I have to say it’s super having a personal tutor. I really appreciate the time you’re giving me.
You're welcome. I'll do my best to help where I can but I'm still learning myself.
So I think you’re suggesting that I validate user’s entry by setting $username = filter_var($username,… then reject the entry if the value is false, or insert it in database if it retains its value? Is that right?
Yep. Good summary.
I’m having some trouble making that work with a practice form on my localhost.
What's not working, and what's the code? If you're happy to share snippets it'll be easier to figure out what's going on.
Does that look right to you? Works on the regexr but not my practice page. Allows other chars, like double quote.?
Regexp testers may not use the same underlying algorithm as PHP. Use your actual environment to test. In this case, [\w] is matching the double quote character, though PHP does not document this.
I still don’t know how you entered any joke id at all since it’s auto-increment and there’s no field for it (except hidden). If it’s thru dev tools, I haven’t really figured that out yet
Hidden fields are better thought of as 'not visible in the browser'. Dev tools can see them (use the DOM inspector) and you can still edit them. <input type='hidden' name='id' value='1'> can be changed to whatever you want and then submitted.
Your auto-increment does not seem to be failsafe. I think you have code that mixes creating new jokes with editing existing jokes. I'd need to see the code to be more specific. Are you in control of each sql statement or are you using something like an ORM?
Another concern is that you do not seem to be using IDs as they are submitted. If I go to http://www.ltvinfo.com/joke/edit?id=2 I can edit the joke with ID of 2 as expected. If I go to http://www.ltvinfo.com/joke/edit?id=2b I still see an edit page for the joke with ID of 2 as opposed to a 404 or other default view. SQL would not match like this.
I suppose I must still have to validate the id before inserting the joke in the database, is that right? How do I do that if the id isn’t set until it gets to SQL? How do I stop you from setting an id?
The simplest method is to only use a user-submitted ID to retrieve a record from the database. Validation can be done by the presence or absence of a record with that ID.
@kvnb
Sorry for the slow reply
Forgiven. Lol
(me) -g- flag. only useful with preg_match?
That flag exists to allow you to find multiple matches in a string and return each match as a separate array entry. It is useful when you want to extract information from a string that fits a pattern, but is not useful for validation. PHP doesn't use this flag, but other languages do. Use preg_match_all instead of the flag if you need that behaviour. For validation you do not.
Great lesson. Thanks
if ($username == filter_var($username …
You need to use ===. I think a blank username would get through your filters as they stand.
Thanks, tested this and I see you’re right.
(me) I got all of that except the submit part. How do you submit it?
Once I've edited in the DOM inspector I can hit the Submit button on the form same as anyone would.
Ok!, this finally worked for me. I was certain I tried before and it didn’t post, so I was perplexed. Maybe it was on my dummy form which doesn’t actually submit.
So now I’m working on how to prevent user submitting altered hidden field. Research (SO) seems to indicate no easy way. I’m testing some ideas, like testing if user’s id matches author of joke with GET id. How do you do it?
It's risky using code that you don't understand as you can't always tell what it will do.
I’m kinda happy to say I think I understand each piece of php code pretty well. But I just “learned” OOP from this project, so it’s mostly the strategy of structure and why certain methods go into which classes. Jumping from class to class to method to class, trying to follow trail just to perform a single INSERT is what’s hard for me. So different from procedural (tho I think I see the benefit). And then trying to track down errors in that path. And the OOP: implements, interface, use, autoload, references(&$), dependencies, routes, \stdClass, constructorArgs, \ReflectionClass, and keeping all that in my head. I’m in awe of Tom for having written the book (~700pgs) and built the code in it. That’s genius to me. But his explanations of strategy are often over my head or difficult to keep inside it. It’s kind of like learning a spoken language, waiting for the light bulb to come on. If you can recommend some good, clear books/websites to explain strategy/structure, like where you learned it, that would help tons. I’m always searching.
It's a little bit of a guess, but from the code you've posted I think the problematic bit is:
private function insert($fields) {
How is the $fields variable constructed? If I submit a non-existent ID will there be an ID field in that array?
The insert($fields) method is part of Tom’s “Ninja framework” in the DatabaseTable class so that it can work in any database application regardless of the number or type of fields in a record. It’s called directly from save($record) method in same class, and the $fields array is POSTed from the forms for jokes, authors and categories, eg $joke = $_POST['joke'];. The forms create arrays, eg name="joke[joketext]". Possible paths are thru addJoke($joke) in Author entity, addCategory($jokeCat) in Joke entity, POSTed from form to saveEdit($category) in Category controller, or POSTed to savePermissions($author) in Register controller.
Thanks
Nate
I’m kinda happy to say I think I understand each piece of php code pretty well.
Good. I've had a look at the DatabaseTable class and it is the cause of the ID mishap. I'll talk you through it and see if that helps.
public function save($record) {
$entity = new $this->className(...$this->constructorArgs);
try {
...
$insertId = $this->insert($record);
...
}
catch (\PDOException $e) {
$this->update($record);
}
...
}This function seems to be trying to INSERT whatever you give it and then UPDATE the record if the query throws an exception (like it would if the record already existed). So when a dud ID is put in it happily INSERTs it. The auto-increment will only work if no ID is specified on the INSERT.
So, if I edit the ID field, the $_POST['joke[id]'] parameter will have a value, that you pass on to the $fields array, that you put into this function, that tries to INSERT it, which succeeds as INSERT will accept a value for ID, which means you have a record with whatever I put in that fits with SQL's schema for that column (probably an INT).
