Paul McNally’s Blog

I started using the smarty template engine today for one of the applications that I develop at work. The application previously used a home-made templating system that was much more primitive in comparison. It was basically a string replacement engine.

I had started reading the documentation on the Smarty website a few days ago, and I must say, I am impressed with what this so-called “template engine” can do.

I quote template engine because on the offset, that’s what Smarty appears to be. But upon further investigation it becomes apparent that Smarty is much more than this.

During the day or so that I have been using Smarty, i have come to appreciate it’s built-in function base, that takes care of things such as loops and conditionals with ease. Meaning that it really can be used as a full presentation layer instead of a string replacement/templating system.

This ability to have conditionals and language constructs purely in the presentation layer means that one can use PHP to obtain and sort the required data, into arrays if necessary and then pass on the raw data to the template which can then decide what to do with it, or how to display it. This is the limitation of more simple string replacement templating systems.

Although I am still new to the Smarty way of doing things, the more i discover about Smarty, such as it’s built-in language file support, and auto-generation of HTML select/option tags given an associative array the more I like it.

Only time will tell if it can cut the mustard though, once it’s been implemented on the whole application and tested. But from what I’ve read, it’s up to the job.

No comments »

My programmer’s editor of choice for quite a while now has been Zend Studio 5.5, it has many useful tools like built-in function reference and code completion. It allows you to create your own colour schemes (unlike the new Zend Studio 6) and debug code.

As a secondary editor i would use Gedit on linux and Context on Windows. Every now and again i take a look at what editors are available as oftern the editor a developer uses is a matter of personal taste.

Not long ago I came across the open-komodo project, which provides a free multi-platform version of the Komodo IDE as the text editor Komodo Edit, and I love it.

Komodo Edit has dynamic language support for Perl, PHP, Python, Ruby, Tcl, JavaScript, CSS, HTML, and XML, it also supports template languages like RHTML, Template-Toolkit, HTML-Smarty and Django.

Komodo Edit has many of the tools that I like about Zend Studio, such as code auto-completion and calltips, multi-language file support (great!), syntax coloring and syntax checking, Vi emulation, Emacs key bindings!

What more could you as from an open source editor? What’s that? you want more? How about firefox like extensability? The open komodo community has a wealth of extensions for the editor from Mootools API to jQuery tools. Check it out, I hope you likeit as much as I do.

No comments »

Working within a development team on applications usually requires some sort of version control. Version control software such as the newer Subversion (SVN), and older Concurrent Versions System (CVS) store a version of the developmental code internally in a “repository” and allow as many people as required to “check out” or obtain a copy for themselves. These applications have many uses, but the main uses are the distribution of code, and the subsequent saving of updated code once a developer has finished working on it. All version control software have this functionality. Plus the ability to lock files that are being worked on and  prevent or merge multiple modifications to the same code. In short, they are an indispensable tool for multi-developer applications.

Developers who use Microsoft Windows and need access to an SVN ro CVS repository have the option of using an extremely good, open source GUI client called TortoiseSVN (or TortoiseCVS as required).

TortoiseSVN won the SourceForge.net 2007 Community Choice Award for Best Tool or Utility for Developers. Using this GUI client means that the user can perform many actions that would require a more in depth knowledge from the command line.

Unix and Linux users do not have the luxury of the TortoiseSVN GUI client to perform actions on a CVS/SVN repository. There are alternatives, such as RapidCVN which is cross platform but I’ve never tried it so can’t comment. Maybe I will at some point.

Whichever Operating system that you use, it’s always useful to be able to get by without a GUI client from the command line. So here’s just a few useful commands…

SVN Checkout

svn co url [destination_directory]

or

svn checkout url [destination_directory]

Ignore a directory

svn propset svn:ignore directory ‘dir_name’

Show status of files and dirs

svn status

Add a file

svn add file_name

Commit

svn commit [file_name] [-m "some comment"]

If you require more, there is a useful resource of commands here.

No comments »

When developers talk about application development they often spout things like

“When developing an application it is beneficial to separate business logic from the presentation logic”

Which all sounds very technical and intellectual, but what are they going on about when they say things like this?

Imagine a simple website. Three pages liked together by hypertext links. Each of the pages contain text and images hard coded as HTML and the files have a .html extension. There’s no processing behind the scenes, no PHP/ASP or Java, the pages content never changes. These are called static pages. It would be fair to say that this website is almost completely made up of presentation logic. Logic, or code concerned with display and not processing any information.

Now, imagine a PHP scrpt that a form on this website posts it’s information to when someone clicks the submit button. Let’s call it ‘process_form.php’, and lets say this form takes the information posted to it, checks the information is usable, and then redirects you to another page depending on what you entered in the form. This processing of information would be an example of business logic.

Often In web applications, business logic and presentation logic, along with CRUD (database logic)  are often fused into single scripts. Such as having a single PHP script that does some processing and outputs the result in HTML format. Though often useful, this can become problematic and cumbersome if you wanted to change the way your web page looked without changing the way it does any processing.

Along comes templating…

Templates allow you to seperate your static content from your processing. This way, you could easily change your static content without worrying about the processing code getting in the way and vice versa.

A simple HTML file could look like this:

If we wanted to output PHP in this file we could do something like this:

This would be an example of single-tier, or fused logic. Which makes it difficult to just change our HTML because the HTML and PHP are intertwined in a single layer. Say we created a template file of our original HTML file that looked like this and gave it the extension .tpl

In this example we have replaced the content withcontent placeholders that we can reference later on.

Now, we can produce a simple PHP function that will replace the placeholders with our content after our PHP business logic layer has finished with it. The function may look something like this:

This way, from our PHP business logic layer, we can easily produce our presentation layer with any data we like without having to alter the template in any way. An example of calling our template from the business logic layer would be something like this:

No comments »

Yesterday I went to an interview for a new job. As with many programming/developer jobs after a bit of a chat the interviewer and a lead developer gave me a small test on my PHP knowledge.

I was given 3 pieces of paper with some PHP code on them that was intentionally erroneous and given 15 minutes to mark all the errors on them.

Hindsight is a beautiful thing I suppose. After leaving the interview something came to mind that i didnt notice straight away.

The code was using something like this:

Because we didn’t first initialize the $loginstatus variable as false using:

the variable might be defined through using the register_globals setting instead, such as from a GET URL query string from a posted form, e.g.

auth.php?loginstatus=1

So, anyone can be seen as authenticated when testing like this!

Oh boy! how dangerous could that be! Even though register_globals had been turned off since PHP 4.2.6 as default, it sould not be taken for granted as when it is turned on can be a security loophole, which is why it’s scheduled for removal.

I cant believe I missed it at the time (although it did come to me afterwards) It’s that easy to create a potentially unsecure application.

As of PHP 6 though this can no longer happen, as the register_globals PHP setting is being removed comletely. Good.

No comments »