php 查询成绩
Talk with the Experts this morning was a busy one, with close to a record number of attendees. Hardly surprising really, considering that the subject was PHP. Luckily for me, the experts were our very own developers Jude Aakjaer and Michael Sauter, and they were super quick off the mark. I didn’t even have to queue the questions. Too easy.
今天早上与专家进行的交谈很忙,与会人员的数量接近创纪录的水平。 考虑到主题是PHP,真的不足为奇。 对我来说幸运的是,专家们是我们自己的开发人员Jude Aakjaer和Michael Sauter,他们很快就实现了目标。 我什至不必排队的问题。 太容易了。
The thing that excited me the most about the chat was that we finally got to use the code window that I commissioned months ago, and it was a huge success. If you read through the transcript below, you’ll see the code saved to Gists throughout the dialogue.
让我最兴奋的是,聊天终于使我们使用了几个月前调试的代码窗口,并且获得了巨大的成功。 如果您仔细阅读下面的记录,您会在整个对话中看到保存到Gists的代码。
The session next week is likely to be another popular one – I’ll be talking with Wave Digital’s Matt Evans about Developing Mobile Applications. That session will take place at 1:30pm PDT on Wed 23 Oct and you can join the session here.
下周的会议很可能会是另一个受欢迎的会议–我将与Wave Digital的 Matt Evans谈论开发移动应用程序 。 该会议将于太平洋标准时间10月23日星期三下午1:30举行 ,您可以在此处加入会议。
If you missed the talk this morning because you didn’t know about it, make sure you sign up for email notifications of future sessions here.
如果您因为不了解而错过了今天早上的演讲,请确保您在此处注册了有关未来会议的电子邮件通知。
And if you want to see what went down today, you can read the full transcript here:
如果您想了解今天的情况,可以在此处阅读完整的成绩单:
[20:28] <johnlacey> What’s the most important a beginner to PHP needs to know to get started? [20:30] <santouras> johnlacey: like learning any new thing, I think its pretty important to be getting taught by someone who knows what they’re doing [20:30] <weebit> Is learning PHP a good thing to do for anyone wanting to make themes for CMS’s? [20:31] <johnlacey> I notice a lot of people/sites recommend XAMPP for Windows based local development (including Sitepoint’s Kevin Yank). Am I missing out on anything by using WAMP instead? [20:31] <michaelsauter> @johnlacey I think there is nothing particular that one needs to know to get started. PHP is one of the languages that is really easy to get into and there is lots of tutorials etc. on the web. i would say that’s one of the problems too: there is a lot of old/outdated/bad information out there [20:31] <michaelsauter> @weebit yes, definitely [20:31] <michaelsauter> weebit lots of CMS are written in PHP, so knowing some PHP to write templates will be helpful [20:31] <santouras> johnlacey I’d recommend using a virtual machine setup personally instead of xampp/wampp [20:32] <HAWK> I’ll plug our popular PHP course https://learnable.com/courses/php-mysql-web-development-for-beginners-13 [20:32] <santouras> almost all deployment is on linux machines and if you’re coding on windows, it is far easier to have your dev environment mach your production environment [20:33] <santouras> if you’re coding on osx/linux then dev on your local machine becomes more attractive but I’d never code php directly onto windows again [20:33] <bobo> hello everybody! how would you prevent post data being resubmitted on refresh/navigation? [20:34] <michaelsauter> same here. always better to have a portable virtual machine for dev around [20:34] <evilnick> PHP is evil! [20:34] <Brad82> I second not coding php directly on windows. [20:34] <McGeough> 1) which is the most used development using PDO or MySQLi? and 2) Which is the best framework around? Codeigniter, laravel, zend etc [20:35] <santouras> @bobo this is more of a browser question :) but some strategies include processing the data on post and then forwarding the user to a results page [20:35] <HAWK> Welcome if you just joined. Jump in with questions at any time. :) [20:35] <santouras> @McGeough I tend to use PDO when I’m not using an abstraction layer [20:35] <evilnick> McGeough PDO is better because it provides some level of abstraction, so you can use any database you want [20:35] <michaelsauter> McGeough 2) depends very much on your preference. i personally favour Symfony2 [20:35] <Brad82> McGeough 2) is a very subjective question, some are more suitable than others for different circumstances. I’m a fan of FuelPHP personally [20:35] <santouras> the framework question is like a religious argument [20:35] <evilnick> also MySQL kinda sucks, try PostgreSQL [20:36] <McGeough> Ive heard of Symfony2 but never got looking at it [20:36] <IckleChris> 2) is definitely project based. It’s like trying to decide what size gun to use to shoot a mouse [20:36] <weebit> So how far up the ladder in PHP in learning should I go if I am just learning PHP for themes? Is there a certain part of PHP I should learn? [20:37] <santouras> @McGeough I’ve recently been using Silex which is a trimmed down version of symfony2, definitely handy for small projects [20:37] <michaelsauter> to figure out “which framework should i use”, I think it’s best to look first at your requirements, then what coding style / approach you like and maybe also who you want to work with, then pick a framework [20:37] <Paul> Does PDO work with mongoDB [20:37] <santouras> @weebit what kind of theming are you referring to? which platform specifically? [20:37] <evilnick> Paul of course not, PDO is for SQL [20:37] <weebit> WordPress and maybe Joomla later on [20:38] <HAWK> If you just got here, hi. :) Feel free to join in with questions when you’re ready [20:38] <McGeough> Also which templating engines are best for PHP, so far ive been using Smarty through work and we are wondering if there is anything better and faster? [20:38] <michaelsauter> So WordPress uses PHP in a very …. let’s say … interesting … way. Not too much learn to figure out what’s happening in templates [20:39] <santouras> McGeough I’ve been a fan of smarty in the past and used it in a lot of projects. Twig is similar in syntax and is also worth looking at [20:39] <michaelsauter> McGeough again, tempting is also a matter of preference. I’m again in favour of Twig [20:39] <sh4d0ws> i think that we need to think about which one will continue having suport in the future… 1 or 2 year… because if we take a lot of time learning and developing something and then after 2 or 3 year the framework is “dead”, its worthless [20:39] <Brad82> What advantages is there over using a templating engine over just plain old PHP in templates [20:39] <McGeough> santouras michaelsauter is twig any faster or lightweight etc? [20:40] <michaelsauter> In Twig you don’t have to / can’t write any PHP, but it’s still very fast as it compiles to PHP [20:40] <Brad82> Of course I only mean echo and foreach() for example in templates. [20:40] <santouras> Brad82 the biggest advantage is separation of concern [20:40] <evilnick> Brad82 well, they’re not as ugly as PHP [20:40] <johnlacey> I realise this is a very subjective/personal thing… but just out of curiosity what’s your preferred code editor? [20:40] <santouras> it clearly defines the logic and presentational aspects of your application [20:40] <cliffgs> Net Beans is my preferred editor [20:40] <IckleChris> I’m an Aptana Studio guy [20:40] <santouras> johnlacey my personal is ST2, and ST3 when it becomes stable, but I use vim from time to time [20:41] <McGeough> ST2 [20:41] <Brad82> ST2 for me also [20:41] <McGeough> ST3 just isnt stable enough right now [20:41] <sh4d0ws> anyone now how to get all partitions in nix from PHP without parsing “df” ? [20:41] <evilnick> Sublime and vim are the best [20:41] <programmer> My question is about security. I am connecting to a MySQL database, and I have the connection constants in a separate file. Should I place that file outside the document root, just to be sure? And if so, how do I reference it? [20:41] <michaelsauter> i used to code a lot in PHPStorm, now using Sublime [20:42] <Brad82> McGeough I’ve been using ST3 for months now and it hasnt crashed on me once (touchwood) [20:42] <sh4d0ws> ST2 :D [20:42] <santouras> programmer absolutely. If at all possible the only code in the web root should be the bootstrapping index.php file and any public assets [20:42] <santouras> almost all modern frameworks operate like this [20:43] <michaelsauter> programmer PHP can still include that file, but there is a setting in php.ini which allows/denies this. I think it’s on by default [20:43] <programmer> I haven’t been able to find an example of this, however. I am using IIS. [20:43] <McGeough> Brad82 ive used it a few times and it did crash, maybe i just had bad luck, but will be upgrading [20:43] <santouras> programmer are you deploying to IIS or just using that for development? [20:43] <santouras> welcome MalCurtis :) [20:44] <MalCurtis> Thanks! I have to say the two experts have very handsome profile pics [20:44] <amir> ST3 is good in terms of speed [20:44] <programmer> I’m actually using apache for local development, but have a true development environment in IIS. Production is IIS. [20:44] <amir> but something is still missing [20:44] <Brad82> I still have nightmares about using IIS at work for production. [20:44] <santouras> Brad82 me too :( and I haven’t had to deploy to IIS in around 8 years! [20:44] <programmer> I’m not too crazy about IIS myself, but the project is an addition to an existing site, so I don’t have much choice. [20:45] <HAWK> Yay! The code editor! [20:45] <santouras> magic is happening [20:45] <Brad82> programmer is it IIS7 you are deploying to? [20:45] <johnlacey> I don’t think I’ve ever seen anyone use the code editor in here before. lol. Exciting times. [20:45] <McGeough> Slightly off topic but for those using Version Control would you ever take your whole projects (all projects on system) folder as a repository or separate repository for each project [20:46] <santouras> separate repo [20:46] <HAWK> I know johnlacey! I challenged the guys to use it ;) [20:46] <McGeough> whos the magician using it? [20:46] <santouras> McGeough most of my php projects these days use composer so this is very natural [20:46] <santouras> michaelsauter I believe! [20:47] <McGeough> composer? [20:47] <michaelsauter> yup that’s me [20:47] <evilnick> can’t edit in the code editor :| how do we use it [20:47] <michaelsauter> forgot how to write constants outside a class :D [20:47] <Brad82> evilnick ask HAWK [20:47] <santouras> http://getcomposer.org/ [20:47] <santouras> basically PHP’s version of bundler [20:47] <programmer> so relative ../ path from where I start? I assume I have to go all the way up from wherever the code is. [20:48] <michaelsauter> yea in my example your document root is htdocs/ [20:48] <michaelsauter> config/ is not accessible by IIS [20:48] <evilnick> IIS sucks [20:48] <santouras> the rubygems equivalent is https://packagist.org/ [20:48] <santouras> evilnick this has been established and agreed upon [20:49] <programmer> I wish I didn’t have to use IIS [20:49] <santouras> almost all actively developed php projects are available on packagist [20:49] <programmer> I don’t think trying to mix two web servers is a good idea, though. [20:49] <santouras> if you’re putting together a new project, you should definitely give it a look, it will make using external libraries a lot easier [20:50] <programmer> thanks [20:51] <michaelsauter> Saved editor: https://gist.github.com/6998459 [20:51] <evilnick> HAWK can I use the editor? [20:52] <HAWK> Yup evilnick – give it a go now [20:52] <programmer> must run a quick errand. back later. [20:52] <michaelsauter> composer really is an awesome project. it also helps with autoloading, all that comes with it by default [20:52] <santouras> php has made enormous strides in the last few years. if things like composer and PSR-0 had been around 8 years ago it would have helped a lot [20:53] <michaelsauter> that’s one of the things which is relatively new and which might not be mentioned in a lot of tutorials, although it is incredibly helpful to learn after you know some PHP basics [20:53] <santouras> and things like boris -> https://github.com/d11wtq/boris[20:54] <santouras> welcome new people [20:54] <Paul> I think grunt also fits into this picture [20:54] <michaelsauter> grunt is more for frontend tasks, and is running on nodejs. but definitely something that makes life a lot easier :) [20:56] <Gerwin> can we talk about using namespaces? [20:56] <santouras> sure [20:56] <michaelsauter> sure! [20:56] <michaelsauter> what would interest you? [20:56] <Brad82> namespaces <3 [20:57] <Gerwin> i haven’t used them before but i really like what they do, can we go over a good use case, when and when not to use them? [20:57] <Gerwin> any short falls etc [20:57] <pamelasue101> I’m listening today, I don’t know what questions to ask and I’m just learning [20:57] <eip56> Can answer mine after. But hows does everyone feel about get/set methods in PHP OOP. Create gets and sets or use magic methods? [20:57] <HAWK> All good pamelasue101 :) [20:57] <harlem> I wanted to secure this “news.php?news_id=$row[‘id’]”, I heard that I could encrypt the id ? Can you someone guide me with this ? Sorry I speak french my sentences will not come gramaticaly correct [20:58] <Paul> don’t classes pretty much put namespaces to the wayside? [20:58] <Brad82> harlem what advantages would you gain by encrypting the ID? [20:58] <michaelsauter> I think it’s almost always a good idea to use namespaces, except when you just have maybe 3-4 files [20:58] <santouras> Paul, no not really [20:58] <evilnick> namespaces is an attempt to create something like Modules in Ruby [20:58] <michaelsauter> if you’re writing a library or using a library you shoulddefinitely use them [20:58] <Gerwin> thought as much [20:59] <Gerwin> to avoid clashes with other common class names? [20:59] <Gerwin> so [20:59] <Gerwin> users [20:59] <Gerwin> would be gerwins_plugin\users [20:59] <Gerwin> something like that? [20:59] <michaelsauter> the trickiest is to autoload the namespaces, but there are standards which make that quite easy. so if you stick to those standards you and other libraries can load the classes by default [20:59] <michaelsauter> see for example https://www.sitepoint.com/autoloading-and-the-psr-0-standard/ [20:59] <Gerwin> awesome [21:00] <IckleChris> I hear a lot about how creating a CMS/Framework is a great way to further develop basic PHP skills.. Is this really a good place to start, and are there any pointers for this? [21:00] <santouras> eip56 I like them in theory because it cuts down on the number of accessor methods you need to write, but they are slower than direct function calls [21:01] <Hulkur> Ickle, i don’t recommend [21:01] <michaelsauter> @eip56 I personally prefer get/set methods, but they are a bit tedious to write, which is why I prefer PHPStorm when I do extensive PHP programming [21:01] <Brad82> IckleChris some say a blog is a good thing to create if you are new to PHP [21:01] <michaelsauter> (or some other IDE) [21:01] <santouras> IckleChris it probably isn’t the best idea to create a cms/framework unless you’ve had extensive experience working on one in the past [21:01] <Hulkur> if you don’t know language you are not able to use it properly [21:01] <harlem> I wanted to secure the transfer of that information, I read somewhere it can open up for different attacks [21:01] <eip56> Also in my opinion IckleChris pick up like CodeIgniter or something similar [21:01] <michaelsauter> Gerwin yea, but you would use CamelCase, so GerwinPlugin\Users [21:01] <santouras> @harlem it sounds like you’re referring to SQL injection? [21:01] <Brad82> harlem would the ID be numeric or alphanumeric? [21:01] <eip56> it will accelerate your learning curve especially on OOP topics [21:02] <santouras> @harlem are you using a framework or library? or writing all of your code directly [21:02] <Paul> I’d like to know how to reverse engineer wordpress so I can see exactly how it works. Any input on that? [21:02] <Brad82> @paul as a wordpress user and lover myself, that is a very… interesting task [21:02] <Gerwin> oh right that looks nicer [21:02] <michaelsauter> Paul WordPress is open source, so you can just read the code base [21:02] <santouras> @Paul https://github.com/WordPress/WordPress [21:02] <evilnick> is my code correct? [21:03] <michaelsauter> Paul However, I wouldn’t recommend that :) [21:03] <harlem> yes [21:03] <Brad82> Paul learn to love the WordPress Codex, it is extremely useful [21:03] <eip56> @Paul there is really no need to reverse engineer it is well documented int he codec [21:03] <michaelsauter> WordPress has a lot legacy code …. and is a huge and complex system [21:03] <evilnick> haven’t used PHP for a long time, and not going to [21:03] <santouras> hmm, I’m not seeing the code editor update [21:03] <harlem> the id is numeric [21:03] <michaelsauter> me neither [21:04] <HAWK> evilnick – what code? [21:04] <evilnick> hmm [21:04] <evilnick> so it doesn’t show up? [21:04] <eip56> Whats everyone’s favorite IDE… Ive used several but my main atm is just Programmers notepad [21:04] <santouras> @harlem are you using a framework? [21:04] <eip56> Id like to find a good one for my Mac [21:04] <santouras> eip56 ST2 is popular [21:04] <santouras> michaelsauter is a fan of phpstorm [21:05] <Hulkur> what’s ST2 ? [21:05] <HAWK> evilnick Save it to gist using the settings cog and see if we can see it then [21:05] <evilnick> Saved editor: https://gist.github.com/6998654 [21:05] <santouras> sublime