UPDATE 12/2/2005: It would help if I actually included the css file, eh? Code examples now contain outlines and scrolling.
11.19.2005
Still fleshing out the syntax highlighting
I'm not 100% happy with the way the syntax highlighting is working out so far with the code examples. I may have to hack up the plug-in. My apologies if it's annoying you as well.
11.18.2005
Configuration variables via Singleton object in PHP4
There is probably no design pattern handier and easier to set up than a Singleton pattern. One of the best uses in PHP apps is for configuration variables. You can use define all over the place or you can use $GLOBAL but things work a lot better when you have nice neat place to set and get global configuration variables. Enter the Singleton Configuration object. Here's some simple code for the object itself, simply named Config.php:
If you think the getInstance method looks a little borked, you're right. What we're doing there is attempting to return the first and only the first implementation of this object. So everytime you make a call to this config object, you should be getting the same one. That's why we return the [0]th item in the array. This is a little easier in PHP5 but for PHP4, this is what we're stuck with.
And here's how to use this bad boy:
What's great about this method of doing things is that you virtually eliminate the need for global variables in functions and objects. This is a very good thing. If you need some configuration variables available to a function or object, you can pass it this config object like this:
If you like this way of doing things, wait until you try to recreate this in PHP5, it's even easier.
/** * Web Config object using Singleton pattern * * @author Rich Zygler, Jr. * @datecreated 03/08/2005 * @access public * @usage $config =& Config::getInstance(); * @usage $config->setConfig('admin_email', 'test@test.com'); * @usage $email = $config->getConfig('admin_email'); * @TODO */ class Config { var $configVars = array(); /* * Create a new config object */ function &getInstance() { static $instance; if (!$instance) { $instance = array(new Config); } return $instance[0]; } /* * Get config data * * @param $key string - array key of variable whose data we are retrieving * @return $this->configVars string */ function getConfig($key) { return $this->configVars[$key]; } /* * Set config data * * @param $key string -variable to retrieve data stored * @param $value string -variable that contains data to store * @return true * Can use arrays as well as in $config->setConfig('email_list', array(//... )); * retrieve array by foreach($config->getConfig('email_list') as $email) { //... } * */ function setConfig($key, $val) { $this->configVars[$key] = $val; return true; } }
If you think the getInstance method looks a little borked, you're right. What we're doing there is attempting to return the first and only the first implementation of this object. So everytime you make a call to this config object, you should be getting the same one. That's why we return the [0]th item in the array. This is a little easier in PHP5 but for PHP4, this is what we're stuck with.
And here's how to use this bad boy:
/** * config include * * @author Rich Zygler, Jr. * @datecreated 03/08/2005 * @TODO */ // Bring in the Config class file require_once ('Config.php'); // Instantiate our config object // Remember in PHP4, we use the =& // to pass by reference $config =& Config::getInstance(); // Set up some config vars // will change per application // The usage here is: setConfig(varName, varValue) $config->setConfig('appVersion', '1.o'); $config->setConfig('appName','Tester'); $config->setConfig('debug', true); // Maybe set the DB connection vars $config->setConfig('dbconn', array( 'username' => 'bunsen', 'password' => '!honeydew%', 'host' => 'localhost', 'db' => 'test', 'type' => 'mysql' ) ); // Now to get those values back from the $config object // first let's initialize our vars $appVersion = ''; $appName = ''; $debug = false; $dbConnArray = array(); // used for getting back db values $dbUser = ''; $dbPass = ''; $dbHost = ''; $dbType = ''; $dbName = ''; // Now let's get the values from the config object and populate our variables // of course, for a fully functioning app, you may want to check that these values are set $appVersion = $config->getConfig('appVersion'); $appName = $config->getConfig('appName'); $debug = $config->getConfig('debug'); // Here, we slurp the whole array from the config into a new array $dbConnArray = $config->getConfig('dbconn'); $dbUser = $dbConnArray['username']; $dbPass = $dbConnArray['password']; $dbHost = $dbConnArray['host']; $dbType = $dbConnArray['type']; $dbName = $dbConnArray['db']; // Now let's echo everything out to make sure the values are // coming back correctly echo "The version is: $appVersion"; echo "The name is: $appName"; echo "The debugger is on: $debug (1 = true) "; echo "The db username is: $dbUser "; echo "The db password is: $dbPass ";
What's great about this method of doing things is that you virtually eliminate the need for global variables in functions and objects. This is a very good thing. If you need some configuration variables available to a function or object, you can pass it this config object like this:
// call the function this way doSomethingWithConfig($config); // define the function this way // Remember to accept the object by reference (add the &) // otherwise a copy of the config data is created -- not good function doSomethingWithConfig(&$config) { // get app version $appVersion = ''; $appVersion = $config->getConfig('appVersion'); return $appVersion; }
If you like this way of doing things, wait until you try to recreate this in PHP5, it's even easier.
