Jump to content
Larry Ullman's Book Forums

Antonio Conte

Members
  • Posts

    1084
  • Joined

  • Last visited

  • Days Won

    126

Everything posted by Antonio Conte

  1. Download an IDE with syntax highlighting. It'll show you where your parse error is. These kind of errors are much easier for you to fix on your own. Check out: - Eclipse - Netbeans - PHPStorm (paid) - Etc...
  2. Works fine in Safari and Chrome on my iPhone 4S.
  3. The file needs to placed in where index.php is located, not in your protected folder.
  4. Yeah, I do Larry. I guess Larry copy-pasted my code, so I'm at fault here, Jon. Haha. I really need a cup of coffee before my brain functions properly.
  5. Begin with this: $persons = array( array("name" => "Laith", "age" => 20, "gender" => "male"), // person 1 // Next person here... ); print_r($persons);
  6. With that result, you need to use the result as an array, i.e $model['title'] instead of $model->title. According to someone one the YII forum, you need to switch from PDO::FETCH_CLASS to PDO::FETCH_OBJ. You might need to bind that param too. I don't know.
  7. I was also afraid of using GET for a while, Paul. However, GET is a basic HTTP request, and is designed to get information. Save you some trouble and just pass the ID in the URL, but wrap the call in some permission checks. You should be using GET on all the "U"s in CRUD, with few exceptions. The rule is to never send sensitive info in GET. Passing primary keys is no problem. I even use GET on delete operations. That's not really "correct", but I get lazy. Short and simple code leads to fewer bugs and fewer security holes, so there's always trade-offs to consider. When I do this, I usually include a stricter check such a making sure other values exist too. Here's an example of how I do this in CodeIgniter: The method below is ran when i visit: http://domain.com/profile/attachment/delete/1/1 It can be translated to something like: http://domain.com/attachment.php?offer_id=1&file_id=1 /** * Deletes an attachment * * @param int The ID of an attachment */ public function delete() { // Load needed model $this->load->model('profile/files'); // Creates $this->files // Get identifiers $offer_id = (int) $this->uri->segment(4, 0); $file_id = (int) $this->uri->segment(5, 0); $company_id = (int) $this->user->company_id; // I know this exist // Delete record form DB $file = $this->files->delete($file_id, $company_id); // Make sure operation was successfull if ( $file !== null ) { $image = self::$UPLOAD_DIRECTORY . $file->file_path; $thumb = self::$THUMBNAIL_DIRECTORY . $file->file_path; // Delete the files if found $this->_deleteFile($image); $this->_deleteFile($thumb); } // Redirect $this->_redirect_to_attachments_list($offer_id); } CodeIgniter is segment based, so the call to $this->uri->segment() simply returns the GET param OR the second parameter. In this situation, it will always pass Integer 0 if the GET params does not exist. The trick is that $this->user is an object set by an authentication component I trust. I know that the user is logged in before this method is called. Because I trust that, I simply pass the Company ID and File ID to a model. If the combination does not exist, the Database model will simply ignore the operation and return false. If the record is deleted, I delete the actual files on the server too. This principle of delegation lets you write very simple and easy to understand code.
  8. I suggest you watch PHPAcademy's tutorial on the Geolocation API. It will teach you the basics.
  9. You need to add that parameter to your route file too.
  10. Haha. This is the forum. Again, welcome. That code should definitely work. What's in the variable $books for you?
  11. I would basically fetch two objects here. Sounds like a too specialized problem to change a model for. Sometimes you'll offer performance for code clarity, and this sounds like on of those times. Adding a method for getting a user by username is the way I would have done it.
  12. Print_r() is dubug functionality. Don't use it in production code. That code looks good to me btw. Welcome to the forum, btw.
  13. Yes, I really see that. It's also the reason why I won't consider building something new in it. Please don't quote me on that btw. I tried searching to provide some proof of that claim, but I couldn't find any. However, information like that sticks to my brain like glue, so I'm sure I've heard it from a source I trust. That does not mean it's true however, although I think it is. Thanks, Edward. I don't care so much as long as I'm understandable, but I try my best to write decent when convening a point objectively is important. I think my written language generally suffer a bit in quality as quantity is a more important factor. I don't always take the time to ensure the language is perfect as long as it's acceptable, and therefor I like to keep it simple. Cool that you notice when I make an effort.
