SitePoint Sponsor |
|
User Tag List
Results 51 to 75 of 94
Thread: Template System Techniques
-
Dec 13, 2008, 04:44 #51
- Join Date
- Mar 2007
- Location
- Germany
- Posts
- 428
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
One question to the php-purists - how do you handle pure-php templates uploaded by users?
As most template engines support only a specified subset of what PHP offers it's relatively easy to deny the use of e.g. <?php unlink(...); ?> in a template - but how would you handle this in pure-php templates?
As far as I can see you'd have to parse the code, check each and every function call and again limit it to a specified subset that seems OK.
Just to make sure no one gets me wrong - I'm using both pure-php and Smarty, each one as it fits.
The question above should be no offence, I'm really interessted in a solution to solve the mentioned problem as I'd like to write a "pure-php template system" for one of my apps that handles cahcing etc. but lets the templates be pure-php.
-
Dec 13, 2008, 04:51 #52
- Join Date
- Jun 2008
- Posts
- 279
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
It would be presumptuous to claim that Smarty is useless. Template engines like Smarty are definitely useful in certain cases. For example, if you want your site users to upload their own template there is no way you ever let them use PHP.
For the rest of the cases, it’s matter of preference and opinion. Sure, if you like Smarty use it. If you think native templating is the way to go and smarty is not worth it, you are welcome to do so. On the other hand, if you keep ramming your opinions down others throat and claim to know one ‘true’ way of software engineering, you come off as rather immature. Someone who has just picked up a programming language and is so obsessed with it that he denies the existence of everything else.
Take it easy! just move on..
In my opinion, template engines are useful and they do speed up development, else why would so many people wish to use them.
I quickly done a Google search for "Native Templating", and the first result returned was a Google Book preview. Straight away is was stated that "approaching large PHP projects using templating makes sense"
The same argument about templating can be could be said for frameworks also, website can be created without frameworks, so again is there much need for them?
Of course there is, as again it helps speed up development. Sure there is some overhead, a developer first needs to put together the framework, buy once done, the advantages are huge!!!
-
Dec 13, 2008, 06:10 #53
- Join Date
- Jan 2005
- Location
- heaven
- Posts
- 953
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I guess if a project required user uploaded templates I might see the purpose in using a minimal template engine, though I would probably go with an XML based template for simplicities sake.
Exactly how creating a template engine speed up development?
I read over the section that you highleted from the book and here are some flaws
The first and most obvious problem is that your using a very powerful language (PHP) to do very simple job (spitting out content). The problem is not a performance issue, though. It's simply that by using PHP to take care of the content rendering you are introducing yet another point in your project where things can go wrong.
Think of the common problems you face when writing big classes -- typographical errors, misspelling variable names, accidentally reusing counter variables in heavily nested for loops. All these problems are just as constant if you also use PHP for your templating.
The second and perhaps more serious problem, becomes obvious when you consider large projects. One of the big advantages of using MVC in PHP projects is that the view and the controller can be delegated to developers skilled in the art of design and HTML, but but possibly not so skilled with PHP. THis allows the more expensive software architects to work on the heavy-duty PHP driving the model of the model of the project, and the less expensive Web developers to work on the interface.
However if you chose to use PHP templating, then the Web developers have no choice but to write in PHP. Admittedly there's not much PHP they need to know. It's the kind of PHP that could easily go on a cheat sheet.
The problem is not so much one of a learning curve but rather one of danger. PHP, after all does not restrict what these developers may or may not use in there templates. Rather, they must restrict themselves. Infinite loops, dangerous system calls, and other potentially critical mistakes are just a tiny typographical error away.
If there were some way to allow web developers to render the out put of a page using flexible tags as part of an arbitrary language, rather than using PHP, this problem could easily be negated.
The same argument about templating can be could be said for frameworks also, website can be created without frameworks, so again is there much need for them?
Of course there is, as again it helps speed up development. Sure there is some overhead, a developer first needs to put together the framework, buy once done, the advantages are huge!!!
I hope this time I didn't offend someone and if I did I apologize. >.>Creativity knows no other restraint than the
confines of a small mind. - Me
Geekly Humor
Oh baby! Check out the design patterns on that framework!
-
Dec 13, 2008, 06:26 #54
- Join Date
- Oct 2006
- Location
- France, deep rural.
- Posts
- 6,869
- Mentioned
- 17 Post(s)
- Tagged
- 1 Thread(s)
My first thought was to use the black-list approach of denying those functions - as you can do in php.ini.
Originally Posted by php_ini
(unless there is some magic way of ini file swopping ... )
But in practice maintaining a white-list of functions you do allow would be safer and more practical.
