' $records = get_records(); $output .= ‘<ul>’; foreach ($records as $record) { $output .= “<li>”. $record->name .”</li>”; } $output .= ‘</ul>’; return $output; } function build_my_page() { $records = get_records(); foreach ($records as $record) { $items[] = $records->name; } return theme(‘item_list’, $items, t(‘My stuff’)); }
    24. 24. function mymodule_theme() { return array( 'mymodule_data' => array( 'arguments' => array( 'data' => NULL, 'option' => TRUE))); } function theme_mymodule_data($data, $option) { $output = ‘<em>’. $data->foo .’</em>’; if ($option) { $output .= ‘ <b>’. $data->bar .’</b>’; } return $output; }
    25. 25. use theme() for all html
    26. 26. db_query()
    27. 27. function get_my_data($username) { $sql = “SELECT * FROM users “; $sql .= “WHERE name = ‘$username’”; $results = mysql_query($sql); return $results; }
    28. 28. function get_my_data($username) { $sql = “SELECT * FROM users “; $sql .= “WHERE name = ‘$username’”; $results = mysql_query($sql); return $results; } function get_my_data($username) { $sql = “SELECT * FROM {users} u “; $sql .= “WHERE u.name = ‘%s’”; $results = db_query($sql, $username); return $results; }
    29. 29. use db_query() for all queries
    30. 30. l()
    31. 31. $link = “<a href=‘/about-us’>About!</a>”;
    32. 32. $link = “<a href=‘/about-us’>About!</a>”; http://www.mysite.com/node/1 http://www.mysite.com/seo-friendly-name http://www.mysite.com/subdirectory/node/1 http://www.mysite.com/index.php?q=node/1 http://www.mysite.com/fr/node/1
    33. 33. $link = “<a href=‘/about-us’>About!</a>”; http://www.mysite.com/node/1 http://www.mysite.com/seo-friendly-name http://www.mysite.com/subdirectory/node/1 http://www.mysite.com/index.php?q=node/1 http://www.mysite.com/fr/node/1 $link = l($title, $url);
    34. 34. use l() for all links
    35. 35. t()
    36. 36. function my_message($name) { return “This is your message, $name!”; }
    37. 37. function my_message($name) { return “This is your message, $name!”; } function my_message($name) { $values = array(‘%name’ => $name); $message = ‘This is your message, %name!’; return t($message, $values); }
    38. 38. use t() for all UI text
    39. 39. PHPDoc
    40. 40. /** * Prepares a structured form array by adding required elements, * executing any hook_form_alter functions, and optionally * inserting a validation token to prevent tampering. * * @param $form_id * A unique string identifying the form for validation, * submission, theming, and hook_form_alter functions. * @param $form * An associative array containing the structure of the form. * @param $form_state * A keyed array containing the current state of the form. * Passed in here so that hook_form_alter() calls can use it, * as well. */ function drupal_prepare_form($form_id, &$form, &$form_state) { // Actual codes goes here… }
    41. 41. drupal core 1% Code 37% Comments Jokes 62%
    42. 42. use PHPDoc to explain your code
    43. 43. Coder module
    44. 44. hook, don’t hack
    45. 45. happy baby is happy
    46. 46. security (never trust anyone)
    47. 47. SQL Injection
    48. 48. function get_my_data($name, $date) { $sql = “SELECT * FROM {users} u “; $sql .= “WHERE u.name = ‘%s’ ”; $sql .= “AND u.created > %d ”; $results = db_query($sql, $name, $date); return $results; }
    49. 49. function get_my_data($name, $date) { $sql = “SELECT * FROM {users} u “; $sql .= “WHERE u.name = ‘%s’ ”; $sql .= “AND u.created > %d ”; $results = db_query($sql, $name, $date); return $results; } %s, %d, %f, and %b are your friends
    50. 50. XSS (use output filtering)
    51. 51. XSS (use output filtering)
    52. 52. XSS (use output filtering) Use filter_xss($text)
    53. 53. CSRF
    54. 54. CSRF Use FormAPI. ALWAYS.
    55. 55. input formats (PHP, oh noes)
    56. 56. input formats (PHP, oh noes)
    57. 57. http://drupal.org/ writing-secure-code
    58. 58. happy baby is happy
    59. 59. Performance (It’s always the db)
    60. 60. cold hard cache
    61. 61. cold hard cache
    62. 62. devel module
    63. 63. devel module
    64. 64. devel module
    65. 65. make your own cache
    66. 66. function my_module_stuff($reset = FALSE) { static $stuff; if (!isset($stuff) || $reset) { if (!$reset && ($cache = cache_get('my_stuff'))) { $stuff = $cache->data; make your } else { own cache // Do your expensive calculations here, // and populate $my_data with stuff.. cache_set('my_stuff', $stuff); } } return $stuff; }
    67. 67. happy baby is happy
    68. 68. the community
    69. 69. sign up. seriously.
    70. 70. participate
    71. 71. participate
    72. 72. • Always use FormAPI • Follow best practices (Coder helps!) • It’s always the DB’s fault (cache) • Don’t trust anyone (sanitize output) • Participate!
    73. 73. happy baby is happy
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×