Comments on: 40+ Useful Php tips for beginners – Part 3

By: EllisGL

EllisGL — Thu, 11 Oct 2018 01:30:10 +0000

In reply to Richard.

I’ve taken that wrapper I talked about in 2012 and re-wrote it https://github.com/ellisgl/GeekLab-GLPDO2

By: Rodrigo Tognin

Rodrigo Tognin — Tue, 13 Mar 2018 20:44:18 +0000

About the item 28 “Store sessions in database”, I have a serious problem to develop an free-of-errors application in this case: if I store logged users in a database to verify duplicate logins, may occurs the cpu/tablet reset with the user using the application, and the information about the user will stay on the database, and the user will not be able to login until the information be cleared. What´s the better way in this case? I have doubt if setting a time limit to disconnect users without activities after, for example, 10 minutes.
Sugestions?

By: za_al

za_al — Fri, 14 Dec 2012 15:36:01 +0000

the good MVC framework is Yii Framework.(http://www.yiiframework.com/)

Yii comes with rich features: MVC, DAO/ActiveRecord, I18N/L10N, caching, authentication and role-based access control, scaffolding, testing, etc. It can reduce your development time significantly.

By: Silver Moon

Silver Moon — Thu, 19 Jul 2012 05:26:00 +0000

In reply to Chris. when running any php script from commandline, the full path should always be provided. the full path should be set before hand inside the application somewhere.

By: Chris

Chris — Thu, 19 Jul 2012 00:50:40 +0000

Thanks for sharing, useful post. I like the number 34 approach and i use it a lot, but there is something that bugs me to end and I can’t figure it out. Lets say the code is like:

exec(“php-cli $path_to_file > /dev/null 2>/dev/null &”);

Some servers that are configured differently will require the full path to php binary for the shell command to work. How can I get that before hand to ensure compatibility? (obviously asking the host is not possible)

Thanks.

By: Matt

Matt — Sun, 22 Apr 2012 09:43:39 +0000

Very useful article, thanks!

Just one thing on #26: I think there’s a typo on the variable in the query. It should be “INSERT INTO {$table_name} … “

By: Kenneth

Kenneth — Thu, 19 Apr 2012 06:47:16 +0000

In reply to Silver Moon.

“all file browsers are can work with ftp:// urls making working on live server very easy.”

If you’re working on a live server you’re doing it wrong. Use SVN :)

just my 2 cents as many people / beginners might read this. Need to give them good advice from the start ;)

By: blacksonic

blacksonic — Sat, 14 Apr 2012 17:01:07 +0000

Never ever turn on display errors in production, instead log those errors

Reading open source code is not always a good idea…look at wordpress, joomla, phpnuke…code is nearly piece of joke…so choose wisely which u read

By: Richard

Richard — Fri, 13 Apr 2012 13:56:03 +0000

In reply to EllisGL.

You are right with the WHERE clauses for SELECT-Queries, but for INSERT-Queries, you don’t realy need a where clause ;))

The issues with the table names are right, but it’s one of the most important thinks by setting up a databse strukture without table names like that!

To your wrapper:

I don’t realy like Database Classes with queries like that. OOP is great, but I never got the point of this strange and big sql string adapters. Why should it be faster/easier/clearer to use

$objQuery->sql(“SELECT *”)->sql(“FROM TABLE”)->sql(“WHERE foo=bar”)?

Insteat of:

$strQuery = “SELECT * FROM TABLE WHERE foo=bar”;
$objQuery->sql($strQuery);

$objQuery->sql(“SELECT * FROM TABLE WHERE foo=bar”);

:))

By: EllisGL

EllisGL — Fri, 13 Apr 2012 12:56:54 +0000

In reply to Richard.

