Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I've been developing in PHP for about 8 years as a hobby. In 2009, I picked up codeigniter and since then I've not managed to get a single project developed.
I find it slows me down trying to work out how to modify it to work the way I want, when if I was working in pure PHP, I'd know, or I'd be able to quickly find a snippet for.
I've tried CodeIgniter, Kohana and Symfony. I love the ease of use (and I've also started using doctrine as an ORM which massively sped up my database work), but I find projects are taking me 3-4 times the amount of time it took in pure PHP. I get bored and frustrated when I can't find a solution to a problem I've previously solved in pure PHP.
Has anyone gone back from using frameworks to a no-framework approach. Is there anything like a basic security framework (prevent XSS, filter posted data, provide a cleaning function for use with databases)? I think something like that would benefit me much more than a full scale framework. I think learning to work with frameworks has taught me a lot, but I'd be happier working with my own code.
Current versions of PHP5 include much of the security framework you're looking for as part of the standard library.
Use filter_input_array to declaratively sanitize stuff coming in from the outside.
Access your database via PDO with parameterized SQL to prevent SQL injection attacks.
Use the following PHP settings to make your site more resistant to session fixation and cookie theft:
session.use_only_cookies (Prevents your session token from leaking into the URL)
session.cookie_httponly or the httponly attribute to session_set_cookie_params() (Protects against scripts reading the session cookie in compatible browsers)
More suggestions and PHP example code available on Wikipedia.
You can also use the httponly attribute with setcookie().
Nothing fancier than basic templating and header-setting is required for new HTTP and HTML5 features:
HTTP Strict Transport Security (Helps protect against WiFi exploits.)
X-Frame-Options (Restrict embedding of your pages. Good against phishing.)
HTML5 IFrame Sandbox Attribute (Sandbox 3rd-party ads/badges/videos. Already in WebKit. Likely to be at least partially implemented in Firefox 11.)
Content Security Policy (Firefox 4's new security framework, complimentary to the sandbox attribute. Now also being implemented in Chrome.)
If you're accepting HTML as input, I recommend grabbing HTML Purifier and calling it via a FILTER_CALLBACK line in your filter_input_array setup. Its whitelist-based approach to input security makes a great (and very powerful) first line of defense against XSS.
As far as I can tell, PHP doesn't come with a mechanism for protecting against cross-site request forgery, but I'm sure Google can help you with that one. The OWASP Security Cheatsheets include a section on it if you want to implement your own protection.
Out of curiosity, I decided to also start looking at standalone components and here's what I've found so far:
Templating:
PHP Template Inheritance (Regular PHP plus template inheritance)
TWIG (Django/Jinja2/Liquid-style syntax including autoescape and sandboxing. Compiles to cached PHP for speed.)
Dwoo (A faster, more featureful, PHP5-ish successor to Smarty. Includes a compatibility system for existing Smarty templates.)
Stuff I still haven't looked into properly:
Route dispatching (Only found RouteMap and Net_URL_Mapper so far. Thanks, cweiske.)
ORM (Just in case bare PDO isn't your thing)
I don't believe in frameworks... I have worked in many of them.
Reasons for hating MVC frameworks:
1) Code bloat, I purchase premium classes that assist me in development. Such as form classes or SQL classes.
2) I believe that MVC frameworks are not easily portable especially when using dependency managers.
3) I believe that you actually write more code with a MVC framework then if you had to use a boilerplate with a ton of useful classes that handle authentication etc.
4) Most frameworks also cater for just one or two databases natively.
I would suggest finding a form framework with authentication and text editor & a sql framework like madoo + a email class...
90% of your application is always forms , sql & ajax CLASSES - the rest can just be acquired when needed
I am a minimalist and I struggle with the idea of having code in my application that is not doing anything ... just in case I need it does not work for me.
With that much experience behind you, you must have your own set of favorite libraries, hand pick them and come up with your own simple framework. Framework or no framework (and which one at that) depends on the kind of project at hand, no glove fits all. So i would strongly suggest that if you feel that the existing frameworks are slowing you down, spend sometime and come up with a framework which works as per your needs.
Based on your statement that you've been using PHP as a hobby, as well as your profile statement "Slowly getting there", this seems like a learning curve issue. You don't appear to have the depth and breadth of experience to a) understand how to work within the structure that the framework imposes and b) you are thus unable to benefit from the efficiencies that the framework enables.
I urge you to stick with it. Go back to the beginning with the video tutorials. Find and read other peoples code until you understand it. Build your projects from the bottom up - start simply, and add functionality. Follow the forums, trying to answer questions yourself before reading replies.
I've been programming professionally for almost 20 years, across a variety of platforms, and it still took me a while to become comfortable with CI. But now that I am, I wouldn't go back to pure PHP (for my own projects) unless I had a site of sufficient scale that it exposed quantifiable performance issues (think Twitter).
Zend Framework is really super for that. You can use as much or as little as you want. Its all coded in php and open sourced so you can just hack at it and make it your own. The different component are not dependant on eachothers as much as in other frameworks.
You could build yourself a simple framework using some components from Zend without any problems.
Check it out!
I Know exactly the way you feel. I started 4~5 years ago in PHP (I came from Delphi, lol), and started in pure php. What I had back them was a "CMS Panel like" wich just read all tables fields and create the form. After sometime I reached somehow in the knowledge of PHP Frameworks, I tried CakePHP for first and didn't liked, after, got into Yii wich in my opinion is pretty intuitive and easy-use (With it's Gii generator it rocks pretty much). I Tried Symfony, ZF2, Laravel, Yii2-Beta and some frameworks for RAD, but still I wasn't feeling fast enough like before the frameworks.
Happened that I developed my own framework (It was naturally, not exactly that I woke up some day and said "I'm going to create a new framework", happened with the time) . I Know it's a bad bad bad practice and "wheel reinvention" move, BUT, I now develop my projects much faster (more than PHP only).
Since it's code is a total MESS, I started about one month ago to reformulating my framework, now it uses composer, follows common rules that exists between the php frameworks, is MVC.
Why I'm reformulating ? Because if someone needs to repair a project of mine it will not be a another world thing.
So I Understand you.
My Advice is, prepare your tools (call it a framework, a preset-app or whatever people names it), and use it the way you feel better, but still follow some common rules (Like MVC, "easy to module" things wich you can replace in case of broken.
For basic security, I use a custom filter method that wraps up my superglobals. Its syntax needs some getting used to, but is simpler than the PHP filter_var() API and doesn't let you slip sanitization:
$_GET->text("inputvar") or $_POST->name["field"]
It also allowed inline $_REQUEST->sql() escaping. But for database work keep using parameterized SQL, or your DAL/ORM of choice.
I did a one day study of ToroPHP and found it quite nice. It is a minimalist framework targetted to RESTful applications. This makes it possible to keep the server side code modular, without having to deal with bloat of any framework.
I don't know what is troubling you but codeigniter is a great framework.It has nice documentation and since lots of people use codeigniter you will find all the help in its documentation,or forum or on stackoverflow.I have worked on many frameworks (Codeigniter,CakePHP,Zend,Spring 3.0, Ruby on Rails),but I must say codeigniter has the best documentation.There are lot of things in codeigiter which are automatically handled and you don't have to worry about security.
Working on core PHP is like re-inventing the wheel. Well the most important thing is that moving from a core to framework will need lots of your effort once you are used to it, you will start loving it.Also Ruby on rails is also a great framework once you know its ins and outs you can have double speed.
Apologies if this is not the right place to ask but here goes...
What should I use to create a simple web application for our website?
I'm the IT guy for a small non-profit. On our website we have a page with a large form in which users can fill out information on an application form. The information gets sent to a MySQL db. This data can then be accessed and edited by a couple of members of staff behind a logged-in part of the website. There's only two dbs being used: the main one with all the data and the one used for login details for the web app. It's all done with PHP and functionally is fairly simple - just a form with lots of fields to collect data and a basic secure "manager" page to do a bit of stuff with that data.