Even if it takes a long time to parse that template on upload, you'd only be doing it once wouldn't you? That sounds interesting.
While we are on the subject of templates, did anyone else see this post by Ren in the other place, and if so what did you make of it?
-
Dec 14, 2008, 04:10 #55
- Join Date
- Sep 2006
- Location
- Nottingham, UK
- Posts
- 3,133
- Mentioned
- 1 Post(s)
- Tagged
- 0 Thread(s)
Interesting idea with the named entities, but I think there is a big potential for clashes with the already defined ones.
The best templating system I have used is xtpl - simply because it is so simple, hardly any bloat, just replaces values in a template file and perhaps performs some limited caching.
I haven't found much of a use for a templating system though, I'd still rather use php.
-
Dec 14, 2008, 04:30 #56
- Join Date
- Oct 2006
- Location
- France, deep rural.
- Posts
- 6,869
- Mentioned
- 17 Post(s)
- Tagged
- 1 Thread(s)
I haven't found much of a use for a templating system though, I'd still rather use php.
I still don't, and I put that down to my own ignorance really - that and not working in a team where there are programmers and designers.
-
Dec 14, 2008, 04:32 #57
-
Dec 14, 2008, 06:38 #58
- Join Date
- Jan 2005
- Location
- heaven
- Posts
- 953
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I think it would be interesting if someone actually made a template engine but wrote it in C rather than writing it in PHP... hmmm >.>
Creativity knows no other restraint than the
confines of a small mind. - Me
Geekly Humor
Oh baby! Check out the design patterns on that framework!
-
Jan 1, 2009, 10:48 #59
- Join Date
- Jun 2008
- Posts
- 279
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Why?
I thought Template Engines were a waste of time, what would be the advantage of writing it in C if there is no need for them in the first place?
-
Jan 2, 2009, 14:19 #60
- Join Date
- Nov 2006
- Posts
- 206
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
-
Jan 2, 2009, 16:32 #61
- Join Date
- Apr 2008
- Location
- North Carolina
- Posts
- 438
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Like many have said, just stick with plain PHP rather than having a template system that uses custom syntax. I once tried a 3rd party templating system (much like Smarty). I'll never use one again.
Use a good framework, such as CodeIgniter (a.k.a. CI, low learning curve, great docs, great overall) or Zend (high learning curve, enterprise level, great overall).
Since I've got more experience with CodeIgniter than I do Zend, I'll talk about it and how it works much like a templating system (minus the custom syntax... but you have the option to use it if you want).
CI follows (closer than most frameworks I've seen) the MVC (Model-View-Controller) design pattern. Essentially, your models interact with the database, your views are your templates, and your controllers are where all your business logic goes.
Here's a simplified example for a "template"-like implementation for viewing a blog article in CodeIgniter. Note that in this example I'm not using headers or footers simply for the sake of understanding this more easily. Also, I don't advise using short tags, but in this example I am for the same reason I'm not using headers or footers.
Your view (views/blog_article.php) might consist ofPHP Code:<html>
<head>
<title><?=$page_title?></title>
</head>
<body>
<h1><?=$page_headline?></h1>
<?=$article_content?>
</body>
</html>PHP Code:class Blogmodel extends Model {
function Blogmodel()
{
// Call the Model constructor
parent::Model();
}
function get_article($article_id)
{
$this->db->where('article_id', $article_id);
$query = $this->db->get('articles');
if (!$query->num_rows()){
return FALSE;
}
return $query->result();
}
}
PHP Code:class Blog extends Controller {
function index()
{
// Not used in this example.
}
function article($article_id)
{
$this->load->model('Blogmodel');
$article = $this->Blogmodel->get_article($article_id);
// Make sure the article exists.
if ($article === FALSE){
show_error("The article doesn't exist.");
}
$data['page_title'] = htmlentities($article->title); // becomes $page_title in your view
$data['page_headline'] = htmlentities($article->title); // becomes $page_headline in your view
$data['article_content'] = $article->article; // becomes $article_content in your view.
// - there ought to be no need for htmlentities
$this->load->view('blog_article', $data);
}
}
- http://localhost/blog/article/51 loads your Blog controller's article(51) method.
- Blog controller calls get_article(51) in the Blog model.
- Blog model returns article 51's row from the database.
- Blog controller takes bits of article 51's row and puts them into the $data array.
- Blog controller loads the blog_article view and injects the $data array into it, using its keys as variable names.
- The blog_article view is shown on your screen with the data.
Easy enough to follow?[read: PHP Sec. | CSRF | PCRE Mods | Encryption | Form Proc. | File Val.]
