Is it bad to use html inside a php class? - php

is there anything wrong with using html inside a class function? I call it in the DOM so I don't need a string returned.
public function the_contact_table(){
?>
<div>
some html here
</div>
<?php
}
Also when I do need the string I use this method? Is there a better way or is this relatively standard?
public function get_single(){
ob_start();?>
<div class='staff-member single'>
<div class='col left'>
<div class='thumbnail'>
thumbnail
</div>
<?php $this->the_contact_table(); ?>
</div>
<div class='col right'>
</div>
</div>
<?php
$content = ob_get_contents();
ob_end_clean();
return $content;
}
UPDATE
I should have explained why i am doing this. I'm making a Wordpress plugin and want to control a post types output. So I am using a filter like below
public function filter_single($content){
global $post;
if ($post->post_type == 'staff-member') {
$sm = new JM_Staff_Member($post);
$content = $sm->get_single();
}
return $content;
}
So as you can see, I must return a string to the wordpress core

You should be using HEREDOC instead of output buffering if you want to store a long string into a variable. It looks like this:
$content = <<<EOD
content here
EOD;
EOD can be anything, but note two important things:
It can't have any whitespace in front of it and it must be on it's own line
It shouldn't be a string that could be found within your content
If you are using PHP >= 5.3, then you should use NOWDOC, which does not parse for variable inside the doc (unless you need this). The only different with the syntax of NOWDOC is that the sentinel is enclosed in quotes:
$content = <<<'EOD'
content here
EOD;
The reason why I'd stray away from output buffering is that it prevents the server from chunking the data sent to the client. This means that requests will seem slower because instead of the content being progressively sent to the client and displayed, it is forced to be sent all at once. Output buffering is a hack for situations when functions carelessly echo data instead of returning it or a tool for certain applications with the specific need for it. I'd also imagine that you'd take a hit on execution time if you used output buffering (because it involves function calls) versus HEREDOCing the string into a variable or including a view.
Now to answer the question about whether it is appropriate, I would say that in an MVC application all HTML and other content should be contained within its own view. Then a controller can call a view to display itself and doesn't have to worry about knowing the code involved in displaying the view. You can still pass information (like titles, authors, arrays of tags, etc.) to views, but the goal here is separating the content from the logic.
That said, Wordpress templates and code looks pretty sloppy to begin with and loosely if not at all implements MVC so if it's too much work to create a view for this, I'd say the sloppiness would fit in with WP's style.

It's not a good practice in regard to the fact that you alienate front-end developers by placing what are actually "Views" inside of PHP class files. This was one of my biggest issues when I first started using PHP in general, is that I wanted to dynamically create content within classes. It's a great idea, but you want to do it in a way that allows many members of your team to work together as smoothly as possible ;].
You should probably have the content inside of a separate file called "staff-member-single.php", which you then call in your function
public function get_single(){
ob_start();
require_once('views/staff-member-single.php');
$content = ob_get_contents();
ob_end_clean();
return $content;
}
You'd refactor that into a reusable method typically though, so it'd look a little bit like..
public function get_single()
{
$string = $this->render_view_as_string('satff-member-single');
return $string;
}
public function render_view($view)
{
require('views/'.$view.'.php');
}
public function render_view_as_string($view)
{
ob_start();
$this->render_view($view);
$content = ob_get_contents();
ob_end_clean();
return $content;
}

I think it is good practice to use PHP only for logic of application and transmission some data to view layer (template engine). In accordance with this there are some patterns like MVC.