11.11.2005
Form data validation in PHP and JavaScript
I'm mentoring a few folks at work in web app development, specifically PHP. Today, the subject of form data validation came up when I pointed out to them that their app had none. No matter what data I entered for name, email address, etc., that data went right into the database (or at least the insert was tried). It was hack city.
There are 3 different types of data validation checks one can do:
Syntactic validation is when you need to make sure that the syntax of incoming data is correct. For instance, if it's a "first name" field, you wouldn't expect numbers, ampersands or other strange characters in there. You'll have to strip out the garbage before you can put that name into the database, so you'd better make the user fix their data before you have to. Another common one I find is when trying to get telephone numbers, social security numbers, etc. You don't want any chars in there.
Syntactic validation also takes care of checking minimum and maximum lengths for fields. If a new user must have a username that's 5 or more characters, you would check that thru syntactic validation. Same thing for maxlengths. Syntactic validation is what's going on too with checking for required fields (ie, is the username field blank).
Another common use of syntactic validation on the web is for checking valid email addresses and urls. You need to make sure those email addresses folks are giving you are at least of the proper form so you can email them good marketing stuff later. You could also check to make sure that email address actually exists (this would fall under domain validation though).
Syntactic validation is the simplest form of validation. The beauty part of it is that you can do most syntactic checks in both JavaScript on the client-side and then again in PHP on the server side. This aspect of "double-checking" stumped my associates too until I mocked up a quick form on my own machine that posted junk values to their test app, causing all kinds of mysql errors. I've seen programmers that don't do validation on both the client-side and server-side, but those programmers are no longer working steadily.
Another form of data validation is Semantic validation. In semantic validation checks, you are checking to make sure that one piece of information makes sense in regards to other incoming information.
For example, when registering a new user, most web apps will place the password box twice to make sure the user enters their desired password correctly. Checking these two passwords to make sure they are the same would be an example of semantic validation. Another example of semantic validation is checking to make sure that a required field based off another field is actually filled in. So, if the user specifies the country as US, then they also have to specify a state in the US... otherwise, they don't have to specify a state.
Semantic validation rules can get very complex, very quickly. While it's easy to build up a library of reusable code of syntax validation rules, semantic validation rules often require some custom work on every form. Again, semantic validation rules are most effective when used on both the client-side and server-side.
The third kind of form data validation is Domain or model validation. Domain validation requires checking the incoming info against another source of acceptable values. This could be existing database records, a config file, or simply PHP code. This kind of validation is checking the "domain" or "model" to make sure this incoming info makes sense.
A great example of domain validation is when registering as a new user on a site. After passing all the syntactic and semantic checks for registering a new username and password on the site, the app has to check to make sure the username you are requesting isn't already taken. So, it queries the users table in the db to see if your requested username is there. If it is, then the app needs to alert you to what went wrong and give you another chance to suggest a username. So, our web app is checking your requested username against the domain of existing usernames in our system.
Other examples of domain validation include checking to make sure an article_id in a CMS exists before we edit/delete it. Domain validation is also used in many permission schemes in web apps (ie, you can perform this action if your user level is > 5 or something).
Domain validation will almost always need to be done on the server-side as that's where the domain or model usually resides. So, you can't do any domain validation in JavaScript (well, you could, but it would be the most insecure app in the world).
Now the trick with form data validation is that most of the checks you're doing on the data will be done over and over again in every web app created. So, you're best bet is to create some type of class to take care of all this for you. (more on this in future article).