The problem is that we need to make changes to the app, and to extend its functionality quite a lot. I have a little bit of experience playing around with PHP but I've taken one look at the code used and decided it'll take too long to decipher it and see what's happening where. The code is uncommented and a bit of a mess.
I'm starting to think that rather than investing time to relearn what little I knew about PHP and untangle all the code, I might invest the time in learning another language and/or framework to get this done. I want the resulting web app to be a lot easier to maintain in future by me or anyone else who comes along and has to make a change.
Would you recommend using Django/Python for a project like this? Zend/PHP? Just PHP and notepad? I want the app to be done fairly quickly so the less steep the learning curve the better. Many thanks for you time.
Another good PHP framework is CodeIgniter.
They also have a good webcast that outlines how to begin with the framework as well as create a simple blog [tutorial].
I would recommend a PHP framework, such as CakePHP. Spend 20 minutes of your time and follow their blog tutorial.
Using PHP alone can be tricky, especially when you will have to deal with security issues.
From what I can see you have asked 2 questions.
1. Should you maintain and extend the current code base or do a rewrite?
Rewrites always take longer than you think. And even if you do the rewrite to avoid learning the codebase you would still need to learn the current codebase to ensure you capture the current functionality before adding any new features in the rewritten codebase.
I would keep the current codebase and maybe do some refactoring as you add features.
What should language and frameworks should you use?
I would stick with PHP, CakePHP is a solid framework and so is Zend. I would read up on both and do a couple of tutorials and make your decision.
As Anax states, I'd suggest that you look to use PHP. If code is already implemented then you have a start.
PHP isn't hard to re/learn. I know some don't like it, others like it but simple fact, either way it isn't hard to learn. But, more importantly consider the following:
You obviously have access to the hardware stack required to use PHP and MySQL. Introducing a new language/technology may cause unforeseen issues with getting a production site set up.
Now this doesn't mean that you can't write certain components in other languages. You could, if you were so inclined. But you probably shouldn't be so fast to get rid of PHP just to learn another language. Do you have important (technical) compelling reasons to use something other than PHP?
If you are mostly concerned about the spaghetti code in place, you can get that anywhere -- even new development. Better to re-factor the code and fix and add to what you have than start from scratch.
I can offer some general considerations:
Whatever language you choose, get a good IDE for it. Having automatic syntax validation and code completion helps a lot if you're a beginner. Don't use plain text editors.
Teaching yourself how to code well will make for a very frustrating experience unless you have a lot of patience. This generally comes from being really sure that you want to do it.
Be very conservative in your time estimates. Having many setbacks is guaranteed if you're a beginner.
Start out by focusing on reading about writing code, not focusing on writing code. If you're learning Python, read the official tutorial first. The same goes for PHP.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I have this idea for a website that's been floating around my head for quite sometime now and now have finally decided to get to work on it. Due to the nature of the project and my experience I am getting comfortable with the idea of running it as a PHP+MySQL application on an Apache server.
This is my first time doing web programming of any sort(I have a background in sysadmin and mainframe systems coding) and I am pretty unsure of what practices to take into consideration so that I don't find myself undoing/redoing things later in the project. Considering all the flak the language has taken on StackOverflow(which can be seen here and here) it would be nice to have a set of common mistakes to watch out for for a beginner like me. I did find this thread outlining things to avoid in PHP but most of the points made little sense to someone like me who's just setting out in PHP.
Do you have any suggestions, tips or tutorials outlining common gotcha's in the language which might come back later in the project demanding entire rewrites.
For what it's worth I am currently working my way through Programming PHP(O'Reilly) and PHP in Action(Manning).
I was in a very similar position a couple years ago, having come from a NOS background myself.
I actually started with PHP and MySQL for dummies. Once I had absorbed the knowledge contained therein, I hit the Web (I used SitePoint a lot, like Boushley recommended) and I read a couple of O'Reilley's book on the subject.