Related

How to make php loop a template file efficiently

I found a question on stack overflow about loading a template file in php, which was fine, but I wish to loop a template file of one line, many times instead.
The article I have read is here
[PHP Content Separation.
The best answer on that page was from prodigitalson with his function GetTemplate.
Now I wanted to use something like this, but if I put his function in a loop then it wouldn't be very efficient, as it would keep loading the same file many times.
So I tried this. I would get the html included. Then store it in a variable, before putting it in the loop. However it didn't work.
Here is my code. The data is already in an array called $result.
$salesTemp=$this->tempLine('salesTEM.php');
while($row = array_shift($result)):
echo $salesTemp;
endwhile;
private function tempLine($file){
ob_start();
require $file;
return ob_get_clean();
}
The problem is that my variable is not being updated in the template.
Here is my template
<li class="list-group-item"><?php echo $Customer;?><span class="label label-primary pull-right">SALES</span></li>
So is there a way of re-writing this so my $Customer variable is updated.
I am doing this to try to keep php and html separate.
The primary problem I see with the code as it stands is that when $salesTemp is declared and ran through the tempLine() method, a string is returned (due to ob_get_clean()). The variable within the template has been resolved, and when the string is echoed in the loop the variables in the template are not updated because they have already been resolved and processed into a string. To fix the situation I would:
while ($row = array_shift($result)) {
echo $this->tempLine('salesTEM.php', $Customer);
}
/**
* #return string
*/
private function tempLine($file, $Customer) {
ob_start();
require $file;
return ob_get_clean();
}
This would be the shortest path to getting what you want. If you wish to not include the template on each iteration, try:
$salesTEM = include 'salesTEM.php';
while ($row = array_shift($result)) {
echo sprintf($salesTEM, $Customer);
}
/**
* salesTEM.php
*/
<li class="list-group-item">
%s
<span class="label label-primary pull-right">SALES</span>
</li>
There are many frameworks available that provide this functionality out of the box and may be perused for additional information on templating techniques. Essentially, it is always good form to pass the information in via the function (file name and data) and expect the string back out. It will make it easy to unit test as well. Allowing it to pick up the information passively tends to make the code error prone, for example:
while ($row = array_shift($result)) {
echo include 'salesTEM.php';
}
/**
* salesTEM.php
*/
<li class="list-group-item">
<?php echo $Customer;?>
<span class="label label-primary pull-right">SALES</span>
</li>
You could accidentally include the file and have not declared the $Customer variable resulting in a difficult to find bug. Define everything going in and coming out and it will make it much more manageable down the road.
You should really move the loop to inside the template file, seeing as you've already used PHP as the templating language inside of it. This will make things a whole lot easier for you, and give you the best possible performance (without rewriting the entire templating system).
As for the statement about keeping the HTML and PHP separate: It is actually not quite accurate, as it's a subtle rewrite from the original goal. Namely keeping the business code and the presentation code separate.
Normally, the presentation code is pure HTML, but in the case of dynamic sites the presentation code also requires dynamic elements. Most of the time this is solved by using a template engine that provides its own template language, but PHP can also be used as one. Matter of fact, PHP started as a template langauge. :)
So, using PHP in your views is perfectly fine. Provided said PHP code only controls output, and not business operations.
I have an answer which works. However as ChristianF says it may not be the best answer, but this does solve my question.
Right instead of having an echo in the html I put the tag in %% like this
<li class="list-group-item">%CUSTOMER%<span class="label label-primary pull-right">SALES</span></li>
Then my loop in my class. I can build the object in the previous line for better readability or do it inline like I have.
$salesTemp=$this->tempLine('salesTEM.php');
while($row = array_shift($result)):
echo $this->replaceTemp($salesTemp, $obj=(object)array ( 'CUSTOMER' => $row['CustomerName'] ));
endwhile;
and a small function
private function replaceTemp($file, $obj){
return preg_replace('~%(\w+)%~e', '$obj->$1', $file);
}
private function tempLine($file){
ob_start();
require $file;
return ob_get_clean();
}
The function basically replaces everything in the html where there are %% symbols with whatever is in the object.
UPDATE
After posting this I have improved my answer, but I will leave the above there as it was my original answer. Below is a class which improves on the above answer. In the rTemplate function I can have one, or many tags that will be replaced in the template. For the example I only have one tag to replace, but you could add many. Running testLoad will list the array, grab the template and fill in the tags with what is in rTemplate.
class testlist{
private $myfile;
public function __construct(){
$this->myfile=$this->loadTemplate('salesTEM.php');
}
public function testload(){
// At this point the array is populated from a database, but I haven't shown this.
// You can populate the array anyway you like.
while($row = array_shift($result)):
echo $this->rTemplate($row['CustomerName']);
endwhile;
}
// This loads in a file into a string and then returns it.
private function loadTemplate($file){
ob_start();
require $file;
return ob_get_clean();
}
// This makes the object to replace keywords, then replaces them
private function rTemplate($customer)
{
$obj = (object) array(
'CUSTOMER' => $id
);
return preg_replace('~%(\w+)%~e', '$obj->$1', $this->myfile);
}
}

