Try to look in my code and see is there any mixing with html otherwise then calling new object.
Off-topic: So I’m guessing you’re the “Anit-programming programmer”?
Here is an article comparing the advantages and disadvantages of using a framework.
https://nagbhushan.wordpress.com/2010/10/03/framework-advantages-and-disadvantages/
1 Like
I think none read the comments above and i write this for 100th time .
1.Description - says play-around CMS. Meaning its not going to be professional because it cant be in future 10 year.
2.Educational purpose. Is this something bad or what.
3. If your so damn good at programming stop telling me turn into a framework and give some not offtopic advice
4.I have met Laravel and Smarty . MVC patter is wonderfull but i need Like i said before before before to g deeper where this GET variable is sanitized and processed by the server.
When you do it framework is just another step closer to perfectionism .
I’m sorry, I’m not following you at all here. In your original example, you selected all of the visible pages, then iterated through the results to immediately print them out.
Then, you sanitized the id value to ensure it was an integer when in fact it could be nothing but an integer since it’s automatically generated by the database and is never manually touched by a user on an insert or update.
But then you did nothing to the title field which is most likely a string field that is far more likely to contain malicious Javascript code that could launch other pages or download spyware; Or HTML tags that would cause your page to look like garbage.
What MySQL data would a hacker try to bypass? They want your MySQL data, not your PHP code. Once they have the data, anything that occurs after that is pointless.
That’s not true. Try to insert a non-numeric value into an integer column. The query fails.
You’re clearly the “half-assed programmer”
1 Like
The reason why I did nothing to the title is because what if OP wanted to still do some other validating with his/ her functions? I wouldn’t know. Since I am not an “Anti-programming programmer”.
Are you sure about that? Every admin in this topic would of said that what I was leading OP to is a horrible idea. Clearly you are offended. Nonetheless, I’m going to ignore this person from here on out. He clearly doesn’t want to help OP and has no interest in this topic.
I would consider myself somewhere between OCD and anti, lol
1 Like
Off-topic: Really? I never knew. Out of all of the people I’ve seen on these forums, you seem to be more OCD and not in the middle of OCD and anti.
Not an absolute considering many CMS’s use WYSIWYG’s which allow users to basically enter HTML directory into the CMS and output to a page. In a controlled environment where users are trusted this is fine. For that reason and others it is more practical to handle validation and filtering on a case by case basic than a blanketed generic approach.
off topic: I think most would say I’m a perfectionist but I don’t shy away from leveraging others hard work when it makes sense. More often than not in the php ecosystem it makes more sense than not to use others work. At least that has been my experience. Not to mention I think it is considerate to the next developers inline to leverage well known solutions to common problems in case I get hit by a bus. I’ll be the first to admit I hate writing documentation so having documentation already written is a wonderful thing cause in my experience custom code rarely comes with any documentation when created in a vacuum. Though I would define my interpretation of perfection in terms of balance between code quality, maintainability, and efficiency. All those seem more easier to achieve when leveraging the work of giants. Which is why I so strongly recommend/back the open source solutions which I have.
In my opinion, it is nice to use until a certain point. If you rely on someone’s work. Then it’s kind of like those people who come to forums like these to get freebie codes. If you have to use a framework, then you have to use a framework. However if you force someone to use a framework whether they like it or not. It’s not helping anything. That’s just how I see things.
Off-topic: This sort of relates because it’s about installing Xampp/ WAMP/ LAMP (Deals with the PHP’s installation environment). So a while back, I remember reading a post that someone had made about Xammp. They said using Xampp is ok if you are a noivce and have no idea of installing your PHP environment because they have everything in a nut-shell. However they further said that if you only rely on Xampp, you don’t know how to properly install your environment and how your environment works. When your environment breaks, you only have the option to report it. You can’t fix it yourself if you don’t know where to begin. They said installing WAMP manually is a good experience because you can install what you want and how you want it. You get the good feeling that you have accomplished something. Something that someone else hasn’t done for you, but you have done for yourself.
1 Like
From your topics i see only letters in english . Do some critics about my code so i can observe and correct them in future.
Wanna see more code writing . And explaining . $this->render (NON off topic explanation).
$this basically refers to the function you are in. $this->render points to a function called render.
I would disagree. Experienced engineers use frameworks where as those less experienced lean toward building things from scratch. Just take a look at the jobs out there. The ones that provide the most compensation require knowledge of SPECIFIC frameworks and/or CMSs.
In most cases than not departments will have devops or systems engineers to manage the environment. Therefore, I don’t necessarily agree that application developers need to have acute knowledge provisioning an environment.