Once thing I will tell you, is that if you want to streamline your understanding and your efficiency, I have found great success with a number of MVC frameworks(CodeIgnitor, CakePHP, etc). If you have no idea what MVC is, I recommend finding out. Now that I use MVC, my code is easier to understand, modify, troubleshoot, etc.
And honestly, half of the learning in PHP is running into those common mistakes and learning from them. Its hard to appreciate those 'common mistakes' until you make them.
Don't worry about HOW you are going to learn, just START leaning!
If I could give you one piece of advice, it'd be to use a framework - they will make your life so much easier. They take away all the repetitive code from programming websites, handle security concerns and abstract lots of things, as well as make you build your website using a pattern such as Model-View-Controller.
I highly recommend the CodeIgniter framework for it's simplicity, power, great documentation and ease of use, but there are plenty of other good frameworks too. There are lots of questions on SO on this so have a quick search. There is a fantastic introductory screencast on CodeIgniter (soon to be a series) from BinaryCake, so check that out here.
I hope that's helped! If you have any PHP concerns, feel free to message me - it's my area of expertise (along with CodeIgniter) and I love it!
While still developing, have all errors show up:
ini_set('display_errors', '1');
error_reporting(E_ALL | E_STRICT);
Can save a lot of time (in case of say, typos in variable names). Change this when it goes live to not display or only display "real" errors depending on the type of site and security levels involved (you don't want everyone to know paths and variable names and such..).
Find a variable/function naming convention (under_scores vs camelCase vs..) that suits you and stick to it. Also, classes go in the /class directory, includes in /inc etc. Both these make it easier to understand your own code years from now. Oh, and the same goes for coding style, I guess: choose one and stick to it (indentation, bracket style, ..).
Comment your code :-) Personally I also have a little log at the end of longer files that shows when I did what and why. Each addition is timestamped, and the same timestamp is also in the comments behind the change itself, as the line number on which it sits can easily change. Similarly, in an included file containing a bunch of functions, I have the list of function names in a comment at the top of the file, with a one-line description behind them.
Finally on security (though this should really be your first concern ;-) ), treat all user input as suspect. That's POST & GET data, cookies, user-agent string, search strings - anything that is supplied by the browser. It's trivial to change cookie data or change/add form items.
Read up on SQL injection & XSS attacks, and look at PHP's relatively new data filter functions: http://php.net/manual/en/intro.filter.php
Google any of these to get some good reading
Don't use register_globals
Turn off magic_quotes - escape all user entered input in SQL statements
Escape any user entered input printed with htmlspecialchars()
Plus a lot more... These are some common things to watch out for though.
There are a number of great websites out there with lots of tutorials. One that comes to mind is Site Point. They'll try their best to sell you a book or two while your're there, but they do have some decent articles. This article for instance discusses some common security blunders in php.
http://www.sitepoint.com/article/php-security-blunders/
They have lots of them...
http://www.sitepoint.com/search/search.php?ps=10&q=php&submit=Search
Also a nettuts.com has a load of tutorials an things of that nature. They're more all across the board though.
http://nettuts.com/
And I think pretty much everywhere you look you'll see the common ones like watch out for register_globals, magic_quotes...
one good book to look at that is also free to download here covers beginner to advanced PHP techniques and is good way to learn good standards :)
Use a framework and use Object Oriented Programming
Books are great for learning additional languages, but for your first one, a good video tutorial is a great way to go!
Register for a Lynda.com account (google: lynda trial) and sign up for as many one day trials as you need (or be a good honest person and purchase a week). They have a pretty good beginner and advanced PHP series of video tutorials which are (IMHO) a great way to learn your first language.
A tip: If you can start programming Object Orientedly from the get-go, you will save some time in the future and learn good practice from the start, luckily the advanced tutorials cover this!
Here's a link: http://www.lynda.com/home/DisplayCourse.aspx?lpk2=435
I've never taken this particular course (when I learned a few years ago, it was different), but I just recommended this to a friend (who was just starting), and he really liked it!
Hope this helps!
If you're new to programming in general, A database backed web application is likely to be a bumpy ride. You will probably be programming in at least two, real programming languages, PHP and SQL, and if you're going to do anything of modest complexity, JavaScript too. Keeping them strait will be rough, because they are all quite different.