text 2 [21:05] <Hulkur> storm is good, netbeans is free [21:05] <Brad82> harlem, in reality I see very little reason to encode the ID. You should focus more on securing your scripts internals so that anything the user sets as ID can be parsed securely. [21:05] <harlem> I read this book PHP Mysql web development [21:05] <cliffgs> That’s what I usually do. I connect by include_once $_SERVER[‘DOCUMENT_ROOT’] . ‘/../code/admindb.inc.php’; [21:05] <cliffgs> And Net Beans is cross platform [21:05] <HAWK> Ok, so that worked evilnick – not sure why we’re not seeing it live [21:06] <Hulkur> netbeans is java, so it eats memory [21:06] <harlem> santouras I am not using any framework [21:06] <santouras> harlem the most important thing is sanitisation of any user input [21:06] <michaelsauter> Hulkur I think almost all IDEs are Java :( [21:06] <Brad82> harlem Remember, even if in your app you encode the query string, I can always type into the address bar manually an exploit, in this case encoding it has no effect [21:06] <OliverThomas> Is there any useful PHP plugins for Notepad++? [21:06] <santouras> unless you’ve verified it, don’t trust it [21:07] <cliffgs> Hulkar memory is cheap and plentiful [21:07] <santouras> use a regex to ensure/strip out, anything that is not what you’re expecting. and if you get funny results, don’t go further [21:07] <michaelsauter> OliverThomas not sure, i have never used it. [21:07] <harlem> Brad82 what can I do than I am using a php regex script to make what I $_GET is what I want [21:08] <OliverThomas> Hi michael, i see. what program do you recommend for PHP development? [21:08] <michaelsauter> Give sublime text a try, it has lots of plugins [21:08] <Hulkur> Memory is plentyful, but NB still eats it all [21:08] <Hulkur> and is slow [21:08] <evilnick> yea :D [21:08] <Paul> I don’t know what it’s written in, but aptana eats memory too [21:08] <evilnick> Aptana is Eclipse [21:08] <Hulkur> storm somehow is faster and less hungry [21:08] <santouras> aptana is java [21:08] <Brad82> harlem, you said the ID will be numeric? In that case all you require is to do is_numeric() on the $_GET variable, no slow regex required! [21:08] <OliverThomas> Thank you i will check it out [21:08] <Michael> I use UltraEdit Studio for PHP dev [21:09] <santouras> if your sentence is “[editor] eats memory” it’s most likely java based ;) [21:09] <Hulkur> does sublime support navigating to class/function ? [21:09] <Aaron> I like PHPStorm [21:09] <santouras> yes [21:09] <santouras> Hulkur yes [21:09] <michaelsauter> Yup, so that’s why PHPStorm was/is my choice, it seemed to be the fastest amongst the heavier IDEs. But nowhere near ST or Textmate etc. [21:09] <Brad82> hawk can I get editor for a sec? [21:09] <harlem> Brad82 santouras [21:09] <HAWK> It doesn’t seem to be working properly [21:09] <OliverThomas> michaelsauter is it dangerous to loop through $_POST superglobal when processing form data [21:09] <santouras> http://www.sublimetext.com/ <- go to anything [21:09] <Gerwin> I’m guessing most people here use phpMyAdmin? That right? [21:10] <harlem> thank you guys Brad82 santouras any links ? [21:10] <HAWK> Give it a go now Brad82 [21:10] <michaelsauter> OliverThomas not unless you’re doing something with that data like entering it into the database [21:10] <Paul> I just started using vim. it’s pretty powerful [21:10] <evilnick> What the hell am I even doing here, I just remembered that I hate PHP :D [21:10] <michaelsauter> OliverThomas what do you want to achieve? [21:10] <santouras> Gerwin no, I used SQLYog on windows/linux, and SequelPro on mac [21:10] <santouras> I’m allergic to phpmyadmin :) [21:10] <OliverThomas> I use prepared statements to insert [21:10] <Aaron> What’s the best way to analyze code for security issues? I don’t have the money for Acunetix, are there any other options? [21:10] <Gerwin> Cool, if anyone is interested, i recently built this http://cabindb.com/ [21:11] <OliverThomas> just seeking advice on the best way to do certain things [21:11] <Hulkur> new phpmyadmin tree is awful [21:11] <Gerwin> yeah [21:11] <michaelsauter> Gerwin looks nice! [21:11] <santouras> Gerwin nice, very nice, will look at that [21:11] <Michael> I use Navicat [21:11] <santouras> I almost always prefer desktop apps, but will give that a look [21:11] <Gerwin> thanks, it’s pretty young and i’d love for people to try it out, but don’t rely on it yet :) [21:12] <michaelsauter> OliverThomas so your looping over $_POST, and inside the loop using prepared statements? [21:12] <Brad82> harlem, check editor as simple as that! [21:12] <Hulkur> there is something better than PHP ? [21:12] <Hulkur> can’t possibly be [21:12] <MalCurtis> Looks good Gerwin (and Hi!) [21:12] <jaequery> people still learn PHP? [21:12] <michaelsauter> OliverThomas I’d be very cautios even then, maybe better to just loop over keys you define, and then look up the superglobal value from there [21:13] <Brad82> harlem https://gist.github.com/6998745 [21:13] <eip56> jaequery you blasphemer [21:13] <eip56> PHP rocks [21:13] <OliverThomas> michaelsauter no no, I am processing the form data using a foreach() to trim the data and then go through each field individually checking for the various requirements, then including a prepared stateement script. [21:13] <evilnick> thou shalt use Ruby [21:13] * evilnick commences the holy war [21:13] <Gerwin> ruby syntax may induce vomiting [21:13] <santouras> Aaron have you looked at PHPMD? [21:13] <jaequery> it was a serious question :x [21:13] <santouras> Gerwin evilnick there is room in the world for many languages :) [21:14] <Hulkur> ruby syntax does induce vomiting [21:14] <evilnick> not for PHP [21:14] <santouras> some people still use cobal [21:14] <michaelsauter> jaequery I think PHP is not a bad choice. It’s easy to get into, and depending where you live, lots of jobs. Sure other languages have a better design, but there are lots of apps written in PHP [21:14] <Aaron> santouras I haven’t… [21:14] <michaelsauter> OliverThomas sounds good then [21:14] <evilnick> PHP doesn’t even have a naming convention [21:14] <Gerwin> MalCurtis hey man, saw your name. Yeah it’s a start, with limited amount of spare time I have haha. [21:14] <jaequery> my php codes are good. i just can’t stand the others (wordpress, drupal, joomla, yuck) [21:14] <Hulkur> evilnick, you mean not forced upon you naming convention [21:14] <Paul> I havn’t figured out and easy way how to paste code from an outside file into vim yet other than some long command in a macro [21:15] <evilnick> I mean core library naming convention [21:15] <michaelsauter> evilnick https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md [21:15] <Paul> I wish I could in vim [21:15] <MalCurtis> Gerwin can you run arbitrary SQL queries? That’s one of my main uses for any sql tool [21:15] <Elie> naming convention? lol use your own [21:15] <michaelsauter> PHP has changed in the past few years [21:15] <Gerwin> MalCurtis Yes sir, with syntax highlighting! [21:15] <OliverThomas> Thanks michael for the feedback [21:15] <MalCurtis> sheeet son. [21:15] <Hulkur> about namespaces, there is really not use if yoou name your classes something like My_Package_Class [21:15] <jaequery> honestly, i think it has turned for the worst [21:15] <evilnick> yeah but it’s no way to determine which function to use because they use differrent naming conventions [21:15] <Gerwin> And user permissions are easy to do! [21:15] <Hulkur> then there is no conflict [21:16] <harlem> thanks Brad82 [21:16] <santouras> Hulkur I would disagree, mainly due to code beauty :) [21:16] <MalCurtis> Hulkur yea that’s great until you see some big ones [21:16] <jaequery> the autoloader discussion on php-fig sickens me [21:16] <Hulkur> i work on magento, big enough [21:16] <Gerwin> DL it and try get it going locally, have a play. I haven’t tested on too many machines yet, mac and pc works and my AWS machine too. Still needs more testing, all js one page styles [21:16] * evilnick ragequits [21:16] <HAWK> evilnick has just ragequit [21:17] <MalCurtis> Like: Sitepoint_Courses_PageController_CourseAdminController [21:17] <michaelsauter> haha :) [21:17] <eip56> HAWK this one you probably know best but anyone else as well. A little more general can anyone recommend a service for checking cross browser compatibility. Hopefully free but I know there are a few services where I can check my site in older virtual-ized browsers [21:17] <santouras> MalCurtis :( [21:17] <MalCurtis> * insert vomit emoticon here * [21:17] <jaequery> what is this chatroom made in? [21:17] <Hulkur> how it’s shorter with namespace ? [21:17] <Brad82> MalCurtis