Page 2 of 2 First 12
  • Jump to page:
    #16
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2012
    Posts
    29
    Rep Power
    0
    in fact,the sentence you said ( so, wheel re-inventing ),it never is for me.so,I want learn the php,dont want it is not used.But you can be right as well,,,it is maybe...like I said, another's rules is not proper for me.
  2. #17
  3. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,664
    Rep Power
    171
    Originally Posted by maximas
    in fact,the sentence you said ( so, wheel re-inventing ),it never is for me.so,I want learn the php,dont want it is not used.But you can be right as well,,,it is maybe...like I said, another's rules is not proper for me.
    Hello; yes it is a great idea to learn php, but for people like me who have full time job and 2 part time jobs having Codeigniter on board is magical. A lot of things have been done, not even gonna go there...
    Thanks

    Comments on this post

    • ptr2void agrees : Real developers don't try to reinvent the wheel; they use tried-and-tested existing solutions where possible.
  4. #18
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2012
    Posts
    29
    Rep Power
    0
    Originally Posted by zxcvbnm
    Hello; yes it is a great idea to learn php, but for people like me who have full time job and 2 part time jobs having Codeigniter on board is magical. A lot of things have been done, not even gonna go there...
    Thanks
    yes, a lot of things have been done,but I did them in my own framework

    for example :

    I never looking for it's where...

    PHP Code:

    $this
    ->library("lightbox")->data("image_path"); 
    for example :

    for tinymce editor:

    PHP Code:

    $this
    ->library("tinymce")->data(); 
    those actually load the js codes to page.but in my library is available normally php codes as well.

    for example:

    for pagination class

    PHP Code:

    $this
    ->library("pagination")->data("sql_code","limit","style"); 
    like above


    my library has the prepared over 70 php class...So,I am one having easy
  6. #19
  7. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,664
    Rep Power
    171
    Sounds good : )
  8. #20
  9. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,664
    Rep Power
    171
    Originally Posted by ManiacDan
    PHP was originally designed to be a templating language. That's why it's so often mixed in with HTML/JS like in zxcvbnm's script.

    To take a templating language, and use it to build a templating language is overkill. Plus, you have to learn all the syntax again, and you lose access to all the really awesome PHP functions that work on strings, specifically HTML strings.

    My company uses twig. It took me literally 2 hours to figure out how to print raw HTML into a twig template. I already know the answer for PHP, but I couldn't get to it because twig was preventing me from using one of the most powerful web programming languages in the world.

    Some people disagree, and prefer twig or smarty because they were taught that "display" and "business" should be separate, and therefore have decided that the "separate" means "separate language entirely."
    Bottom line: This code is valid and well structured mvc regardless of using twign smarty or any other php template engine? Or not? Thanks
  10. #21
  11. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,664
    Rep Power
    171
    Originally Posted by E-Oreo
    ptr2void's note regarding loading data directly into your view from your model is the only MVC-architecture issue that I see.
    I changed it (post #1). Does it look good?
    Originally Posted by E-Oreo
    Your model does have a SQL injection vulnerability though because you don't escape $email before using it in your query. $this->db->escape() serves the same purpose as mysql_real_escape_string, or you can use CI's built in database utility methods, which escape data also:
    PHP Code:
    $database_results $this->db->get_where('members', array('email' => $email)); 
    The utility methods are not meant to replace all SQL queries, but for simple selects, inserts, updates and deletes they are pretty convenient.
    I am using bind now that takes care of it.
    Originally Posted by E-Oreo
    Your view has an XSS vulnerability because you don't escape $email before outputting it; use htmlentities on it to prevent that.
    In config I have $config['global_xss_filtering'] = TRUE; I assume that's enough, isn't it?
    Originally Posted by E-Oreo
    It would also be a good idea to make the helper methods in your controller (everything except index in this case) protected so that people can't execute those directly.
    Are you talking about ( ! defined('BASEPATH')) exit('No direct script access allowed'); ? Or there 's something else?
  12. #22
  13. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    Bottom line: This code is valid and well structured mvc regardless of using twign smarty or any other php template engine? Or not? Thanks
    Right. The important part is that the view code is separated into the view; the format used to write the view is a secondary concern and not agreed upon by everyone.

    I changed it (post #1). Does it look good?
    It looks fine now

    In config I have $config['global_xss_filtering'] = TRUE; I assume that's enough, isn't it?
    I don't know the details of global_xss_filtering works. I always assumed it only looked for common XSS patterns but wouldn't catch everything. I don't know for sure though.

    Are you talking about ( ! defined('BASEPATH')) exit('No direct script access allowed'); ? Or there 's something else?
    No, I'm talking about the visibility on the methods in your controller class. Right now all of them are public even though some of them are clearly not intended to be run directly.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  14. #23
  15. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,664
    Rep Power
    171
    Originally Posted by E-Oreo
    Right. The important part is that the view code is separated into the view; the format used to write the view is a secondary concern and not agreed upon by everyone.
    I still wonder if it's possible to avoid using foreach loops in view using Code Igniter.
    Originally Posted by E-Oreo
    I don't know the details of global_xss_filtering works. I always assumed it only looked for common XSS patterns but wouldn't catch everything. I don't know for sure though.
    Would you please give me an example ( not <script>alert('oh');</script>).
    Originally Posted by E-Oreo
    No, I'm talking about the visibility on the methods in your controller class. Right now all of them are public even though some of them are clearly not intended to be run directly.
    What would you change to private or protected in this code?
    Thanks
  16. #24
  17. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    I still wonder if it's possible to avoid using foreach loops in view using Code Igniter.
    There's no reason to avoid foreach loops in a view.

    Would you please give me an example ( not <script>alert('oh');</script>).
    I don't know what the global_xss_filtering actually does so it's hard to give an example. The simplest thing to try is just putting a double or single quote into the value followed by some more text; if either disrupts the form output then you have a problem with XSS. If neither disrupt the form then you might still have a problem with the values you're inserting into your database (due to them having HTML-escaped single or double quotes rather than actual single or double quotes).

    Additionally, values coming a database won't be handled by global_xss_filtering, since that only applies to user input, but values coming from a database still have to be escaped before being shown in HTML.

    What would you change to private or protected in this code?
    99% of the time it makes no difference. I usually just use protected.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  18. #25
  19. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2012
    Posts
    24
    Rep Power
    0
    This is one of the good script I have seen in my whole life.
  20. #26
  21. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,664
    Rep Power
    171
    Originally Posted by E-Oreo
    ......
    Thanks. About design, which one is preferred?

    Having all database check, add, edit methods in 1 model and keep calling that model

    PHP Code:
    $this->load->model('members_model');
    if(
    $this->members_model->check($insert_data))
        {
            
    $this->members_model->add($insert_data)
            
    redirect('/account''refresh');
        } 
    Or having separate model per method?
    PHP Code:
    $this->load->model('check_members_model');
    if(
    $this->check_members_model->check($insert_data))
        {
            
    $this->load->model('insert_members_model');
            
    $this->insert_members_model->add($insert_data);
            
    redirect('/account''refresh');
        } 
    Thanks
Page 2 of 2 First 12
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo