Secure PHP Development- P8

Chia sẻ: Cong Thanh | Ngày: | Loại File: PDF | Số trang:5

Thêm vào BST

Báo xấu

88
lượt xem 6
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

Secure PHP Development- P8: Welcome to Secure PHP Development: Building 50 Practical Applications. PHP has come a long way since its first incarnation as a Perl script. Now PHP is a powerful Web scripting language with object-oriented programming support. Slowly but steadily it has entered the non-Web scripting arena often reserved for Perl and other shell scripting languages. Arguably, PHP is one of the most popular Web platforms.

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Secure PHP Development- P8

6 Part I: Designing PHP Applications Listing 1-1 (Continued) // Get name from GET or POST request $name = (! empty($_REQUEST[‘name’])) ? $_REQUEST[‘name’] : null; // Print output print
Chapter 1: Features of Practical PHP Applications 7 // Setup this application’s template // directory path $TEMPLATE_DIR = $_SERVER[‘DOCUMENT_ROOT’] . ‘/ch1/templates’; // Setup the output template filename $OUT_TEMPLATE = ‘listing2out.html’; // Get name from GET or POST request $name = (! empty($_REQUEST[‘name’])) ? $_REQUEST[‘name’] : null; // Create a new template object $t = new Template($TEMPLATE_DIR); // Set the template file for this object to // application’s template $t->set_file(“page”, $OUT_TEMPLATE); // Setup the template block $t->set_block(“page”, “mainBlock” , “main”); // Set the template variable = value $t->set_var(“NAME”, $name); // Parse the template block with all // predefined key=values $t->parse(“main”, “mainBlock”, false); // Parse the entire template and print the output $t->pparse(“OUT”, “page”); ?> This application looks much more complex than the one shown in Listing 1-1, right? At first glance, it may look that way, but it’s really a much better version of the script. Let’s review it line by line: $PHPLIB_DIR = $_SERVER[‘DOCUMENT_ROOT’] . ‘/phplib’; The first line of the script sets a variable called $PHPLIB_DIR to a path where PHPLIB library files are stored. The path is set to PHPLIB (phplib) subdirectory doc- ument root (hereafter %DocumentRoot%). This means if your Web document root is set to /usr/local/apache/htdocs, the script assumes your PHPLIB directory is
8 Part I: Designing PHP Applications /usr/local/apache/htdocs/phplib. Of course, if that is not the case, you can change it as needed. For example: $PHPLIB_DIR = ‘/www/phplib’; Here the PHPLIB path is set to /www/phplib, which may or may not be within your document root. As long as you point the variable to the fully qualified path, it works. However, the preferred path is the %DocumentRoot%/somepath, as shown in the script. The next bit of code is as follows: ini_set( ‘include_path’, ‘:’ . $PHPLIB_DIR . ‘:’ . ini_get(‘include_path’)); It adds the $PHPLIB_DIR path to PHP’s include_path setting, which enables PHP to find files in PHPLIB. Notice that we have set the $PHPLIB_DIR path in front of the existing include_path value, which is given by the ini_get(‘include_path’) function call. This means that if there are two files with the same name in $PHPLIB_DIR and the original include_path, the $PHPLIB_DIR one will be found first. Next, the code sets the $TMEPLATE_DIR variable to the template path of the script: $TEMPLATE_DIR = $_SERVER[‘DOCUMENT_ROOT’] . ‘/ch1/templates’; The path is set to %DocumentRoot%/ch1/templates. You can change it to what- ever the exact path is. Again, the ideal path setting should include $_SERVER [‘DOCUMENT_ROOT’] so that the script is portable. If an exact path is hard coded, such as the following, then the end user is more likely to have to reconfigure the path because the %DocumentRoot% may vary from site to site: $TEMPLATE_DIR = ‘/usr/local/apache/htdocs/ch1/templates’; The next line in Listing 1-2 sets the output template file name to $OUT_ TEMPLATE: $OUT_TEMPLATE = ‘listing2out.html’; This file must reside in the $TEMPLATE_DIR directory. The code then sets $name variable to the ‘name’ value found from an HTTP GET or POST request: $name = (! empty($_REQUEST[‘name’])) ? $_REQUEST[‘name’] : null;
Chapter 1: Features of Practical PHP Applications 9 The script creates a template object called $t using the following line: $t = new Template($TEMPLATE_DIR); The Template class is defined in the template.inc file, which comes from the PHPLIB library. The $t template object will be used in the rest of the script to load the HTML template called $OUT_TEMPLATE from $TEMPLATE_DIR, parse it, and display the resulting contents. The HTML template file listing2out.html is shown in Listing 1-3. Notice that in creating the object, the $TEMPLATE_DIR variable is passed as a parameter to the Template constructor. This sets the $t object’s directory to $TEMPLATE_DIR, which is where we are keeping our listing2out.html HTML template. The following line is used to set the $t object to the $OUT_TEMPLATE file. This makes the $t object read the file and internally reference the file as “page”. $t->set_file(“page”, $OUT_TEMPLATE); The following line defines a template block called “mainBlock” as “main” from the “page” template: $t->set_block(“page”, “mainBlock” , “main”); A block is a section of template contents that is defined using a pair of HTML com- ments, like the following: HTML CONTENTS GOES HERE A block is like a marker that allows the template object to know how to manip- ulate a section of an HTML template. For example, Listing 1-3 shows that we have defined a block called mainBlock that covers the entire HTML template. Listing 1-3: The HTML Template (listing2out.html) for Listing 1-2 Script Bad Script Continued
10 Part I: Designing PHP Applications Listing 1-3 (Continued) Your name is {NAME} You can define many blocks; blocks can be nested as well. For example: HTML CONTENTS GOES HERE HTML CONTENTS GOES HERE block_name1 is the block that has block_name2 as a nested block. When defin- ing nested blocks, you have to use set_block() method carefully. For example: $t->set_block(“page”, “mainBlock” , “main”); $t->set_block(“main”, “rowBlock” , “rows”); The mainBlock is a block in “page” and rowBlock is a block within “main” block. So the HTML template will look like this: HTML CONTENTS GOES HERE HTML CONTENTS GOES HERE