I just had a mini stroke looking at that [21:17] <jaequery> is it opensource? [21:17] <MalCurtis> when you’re inside a namespace you don’t need to type the whole thing… [21:17] <programmer> Are there any other recommended checks for get and post variables? I see something in the code window. [21:17] <michaelsauter> Hulkur you can import namespaces, and then just use the class name [21:18] <MalCurtis> jaequery kinda, I started with kiwiirc, which is an open source node.js irc client, then added in a bucket load of customizations [21:18] <Hulkur> can you show me some correctly made namespaces [21:18] <Brad82> programmer that was a very simplified example to check if a get var was numeric [21:18] <michaelsauter> programmer so either you’re using a framework that does all that for you, or the best is to know what you’re using a variable for, and then sanitizing it specifically for that [21:18] <Hulkur> i think i don’t understand them properly yet [21:19] <santouras> Saved editor: https://gist.github.com/6998820 [21:19] <Brad82> programmer it depends what you are doing with said variable on how you sanitise/verify it [21:19] <HAWK> Can anyone help out eip56 with good browser compatibility testing services? [21:19] <Hulkur> this is small, how do you place models and views ? [21:19] <programmer> What is the best way to sanitize, then? Mostly I have strings. [21:19] <Hulkur> you still need long names [21:20] <Hulkur> just / instead of _ [21:20] <Brad82> @hulker [21:20] <jaequery> is it more recommended to do Sitepoint or \Sitepoint [21:20] <programmer> And most of those should be only a single character Y or N [21:20] <michaelsauter> @programmer depends where you want to use that string. when you want to display it, use htmlspecialchars or similar, when for mysql, use some mysql escape function [21:20] <santouras> jaequery generally you would use Sitepoint unless you wanted to ensure you hit the root level [21:21] <programmer> OK, I think I’ve got mysqli_real_escape or something like that. [21:21] <santouras> jaequery you see this most often with people explicitly using the \Exception class [21:21] <programmer> Because they go into a db query [21:21] <Paul> elp56 I like http://quirktools.com/screenfly/ [21:21] <jaequery> why wouldnt you always want to start from root? [21:21] <Paul> but that’s screen resolution [21:21] <HAWK> eip56 Are you on Twitter? I’ve just tweeted your question from @sitepointdotcom [21:22] <michaelsauter> Hulkur see my extension of the code. you can use the short names once you import a namespace at the top of the file [21:22] <santouras> jaequery because it resolves to any imported namespaces [21:22] <michaelsauter> programmer yea that’s good if you use it inside a sql query [21:22] <AlexF> Another nice benefit of namespaces is aliasing use Some\Other\Namespace as NS; [21:22] <santouras> so starting from root kind of takes away the whole point of “use” [21:22] <jaequery> how does namespace handle things where you have Sitepoint\* , and someone else also has Sitepoint\* out of sheer luck? [21:23] <Nofel> i had been fan of php since many years but how can I apply, u can’t get project without proving ur a php expert so how u practice a php project to test skills [21:23] <Brad82> programmer running $_REQUEST variables through mysqli_real_escape… is enough before you put it in a SQL query [21:23] <santouras> Nofel best thing is to write an application as a personal project and host the code on github [21:23] <Paul> elp56 this is free crossbrowser http://browsershots.org/ [21:24] <programmer> Excellent. I also am checking length of input. [21:24] <eip56> HAWK I am [21:24] <Hulkur> thou shalt read manual ! :) found my missing knowledeg use My\Full\Classname as Another; [21:24] <eip56> :-( and i thought we were friends! [21:24] <Nofel> santouras u mean make ur own project? [21:24] <michaelsauter> jaequery that’s a problem then. however, if you follow standards and upload your library to packagist.org, that shouldn’t happen [21:24] <Hulkur> namespace aliasing and no long names anymore [21:24] <Nofel> what is [21:24] <santouras> jaequery the documentation covers resolution – http://php.net/manual/en/language.namespaces.rules.php [21:24] <Brad82> programmer first run all the variables through your mysql_escape… and then use those cleaned variables in strlen($var) checks afterwards [21:24] <jaequery> thats why im confused , isnt the puprose of namespace to avoid collision when there is one? [21:25] <MalCurtis> The purpose is to provide an encapsulated and insulated place to write a package of code, which happens to avoid collisions as a part of it [21:25] <michaelsauter> Hulkur afaik this only aliases the namespace, not the class [21:25] <Hulkur> yes, but then you use alias as short namespace [21:26] <santouras> Nofel yes, writing your own project as a sample application [21:26] <Nofel> I follow the php training by Kevin skougland on Lynda. He do refactoring in essential training which gets out of understanding, how important it is to know refactoring at early stage. [21:26] <Brad82> programmer remember, its de facto to use $variable = mysqli_escape..($_GET[‘variable’]); and then use $variable throughout the script later on (for example in the strlen() check). [21:26] <HAWK> There you go eip56 :) Anyway, check out our stream later on to see what people suggest [21:26] <programmer> What about input that will be returned to the user as a file? [21:26] <Hulkur> according to php.net you can alias classes [21:26] <michaelsauter> Hulkur so, it would be \My\BadlyNamedNamespace as PerfectlyNamedNamespace. and then PerfectlyNamedNamespace\SomeClass [21:26] <jaequery> MalCurtis, what about Zend / PEAR way , as long as you have started your folder as vendor name, it won’t cause conflicts right? [21:26] <Brad82> programmer that would not need any sanitising [21:26] <HAWK> Ok people, 5 mins left. If you have a question that you haven’t asked, now is your last chance! [21:27] <Nofel> I was reading php OOP and I couldn’t understand parent and what does it do [21:27] <Brad82> parent refers to the class from which the current class was extended from. [21:27] <michaelsauter> jaequery using namespace, you still start with the vendor name [21:27] <Nofel> Brad82 like a example? [21:27] <santouras> Nofel parent will call the parent function from a subclass. which is handy if you are redefining a function [21:27] <programmer> My other question is probably too complicated and I should probably ask on the Sitepoint forum. [21:27] <Hulkur> B extends A => parent is A [21:27] <jaequery> only thing namespace solves is that it can shorten the class name [21:28] <jaequery> which imo w/ IDE is not really that big of an issue [21:28] <michaelsauter> jaequery basically, only use libraries that follow psr0,1,2. then you won’t have conflicts and good interoperability [21:28] <Brad82> Nofel there is a great example of parent at http://php.net/manual/en/keyword.parent.php [21:28] <jaequery> and why do we have so many PSRs [21:28] <santouras> jaequery it is also important as MalCurtis mentioned to help you write encapsulated code [21:28] <jaequery> shouldnt we just have a “single” one? [21:29] <Paul> Notel … yep I’m doing it now [21:29] <jaequery> how do we standardize it when there are so many w/ new ones being added every month [21:29] <michaelsauter> jaequery they address different issues [21:29] <Hulkur> 0 is autoloader, 2 is code style iirc [21:29] <Paul> Notel do it with restful services and ajax or json [21:29] <michaelsauter> See https://github.com/php-fig/fig-standards [21:29] <Nofel> Brad82 that was helpful. [21:30] <jaequery> ah gotcha [21:30] <Brad82> @nor [21:30] <jaequery> i like this chat, when is the next one and how often do you guys do it? [21:30] <Brad82> Nofel, do you need that explaining any further? [21:30] <santouras> jaequery every week! [21:30] <Paul> Notel do a wordrpess plugin [21:30] <santouras> but not always on PHP ;) [21:31] <Nofel> i am trying to learn magento and it’s all OOP so what I need php or OOP or mvc [21:31] <HAWK> Aaaannnnddd… that’s a wrap! [21:31] <jaequery> i’d like to see a chat for angular [21:31] <HAWK> I’m going to cut our experts free whenever they want to go [21:31] <HAWK> The rest of you are free to stay as long as you like [21:31] <programmer> Thank you so much. This was great. [21:31] <Hulkur> @Nofel you need someone who knows magento [21:31] <Nofel> Brad82 why use parent when u can refer to the function [21:31] <HAWK> You’re in luck jaequery – there is an Angular one in a couple of weeks [21:31] <santouras> thanks HAWK :) [21:31] <michaelsauter> Thanks for joining! [21:31] <santouras> thanks room!