Separating php from html

I am building a website using php. I would want to separate the php from the html. Smarty engine, I guess does that, but right now its too complicated for me. Looking for a quick fix and easy to learn solution, one which is an accepted standard as well. Anyone helping please.
Consider frameworks or choose a template engine
Use a framework. Depending on your project, either a micro framework like Slim or something more complete like Laravel.
What I sometimes do when writing complex systems with quite much php code is separating it the following way (don't know your exact project, but it might work for you):
You create a php file with all the functions and variables you need. Then, you load every wepgage through the index.php file using .htaccess (so that a user actually always loads the index.php with a query string). Now, you can load the html page using file_get_contents (or similar) into a variable (I call this $body now); this variable can be modified using preg_replace.
An example: In the html file, you write {title} instead of <title>Sometext</title>
The replacement replaces {title} with the code you actually need:
$body = str_replace('{title}', $title, $body);
When all replacements are done, simply echo $body...
Just declare a lot of variables and use them in the template:
In your application:
function renderUserInformation($user)
{
$userName = $user->userName;
$userFullName = $user->fullName;
$userAge = $user->age;
include 'user.tpl.php';
}
In user.tpl.php:
User name: <?=$username?><br>
Full name: <?=userFullName?><br>
Age: <?=$userAge?>
By putting it in a function, you can limit the scope of the variables, so you won't pollute your global scope and/or accidentally overwrite existing variables.
This way, you can just 'prepare' the information needed to display and in a separate php file, all you need to do is output those variables.
Of course, if you must, you can still add more complex PHP code to the template, but try to do it as little as possible.
In the future, you might move this 'render' function to a separate class. In a way, this class is a view (a User View, in this case), and it is one step in creating a MVC structure. (But don't worry about that for now.)
Looking for a quick fix and easy to learn solution
METHOD 1 (the laziest; yet you preserve highlighting on editors like notepad++)
<?php
// my php
echo "foo";
$a = 4;
// now close the php tag -temporary-
// to render some html in the laziest of ways
?>
<!-- my html -->
<div></div>
<?php
// continue my php code
METHOD 2 (more organized; use template files, after you passed some values on it)
<?php
// my php
$var1 = "foo";
$title = "bar";
$v = array("var1"=>"foo","title"=>"bar"); // preferrable
include("template.php");
?>
template.php
<?php
// $var1, $var2 are known, also the array.
?>
<div>
<span> <?php echo $v["title"]; ?> </span>
</div>
Personally, i prefer method 2 and im using it in my own CMS which uses lots and lots of templates and arrays of data.
Another solution is of course advanced template engines like Smarty, PHPTemplate and the likes. You need a lot of time to learn them though and personally i dont like their approach (new language style)
function renderUserInformation($user)
{
$userName = $user->userName;
$userFullName = $user->fullName;
$userAge = $user->age;
include 'user.tpl.php';
}

PHP: Using a function to print content vs returning the content as a variable and then printing that instead