There are 3 different types of data validation checks one can do:
- Syntactic validation
- Semantic validation
- Domain or model validation
Syntactic validation is when you need to make sure that the syntax of incoming data is correct. For instance, if it's a "first name" field, you wouldn't expect numbers, ampersands or other strange characters in there. You'll have to strip out the garbage before you can put that name into the database, so you'd better make the user fix their data before you have to. Another common one I find is when trying to get telephone numbers, social security numbers, etc. You don't want any chars in there.
Syntactic validation also takes care of checking minimum and maximum lengths for fields. If a new user must have a username that's 5 or more characters, you would check that thru syntactic validation. Same thing for maxlengths. Syntactic validation is what's going on too with checking for required fields (ie, is the username field blank).
Another common use of syntactic validation on the web is for checking valid email addresses and urls. You need to make sure those email addresses folks are giving you are at least of the proper form so you can email them good marketing stuff later. You could also check to make sure that email address actually exists (this would fall under domain validation though).
Syntactic validation is the simplest form of validation. The beauty part of it is that you can do most syntactic checks in both JavaScript on the client-side and then again in PHP on the server side. This aspect of "double-checking" stumped my associates too until I mocked up a quick form on my own machine that posted junk values to their test app, causing all kinds of mysql errors. I've seen programmers that don't do validation on both the client-side and server-side, but those programmers are no longer working steadily.
Another form of data validation is Semantic validation. In semantic validation checks, you are checking to make sure that one piece of information makes sense in regards to other incoming information.
For example, when registering a new user, most web apps will place the password box twice to make sure the user enters their desired password correctly. Checking these two passwords to make sure they are the same would be an example of semantic validation. Another example of semantic validation is checking to make sure that a required field based off another field is actually filled in. So, if the user specifies the country as US, then they also have to specify a state in the US... otherwise, they don't have to specify a state.
Semantic validation rules can get very complex, very quickly. While it's easy to build up a library of reusable code of syntax validation rules, semantic validation rules often require some custom work on every form. Again, semantic validation rules are most effective when used on both the client-side and server-side.
The third kind of form data validation is Domain or model validation. Domain validation requires checking the incoming info against another source of acceptable values. This could be existing database records, a config file, or simply PHP code. This kind of validation is checking the "domain" or "model" to make sure this incoming info makes sense.
A great example of domain validation is when registering as a new user on a site. After passing all the syntactic and semantic checks for registering a new username and password on the site, the app has to check to make sure the username you are requesting isn't already taken. So, it queries the users table in the db to see if your requested username is there. If it is, then the app needs to alert you to what went wrong and give you another chance to suggest a username. So, our web app is checking your requested username against the domain of existing usernames in our system.
Other examples of domain validation include checking to make sure an article_id in a CMS exists before we edit/delete it. Domain validation is also used in many permission schemes in web apps (ie, you can perform this action if your user level is > 5 or something).
Domain validation will almost always need to be done on the server-side as that's where the domain or model usually resides. So, you can't do any domain validation in JavaScript (well, you could, but it would be the most insecure app in the world).
Now the trick with form data validation is that most of the checks you're doing on the data will be done over and over again in every web app created. So, you're best bet is to create some type of class to take care of all this for you. (more on this in future article).
11.09.2005
The SqlXML class -- PHP sql query results in XML via object
For a personal project that I’m working on in PHP4, I’m using XSLT to display a bunch of pages. Most times, I don’t use the XSL transforms for the whole page, usually just tables of data that are returned from a query. The first thing that you need to do an XSL transform is a nice chunk of XML data. It would be pretty handy if when we queried the database, it returned our results as XML that we could use for the transform. More robust database systems like Oracle can do this right out of the box, but Mysql needs some help from PHP. I created a nice little object to take care of this for me.
The object does a few things. There are two methods in the object, query and queryPaged. The query method just does a straight query to the db and returns the results as XML. The queryPaged method also does a query to the db and returns the results as XML. But this method takes on a few extra parameters so that it can return page navigation information in the XML also. This way, you can set up paged data tables with navigation (page 1, page 2, etc.) instead of just glomming out hundreds of rows of data.