@Richard: A couple issues with that. Your strKey and strTable are not back ticked and may cause issues, specially if you use table or column names like “name”. Also if you have a WHERE statements, you would have to deal with those. I use a PDO wrapper that allows me to do the following:

class Query_Tablename extends Db_Connect_Dbname
{
public static function getSomethingFromTables($tablename_id = FALSE, $offset = 0, $limit = 10)
{
$SQL = self::statement();

$SQL->sql(‘SELECT tn.*,’)
->sql(‘ tn2.cname’)
->sql(‘FROM `tablename` tn’)
->sql(‘ JOIN `tbalename2` tn2’)
->sql(‘ ON tn2.tablename2_id = tn.tablename_id’)
->sql(‘WHERE (0 = ? OR tn.tablename_id = ?)’)->sBoolInt($tablename_id)->sInt($tablename_id)
->sql(‘LIMIT ? OFFSET ?’)->sInt($limit)->sInt($offset); // use sprintf() functionality, since I need to add the “(int)” stuff.

//$SQL->dump();
return self::selectMany($SQL);
}
}

The wrapper (which isn’t publicly available at this time and I haven’t seen anything like it) does automatic binding, but has a couple issues I need to work out.

By: Silver Moon

Silver Moon — Thu, 12 Apr 2012 10:35:55 +0000

In reply to Jarrod. agree with your point , and updated the post.

By: Jarrod

Jarrod — Thu, 12 Apr 2012 05:09:41 +0000

I don’t think 31 is a very good idea, it may expose information you don’t want exposed and it will make debugging things harder by only showing fatal errors. I would suggest:

ini_set(‘display_errors’, false);
error_reporting(E_ALL);

By: Richard

Richard — Wed, 11 Apr 2012 16:47:57 +0000

In reply to EllisGL.

Nice argument EllisGL, that’s what I would like to add to this post.

You could build a function to your database class like this:

class MyDatabase {

[…]

insert($strTable, $arData){
if(!is_array($arData) OR count($arData) == 0)
return false;

$strInsertString = “”;
foreach($arData as $strKey => $strValue)
$strInsertString .= $strKey.”='”.$this->real_escape($strValue).”‘,”;
$strInsertString = rtrim($strInsertString, “,”);
return $this->query(“INSERT INTO “.$this->real_escape($strTable).” SET “.$strInsertString);
}
}

By: Silver Moon

Silver Moon — Wed, 11 Apr 2012 14:11:32 +0000

In reply to Phill Pafford. backticks are the same as shell_exec

By: Phill Pafford

Phill Pafford — Wed, 11 Apr 2012 13:35:04 +0000

On “34. Make a portable function for executing shell commands”, what about backticks? http://php.net/manual/en/language.operators.execution.php

By: Silver Moon

Silver Moon — Wed, 11 Apr 2012 05:56:31 +0000

In reply to Markus F.

Yes, there are plenty of good tools available on windows too , but linux does have some cool things.
All text editors on linux have code highlighting , all file browsers are can work with ftp:// urls making working on live server very easy.
The terminal is all powerful , with inbuilt ssh , and text editors to directly edit files on server.
File permission system is identical to that of server so problems are caught early , making the code move in the right direction.

By: Markus F

Markus F — Tue, 10 Apr 2012 15:47:08 +0000

“Develop on Linux” is just plain … you know.
Most of the best tools are available for Windows too and im developing on Windows for years without problems.
Anyway it’s true that most Webservers are running with Linux but there are very few issues (strict file names) that are causing problems.

By: EllisGL

EllisGL — Mon, 09 Apr 2012 13:52:32 +0000

On your MySQL query, I would use the “INSERT INTO…SET” way. This will allow to to quickly change the query into a UPDATE and also make it a lot easier to troubleshoot. Other things are to use back ticks around table and DB names.

INSERT INTO users(name , email , address , phone) VALUES(‘$name’ , ‘$email’ , ‘$address’ , ‘$phone’)”;

would become:

INSERT INTO `users`
SET `name` = ‘$name’,
`email` = ‘$email’,
`address` = ‘$address’,
`phone` = ‘$phone’;

Of course I wouldn’t use this directly. I would use PDO parameterized queries to better protect against SQL injections.