I have some classes to do things for a website like get news, create a discography of recordings, gig listings etc. There are functions for listGigs(), listHeadlines() etc and these print out the relevant info to the screen.
Is there a drawback to having a function return all the html as a variable and then printing this variable later instead of printing it out directly through a function call?
If I can set up all the content for each page in generic variables e.g. $maincontent then I can call these in a html template. It seems straight forward enough, I'm just wondering if this is good practice or not. Here is the general plan of what I am talking about anyway:
in the php file
$maincontent = $news->getHeadlines;
include_once 'template.php';
in the template file
<body>
<div>Some stuff</div>
<div clas="main"><?php echo $maincontent; ?></div>
</body>
I don't see any issue with creating direct to output widgets. If you wanted to be afforded a little more flexibility though you could implement something like this
function displayTemplate($template, $data, $__captureOutput = false){
if ($__captureOutput) ob_start();
extract ($data);
include($template);
if ($__captureOutput) return ob_get_clean();
}
and for your above use case you would just do either
$maincontent = $news->getHeadlines;
displayTemplate('template.php',array("maincontent"=>$maincontent));
or
$maincontent = $news->getHeadlines;
$data = displayTemplate('template.php',array("maincontent"=>$maincontent), true);
I'd question whether even returning HTML from the function would be wise.
The drawback of having the function output HTML is you've now coupled application (domain) logic with presentation logic. Suppose you want to present the same data in a different way, such as a JSON object or raw data to write to a file. You'd either have to write additional functions for each case or write a function that will parse the HTML, extract the data from it and convert it to the format you want.
If the function does the work but only returns a PHP data structure, then you can use that output as the input to another function that implements the presentation logic.
Printing HTML directly from the function is really inflexible, and you won't even have the option to reparse it into another format.
Good software is, as a rule, loosely coupled with the various concerns separated from each other. Computation of data and presentation of data are separate concerns.

Dirt-simple PHP templates... can this work without `eval`?

