Designing PHP Applications
CHAPTER 1
Features of Practical PHP Applications
CHAPTER 2
Understanding and Avoiding Security Risks
CHAPTER 3
PHP Best Practices
Part
I
02 549669 PP01.qxd 4/4/03 9:23 AM Page 1
02 549669 PP01.qxd 4/4/03 9:23 AM Page 2
Chapter 1
Features of Practical PHP
Applications
IN THIS CHAPTER
◆
Exploring the features of a practical PHP application
◆
Putting the features to work in applications
PHP BEGAN AS A PERSONAL home page scripting tool. Today PHP is widely used in
both personal and corporate worlds as an efficient Web application platform. In
most cases, PHP is introduced in a corporation because of its speed, absence of
license fees, and fast development cycle.
The last reason (fast development cycle) is often misleading. There is no question
that PHP development is often faster than other Web-development platforms like
Java. However, the reasons for PHP development’s faster cycle are often questioned
by serious non-PHP developers. They claim that PHP development lacks design and
often serves as a glue logic scripting platform — thrown together in a hurry.
Frankly, I’ve seen many such scripts on many commercial engagements. In this
book, I introduce you to a PHP application design that is both well planned and
practical, therefore, highly maintainable.

Features of a Practical PHP
Application
When developing a practical PHP application you should strongly consider the fol-
lowing features:
◆
An object-oriented code base: Granted, most freely available PHP appli-
cations are not object oriented, but hopefully they will change soon. The
benefits of object-oriented design outweigh the drawbacks. The primary
benefits are a reusable, maintainable code base. You’ll find that there are
similar objects in every application you develop, and reusing previously
developed, tested, and deployed code gives you faster development time
as you develop more and more applications.
3
03 549669 ch01.qxd 4/4/03 9:24 AM Page 3
I developed all the applications in this book using a single object frame-
work (discussed in Chapter 4). Being able to develop more than 50 appli-
cations using the same framework means that I can easily fix any bugs,
because the framework object code base is shared among almost all the
applications.
◆
External HTML interfaces using templates: Having user interface ele-
ments within an application makes it difficult to adapt to the changing
Web landscape. Just as end users like to change their sites’ look and feel,
they also like to make sure the application-generated screens match their
sites’ overall design. Using external HTML templates to generate applica-
tion screens ensures that an end user can easily change the look and feel
of the application as frequently as he or she wants.
◆
External configuration: When designing a practical application, the
developer must ensure that end-user configuration is not within the code.

Keeping it in an external-configuration-only file makes it very easy for
end users to customize the application for their sites. The external config-
uration file should have site configuration data such as database access
information (host name, username, password, port, etc.), path information,
template names, etc.
◆
Customizable messages: The messages and error messages shown by the
application should be customizable, because a PHP application could find
its way into many different locales. A basic internationalization scheme
would be to keep all the status and error messages in external files so that
they can be customized per the local language.
◆
Relational data storage: Storing data on flat files or comma-separated
value (CSV) files is old and a lot less manageable than storing data in a
fast relational database such as MySQL. If the Web application collects
lots of data points from the Web visitors or customers, using a relational
database for storing data is best. Using a database can often increase your
data security, because proper database configuration and access control
make it difficult for unauthorized users to access the stored data.
◆
Built-in access control: If a Web application has sensitive operations that
are to be performed by only a select group of people and not the entire
world of Web visitors, then there has to be a way for the application to
control access to ensure security.
◆
Portable directory structure: Because most PHP applications are deployed
via the Web, it’s important to make the applications easy to install by
making the required directory structure as portable as possible. In most
cases, the PHP application will run from a directory of its own inside the
Web document root directory.

4 Part I: Designing PHP Applications
03 549669 ch01.qxd 4/4/03 9:24 AM Page 4
Employing the Features in
Applications
Now let’s look at how you can implement those features in PHP applications.
Creating object-oriented design
The very first step in designing a practical application is to understand the problem
you want the application to solve and break down that problem into an object-
oriented design.
For example, say you’re to develop a Web-based library check-in/checkout sys-
tem. In this situation, you have to identify the objects in your problem space. We all
know that a library system allows its members to check in and check out books. So
the objects that are immediately visible are members (that is, users) and books.
Books are organized in categories, which have certain attributes such as name,
description, content-maturity ratings (adults, children), and so on. A closer look
reveals that a category can be thought of as an object as well. By observing the
actual tasks that your application is to perform, you can identify objects in the sys-
tem. A good object-oriented design requires a great deal of thinking ahead of cod-
ing, which is always the preferred way of developing software.
After you have base object architecture of your system, you can determine
whether any of your previous work has objects that are needed in your new appli-
cation. Perhaps you have an object defined in a class file that can be extended to
create a new object in the new problem space. By reusing the existing proven code
base, you can reduce your application’s defects probability number significantly.
Using external HTML templates
Next, you need to consider how user interfaces will be presented and how can you
allow for maximum customization that can be done without changing your core
code. This is typically done by introducing external HTML templates for interface.
For example, instead of using HTML code within your application, you can use
HTML templates.

HTML templates are used for all application interfaces in this book so that the
applications are easy to update in terms of look and feel. To understand the power
of external HTML user-interface templates, carefully examine the code in Listing
1-1 and Listing 1-2.
Listing 1-1: A PHP Script with Embedded User Interface
<?php
// Turn on all error reporting
error_reporting(E_ALL);
Continued
Chapter 1: Features of Practical PHP Applications 5
03 549669 ch01.qxd 4/4/03 9:24 AM Page 5