  14. I can't really make an deep judgment on that, but I'll provide you with some thoughts. CodeIgniter: Simplicity has obviously been a priority during the development of the framework. It's very easy to get started utilizing the framework, and general functionality is easy to implement. The framework has a lot of helpful components and helper classes that will make your development cycle easier. The framework is extremely fast, even without caching. You can alter the framework's core by extending it, and it's easy to add helpers and components to controllers that need it. If you want something up and running quite fast, CodeIgniter can surely be a good choice. I would say it can be a good match for smaller projects. However, it's really starting to show it's age. CodeIgniter is compatible with versions of PHP 4, and not really object-oriented in itself. Important parts of the utility classes (validators, filters, sanitation) does not support Unicode. The MVC pattern is very loosely practiced. While that may sound nice, it can lead to clutter for inexperienced developers as they place code the wrong places. It's also really bad as you can't depend on an interface (like YII's validate, rules, etc) in most cases. The framework has also some weird quirks, such as instantiating objects from components when including the classes. They really like to do a lot via the application object. This requires you to look at the User Guides more frequently than you should need to, as you need to pass a lot of arguments you can't remember from time to time. Most is passed around using arrays, and methods often return false on errors. Exceptions is non-existing. This leads to a lot of type checking logic that is not really needed. This is huge problem in my personal opinion. Laravel is supposedly a framework developed by the core team behind CodeIgniter. It tries to solve some of the problems listed above. I've yet to try it myself, but that they felt a need to build a new framework is proof enough for me that CodeIgniter has some obvious flaws. I would not hesitate to recommend CodeIgniter to a friend, but I would really encourage them look around a bit first. There's obviously newer and better things out there, YII being one of them. That's my semi-conclusion. The reason I chose CodeIgniter was that I knew it. I had one semester at school to develop something as a one-man team. I did not really feel I had the time to learn a new framework. Doing everything from server administration, designing, front- and back-end development and releasing the website in four months left me without time for that. I will definitely look at other frameworks when a new project arises.
  15. I would start building. Get the framework under the skin. No matter how much you read and understand, you need to code to make it all stick. Progressively improving your projects will help you understand the framework. You'll get realizations along the way you would not get otherwise. CodeIgniter is a very simple framework in comparrason to YII. However, there's no doubt I utilize it better and write cleaner code after half a year of utilizing it. I have a better understanding of where to place my code, how to write modular and framework-independent components (that I could utilize in YII later on for example) and structures. As an example, I have components for things like Image uploading, file conversion, thumbnail creation, random generators, date conversion and other stuff I could use in other projects later on. You'll never do anything 100% the first time anyway. I would read up on things like agile development and Scrum. It'll help you to understand how to incrementally set goals for yourself and build applications one block at the time. Such theory is also very important in the business if you want to do that. Good luck, Jonathon. Keep us posted.