Update- Thanks for all the responses. This Q is getting kind of messy, so I started a sequel if anyone's interested.
I was throwing together a quick script for a friend and stumbled across a really simple way of doing templating in PHP.
Basically, the idea is to parse the html document as a heredoc string, so variables inside of it will be expanded by PHP.
A passthrough function allows for expression evaluation and function and static method calls within the string:
function passthrough($s){return $s;}
$_="passthrough";
The code to parse the document inside a heredoc string is ridiculously simple:
$t=file_get_contents('my_template.html');
eval("\$r=<<<_END_OF_FILE_\n$t\_END_OF_FILE_;\n");
echo $r;
The only problem is, it uses eval.
Questions
Can anyone think of a way to do this sort of templating without using eval, but without adding a parser or a ton of regex madness?
Any suggestions for escaping stray dollar signs that don't belong to PHP variables without writing a full-on parser? Does the stray dollar sign problem render this approach not viable for 'serious' use?
Here's some sample templated HTML code.
<script>var _lang = {$_(json_encode($lang))};</script>
<script src='/blah.js'></script>
<link href='/blah.css' type='text/css' rel='stylesheet'>
<form class="inquiry" method="post" action="process.php" onsubmit="return validate(this)">
<div class="filter">
<h2>
{$lang['T_FILTER_TITLE']}
</h2>
<a href='#{$lang['T_FILTER_ALL']}' onclick='applyFilter();'>
{$lang['T_FILTER_ALL']}
</a>
{$filter_html}
</div>
<table class="inventory" id="inventory_table">
{$table_rows}
<tr class="static"><th colspan="{$_($cols+1)}">
{$lang['T_FORM_HELP']}
</th></tr>
{$form_fields}
<tr class="static">
<td id="validation" class="send" colspan="{$cols}"> </td>
<td colspan="1" class="send"><input type="submit" value="{$lang['T_SEND']}" /></td>
</tr>
</table>
</form>
Why use templating?
There's been some discussion of whether creating a templating layer is necessary in PHP, which, admittedly, is already pretty good at templating.
Some quick reasons templating is useful:
You can control it
If you preprocess the file before it goes to the interpreter, you have more control over it. You can inject stuff, lock down permissions, scrape for malicious php / javascript, cache it, run it through an xsl template, whatever.
Good MVC design
Templating promotes separation of view from model and controller.
When jumping in and out of <?php ?> tags in your view, it's easy to get lazy and do some database queries or perform some other server action. Using a method like the above, only one statement may be used per 'block' (no semicolons), so it's much more difficult to get caught in that trap. <?= ... ?> have pretty much the same benefit, but...
Short tags aren't always enabled
...and we want our app to run on various configurations.
When I initially hack a concept together it starts out as one php file. But before it grows I'm not happy unless all php files have only one <?php at the beginning, and one ?> at the end, and preferably all are classes except stuff like the controller, settings, image server, etc.
I don't want much PHP in my views at all, because designers become confused when dreamweaver or whatever poops the bed when it sees something like this:
<a href="<?php $img="$img_server/$row['pic'].png"; echo $img; ?>">
<img src="<?php echo $img; ?>" /></a>
This is hard enough for a programmer to look at. The average graphic designer won't go anywhere near it. Something like this is a much easier to cope with:
<img src="{$img}" />
The programmer kept his nasty code out of the html, and now the designer can work his design magic. Yay!
Quick update
Taking everyone's advice into consideration, I think preprocessing the files is the way to go, and the intermediate files should be as close as normal "php templating" as possible, with the templates being syntactic sugar. Eval still in place for now while I play with it. The heredoc thing has sort of changed its role. I'll write more later and try to respond to some of the answers, but for now...
<?php
class HereTemplate {
static $loops;
public function __construct () {
$loops=array();
}
public function passthrough ($v) { return $v; }
public function parse_markup ($markup, $no_escape=null, $vars=array()) {
extract($vars);
$eot='_EOT_'.rand(1,999999).'_EOT_';
$do='passthrough';
if (!$no_escape) $markup=preg_replace(
array(
'#{?{each.*(\$\w*).*(\$\w*).*(\$\w*).*}}?#',
'#{?{each.*(\$\w*).*(\$\w*).*}}?#',
'#{?{each}}?#',
'#{{#', '#}}#',
'#{_#', '#_}#',
),
array(
"<?php foreach (\\1 as \\2=>\\3) { ?>",
"<?php foreach (\\1 as \\2) { ?>",
"<?php } ?>",
"<?php echo <<<$eot\n{\$this->passthrough(", ")}\n$eot\n ?>",
"<?php ", " ?>",
),
$markup);
ob_start();
eval(" ?>$markup<?php ");
echo $markup;
return ob_get_clean();
}
public function parse_file ($file) {
// include $file;
return $this->parse_markup(file_get_contents($file));
}
}
// test stuff
$ht = new HereTemplate();
echo $ht->parse_file($argv[1]);
?>
...
<html>
{{each $_SERVER $key $value}
<div id="{{$key}}">
{{!print_r($value)}}
</div>
{each}}
</html>
PHP was itself originally intended as a templating language (ie a simple method of allowing you to embed code inside HTML).
As you see from your own examples, it got too complicated to justify being used in this way most of the time, so good practice moved away from that to using it more as a traditional language, and only breaking out of the <?php ?> tags as little as possible.
