[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ProgSoc] NULL values in primary keys in MySQL
On 27/06/2006 6:02 PM, jedd wrote:
Anyhoo, much of my code is HTML, obviously enough, with
PHP embedded through it.
This is important for two reasons.
Firstly, it's painful to post code, as the logic / actual code is
hidden without an awful lot of wrapper HTML. That's a handy
excuse that I'm happy to take advantage of.
Perhaps once you get your initial port up and running, you might want to
spend a day or two learning the "Smarty" PHP templating system. The
Smarty templating system (http://smarty.php.net/) does an excellent job
at allowing you to separate your presentation from your logic. Using
Smarty, all your .php files can contain the blood-and-guts of any
processing that needs to be done, and the Smarty template files store
the HTML, combined with a few simple tags that allow for iterating over
loops, inserting variables, etc.
Example:
<?php
// Connect to database
...
// Do stuff
...
// Close database connection
// Assign variables to template and display the page
$smarty = new Smarty;
$smarty->assign('username', $_SESSION['username']);
$smarty->assign_by_ref('results', $res);
$smarty->display('order_search_results.tpl');
?>
Then your Smarty template:
{include file="_header.tpl" title="Order Search Results"}
<h1>Welcome, {$username|escape}</h1>
<p> Your results, with Smarty generating the table for you:</p>
{html_table ...}
<p>Or you can iterate over it yourself...:</p>
{if count($results) > 0}
<table>
<tr>
<th>Order No.</th>
<th>Customer Name</th>
</tr>
{foreach from=$results item=result}
<tr>
<td>{$result.order_no|escape}</td>
<td>{$result.customer_name|escape}</td>
</tr>
{/foreach}
</table>
{else}
<p>No results matching your query were found.</p>
{/if}
{include file="_footer.tpl"}
In our PHP, we do all our processing and data access. The Smarty
template lets us move common page elements into separate files -- in
this case we've used a standard header and footer at the top and bottom
of the page.
You can see the use of variables, displayed with the {$username|escape}
escape modifier, to ensure that data displayed on-screen is properly
encoded. This can be very helpful in preventing things like cross-site
scripting attacks (XSS).
Smarty provides a number of handy constructs for displaying tables and
the like -- see the {html_table} function used above. We then manually
write our code for iterating over the results and creating a table as a
demonstration of Smarty's looping constructs.
This is only designed as a rough indication of what is possible in terms
of separating presentation (or as I like to think of it, avoiding the
hell that is PHP-embedded-in-HTML-tag-soup) - it's by no means a model
design that you should follow in terms of app design etc! :-)
Cheers
Antony
-
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@xxxxxxxxxxxxxxxxxxx
If you are having trouble, ask owner-progsoc@xxxxxxxxxxxxxxxxxx for help.