[tools: PHPEd | PHP Docs | jQuery | CI | SwiftMailer | CKEditor | reCAPTCHA]
-
Jan 2, 2009, 20:51 #62
- Join Date
- Oct 2005
- Posts
- 12
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Basically, I have been using PHP as a templating engine for quite some time now.
And I am really starting to see light in creating a custom Template Engine to speed up template creation and ensure that standard PHP code gets generated every time.
e.g.
{name?}
would generate
<?php if (!empty($name)) echo $name; else echo ' ' ?>
the engine should have 2 modes - development and production.
In development mode, it should always compile the raw template into PHP and in production mode it should only use the PHP template and never compile. with the option to define locations for uncompiled and compiled templates.
Also it should support custom function definition so that you can shorten commonly written code into simpler tags
e.g.
{show_tags}
would generate:
<?php if ( is_array($tags) { foreach($tags as $tag) { echo '<div class="tag">'.$tag.'</div>'; } } else { echo '<div class="notag">No tags defined</div>'; } ?>
Smarty fits the bill but I am more impressed with Sintags of the Akelos framework.
-
Jan 2, 2009, 22:11 #63
- Join Date
- Apr 2008
- Location
- North Carolina
- Posts
- 438
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Just checked out sintags, and seems like a good idea. The problem for me is that is still involves learning another syntax that doesn't facilitate making the entire application easy.
[read: PHP Sec. | CSRF | PCRE Mods | Encryption | Form Proc. | File Val.]
[tools: PHPEd | PHP Docs | jQuery | CI | SwiftMailer | CKEditor | reCAPTCHA]
-
Jan 2, 2009, 22:19 #64
- Join Date
- Mar 2007
- Posts
- 98
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I find this all pretty interesting as a while back I was looking into creating my first template myself. I have heard of Smarty but never looked into it.
Much of this templating discussion is above my head as it seems the systems being discussed are much more than what I needed for my site. I wasn't interested in user customizable templates or anything like that, and simply wanted a template for my website that pulled data from a database.
It was straightforward in PHP without any issues and the code is clearly readable in my mind. Each page file is roughly
Code PHP:<?php include "common.php"; $page = new WebPage("pagename"); include "template.php"; ?>
and template.php was coded as HTML and then I simply pulled the page specific data out and replaced it with some PHP statements using my $page object. Simple.
Perhaps if things got more difficult or I was trying to make some crazy hard template it might make more sense to look into third party template systems, but I don't see any point at all for a basic template.
And all this discussion on short-hand notation and how it makes a big difference or code much longer doesn't really make much sense to me either.
To me, there is little difference in
<?=
and
<?php echo
In all honesty, most of us on this forum can type pretty fast and we can type either statement in about one second regardless. Both are readable to me, but I prefer longhand notation because I think it's probably more readable to other people.
-
Jan 2, 2009, 22:21 #65
- Join Date
- Apr 2008
- Location
- North Carolina
- Posts
- 438
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
The difference in short notation and long is that some servers dont have short_tags turned on.
If you are building an application that's meant to be redistributed at all, you had better be using the long notation.[read: PHP Sec. | CSRF | PCRE Mods | Encryption | Form Proc. | File Val.]
[tools: PHPEd | PHP Docs | jQuery | CI | SwiftMailer | CKEditor | reCAPTCHA]
-
Jan 3, 2009, 06:32 #66
- Join Date
- Oct 2006
- Location
- France, deep rural.
- Posts
- 6,869
- Mentioned
- 17 Post(s)
- Tagged
- 1 Thread(s)
That certainly seems an interesting benefit, but isn't it pretty much the same as doing:
PHP Code:<?php show_tags(); ?>
You are in effect maintaining some kind of "view helper" in your code-base somewhere, else when you actually want to change that from displaying as a div to displaying in an UL, you have to amend some code squirreled away from your template code.
What if it is the designer who has to be able to affect that change?
I like the idea you mention about pre/post production though.
-
Jan 3, 2009, 09:20 #67
- Join Date
- May 2006
- Location
- Lancaster University, UK
- Posts
- 7,062
- Mentioned
- 2 Post(s)
- Tagged
- 0 Thread(s)
In my days of template research (about 2 months ago :P) I tried quite a few different techniques to template with.
Smarty... Well its a bit like PHP, so why not just use PHP instead and get rid of the overhead?
Tag replacement (i.e. ~varName~, #FuncName#) - Handy but PHP could do this with just '<?php echo $Content->varName; ?>' - yeah its longer but you can do more with it.
XML Parsing. Yes, I even went down the route of adding innerText to elements with a certain attribute using the Dom, a bit like how .Net does it. This was the most useful and fun to implement, but it was alot heavier on the system and added over 50% to the output time.