[20:28] <johnlacey> PHP初学者入门需要知道的最重要的内容是什么? [20:30] <santouras> johnlacey:就像学习任何新事物一样,我认为要由知道自己在做什么的人教书是非常重要的。 [20:30] <weebit>学习PHP是一件好事想为CMS制作主题的人吗? [20:31] <johnlacey>我注意到很多人/站点都推荐将XAMPP用于基于Windows的本地开发(包括Sitepoint的Kevin Yank)。 我是否会因为使用WAMP而错过任何东西? [20:31] <michaelsauter> @johnlacey我认为开始时并不需要知道什么特别的地方。 PHP是真正易于使用的语言之一,网络上有很多教程等。 我也要说这也是问题之一:那里有很多旧的/过时的/坏的信息 [20:31] <michaelsauter> @weebit是的,肯定的 [20:31] <michaelsauter> weebit很多CMS被编写在PHP中,因此了解一些PHP编写模板将有所帮助 [20:31] <santouras> johnlacey我建议个人使用虚拟机设置而不是xampp / wampp [20:32] <HAWK>流行PHP课程https://learnable.com/courses/php-mysql-web-development-for-beginners-13 [20:32] <santouras>几乎所有部署都在Linux机器上,如果您在Windows上进行编码,使您的开发环境与您的生产环境更容易 [20:33] <santouras>如果您在osx / linux上进行编码,则本地计算机上的dev会变得更具吸引力,但我永远不会再将php直接编码到Windows上 [20:33] <bobo>大家好! 如何防止在刷新/导航时重新提交帖子数据? [20:34] <michaelsauter>在这里也是一样。 在 [20:34] 周围为开发人员提供便携式虚拟机总是更好的选择 <evilnick> PHP是邪恶的! [20:34] <Brad82>我第二次没有直接在Windows上编码php。 [20:34] <McGeough> 1)使用PDO或MySQLi的开发最常用? 2)最好的框架是什么? Codeigniter,laravel,zend等 [20:35] <santouras> @bobo这更多的是浏览器问题:),但是一些策略包括处理发布后的数据,然后将用户转发到结果页面 [20:35] <HAWK >欢迎您加入。 随时提问。 :) [20:35] <santouras> @McGeough当我不使用抽象层时,我倾向于使用PDO [20:35] <evilnick> McGeough PDO更好,因为它提供了一定程度的抽象,因此您可以使用您想要的任何数据库 [20:35] <michaelsauter> McGeough 2)在很大程度上取决于您的偏好。 我个人赞成Symfony2 [20:35] <Brad82> McGeough 2)是一个非常主观的问题,在不同情况下,某些问题比其他问题更适合。 我个人是FuelPHP的爱好者 [20:35] <santouras>框架问题就像一个宗教论点 [20:35] <evilnick> MySQL有点烂,尝试PostgreSQL [20:36] <McGeough>我听说过Symfony2,但从来没有看过它 [20:36] <IckleChris> 2)绝对是基于项目的。 这就像试图决定用什么尺寸的枪来射击鼠标 [20:36] <weebit>如果我只是为主题学习PHP,那么我在PHP的学习阶梯中走了多远? 我应该学习PHP的某些部分吗? [20:37] <santouras> @McGeough我最近一直在使用Silex,它是symfony2的精简版本,绝对适合小型项目 [20:37] <michaelsauter>找出“我应该使用哪个框架”,我认为最好先看您的需求,然后再看您喜欢哪种编码样式/方法,也许还想与谁一起工作,然后选择一个框架 [20:37] <Paul> PDO是否与mongoDB一起使用 [20:37 ] <santouras> @weebit您指的是什么样的主题? 具体是哪个平台? [20:37] <evilnick>保罗当然不是,PDO是SQL的 [20:37] <weebit> WordPress,也许还有Joomla,稍后在 [20:38] <HAWK>如果您刚刚来到这里,嗨。 :)准备就绪时,随时提出问题 [20:38] <McGeough>还有哪种模板引擎最适合PHP,到目前为止,我一直在通过工作使用Smarty,我们想知道是否有更好,更快的东西? [20:38] <michaelsauter>因此WordPress在…中使用PHP。 让我们说…有趣…方式。 不太需要学习弄清楚模板中发生了什么 [ 20:39 ] <santouras> McGeough过去我一直是聪明人的粉丝,并在许多项目中使用了它。 Twig的语法相似,也值得一看 [ 20:39 ] <michaelsauter> McGeough,诱人也是一个偏好问题。 我再次支持Twig [ 20:39 ] <sh4d0ws>我认为我们需要考虑将来哪一位将继续支持…或1年或2年……因为如果我们花费大量时间学习和发展事情再经过2〜3年的框架是“死”的,它不值钱 [20:39] <Brad82>哪些优势是有超过模板 [20:39] <McGeough> santouras 使用模板引擎上只是普通的老PHP michaelsauter是树枝还是更快或更轻巧的树枝? [20:40] <michaelsauter>在Twig中,您不必/不能编写任何PHP,但是由于它可以编译成PHP,因此它仍然非常快 [20:40] <Brad82>当然,我只表示echo和foreach ()例如在模板中。 [20:40] <santouras> Brad82的最大优势是关注点分离 [20:40] <evilnick> Brad82不错,它们不如PHP丑陋 [20:40] <johnlacey>我意识到这是非常主观的/个人事物…但是出于好奇,您首选的代码编辑器是什么? [20:40] <santouras>它清楚地定义了应用程序的逻辑和表示方面 [20:40] <cliffgs> Net Beans是我的首选编辑器 [20:40] <IckleChris>我是Aptana Studio专家 [20 :40] <santouras> johnlacey我个人是ST2和ST3当它变得稳定,但我使用vim不时 [20:41] <McGeough> ST2 [20:41] <Brad82> ST2我也 [20 :41] <McGeough> ST3现在不够稳定 [20:41] <sh4d0ws>现在有人如何在不解析“ df”的情况下从PHP获取nix中的所有分区? [20:41] <evilnick> Sublime和vim是最好的 [20:41] <programmer>我的问题是关于安全性。 我正在连接到MySQL数据库,并且连接常数在单独的文件中。 我是否应该将该文件放在文档根目录之外? 如果是这样,我该如何引用呢? [20:41] <michaelsauter>我过去经常在PHPStorm中编写很多代码,现在使用Sublime [ 20:42 ] <Brad82> McGeough我已经使用ST3几个月了,它一次也没有崩溃(触木) [20] :42] <sh4d0ws> ST2:D [ 20:42 ] <santouras>绝对是程序员。 如果可能的话,Web根目录中唯一的代码应该是bootstrapping index.php文件和任何公共资产 [ 20:42 ] <santouras>几乎所有现代框架都是这样运行的 [20:43] <michaelsauter>程序员PHP仍然可以包括该文件,但是php.ini中有一个设置允许/拒绝此设置。 我认为默认情况下它处于打开状态 [20:43] <programmer>但是,我无法找到一个示例。 我正在使用IIS。 [20:43] <McGeough> Brad82 ive我使用了几次,它确实崩溃了,也许我只是运气不好,但是会升级。 [20:43] <santouras>程序员是在部署到IIS还是仅仅用于IIS发展? [20:43] <santouras>欢迎MalCurtis :) [20:44] <MalCurtis>谢谢! 我不得不说,两位专家的照片非常漂亮 [20:44] <amir> ST3的速度不错 [20:44] <programmer>我实际上是在使用Apache进行本地开发,但是真正的开发IIS中的环境。 生产是IIS。 [20:44] <amir>,但仍然缺少某些内容 [20:44] <Brad82>我仍然对在生产中使用IIS感到恶梦。 [20:44] <santouras> Brad82我也是:(而且大约8年内我不必部署到IIS! [20:44] <programmer>我对IIS本身并不太疯狂,但是该项目是一个除了现有的网站,所以我没有太多的选择。[20:45] <HAWK>耶!代码编辑器![20:45] <santouras>神奇正在发生的事情 [20:45] <Brad82>程序员是要部署到的IIS7吗 [20:45] <johnlacey>我想我以前从未见过有人在这里使用过代码编辑器,大声笑,激动人心的时刻 [20:45] <McGeough>主题,但对于那些使用版本控制的用户,您是否会将整个项目(系统上的所有项目)文件夹作为存储库或每个项目的单独存储库 [20:46] <santouras>单独的 存储库 [20:46] <HAWK> johnlacey!我向大家挑战使用它;) [20:46] <McGeough>魔术师是谁在使用它? [20:46] <santouras> McGeough这些天我大多数的php项目都使用composer,所以这很自然 [20:46] <santouras> michaelsauter我相信! [20:47] <McGeough>作曲家? [20:47] <michaelsauter>是的,是我 [20:47] <evilnick>无法在代码编辑器中进行编辑:| 我们如何使用它 [20:47] <michaelsauter>忘记了如何在类外编写常量:D [20:47] <Brad82> evilnick问HAWK [20:47] <santouras> http://getcomposer.org/ [20:47] <santouras>基本上是PHP的捆绑 程序 版本 [20:47] <programmer>,所以相对的../我从哪里开始? 我认为无论代码在哪里,我都必须一直走下去。 [20:48] <michaelsauter>是,在我的示例中,文档根目录为htdocs / [20:48] <michaelsauter> config /无法通过IIS访问 [20:48] <evilnick> IIS很烂 [20:48] <santouras > rubygems等效项是https://packagist.org/ [20:48] <santouras> evilnick已经建立并同意 [20:49] <programmer>我希望我不必使用IIS [20: 49] <santouras>几乎所有活跃开发的php项目都可以在packagist上获得 [20:49] <programmer>我不认为尝试将两个Web服务器混合是一个好主意。 [20:49] <santouras>如果您要整理一个新项目,则一定要看一下它,它将使使用外部库更加容易 [20:50] <programmer>谢谢 [20:51] < michaelsauter>保存的编辑器: https ://gist.github.com/6998459 [ 20:51 ] <evilnick> HAWK我可以使用编辑器吗? [ 20:52 ] <HAWK>是的,evilnick –立即尝试一下 [ 20:52 ] <programmer>必须快速执行任务。 晚点回来。 [ 20:52 ] <michaelsauter>作曲家确实是一个很棒的项目。 它也有助于自动加载,默认情况下它附带的所有信息 [ 20:52 ] <santouras> php在过去几年中取得了长足的进步。 如果像composer和PSR-0这样的东西大约在8年前就已经有了很大的帮助 [20:53] <michaelsauter>这是相对较新的东西,尽管在许多教程中可能没有提到在您了解一些PHP基础知识 [20:53] <santouras>和类似boris-> https://github.com/d11wtq/boris之类的东西 之后,学习非常有用 [20:54] <santouras>欢迎新朋友 [20 :54] <Paul>我认为grunt也适合这张图片 [20:54] <michaelsauter> grunt更适合前端任务,并且在nodejs上运行。 但是绝对可以使生活变得更轻松:) [20:56] <Gerwin>我们可以谈谈使用名称空间吗? [20:56] <santouras>确定 [20:56] <michaelsauter>确定! [20:56] <michaelsauter>您会感兴趣什么? [20:56] <Brad82>命名空间<3 [20:57] < Gerwin >我以前从未使用过它们,但我真的很喜欢它们的用途,我们可以讨论一个好用例,何时以及何时不使用它们? [20:57] < Gerwin >短途 摔落 等 [20:57] <pamelasue101>我今天在听,我不知道要问什么问题,我只是在学习 [20:57] <eip56>可以之后回答我的。 但是每个人对PHP OOP中的get / set方法感觉如何。 创建获取和设置或使用魔术方法? [20:57] <HAWK>一切都很好pamelasue101 :) [20:57] <harlem>我想保护这个“ news.php?news_id = $ row ['id']”,听说我可以加密ID ? 有人可以指导我吗? 对不起,我说法语,我的句子在语法上不会正确 [20:58] <Paul>难道类不会把命名空间放在一边吗? [20:58] <Brad82> harlem通过加密ID,您可以获得什么好处? [20:58] <michaelsauter>我认为使用名称空间几乎总是一个好主意,除非当您只有3-4个文件时 [20:58] <santouras> Paul,不是真的 [20:58] <evilnick >名称空间是一种尝试在Ruby中创建类似Modules [20:58] <michaelsauter> 的尝试, 如果您正在编写库或使用库,则应绝对使用它们 [20:58] <Gerwin>,请尽可能多地 使用它们 [20:59] ] <Gerwin>以避免与其他通用类名冲突? [20:59] <Gerwin>那么 [20:59] <Gerwin>用户 [20:59] <Gerwin>将是gerwins_plugin \ users [20:59] <Gerwin>这样的东西? [20:59] <michaelsauter>最棘手的是自动加载名称空间,但是有一些标准使之很容易。 因此,如果您遵循这些标准,则您和其他库可以默认加载类 [20:59] <michaelsauter>参见例如https://www.sitepoint.com/autoloading-and-the-psr-0-standard/ [20:59] <Gerwin>很棒 [21:00] <IckleChris>我听到很多关于创建CMS /框架是进一步发展基本PHP技能的好方法的信息。这真的是一个不错的起点,并且有没有为此的指针? [21:00] <santouras> eip56我在理论上喜欢它们,因为它减少了您需要编写的访问器方法的数量,但是它们比直接函数调用要慢 [21:01] <Hulkur> Ickle,我不知道t推荐 [21:01] <michaelsauter> @ eip56我个人更喜欢get / set方法,但是它们写起来有点乏味,这就是为什么当我进行广泛PHP编程时我更喜欢PHPStorm [21:01] <Brad82> IckleChris有人说,如果您不 熟悉 PHP,那么创建博客是一件好事 [21:01] <michaelsauter>(或其他一些IDE) [21:01] <santouras> IckleChris创建一个博客可能不是最好的主意cms / framework,除非您过去有过丰富的经验 [21:01] <Hulkur>如果您不懂语言,则无法正确使用它 [21:01] <harlem>我想确保信息传输的安全性,我在某个地方阅读了该信息,该信息可能会 受到 不同的攻击 [21:01] <eip56>我也认为IckleChris像CodeIgniter或类似的东西一样拾取 [21:01] <michaelsauter> Gerwin 是的,但是您将使用CamelCase,所以GerwinPlugin \ Users [21:01] <santouras> @harlem听起来您是在指SQL注入? [21:01] <Brad82> harlem ID是数字还是字母数字? [21:01] <eip56>它将加速您的学习曲线,尤其是在OOP主题上。 [ 21:02 ] <santouras> @harlem您使用的是框架还是库? 或直接编写所有代码 [21:02] <Paul>我想知道如何对wordpress进行逆向工程,以便我可以确切地了解它的工作原理。 有什么输入吗? [ 21:02 ] <Brad82> @paul,我自己是一个wordpress用户和情人,这是一个非常……有趣的任务 [21:02] <Gerwin>哦,看起来更好 [ 21:02 ] <michaelsauter> Paul WordPress已打开源代码,因此您只需阅读代码库 [ 21:02 ] <santouras> @Paul https://github.com/WordPress/WordPress [ 21:02 ] <evilnick>我的代码正确吗? [21:03] <michaelsauter>保罗但是,我不建议这样做:) [21:03] <哈林>是的 [21:03] <Brad82>保罗学会了爱WordPress Codex,它非常有用 [21 :03] <eip56> @Paul真的没有必要进行逆向工程,因为编解码器对此有充分的文献记载 [21:03] <michaelsauter> WordPress有很多旧代码……。 并且它是一个庞大而复杂的系统 [21:03] <evilnick>很久没有使用PHP了,并且没有去 [21:03] <santouras>嗯,我没有看到代码编辑器更新 [21 :03] <harlem> id是数字 [21:03] <michaelsauter>我都不是 [21:04] <HAWK> evilnick –什么代码? [21:04] <evilnick>嗯 [21:04] <evilnick>所以它没有显示? [21:04] <eip56>每个人最喜欢的IDE是什么…我曾经使用过几种,但我的主要atm只是程序员记事本 [21:04] <santouras> @harlem您是否在使用框架? [21:04] <eip56>我想为我的Mac找到一个不错的 主机 [21:04] <santouras> eip56 ST2很受欢迎 [21:04] <santouras> michaelsauter是phpstorm的粉丝 [21:05] < Hulkur>什么是ST2? [21:05] <HAWK> evilnick使用设置cog将其保存到gist,然后看看是否可以看到它。 [21:05] <evilnick>保存的编辑器: https : //gist.github.com/6998654 [21: 05] <santouras>崇高文本2 [21:05] <Hulkur>风暴很好,netbeans是免费的 [21:05] <Brad82>哈林,实际上我几乎没有理由对ID进行编码。 您应该集中精力保护脚本内部内容,以便可以安全地解析用户设置为ID的任何内容。 [21:05] <harlem>我读过这本书PHP Mysql Web开发 [21:05] <cliffgs>这就是我通常要做的。 我通过include_once $ _SERVER ['DOCUMENT_ROOT']连接。 '/../code/admindb.inc.php'; [21:05] <cliffgs>而Net Beans是跨平台的 [21:05] <HAWK>好的,所以做得不错-不确定为什么我们看不到它的存在 [ 21:06 ] <Hulkur> netbeans是java ,所以它会占用内存 [ 21:06 ] <harlem> santouras我没有使用任何框架 [ 21:06 ] <santouras> harlem最重要的是对用户输入进行了安全处理 [ 21:06 ] <michaelsauter> Hulkur我认为几乎所有的IDE都是Java的:( [[ 21:06 ] <Brad82> harlem请记住,即使在您的应用中对查询字符串进行编码,我也总是可以手动在地址栏中键入漏洞利用程序,在这种情况下,对其进行编码是无效的 [ 21:06 ] <OliverThomas>是否有用于Notepad ++的有用PHP插件? [ 21:06 ] <santouras>除非您已验证它,否则不要信任它。 [21:07] <cliffgs> Hulkar的内存便宜而充裕 [21:07] <santouras>使用正则表达式来确保/带出任何与您期望不符的内容,如果您得到有趣的结果,请不要继续进行 [21:07] <michaelsauter> OliverThomas不确定,我从未使用过 [21:07] <harlem> Brad82 比起我正在使用php regex脚本来使我的$ _GET成为我想要的,我该怎么办 [ 21:08 ] <OliverThomas>嗨,迈克尔,我明白了。 您为PHP开发推荐什么程序? [ 21:08 ] <michaelsauter>尝试使用sublime文本,它有很多插件 [ 21:08 ] <Hulkur>内存充足,但是NB仍然 吃光 了所有东西 [ 21:08 ] <Hulkur>且运行缓慢 [21 :08] <evilnick>是:D [ 21:08 ] <Paul>我不知道它写的是什么,但是aptana也会吃掉内存 [ 21:08 ] <evilnick> Aptana是Eclipse [ 21:08 ] <Hulkur >风暴以某种方式更快,更不饿 [ 21:08 ] <santouras> aptana是Java [ 21:08 ] <Brad82>哈林 ,您说过ID是数字吗? 在这种情况下,您只需要在$ _GET变量上执行is_numeric(),就不需要慢速的正则表达式! [ 21:08 ] <OliverThomas>谢谢,我会检查一下 [21:08] <Michael>我使用UltraEdit Studio for PHP dev [21:09] <santouras>如果您的句子是“ [编辑]吞噬了内存”最有可能基于Java的;) [21:09] <Hulkur>崇高支持导航到类/函数吗? [21:09] <Aaron>我喜欢PHPStorm [21:09] <santouras>是 [21:09] <santouras> Hulkur是 [21:09] <michaelsauter>是的,所以这就是我选择PHPStorm的原因,它似乎是较重的IDE中最快的。 