This document outlines techniques for developing advanced PHP applications, covering topics like security, reusability, efficiency, directory organization, using pre-written libraries, PHP configuration, templating languages, and sanitizing input. It discusses concepts like separation of logic from presentation and centralized form processing. Tools mentioned include PEAR, Smarty, and various PHP functions. Examples are provided of contact form handling, adding database interaction, and sanitizing input.

1. © 2006 Agathon Group
http://www.agathongroup.com/talks/gospelcon06/advancedphp/
Advanced PHP
Peter Green and Joel Boonstra
Agathon Group
Originally presented at Gospelcon 2006

2. Introduction

3. Security, reusability, efficiency

4. Security, reusability, efficiency
Any problem worth solving is worth
solving the right way

5. Security, reusability, efficiency
Any problem worth solving is worth
solving the right way
Solving a problem the right way is hard

6. Security, reusability, efficiency
Any problem worth solving is worth
solving the right way
Solving a problem the right way is hard
Solving the same hard problem more
than once is silly

7. Techniques

8. Techniques
Directory organization

9. Techniques
Directory organization
Using pre-written libraries

10. Techniques
Directory organization
Using pre-written libraries
Writing your own libraries

11. Tools

12. Tools
PEAR: a code repository for PHP

13. Tools
PEAR: a code repository for PHP
Smarty: a template language for PHP

14. Tools
PEAR: a code repository for PHP
Smarty: a template language for PHP
php.ini: your friend in site organization

15. Tools
PEAR: a code repository for PHP
Smarty: a template language for PHP
php.ini: your friend in site organization
various PHP functions for securing data

16. Step 0: Organizing your directory

18. Concepts covered

19. Concepts covered
“Slow down, you move too fast!”

20. Concepts covered
“Slow down, you move too fast!”
Separation of logic from presentation

21. Concepts covered
“Slow down, you move too fast!”
Separation of logic from presentation
Prevent access to sensitive files

22. Concepts covered
“Slow down, you move too fast!”
Separation of logic from presentation
Prevent access to sensitive files
Self-contained, portable development

23. PHP settings, functions, libraries

24. PHP settings, functions, libraries
php.ini: include_path: normalize includes

25. PHP settings, functions, libraries
php.ini: include_path: normalize includes
php.ini: auto_prepend_file: apply a common
“settings” file to all PHP files

26. PHP settings, functions, libraries
php.ini: include_path: normalize includes
php.ini: auto_prepend_file: apply a common
“settings” file to all PHP files
function: ini_set(): access php.ini values

27. PHP settings, functions, libraries
php.ini: include_path: normalize includes
php.ini: auto_prepend_file: apply a common
“settings” file to all PHP files
function: ini_set(): access php.ini values
library: Smarty: templating

31. php.ini

32. private/lib/auto_prepend.php

33. index.php

34. private/templates/pages/index.tpl.html

35. Let’s take a look

36. [ page source ]

37. Step 1: Creating email forms

38. Concepts covered

39. Concepts covered
Centralized form processing script

40. Concepts covered
Centralized form processing script
Modular form processing, based on
function

41. Tools used

42. Tools used
Smarty!

43. Tools used
Smarty!
Smarty’s html_options and related functions
for quickly creating forms

44. PHP used

45. PHP used
mail(): basic function to send email

46. PHP used
mail(): basic function to send email
include_once(), require_once(): load in a
common set of functions

47. PHP used
mail(): basic function to send email
include_once(), require_once(): load in a
common set of functions
Superglobals ($_GET, $_POST, $_REQUEST)

50. contact.php

51. private/templates/pages/contact.tpl.html

52. bin/form_processor.php

53. private/lib/form_functions.inc.php

55. Let’s take a look

56. Step 2:Adding database interaction

57. Concepts covered

58. Concepts covered
Extending the centralized form processing
script to handle a new function

59. Concepts covered
Extending the centralized form processing
script to handle a new function
Checking database error statuses

60. Concepts covered
Extending the centralized form processing
script to handle a new function
Checking database error statuses
Centralized, separate config file for DB
settings

61. Tools used

62. Tools used
PEAR::MDB2 for unified, abstracted
database access

63. Tools used
PEAR::MDB2 for unified, abstracted
database access
Superior to mysql_* and mysqli_* calls!

66. private/templates/pages/event/add.tpl.html

67. bin/form_processor.php

68. bin/form_processor.php

69. private/lib/form_functions.inc.php

71. private/lib/db.inc.php

72. Let’s take a look

73. private/templates/pages/event/add.tpl.html

74. Step 3: Sanitizing input

75. Concepts covered

76. Concepts covered
Implementing data sanitation

77. Tools used

78. Tools used
library: PHP::Compat: using future
functions now (e.g., array_walk_recursive())

79. Tools used
library: PHP::Compat: using future
functions now (e.g., array_walk_recursive())
library: PEAR::Mail: send email without
worrying about spammers

80. PHP used

81. PHP used
get_magic_quotes_gpc()

82. PHP used
get_magic_quotes_gpc()
create_function()

83. PHP used
get_magic_quotes_gpc()
create_function()
stripslashes()

84. PHP used
get_magic_quotes_gpc()
create_function()
stripslashes()
strip_tags()

85. private/lib/auto_prepend.php
(excerpt)

86. private/lib/common_functions.inc.php
(old & busted)

87. private/lib/common_functions.inc.php
(new hotness)

88. private/lib/form_functions.inc.php
old & busted:

89. private/lib/form_functions.inc.php
old & busted:
new hotness:

90. private/lib/form_functions.inc.php
(old & busted)

91. private/lib/form_functions.inc.php
(new hotness)

92. Next steps

93. Concepts (not) covered

94. Concepts (not) covered
MVC, REST, and other useful acronyms

95. Concepts (not) covered
MVC, REST, and other useful acronyms
Dynamically loading based on
REQUEST_URI and/or PATH_INFO

96. Concepts (not) covered
MVC, REST, and other useful acronyms
Dynamically loading based on
REQUEST_URI and/or PATH_INFO
Live and development sites: one codebase

97. © 2006 Agathon Group
http://www.agathongroup.com/talks/gospelcon06/advancedphp/
Advanced PHP
Peter Green and Joel Boonstra
Agathon Group
Originally presented at Gospelcon 2006