  16. My suggestion is to leave that bit of logic in the controller. I pass my data to static helpers for sorting/filtering and other such tasks in the controller. I also set my titles there. I'm currently building in CodeIgniter, so I don't have the nice structure you guys have. However, in such special cases, placing logic in the controller makes sense. Doing a copy of the zeroth item and assigning that appropriately makes a lot of sense to me. I've also put a little bit of logic in my header views. Placing something like this is not shameful at all: <title>Sitename <?= isset($title) ? '-'.$title : ""; ?></title> This will obviously look a bit different for you guys, but you get my point.
  17. Jon: Did not know that. Thanks for the snippet. konfused: As in the forum's code tags. They'll format code for you. Look for the "<>" symbol. Look at this: // Has a phone number been entered? if (!empty($_POST['phone'])) { //Remove spaces, hyphens, and brackets. $phone=str_replace(array(' ', '-', '(', ')', ')'), '',$_POST['phone']);} //line 212 //Use regex to check that the remaining characters are digits If (preg_match('/^[0-9]{11}$/', $phone)){ $ph=$phone; } } Versus this: // Has a phone number been entered? if (!empty($_POST['phone'])) { //Remove spaces, hyphens, and brackets. $phone=str_replace(array(' ', '-', '(', ')', ')'), '',$_POST['phone']);}//line 212 //Use regex to check that the remaining characters are digits If (preg_match('/^[0-9]{11}$/', $phone)){ $ph=$phone; }
  18. Yeah, I just fixed the logical error in your code. You are missing a parameter. - http://php.net/manual/en/filter.filters.sanitize.php filter_var($var, FILTER_SANITIZE_STRING, _FLAG_HERE); I wouldn't really recommend you using that filter anyway. There's better ways to remove HTML. You could do it with one of the flags, but you'll meet problems if you want to handle UTF-8 and foreign languages. It's build on the ASCII ranges. Using the filters to escape strings, validate URLS/emails and similar is good usage, though. To remove: http://php.net/manual/en/function.strip-tags.php To convert: http://www.php.net/manual/en/function.htmlentities.php // Trim input $name = trim($_POST['fname']); // Strip HTML/convert, apply escpaping $stripped = mysqli_real_escape_string(strip_tags($name)); $converted = mysqli_real_escape_string(htmlentities($name)); // Display differences echo 'Stripped: '. $stripped . '<br />'; echo 'Converted: '. $converted . '<br />'; // Get string lengths $strLen = mb_strlen($stripped, 'utf8'); $ConLen = mb_strlen($stripped, 'utf8'); // Check stripped string if( $strLen < 1 ) { $errors[] = 'You forgot to enter your first name.'; } // Check converted string if( $ConLen < 1 ) { $errors[] = 'You forgot to enter your first name.'; } // ... Hope that helps. Again, it's not a usable solution, but examples you could apply to your own code.
  19. Hope you explain that in the book at least then, Larry. Never heard of that before, but I'm not a fluent English speaker neither. We have such codes in Norway too, but I can't remember the abbreviation for them. Nor what it stands for really. Such concepts is tricky but very important to get right if you wanna deal nationally.
  20. That looks pretty clean to me. Some good code you've written there, Jonathan.
  21. You need to get the string returned from the function. You can't just make sure the test passes. //Is the first name present? If it is, clean it $name = filter_var($_POST['fname'], FILTER_SANITIZE_STRING)); // Make sure name is clean if( $name !== false ) { $fn = mysqli_real_escape_string($dbcon, $name); }else{ $errors[] = 'You forgot to enter your first name.'; }
  22. In Object-oriented programming, class context is very important. I miss led you a bit in my last post. $this is a special variable that can be translated into "this object instance", a.k.a "this object itself". It's important to notice that the view is rendered as part of the SiteController object, so $this will always point to the concrete controller that is ran. To get this, it's very important to understand the bootstrapping/routing part of a framework. This is why I've told you the basics are so damn important. $model is a Model object of type User. You need to understand that Models are something different from components. YII does also have a component called CWebUser. THAT component creates an object that let's you interact with a specific instance of a user. That is however not tied to a model. $user = Yii::app()->user; Gives you the current user. You need to look at CWebUser to understand how to play with that. About the PHPDoc. It does absolutely have a formal rule set, but It's not code. You'll therefor not get parse errors, or anything similar in you don't follow conventions. Following the rules will allow you to get a quick overview of a method in an IDE. Class method: Method call:
×
×
  • Create New...