但是,距离ST或Textmate等不远。 [21:09] <Brad82>鹰可以让我编辑几秒钟吗? [21:09] <harlem> Brad82 santouras [21:09] <HAWK>似乎工作不正常 [21:09] <OliverThomas> michaelsauter在处理表单数据时在$ _POST超全局变量中循环是危险的 [ 21:09] <santouras> http://www.sublimetext.com/ <-进入 [21:09] <Gerwin>我想这里的大多数人都使用phpMyAdmin? 对不对 [21:10] <哈林>谢谢你们Brad82 santouras任何链接? [21:10] <HAWK>现在就开始尝试吧Brad82 [21:10] <michaelsauter> OliverThomas除非您正在处理诸如将其输入数据库的数据之类的事情,否则不要这么做 [21:10] <Paul>我刚刚开始使用vim。 它非常强大 [21:10] <evilnick>我在这里到底在做什么,我只记得我讨厌PHP:D [21:10] <michaelsauter> OliverThomas您想要实现什么? [21:10] <santouras> Gerwin不,我在Windows / linux上使用SQLYog,在Mac上使用SequelPro [21:10] <santouras>我对phpmyadmin过敏:) [21:10] <OliverThomas>我使用准备好的插入语句 [21:10] <Aaron>分析代码中安全性问题的最佳方法是什么? 我没有钱买Acunetix,还有其他选择吗? [21:10] <Gerwin>很酷,如果有人感兴趣,我最近建立了这个http://cabindb.com/。[21:11 ] <OliverThomas>只是在寻求做某些事情的最佳方法方面的建议 [21:11 ] <Hulkur>新的phpmyadmin树非常糟糕 [21:11] <Gerwin>是的 [21:11] <michaelsauter> Gerwin看起来不错! [21:11] <santouras> Gerwin很好,非常好,会看一下。 [21:11] <Michael>我使用Navicat [21:11] <santouras>我几乎总是喜欢台式机应用程序,但会给我一个外观 [21:11] <Gerwin>谢谢,它还很年轻,我希望人们可以尝试一下,但还不要依赖它:) [21:12] <michaelsauter> OliverThomas,所以您在$ _POST上循环,并在循环中使用准备好的语句? [21:12] <Brad82>哈林,检查编辑器就这么简单! [21:12] <Hulkur>还有比PHP更好的东西吗? [21:12] <Hulkur>不可能是 [21:12] <MalCurtis>看起来不错Gerwin(和嗨!) [21:12] <jaequery>人们还在学习PHP吗? [21:12] <michaelsauter> OliverThomas即使如此,我还是会非常谨慎,也许最好循环遍历您定义的键,然后从那里查找超全局值 [21:13] <Brad82>哈莱姆https:// gist.github.com/6998745 [21:13] <eip56> jaequery亵渎者 [21:13] <eip56> PHP摇滚 [21:13] <OliverThomas> michaelsauter不,我正在使用foreach处理表单数据( )以修剪数据,然后逐一检查每个字段的各种要求,然后包括准备好的语句脚本。 [21:13] <evilnick>您应该使用Ruby [21:13] * evilnick发起了一场圣战 [21:13] <Gerwin>Ruby语法可能会导致呕吐 [21:13] <santouras> Aaron您是否看过PHPMD ? [21:13] <jaequery>这是一个严重的问题:x [21:13] <santouras> Gerwin evilnick世界上有很多语言可以使用:) [21:14] <Hulkur>Ruby语法确实会引起呕吐 [ 21:14] <evilnick>不适用于PHP [21:14] <santouras>有些人仍然使用 cobal [21:14] <michaelsauter> jaequery我认为PHP并不是一个不错的选择。 很容易就可以找到很多工作,并且取决于您的住所。 当然其他语言也有更好的设计,但是有很多用PHP编写的应用程序 [21:14] <Aaron> santouras我还没有… [21:14] <michaelsauter> OliverThomas听起来不错,然后 [21:14] <evilnick > PHP甚至没有命名约定 [21:14] <Gerwin> MalCurtis嘿,伙计,看到了您的名字。 是的,这是一个开始,我的业余时间有限。 [21:14] <jaequery>我的php代码很好。 我只是无法忍受其他人(wordpress,drupal,joomla, yuck ) [21:14] <Hulkur> evilnick,您的意思是不强求您为公约命名 [21:14] <Paul>我没有弄清楚,一种简单的方法,如何将外部文件中的代码粘贴到vim中,而不是宏中的一些长命令 [21:15] <evilnick>我的意思是核心库命名约定 [21:15] <michaelsauter> evilnick https://github.com。 com / php-fig / fig-standards / blob / master / accepted / PSR-2-coding-style-guide.md [21:15] <Paul>我希望我可以在 病毒 [21:15] <MalCurtis> Gerwin您可以运行任意SQL查询吗? 那是我对任何SQL工具的主要用途之一 [21:15] <Elie>命名约定? 大声笑使用您自己的 [21:15] <michaelsauter> PHP在过去几年中发生了变化 [21:15] <Gerwin> MalCurtis是的,先生,语法高亮! [21:15] <OliverThomas>感谢Michael的反馈 [21:15] <MalCurtis> sheeet儿子。 [21:15] 关于名称空间的<Hulkur>,如果您将类命名为My_Package_Class之类的名称,实际上是不使用的。 [21:15] <jaequery>老实说,我认为情况已经变得最糟了 [21:15] <evilnick>是的,但是无法确定要使用哪个功能,因为它们使用不同的命名约定 [21:15] <Gerwin>而且用户权限很容易实现! [21:15] <Hulkur>然后没有冲突 [21:16] <harlem>感谢Brad82 [21:16] <santouras> Hulkur我不同意,主要是因为代码美:) [21:16] <MalCurtis > Hulkur是的,直到您看到一些大的为止,它是很棒的 [21:16] <jaequery>关于php-fig的自动加载器讨论使我感到 恶心 [21:16] <Hulkur>我致力于magento,足够大 [21:16] <Gerwin > DL并尝试使其本地化,然后播放。 我尚未在太多机器上进行过测试,mac和pc以及我的AWS机器也都可以工作。 仍然需要更多的测试,所有js一页样式 [21:16] * evilnick ragequits [21:16] <HAWK> evilnick只是ragequit [21:17] <MalCurtis>像:Sitepoint_Courses_PageController_CourseAdminController [21:17] <michaelsauter>哈哈:) [21:17] <eip56>可能您最了解这一个,但也有人知道。 任何人都可以推荐更通用的服务来检查跨浏览器的兼容性。 希望免费,但我知道有一些服务可以在较旧的虚拟浏览器中检查我的网站 [21:17] <santouras> MalCurtis :( [21:17] <MalCurtis> *在此处插入呕吐表情* [21: 17] <jaequery>这个聊天室的用途是什么? [21:17] <Hulkur>命名空间如何使其更短? [21:17] <Brad82> MalCurtis我只是看了一下它的小招 [21:17] < jaequery>是开源的吗? [21:17] <MalCurtis>当您位于名称空间中时,您无需键入整个内容…… [21:17] <programmer>是否有其他建议的获取和发布检查建议我在代码窗口中看到了一些东西 [21:17] <michaelsauter> Hulkur,您可以导入名称空间,然后只使用类名 [21:18] <MalCurtis> jaequery kinda,我从kiwiirc开始,这是开源的node.js irc客户端,然后添加了大量的自定义设置 [21:18] <Hulkur>您可以向我展示一些正确制作的名称空间 [21:18] <Brad82>程序员,它是一个非常简化的示例,用于检查是否获得v ar是数字 [21:18] <michaelsauter>程序员,因此,要么您正在使用一个为您完成所有任务的框架,要么最好是知道您正在使用的变量是什么,然后专门针对该变量进行清理 [ 21:18] <Hulkur>我认为我还不太了解它们 [21:19] <santouras>保存的编辑器: https : //gist.github.com/6998820 [21:19] <Brad82>程序员取决于您正在使用所说的变量来处理或验证变量 [21:19] <HAWK>有人可以通过良好的浏览器兼容性测试服务来帮助eip56吗? [21:19] <Hulkur>这很小,如何放置模型和视图? [21:19] <程序员>那么消毒的最佳方法是什么? 通常我有琴弦。 [21:19] <Hulkur>您仍然需要长名称 [21:20] <Hulkur>只需/而不是_ [21:20] <Brad82> @hulker [21:20] <jaequery>是否更推荐这样做Sitepoint或\ Sitepoint [21:20] <programmer>,其中大多数应该只是一个字符Y或N [21:20] <michaelsauter> @programmer取决于您要在哪里使用该字符串。 当您要显示它时,请使用htmlspecialchars或类似内容;对于mysql,请使用一些mysql转义功能 [21:20] <santouras> jaequery通常,您将使用Sitepoint,除非您想确保达到根级 [21:21] <程序员>好的,我想我有mysqli_real_escape或类似的东西。 [21:21] <santouras> jaequery在使用显式使用\ Exception类的人们中经常会看到这种情况。 [21:21] <programmer>因为他们进入了数据库查询 [21:21] <Paul> elp56我喜欢http: //quirktools.com/screenfly/ [21:21] <jaequery>为什么您总不想从根开始? [21:21] <Paul>但这是屏幕分辨率 [21:21] <HAWK> eip56您在Twitter上吗? 我刚刚从@sitepointdotcom [21:22] 发了一条推文,你问的问题 <michaelsauter> Hulkur看到了我的代码扩展名。 