If you can recommend some good, clear books/websites to explain strategy/structure, like where you learned it, that would help tons. I’m always searching.
To be honest, there's a lot of bad information out there on PHP. I learnt to program in Java which is designed around OOP. That helped. With PHP I mainly learnt by building things. Robert Martin's "Clean Code" book and Martin Fowler's "Patterns of Enterprise Application Architecture" were really helpful and I still refer to those. People like Tom Butler are great to refer to for being very disciplined about how they design applications using OOP, and python helped me to understand the notion of using immutable objects to help with this. I'm still trying to improve my architectural decisions.
I haven’t been able to get to work on this during holidays. Just getting back to it now, with a quick question.
I’ve seen a ton of posts about Laravel on places like Reddit, wondering if it’s something I should try. Or should I stick with raw code, thereby learning it better? I don’t need another “language” (learning curve) to try to surmount in the midst of all this. Do you use Laravel or some other framework/library?
Do you use Laravel or some other framework/library?
Sometimes. I've not used Laravel, but I haven't built large projects before from scratch so it would be overkill for me. I'm starting a larger project now in my free time that I want to build using a MVC paradigm broadly in line with Tom Butler's writing (which is why I'm here). Those frameworks would be tricky to adapt to that ideology.
I must stress that I'm a hobbyist - I program in my free time to make things I find useful to me.
should I stick with raw code, thereby learning it better?
I think it depends on what you are trying to do. If you're trying to learn MVC architecture then there's no point using Laravel as they've made all those decisions for you. You'd just be learning how to use Laravel. If you want a framework to help you learn OOP it might be easier to use a smaller framework that you'll find easier to understand. Frameworks are just tools - it's best to know what you want to achieve before picking which tool to use.
public function output() {
$html = '<form action="?action=authen" method="post">'
. '<input name="username" type="text" /><br>'
. '<input name="password" type="password" /><br>'
. '<input value="Submit" type="submit" />';
return $html;
}
public function alert($msg) {
echo "<script>alert('$msg');</script>";
}
public function redirect($url) {
header("Location: $url", true);
}
After what seems like a very long time in development, I am pleased to announce I am launching a new website:
As part of my Ph.D research I'm developing a a metric for grading source code flexibility by identifying known bad practices (For example, global variables and singletons).
To test this metric, I've developed a tool which scans source code (Currently PHP) for bad practices which are known to make the code inflexible. It grades the code and highlights areas where flexibility can be improved.
Insphpect is currently in the testing phase so don't expect it to be perfect, but it's good enough to start to get some feedback!
If you're a PHP programmer who writes OOP code upload your code and complete the survey to tell me what you think! You can either provide a git repo url or upload a zip file.
Alternatively, if you're not a PHP programmer but do OOP in another language, take a look at the sample reports and complete the survey based on the recommendations given. You can also let me know if you'd like to see something similar for other languages.
Completing the survey is very beneficial to my research but if you have any informal suggestions I'm happy to take them on here.
Example 1:
$user = $user->load(1);
$user->disable($user);
$user->save($user);Example 2:
$user = $user->load(1)->disable()->save();
$user = $user->load(2)->password('test')->save();Example 3:
$loaded = $user->load(1)->getUser();
$loaded['disabled'] = 0;
$user->save($loaded);Questions that comes up from reading "Immutable MVC in PHP (Part 2) - Immutable CRUD application"
Example 2 is what seams like its the way to go but how do I manage user creation in that case. Make the load method take an array so methods like disable and password can work their magic like password hashing. Another way would be if I let the Save method take the array methods like password and disable won't have the ability to set anything before the new user is created. Or should I pass a new user array into the construct at startup?
class Request {
public function __construct($uri, $params) {
$this->uri = $uri;
$this->params = $params;
}
public function getUri() {
return $this->uri;
}
public function setParam($key, $value) {
$this->params[$key] = $value;
return $this;
}
public function getParam($key) {
if (!isset($this->params[$key])) {
throw new \InvalidArgumentException("The request parameter with key '$key' is invalid.");
}
return $this->params[$key];
}
public function getParams() {
return $this->params;
}
}
I want to see a finished example
small site skeleton
I was wondering, cause everything makes sense as long as its a single responsibility. Like a page for a report or a user profile or whatever you can come up with. But when you come to a home page witch can be a bit of everything like an overview.
The question is:
- Do I repeat the functionality of other models in the model?
- Do I use models in a model?
- And do I call the models, model in that case?
-- Model --
class Home {
public $welcomeMessage;
public $houses;
public $cars;
public $blog;
}
-- View --
<h1>Store</h1>
<p><?php Home->welcomeMessage; ?></p>
<h2>Cars I own</h2>
<table>
<?php foreach(Home->cars->owned as $car):
<tr>
<td>$car...</td>
</tr>
<?php endforeach;?>
</table>
<h2>Houses For Sale</h2>
<table>
<?php foreach(Home->houses->sale as $house):
<tr>
<td>$house...</td>
</tr>
<?php endforeach;?>
</table>
It's probably not a difficult refactor, replace new Foo() with $foo and pass in the instance as a constructor argument. You'll also need to change anywhere the top level class is instantiated to supply the constructor arguments.... or instantiate it with the DIC.
( insphpect.com can actually somewhat do this automatically and generate a patch, it's a bit buggy at the moment and needs tweaking... when I have time I'll release the code)
The file was rather popular and ate the limited bandwidth on the dirt cheap vps hosting my blog