First off, we need to include our db connection stuff and our SqlXML object file. Then we can create our sql. Then instantiate the SqlXML object and pass it our sql. Here's that code:
Pretty simple right? If you want to see the results, you can always just echo out a textarea:
Your results will obviously depend on your query, but an excerpt of mine look something like this:
So the method creates an XML “row” element for each row returned. Each field in the row returned gets its own “column” element. Each “column” element has a “name” attribute which tells you which field that data is for.
Keep in mind here that $xml is a string and not an xml object at this point. All the domxml stuff is handled inside the SqlXML object so we don’t have to fuss with it outside the object.
So how does this thing work? Well, first, it executes the query. If something didn’t work in the query, it just returns this as a string, not as XML.
Then it records the number of rows in the data.
The method then starts to build the xml tree by setting a result-set element at the root with an attribute of total-rows. The method then goes on to build the rest of the xml tree, row by row. I should note here that you do need the domxml extensions for PHP installed. All the XML creation in the object is done with domxml methods, no lame XML-as-string solutions here. Here’s the code snip of that area of the code:
Here, the while loop creates the row elements in our resulting xml and the foreach loop creates the column elements.
Once you have your xml in that $xml variable, you can bring it in to your XSL transform (article coming soon...). Here is the full code for using the query method of the object.
Now what if you wind up with a lot of data from your query? For me, if I'm displaying any more than about 20 rows of data, I'm going to paginate it (place 20 rows on each page with some page to page naviation). We can use the queryPaged method of the SqlXML object for this. But I'll save that for another article.
Here's the complete SqlXML.php class.
The object does a few things. There are two methods in the object, query and queryPaged. The query method just does a straight query to the db and returns the results as XML. The queryPaged method also does a query to the db and returns the results as XML. But this method takes on a few extra parameters so that it can return page navigation information in the XML also. This way, you can set up paged data tables with navigation (page 1, page 2, etc.) instead of just glomming out hundreds of rows of data.
First things first – The query method
First off, we need to include our db connection stuff and our SqlXML object file. Then we can create our sql. Then instantiate the SqlXML object and pass it our sql. Here's that code:
// start db connection require_once('db.php'); // left to the reader to do require_once('SqlXML.php'); // full code to this program below $sql = "SELECT * FROM customers LIMIT 10"; $sqlxml =& new SqlXML(); $xml = $sqlxml->query($sql);
Pretty simple right? If you want to see the results, you can always just echo out a textarea:
echo '';
Your results will obviously depend on your query, but an excerpt of mine look something like this:
<?xml version="1.0"?>|
1 Harry harry@test.com |
2 Tom tom@test.com
So the method creates an XML “row” element for each row returned. Each field in the row returned gets its own “column” element. Each “column” element has a “name” attribute which tells you which field that data is for.
Keep in mind here that $xml is a string and not an xml object at this point. All the domxml stuff is handled inside the SqlXML object so we don’t have to fuss with it outside the object.
So how does this thing work? Well, first, it executes the query. If something didn’t work in the query, it just returns this as a string, not as XML.
function query($query) { $xml = ''; $result = mysql_query($query); if (!$result) { return 'Query failed: ' . mysql_error(); }
Then it records the number of rows in the data.
$totalRows = mysql_num_rows($result);
The method then starts to build the xml tree by setting a result-set element at the root with an attribute of total-rows. The method then goes on to build the rest of the xml tree, row by row. I should note here that you do need the domxml extensions for PHP installed. All the XML creation in the object is done with domxml methods, no lame XML-as-string solutions here. Here’s the code snip of that area of the code:
$rowCount = 1; while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { $row = $root->append_child($dom->create_element("row")); $row->set_attribute("number", $rowCount); foreach ($line as $colKey => $colValue) { $col = $row->append_child($dom->create_element("column")); $col->set_attribute("name", strtoupper($colKey)); $col->append_child($dom->create_text_node($colValue)); } $rowCount++; }
Here, the while loop creates the row elements in our resulting xml and the foreach loop creates the column elements.
Once you have your xml in that $xml variable, you can bring it in to your XSL transform (article coming soon...). Here is the full code for using the query method of the object.