Though I myself am a HUGE proponent of vagrant paired with puphpet but several people I work with use WAMP. So I won’t hold using WAMP/XAMP against people but I do tend to shake my head because it is inferior to vagrant. However, so long as said individual can manage their local environment without my help more power to them.
Well that was the point. 
As I said in my original reply, I took this approach for years before I started using frameworks. I wasted so much time when I would have been much better off learning a framework sooner. Plus, if you learn one, you can easily pick up others. Plus if your goal is to get a job as a PHP developer, it’s generally expected that you have experience with at least one framework. Frameworks aren’t perfect and they certainly won’t meet every need you have but they’ll take care of a lot. Most companies using PHP today are either using one of the mainstream frameworks or they developed their own home-grown framework because anything else in a moderate sized application is a nightmare to maintain.
As for your application:
- First and foremost you need to clean up your indentations, line spacing, and curly brace positions. There is plenty of documentation out there on PHP coding standards. You should not be separating functions with multiple lines of “///////////////////////////////////”. There should also be a space after your function call and the curly brace and everything should be indented.
At minimum, something like this:
function norm($var) {
$var = stripcslashes($var);
$var = htmlspecialchars($var);
$var = trim($var);
return $var; // cleaned var
}
That clearly indicates what belongs in that function and what brace closes the function. Also, all methods should be indented within the class as well.
-
You should name all of your classes consistently. For example, don’t use getcontentclass.php. Call it Content.class.php or Content.php and store them all in one class directory. This enables you to leverage the autoload function to autoload all of your classes. If you do a $content = new Content(); call, your autoloader will recognize that you’re creating a new Content class and load in that file. It also saves it from loading classes you’re not using at that time. You also have an insertcontentclass.php file but nothing in it. You should have one class file for Content which should handle everything related to Content.
-
I would not recommend this:
$_GET[‘page’]= norm((isset($_GET[‘page’]) ? $_GET[‘page’] : ‘’));
if ($_GET[‘page’] == ‘’) {
$_GET[‘page’] = 1;
}
First of all, you do everything but ensure it’s an integer which it has to be. Second, you’re modifying the $_GET[‘page’] parameter itself which will very likely bite you somewhere down the line. Create a $page variable and store the clean value there.
-
You are including your database connection file and your setup file in every class. You’d be better off creating a more generic parent class that each of your other classes extends and putting your database information in there, though it should also be it’s own class too. When a child extends a parent, it also has access to the parent’s functions.
-
Don’t output anything directly from a class (don’t use echo statements). Return values and echo them out in the view.
-
Don’t include the closing PHP tag ?> in any class files.
There’s not much here. You have quite a long way to go before you have a working CMS. If you want to learn the basics, I’d recommend trying something much smaller like a To Do list or a the typical blog example (there are only about 6 million of those tutorials on the Internet).
There’s nothing complicated about the $_GET variable. It’s a superglobal variable that contains the parameters from the current URL. http://example.com?page=1§ion=home
$_GET[‘page’] // equals ‘1’
$_GET[‘section’] // equals ‘home’
There are plenty of examples out there of how to build an application. Forums are a place to ask specific questions, not to have people tell you how to code your entire application. Read books. Read tutorials. Try things. Your OP asked for opinions if you were building something useful or just another crap of code.
Hmm, I haven’t had any jobs in programming because I am still in college and learning myself. I guess you are right. I have a friend who is hired at a job and his job made him learn Twig. He said he doesn’t like it because it doesn’t make any sense at all and that it uses Doctrine for database management. I’m not going to argue any case because as I am still learning, I don’t know what is right and what is wrong.
Off-topic: I remember reading the sticky notes in the PHP category and remembered seeing a mention of Vagrant. I tried installing it myself, but with no success, I uninstalled it. I actually wanted to know what the difference in the 2 environments are, but it seemed like all I got form the finished installation was a partial folder. Not sure if that’s suppose to happen. Partial meaning just a folder with a few files.
That is just it. Less experienced individuals always seem to give up on these things claiming they are to difficult. I won’t argue that they can be difficult. However, the advantages of isolating an environment from the host machine far outweigh the disadvantages. Especially, when working on multiple projects that require different environments and/or versions of php, extensions, etc. Outside of a dedicated server the next best thing for development is a local environment that can get as close as possible to the production one. Technologies such as vagrant and docker accomodate that need quite nicely. Especially vagrant paired with puphpet.com.
Heh now we are talkin. Observe project is not finished all can be different in the end. + the part when javascript will enter is not included yet in the functionality .