In the end I decided to go back to PHP-based templating. PHP itself is a fully fledged programming language (obviously) so offers much more flexibility than other methods. It is also native to the compiler so adds no extra effort to parse. I knew it, so I don't need to have to think about how to do something, and it requires no extra programming on the back-end. Its not hard to write functions with PHP, so why people think that templating systems with functions is a benefit, when write the same functions themselves, I don't know.
Of course problems arrise when the designer wants to change something, but there are solutions around this.
Realistic methods include a dual templating system. The designer specifies their own preference of inputting dynamic code into the file, be it XML or templating - whatever they like. From that a parser could be easily made which generates a PHP file from it, and this means that extra processing need only occur once, and it needn't be on the actual server.
However, my all-time favorite is a little sunken drawing pin on the designer's seat that quickly fires when any PHP code is touched, but of course this adds overhead to the designers computer and chair.
Jake Arkinstall
"Sometimes you don't need to reinvent the wheel;
Sometimes its enough to make that wheel more rounded"-Molona
-
Jan 3, 2009, 11:02 #68
- Join Date
- Oct 2005
- Posts
- 12
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Well, I agree that functions aka view helpers would be the better way of including proper php into templates without going the route of template parsing. something like what Wordpress is doing. Though its a pain to anticipate and create functions for everything you want to do in a template
-
Jan 3, 2009, 11:03 #69
- Join Date
- Jan 2005
- Location
- heaven
- Posts
- 953
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Creativity knows no other restraint than the
confines of a small mind. - Me
Geekly Humor
Oh baby! Check out the design patterns on that framework!
-
Jan 4, 2009, 05:50 #70
- Join Date
- Jun 2008
- Posts
- 279
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
-
Jan 4, 2009, 06:52 #71
- Join Date
- Oct 2006
- Location
- France, deep rural.
- Posts
- 6,869
- Mentioned
- 17 Post(s)
- Tagged
- 1 Thread(s)
Well thats about it really isn't it?
If I understand it, in many team situations html templates are there primarily to provide a means of delegating to non-phpers (or evil users, if you are paranoid/realistic) the ability to change what is displayed on the site.
Note : not just how things are displayed, but actually which data are displayed.
Using a template language, to a large degree I guess, limits the damage that these users can do by offering a subset of abstracted PHP functions, simple loops etc.
Is it true that templates are used mostly as a read-only display mechanism?
For a long time I mistakenly believed that templates were the V in multi-layer frameworks like MVC, but in effect they often rely on objects such as view-helpers to negotiate and retrieve the data they need.
Perhaps read-only-view-helpers written in C would be a good idea?
Take simple table data retrieval.
Maybe addressing pagination, handling null results variable length arguments, optional non-phper notices etc.
In non-production mode, all the non-phper generally wants to stipulate is which table, which fields, which order.
Just gimme the data for my loop.
All the programmer really wants to stipulate is which tables are disallowed to be read, or which individual fields are disallowed to be read, and which table can be joined to what.
Heres your data. Tough, that field is out of your range.
...and something polite in the middle which says, "computer says no", "that field does not exist" or "1600 results? Here's 100, chew that over."
template <-> view-helper <-> Model (or Controller)
where view-helper consists of :
<-designer-negotiator-> <-programmer-negotiator->
where designer-negotiator tells them
what tables are available
what fields are available
what joined tables have been set up for them
error messages
data
and programmer-negotiator refers back
what cockups have been made
which non-existant fields are being asked for
but is told:
which tables are available
which fields are not available
These smarter view-helpers could then be clever enough to white list the necessary PHP functions that users can get their heads round like date format and money format, and leave those decisions to the designers.
-
Jan 4, 2009, 16:43 #72
- Join Date
- May 2007
- Location
- Poole, UK
- Posts
- 5,077
- Mentioned
- 103 Post(s)
- Tagged
- 0 Thread(s)
I fail to see the point in using template engines like smarty, i see their use as a waste of resources (overhead). I prefer to echo (view in MVC) the stuff and format it using css.
Community Team Advisor
Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator
-
Jan 5, 2009, 09:46 #73
- Join Date
- Jun 2008
- Posts
- 279
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
-
Jan 5, 2009, 12:30 #74
- Join Date
- May 2007
- Location
- Poole, UK
- Posts
- 5,077
- Mentioned
- 103 Post(s)
- Tagged
- 0 Thread(s)
All a template needs to be is a normal html page but saved as a .php with values such as the page title ( in the <title><?php echo $page_title_here ?></title> ). The main page content would be dealt with by a view class (communicating with the model and controller classes). All formatting information should be dealt with by css and all positioning done using divisions and css.
Community Team Advisor
Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator
-
Jan 5, 2009, 12:48 #75
Bookmarks