您可以在文件 [21:22] <santouras> jaequery 的顶部导入名称空间后使用缩写名, 因为它可以解析为任何导入的名称空间 [21:22] <michaelsauter>程序员,如果在内部使用它,则很好sql查询 [21:22] <AlexF>命名空间的另一个不错的好处是使用Some \ Other \ Namespace作为NS进行别名; [21:22] <santouras>因此,从根类开始就消除了“使用”的全部要点。 [21:22] <jaequery>命名空间如何处理您拥有Sitepoint \ *的地方,而其他人也拥有Sitepoint \ *纯粹出于运气? [21:23] <Nofel>我多年来一直是php的粉丝,但是我如何申请,如果没有证明您的php专家,您就无法获得项目,因此您如何练习php项目以测试技能 [21:23] <Brad82>通过mysqli_real_escape运行$ _REQUEST变量的程序员…在将其放入SQL查询之前就足够了 [21:23] <santouras> Nofel最好的办法是将应用程序作为个人项目编写并在github上托管代码 [21: 23] <Paul> elp56,这是免费的跨浏览器http://browsershots.org/ [21:24] <programmer>非常好。 我也在检查输入的长度。 [21:24] <eip56>我是 [21:24] <Hulkur>您应该阅读手册! :)发现我所缺少的知识使用My \ Full \ Classname作为Another; [21:24] <eip56> :-(我以为我们是朋友! [21:24] <Nofel> santouras你的意思是做自己的项目吗? [21:24] <michaelsauter> jaequery那是个问题,但是,如果您遵循标准并将库上传到packagist.org,则不应该发生这种情况 [21:24] <Hulkur>名称空间别名并且不再使用长名称 [21:24] <Nofel>什么是 [21:24] <santouras > jaequery文档涵盖了解决方法– http://php.net/manual/zh/language.namespaces.rules.php [21:24] <Brad82>程序员首先通过mysql_escape运行所有变量,然后使用这些已清除的变量之后在strlen($ var)中进行检查 [21:24] <jaequery>,这就是为什么我感到困惑,难道命名空间的puprose不会在发生冲突时避免冲突吗? [21:25] <MalCurtis>目的是提供一个封装的和绝缘的地方,编写代码包, 以防 发生冲突 [21:25] <michaelsauter> Hulkur afaik这仅是命名空间的别名,而不是类的别名 [21:25] <Hulkur>是的,但是 然后使用别名作为短名称空间 [21:26] <santouras> Nofel是的,将您自己的项目作为示例应用程序编写 [21:26] <Nofel>我遵循Kevin skougland在Lynda上进行的php培训。 他确实在基本训练中进行了重构,这使人们无法理解,以及在早期了解重构的重要性。 [21:26] <Brad82> programmer remember, its de facto to use $variable = mysqli_escape..($_GET['variable']); and then use $variable throughout the script later on (for example in the strlen() check). [21:26] <HAWK> There you go eip56 :) Anyway, check out our stream later on to see what people suggest [21:26] <programmer> What about input that will be returned to the user as a file? [21:26] <Hulkur> according to php.net you can alias classes [21:26] <michaelsauter> Hulkur so, it would be \My\BadlyNamedNamespace as PerfectlyNamedNamespace. and then PerfectlyNamedNamespace\SomeClass [21:26] <jaequery> MalCurtis, what about Zend / PEAR way , as long as you have started your folder as vendor name, it won't cause conflicts right? [21:26] <Brad82> programmer that would not need any sanitising [21:26] <HAWK> Ok people, 5 mins left. If you have a question that you haven't asked, now is your last chance! [21:27] <Nofel> I was reading php OOP and I couldn't understand parent and what does it do [21:27] <Brad82> parent refers to the class from which the current class was extended from. [21:27] <michaelsauter> jaequery using namespace, you still start with the vendor name [21:27] <Nofel> Brad82 like a example? [21:27] <santouras> Nofel parent will call the parent function from a subclass. which is handy if you are redefining a function [21:27] <programmer> My other question is probably too complicated and I should probably ask on the Sitepoint forum. [21:27] <Hulkur> B extends A => parent is A [21:27] <jaequery> only thing namespace solves is that it can shorten the class name [21:28] <jaequery> which imo w/ IDE is not really that big of an issue [21:28] <michaelsauter> jaequery basically, only use libraries that follow psr0,1,2. then you won't have conflicts and good interoperability [21:28] <Brad82> Nofel there is a great example of parent at http://php.net/manual/en/keyword.parent.php [21:28] <jaequery> and why do we have so many PSRs [21:28] <santouras> jaequery it is also important as MalCurtis mentioned to help you write encapsulated code [21:28] <jaequery> shouldnt we just have a “single” one? [21:29] <Paul> Notel … yep I'm doing it now [21:29] <jaequery> how do we standardize it when there are so many w/ new ones being added every month [21:29] <michaelsauter> jaequery they address different issues [21:29] <Hulkur> 0 is autoloader, 2 is code style iirc [21:29] <Paul> Notel do it with restful services and ajax or json [21:29] <michaelsauter> See https://github.com/php-fig/fig-standards [21:29] <Nofel> Brad82 that was helpful. [21:30] <jaequery> ah gotcha [21:30] <Brad82> @nor [21:30] <jaequery> i like this chat, when is the next one and how often do you guys do it? [21:30] <Brad82> Nofel, do you need that explaining any further? [21:30] <santouras> jaequery every week! [21:30] <Paul> Notel do a wordrpess plugin [21:30] <santouras> but not always on PHP ;) [21:31] <Nofel> i am trying to learn magento and it's all OOP so what I need php or OOP or mvc [21:31] <HAWK> Aaaannnnddd… that's a wrap! [21:31] <jaequery> i'd like to see a chat for angular [21:31] <HAWK> I'm going to cut our experts free whenever they want to go [21:31] <HAWK> The rest of you are free to stay as long as you like [21:31] <programmer> Thank you so much. This was great. [21:31] <Hulkur> @Nofel you need someone who knows magento [21:31] <Nofel> Brad82 why use parent when u can refer to the function [21:31] <HAWK> You're in luck jaequery – there is an Angular one in a couple of weeks [21:31] <santouras> thanks HAWK :) [21:31] <michaelsauter> Thanks for joining! [21:31] <santouras> thanks room!
翻译自: https://www.sitepoint.com/talk-php-expertsthe-transcript/
php 查询成绩