The trouble was that people still wanted a templating language, so platforms like Smarty were invented. But if you look at them now, Smarty supports stuff like its own variables and foreach loops... and before long, Smarty templates start to have the same issues as PHP templates used to have; you may as well just have used native PHP in the first place.
What I'm trying to say here is that the ideals of a simple templating language aren't actually that easy to get right. It's virtually impossible to make it both simple enough not to scare off the designers and at the same time give it enough flexibility to actually do what you need it to do.
If you don't wont to use a big template engines like Twig (which I sincerely recommend) you can still get good results with little code.
The basic idea that all the template engines share is to compile a template with friendly, easy-to-understand syntax to fast and cacheable PHP code. Normally they would accomplish this by parsing your source code and then compiling it. But even if you don't want to use something that complicated you can achieve good results using regular expressions.
So, basic idea:
function renderTemplate($templateName, $templateVars) {
$templateLocation = 'tpl/' . $templateName . '.php';
$cacheLocation = 'tplCache/' . $templateName . '.php';
if (!file_exists($cacheLocation) || filemtime($cacheLocation) < filemtime($templateLocation)) {
// compile template and save to cache location
}
// extract template variables ($templateVars['a'] => $a)
extract($templateVars);
// run template
include 'tplCache/' . $templateName . '.php';
}
So basically we first compile the template and then execute it. Compilation is only done if either the cached template doesn't yet exist or there is a newer version of the template than the one in the cache.
So, let's talk about compiling. We will define two syntaxes: For output and for control structures. Output is always escaped by default. If you don't want to escape it you must mark it as "safe". This gives additional security. So, here an example of our syntax:
{% foreach ($posts as $post): }
<h1>{ $post->name }</h1>
<p>{ $post->body }</p>
{!! $post->link }
{% endforeach; }
So, you use { something } to escape and echo something. You use {!! something} to directly echo something, without escaping it. And you use {% command } to execute some bit of PHP code without echoing it (for example for control structures).
So, here's the compilation code for that:
$code = file_get_contents($templateLocation);
$code = preg_replace('~\{\s*(.+?)\s*\}~', '<?php echo htmlspecialchars($1, ENT_QUOTES) ?>', $code);
$code = preg_replace('~\{!!\s*(.+?)\s*\}~', '<?php echo $1 ?>', $code);
$code = preg_replace('~\{%\s*(.+?)\s*\}~', '<?php $1 ?>', $code);
file_put_contents($cacheLocation, $code);
And that's it. You though have to note, that this is more error prone than a real template engine. But it will work for most cases. Furthermore note that this allows the writer of the template to execute arbitrary code. That's both a pro and a con.
So, here's the whole code:
function renderTemplate($templateName, $templateVars) {
$templateLocation = 'tpl/' . $templateName . '.php';
$cacheLocation = 'tplCache/' . $templateName . '.php';
if (!file_exists($cacheLocation) || filemtime($cacheLocation) < filemtime($templateLocation)) {
$code = file_get_contents($templateLocation);
$code = preg_replace('~\{\s*(.+?)\s*\}~', '<?php echo htmlspecialchars($1, ENT_QUOTES) ?>', $code);
$code = preg_replace('~\{!!\s*(.+?)\s*\}~', '<?php echo $1 ?>', $code);
$code = preg_replace('~\{%\s*(.+?)\s*\}~', '<?php $1 ?>', $code);
file_put_contents($cacheLocation, $code);
}
// extract template variables ($templateVars['a'] => $a)
extract($templateVars, EXTR_SKIP);
// run template
include 'tplCache/' . $templateName . '.php';
}
I haven't tested the above code ;) It's only the basic idea.
I'm gonna do something silly and suggest something that requires no templating engine at all and requires only at most 5 characters more per variable/call than what you have there - replace {$foo} with <?=$foo?> and then you can use include for all your templating needs
If all you need is variable replacement though this is a templating function i actually use:
function fillTemplate($tplName,$tplVars){
$tpl=file_get_contents("tplDir/".$tplName);
foreach($tplVars as $k=>$v){
$tpl = preg_replace('/{'.preg_quote($k).'}/',$v,$tpl);
}
return $tpl;
}
if you want to be able to call functions or have loops, there is basicly no way around calling eval short of pre-processing.
There is no ultimate solution. Each has pros and cons. But you already concluded what you want. And it seems a very sensible direction. So I suggest you just find the most efficient way to achieve it.
You basically only need to enclose your documents in some heredoc syntactic sugar. At the start of each file:
<?=<<<EOF
And at the end of each template file:
EOF;
?>
Achievement award. But obviously this confuses most syntax highlighting engines. I could fix my text editor, it's open source. But Dreamweaver is a different thing. So the only useful option is to use a small pre-compiler script that can convert between templates with raw $varnames-HTML and Heredoc-enclosed Templates. It's a very basic regex and file rewriting approach:
#!/usr/bin/php -Cq
<?php
