Codebits 2012 - Fast relational web site construction.

746 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
746
On SlideShare
0
From Embeds
0
Number of Embeds
16
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Codebits 2012 - Fast relational web site construction.

  1. 1. Fast relational web siteconstruction with PHP Nelson Gomes (nelson.gomes@telecom.pt) Team Leader ZCE, ITIL Foundation V3, LPIC1-101 16th of November 2012
  2. 2. Talk IndexIntroductionFrameworksRelational Database ModelSetting upThe MagicQueriesTransactionsConclusionLinksQ&A
  3. 3. IntroductionThe purpose of this talk is to help web developers to take advantage of some known PHP frameworks to develop complex websites rapidly;Although were showing some specific frameworks in this talk, other frameworks exist that do almost the same thing or even better;Just google the web and try out other frameworks and use the ones you like the most;The benefit of using these frameworks is to be more productive, to use best pratices and to develop faster;
  4. 4. Introduction (cont.)Developing complex sites with complex relational databases can be very difficult without the right tools: Manage Database Connections; Maintaining Relational Integrity; Performing Transactions; Acessing data spread over several tables; Updating, deleting and inserting records without loosing integrity;
  5. 5. Introduction (cont.)Example of how some developers still program: mysql_query(“insert into customers (name, phone) values ($name, $phone);When using many tables the developers need to create methods to insert, update, delete and query records, this can give a lot of work;In this presentation, Ill try to show how to do all of this with minimum programming...
  6. 6. Introduction (cont.)Web site security depends greatly of the awareness developers have for security issues;Many PHP developers do bad code because dont know the problems that can arise from bad programming: SQL Injection; Cross-Site Scripting; Cross-Site Request Forgery; (...)Using these frameworks correctly reduce (some) security vulnerabilities;
  7. 7. Introduction (cont.)Other frameworks: Propel; Zend_Db; Log4PHP; Zend; Symfony; xAjax; NuSOAP;
  8. 8. FrameworksIntroducing some PHP frameworks: Doctrine – is a Object relational mapper that works on top of PDO (PHP Data Objects); Smarty – an engine for web templating in PHP; MVC – (could use one MVC framework, but on this talk wont use any);You can easily change any of these frameworks with others of your choice;
  9. 9. Frameworks (cont.)Doctrine With Doctrine you can use Code First, Model First and Database First approaches, meaning you start by creating objects, UML or a database as a start point; All doctrine queries are made using DQL – Doctrine Query Language;In this talk well go throught Database First approach, meaning Doctrine will look into the database and generate code for it;In this talk Im using Doctrine 1.2.4, why?
  10. 10. Frameworks (cont.)Advantages of using Doctrine: Object Oriented Approach; No need to rewrite code when switching database; No need to keep track of identifiers of the inserted fields; Object are written to database by Doctrine, no need to SQL! Associations are managed by Doctrine; Database can be generated by our models (yaml, xml)
  11. 11. Frameworks (cont.)Smarty Is a template engine for PHP; Allows separating design from code; Eases the maintainability of on large web sites; Allows reuse of templates; Makes your website go faster; Improves security; Easily extensible;
  12. 12. Relational Database Model
  13. 13. Setting UpDoctrine: require_once BASE_DIR./lib/Doctrine­1.2.4/Doctrine.php; spl_autoload_register(array(Doctrine, autoload)); spl_autoload_register(array(Doctrine, modelsAutoload)); $manager = Doctrine_Manager::getInstance(); $manager­>setAttribute(Doctrine::ATTR_MODEL_LOADING,  Doctrine::MODEL_LOADING_CONSERVATIVE); $manager­>setCharset(utf8); $manager­>connection(mysql://codebits:codebits@127.0.0.1/codebits); if (DEBUGMODE)  Doctrine::generateModelsFromDb(dirname(__FILE__)./models/); Doctrine::loadModels(dirname(__FILE__)./models/);
  14. 14. Setting Up (cont.)Smarty: require_once(BASE_DIR./lib/Smarty­3.1.12/libs/Smarty.class.php); $smarty = new Smarty(); $smarty­>template_dir = dirname(__FILE__)./lib/templates/; $smarty­>compile_dir  = dirname(__FILE__)./lib/templates_c/; $smarty­>config_dir   = dirname(__FILE__)./lib/configs/; $smarty­>cache_dir    = dirname(__FILE__)./cache/; $smarty­>compile_check=DEBUGMODE;
  15. 15. The MagicFolder models has been filled by Doctrine with code: models/*.php (to fill with your business logic); models/generated/*.php (object definitions);Folder lib/templates_c/*.php has been filled by Smarty with munged templates;Now that the magic is working lets fill a web page with the data we have in the tables!
  16. 16. The MagicDeclaring table relations using hasMany, hasOne:class Customers extends BaseCustomers { public function setUp() { $this­>hasMany(CustomerUsers as relatedUsers, array( local=>id, foreign=>fk_customer_id, ) ); (…) }}
  17. 17. The MagicAvoiding XSS in Smarty: function escFilter($content,$smarty) {  return htmlspecialchars($content,ENT_QUOTES,UTF­8); } $smarty­>registerFilter(variable,escFilter);To show unsafe content just explicitly do: {$variable nofilter}Doctrine manages strings avoiding SQL Injection attempts! (but cannot do miracles!)
  18. 18. TransactionsBut a good business layer only works well if it is transactional, to maintain relational integrity. $conn=Doctrine_Manager::connection(); try{ $conn­>beginTransaction(); $customer=new Customers(); $customer­>name=$name; (...) $customer­>save(); $address=new Addresses(); $address­>fk_customer_id=$customer­>id; (...) $address­>save();  $conn­>commit(); } catch(Exception $ex) { $conn­>rollback(); }
  19. 19. QueriesAny language or framework is secure depending on how users use it: static function updateCustomerName($name, $id) { $conn=Doctrine_Manager::connection(); $conn­>execute(“update customers set name=$name where id=$id”); }Bad pratice to concat any user input, use instead Doctrine methods!The above example can also be database dependant which isnt a good practice.
  20. 20. QueriesUsind DQL: static function getAllUserCustomers($id,$page=0){ return Doctrine_Query::create() ­>select(c.*) ­>from(Customers c) ­>where(c.relatedUsers.fk_customer_id=:userid,  array(:userid=>$id)) ­>orderBy(c.name) ­>limit(20) ­>offset($page*20) #­>getSqlQuery(); ­>execute(); }
  21. 21. ConclusionIn this demo: We accessed data scattered over 7 different tables with (almost) zero programming; We didnt established or managed any connection; Our application can be now easily converted to another database engine with minimum effort; Each page is only a couple of lines in size, no more HTML embedding nightmares...; Our application has become more secure; In a couple of minutes...
  22. 22. Linkshttp://www.doctrine-project.org/http://www.smarty.net/http://logging.apache.org/log4php/http://code.google.com/p/nusoap-for-php5/http://www.zend.com/http://www.xajaxproject.org/(...)
  23. 23. Q&A Thank You

×