// start db connection require_once('db.php'); // left to the reader to do require_once('SqlXML.php'); // full code to this program below $sql = "SELECT * FROM customers LIMIT 10"; $sqlxml =& new SqlXML(); $xml = $sqlxml->query($sql); echo ''; // then take that $xml string and transform with the appropriate XSL
Now what if you wind up with a lot of data from your query? For me, if I'm displaying any more than about 20 rows of data, I'm going to paginate it (place 20 rows on each page with some page to page naviation). We can use the queryPaged method of the SqlXML object for this. But I'll save that for another article.
Here's the complete SqlXML.php class.
class SqlXML { var $resultsPerPage = 0; var $curPage = 0; var $sort_by; var $sort_dir; function SqlXML() { } function query($query) { $xml = ''; $result = mysql_query($query); if (!$result) { return 'Query failed: ' . mysql_error(); } $totalRows = mysql_num_rows($result); $dom = domxml_new_doc("1.0"); $root = $dom->append_child($dom->create_element('result-set')); $root->set_attribute('total-rows',$totalRows); $rowCount = 1; while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { $row = $root->append_child($dom->create_element("row")); $row->set_attribute("number", $rowCount); foreach ($line as $colKey => $colValue) { $col = $row->append_child($dom->create_element("column")); $col->set_attribute("name", strtoupper($colKey)); $col->append_child($dom->create_text_node($colValue)); } $rowCount++; } $xml = $dom->dump_mem(); // Free resultset mysql_free_result($result); return $xml; } function queryPaged($queryFields, $queryTail, $scriptPath = '') { $recCount = 0; $totalPages = 0; $xml = ''; // get the total count without getting field data $queryCt = "SELECT COUNT(*) " . $queryTail; $resultCt = mysql_query($queryCt); if (!$resultCt) { return 'Query failed: ' . mysql_error(); } // calc total pages $row = mysql_fetch_row($resultCt); $recCount = $row[0]; if ($recCount > 0) { $query = "SELECT " . $queryFields . $queryTail; if ($this->resultsPerPage != 0) { $recStart = ($this->curPage * $this->resultsPerPage) - $this->resultsPerPage; // add limit to query $query .= " LIMIT $recStart, $this->resultsPerPage"; } mysql_free_result($resultCt); $result = mysql_query($query); if (!$result) { return 'Query failed: ' . mysql_error(); } // calc total pages $recCount2 = mysql_num_rows($result); if (!$recCount2) { return 'Query failed : ' . mysql_error(); } $totalPages = floor($recCount / $this->resultsPerPage); if ($recCount % $this->resultsPerPage > 0 ) { $totalPages++; } } // create xml $dom = domxml_new_doc("1.0"); $rs = $dom->append_child($dom->create_element('result-set')); $rs->set_attribute('total-rows',$recCount); $rs->set_attribute('results-per-page', $this->resultsPerPage); $rs->set_attribute('total-pages', $totalPages); $rs->set_attribute('current-page', $this->curPage); $rs->set_attribute('script-path', $scriptPath); if (isset($this->sort_by) && isset($this->sort_dir) && $this->sort_by != '' && $this->sort_dir != '') { $rs->set_attribute('sort-by', $this->sort_by); $rs->set_attribute('sort-dir', $this->sort_dir); } $nav = $rs->append_child($dom->create_element('nav')); // create XML to set up paging for ($i = 1; $i < = $totalPages; $i++) { $page = $nav->append_child($dom->create_element('page')); $page->set_attribute('num', $i); if ($i == $this->curPage) { $page->set_attribute('current-page', 'true'); } } $rows = $rs->append_child($dom->create_element('rows')); if ($recCount > 0) { $rowCount = 1; while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { $row = $rows->append_child($dom->create_element("row")); $row->set_attribute("number", $rowCount); foreach ($line as $colKey => $colValue) { $col = $row->append_child($dom->create_element("column")); $col->set_attribute("name", strtoupper($colKey)); $col->append_child($dom->create_text_node($colValue)); } $rowCount++; } } if (is_resource($result)) { mysql_free_result($result); } $xml = $dom->dump_mem(); return $xml; } }
Subscribe to:
Posts (Atom)