foreach (glob("*.tpl") as $fn) {
$file = file_get_contents($fn);
if (preg_match("/<\?.+<<</m")) { // remove
$file = preg_replace("/<\?(=|php\s+print)\s*<<<\s*EOF\s*|\s+EOF;\s*\?>\s*/m", "", $file);
}
else { // add heredoc wrapper
$file = "<?php print <<<EOF\n" . trim($file) . "\nEOF;\n?>";
}
file_put_contents($fn, $file);
}
?>
This is a given - somewhere you will need templates with a slight amount of if-else logic. For coherent handling you should therefore have all templates behave as proper PHP without special eval/regex handling wrapper. This allows you to easily switch between heredoc templates, but also have a few with normal <?php print output. Mix and match as appropriate, and the designers can work on the majority of files but avoid the few complex cases. For exampe for my templates I'm often using just:
include(template("index")); // works for heredoc & normal php templ
No extra handler, and works for both common template types (raw php and smartyish html files). The only downside is the occasional use of said converter script.
I'd also add a extract(array_map("htmlspecialchars",get_defined_vars())); on top of each template for security.
Anyway, your passthrough method is exceptionally clever I have to say. I'd call the heredoc alias $php however, so $_ is still available for gettext.
{$php(1+5+7*3)} is more readable than Smarty
I think I'm going to adopt this trick myself.
<div>{$php(include(template($ifelse ? "if.tpl" : "else.tpl")))}</div>
Is stretching it a bit, but it seems after all possible to have simple logic in heredoc templates. Might lead to template-fileritis, yet helps enforcing a most simple template logic.
Offtopic: If the three <<<heredoc&EOF; syntax lines still appear too dirty, then the best no-eval option is using a regular expression based parser. I do not agree with the common myth that that's slower than native PHP. In fact I believe the PHP tokenizer and parser lag behind PCRE. Especially if it's solely about interpolating variables. It's just that the latter isn't APC/Zend-cached, you'd be on your own there.
Personally, I wouldn't touch with a stick any templating system where forgetting to escape a variable creates a remote code execution vulnerability.
Personally i'm using this template engine: http://articles.sitepoint.com/article/beyond-template-engine/5
I really like it a lot, especially because of it's simplicity. It's kinda similar to your latest incarnation, but IMHO a better approach than using heredoc and putting yet another layer of parsing above the PHP one. No eval() either, but output buffering, and scoped template variables, too. Use like this:
<?php
require_once('template.php');
// Create a template object for the outer template and set its variables.
$tpl = new Template('./templates/');
$tpl->set('title', 'User List');
// Create a template object for the inner template and set its variables.
// The fetch_user_list() function simply returns an array of users.
$body = new Template('./templates/');
$body->set('user_list', fetch_user_list());
// Set the fetched template of the inner template to the 'body' variable
// in the outer template.
$tpl->set('body', $body->fetch('user_list.tpl.php'));
// Echo the results.
echo $tpl->fetch('index.tpl.php');
?>
The outter template would look like this:
<html>
<head>
<title><?=$title;?></title>
</head>
<body>
<h2><?=$title;?></h2>
<?=$body;?>
</body>
</html>
and the inner one (goes inside the outter template's $body variable) like this:
<table>
<tr>
<th>Id</th>
<th>Name</th>
<th>Email</th>
<th>Banned</th>
</tr>
<? foreach($user_list as $user): ?>
<tr>
<td align="center"><?=$user['id'];?></td>
<td><?=$user['name'];?></td>
<td><?=$user['email'];?></td>
<td align="center"><?=($user['banned'] ? 'X' : ' ');?></td>
</tr>
<? endforeach; ?>
</table>
If you don't like / can't use short-tags then replace them with echos. That's as close to dirt-simple as you can get, while still having all the features you'll need IMHO.
Dead-simple templating using a function:
<?php
function template($color) {
$template = <<< ENDTEMPLATE
The colors I like are {$color} and purple.
ENDTEMPLATE;
return $template . "\n";
}
$color = 'blue';
echo template($color);
$color = 'turquoise';
echo template($color);
This outputs:
The colors I like are blue and purple.
The colors I like are turquoise and purple.
Nothing fancy, but it does work using standard PHP without extensions. Additionally, the use of functions to encapsulate the templates should help with proper MVC separation. Also (and this is what I needed for my coding today) I can save the filled-out template away for output to a file (later on in my program).
This is a minimal implementation of mustache to just substitute variables.
// Example:
// miniMustache(
// "{{documentName }} - pag {{ page.current }} / {{ page.total }}",
// array(
// 'documentName' => 'YourCompany Homepage',
// 'page' => array('current' => 1, 'total' => 10)
// )
// )
//
// Render: "YourCompany Homepage - pag 1 / 10"
function miniMustache($tmpl, $vars){
return preg_replace_callback( '/\{\{([A-z0-9_\.\s]+)\}\}/',
function ($matches) use ($vars) {
//Remove white spaces and split by "."
$var = explode('.',preg_replace('/[\s]/', '', $matches[1]));
$value = $vars;
foreach($var as $el){
$value = $value[$el];
}
return $value;
},
$tmpl);
}
In some cases, it is more than enough. In case you need full power: https://github.com/bobthecow/mustache.php

Implementing the View in MVC or MVP (in PHP)

I've experienced first hand the extent of the horror and foot-shooting that the ugliness of PHP can cause. I'm onto my next project (you may be wondering why I'm not just switching languages but that's not why I'm here) and I've decided to try doing it right, or at least better, this time.
I've got some models defined, and I've started on a main controller. I'm at a fork in my decisions about how to implement the view. So far, the main controller can be given lists of display functions to call, and then it can spew out the whole page with one call. It looks like:
function Parse_Body()
{
foreach ($this->body_calls as $command)
{
$call = $command['call'];
if (isset($command['args'])) $call($command['args']);
else $call();
}
}
My dilemma is this:
Would it be better to have all of my display functions return the HTML they generate, so that the main controller can just echo $page; or should the display files use raw HTML outside of PHP, which gets output as soon as it's read?
With the former, the main app controller can precisely control when things get output, without just relinquishing complete control to the whim of the displays. Not to mention, all those lists of display functions to call (above) can't really be executed from a display file unless they got passed along. With the latter method, I get the benefit of doing HTML in actual HTML, instead of doing huge PHP string blocks. Plus I can just include the file to run it, instead of calling a function. So I guess with that method, a file is like a function.
Any input or advice please?
Would it be better to have all of my
display functions return the HTML they
generate, so that the main controller
can just echo $page; or should the
display files use raw HTML outside of
PHP, which gets output as soon as it's
read?
One of the advantages of php is that the processing is similar to the output:
So:
<h1> <?= $myHeading; ?> </h1>
Is more clear than:
echo "<h1>$myHeading</h1>";
An even more than:
echo heading1($myHeading); //heading1() being an hypothethical user defined function.
Based on that I consider that it is better to in the view to have HTML and and just print the appropriate dynamic fields using php.
In order to get finner control over the output you can use: ob_start as gurunu recommended.
You could of course use any of the several php MVC frameworks out there.
My prefered one, now is: Solarphp
but Zend Framework and Cakephp could help you too.
And finally if you don't want to use any framework
You could still use a pretty slim templating engine: phpSavant.
That will save you a few headaches in the development of your view.
th
You can get the benefit of both, obtaining a string of HTML while also embedding HTML within PHP code, by using the output control functions:
From the PHP manual # http://www.php.net/manual/en/ref.outcontrol.php:
<?php
function callback($buffer)
{
// replace all the apples with oranges
return (str_replace("apples", "oranges", $buffer));
}
ob_start("callback");
?>
<html>
<body>
<p>It's like comparing apples to oranges.</p>
</body>
</html>
<?php
ob_end_flush();
?>
First buffer everything. then replace tags using a parser at end of script.
<?php
$page_buffer = '';
function p($s){
global $page_buffer;
$page_buffer .= $s;
}
$page_buffer = str_replace(
array('<$content$>','<$title$>'),
array($pagecontent,$pagetitle),
$page_buffer);
echo $page_buffer;
?>
Samstyle PHP Framework implements output buffering and View model this way
And did I mention about benefits of buffering your output in a variable before "echo-ing"? http://thephpcode.blogspot.com/2009/02/php-output-buffering.html

Categories