Just to warm up to programming, you might want to start instead using a more focused learning excercies, such as working through the Euler Project problems, or Code Kata.
Either way, Try to pick up good habits wherever you learn about them, including the popular suggestion here of using an MVC framework for the heavy lifting.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
The question has been asked: No PHP for large projects? Why not? It's a recurring theme and PHP developers--with some cause--are forced to defend PHP.
All of these questions are valid and there have been some responses but this got me thinking. Based on the principle that you can write good code in any language and bad code in any language, I thought it worth asking a positive rather than negative question. Rather than why you can't, I wanted to ask how you can use PHP for large projects.
So, how do you write a large, complex, scalable, secure and robust PHP application?
EDIT: While I appreciate that the organizational aspects are important, they apply to any large project. What I'm primarily aiming for here is technical guidance and how to deal with common issues of scalability. Using an opcode cache like APC is an obvious starter. Cluster-aware sessions would be another. That's the sort of thing I'm getting at.
For the most part, the problems with php are not so much with the language. The problems come from the coupling of a low barrier of entry and the lack of any infrastructure to avoid common programming problems or security problems. Its a language that, by itself, is pretty quick-and-dirty. Nevertheless, it still has many advantages for large-scale web apps. You'll just need to know how to add in some level of infrastructure to avoid a lot of the common web programming blunders. See - What should a developer know before building a public web site for help with this.
You need to learn about the reasons php can make your web app to be insecure or problematic and learn to mitigate those problems. You should learn about how to use php to securely access your database. You should learn about avoiding SQL injection. You should learn about evil things like register_globals and why you should never ever use them. In short, you should do your homework about your tool before just diving in for a real-world, large-scale, web app.
Once you are educated, it comes down to you'll probably want to build a framework or use a preexisting framework that will mitigate these problems. Popular frameworks include PEAR and Zend.
Also, useful questions that might help:
What should every php programmer know?
What should a developer know before building a public web site
Using PHP for large projects isn't different than with any other language. You need experience and knowledge in writing maintainable and extendable source code. You need to be aware of security pitfalls and performance concerns. You need to have researched your problem domain and be well familiar with it.
In the end, same as any other language - what you need are high-quality and well-motivated developers.
i know, this is a little out of date, but still, i'll tempt an answer ...
use Haxe/PHP ... i could delve into details ... but if you look at the language, its features, and the nice way the PHP API is encapsulated into something rather consistent, you will soon see, what PHPs problems are ... and also, you have all the benefits of Haxe in the end ...
edit: this was a serious answer ... Haxe/PHP automatically solves a lot of problems mentioned in the post flagged as answer ...
register_globals is turned off ... you get your parameters through the php.Web
using the SPOD-layer (same API for php) for the database automatically takes care of escaping (and will automatically provide your model (and templo is quite a good template engine, so that should help for your views))
having a typed language, you are more likely to write better code ... plus language features as generics and enums are very powerful ... and there is a lot of compile time magic in Haxe that is also of interest ... a more powerful language is always good to adress complex problems ...
if you want to use other PHP frameworks, you only need to write the external classes and everything will work as expected ...
i think Haxe is a very good answer to "large", "complex", "secure" and "robust" ... scalability does not come from Haxe itself of course ... but still, if you check out haxelib, then you find many things, that would help for scalability ... such as memcached (you will have to change neko.net.Socket to php.net.Socket in memcached.Connection) ...
if you really want to use the PHP language, and not just the platform, Haxe won't help you of course ...
You do as you would in any other language or any other enviornment.
There are a couple of simple steps in project development:
Organization; You need to organize everything, having documentation, uml diagrams and other pre-work done, before you start programming.
Structure; Before you start coding and also aftter starting, you need to have a focus on structure, meaning that you always need to do it correctly and not do any spagetthi solutions. Keep code simple and well commented.
These two points, are simple and apply in all development areas, despite the language. Keep it simple and well documented and you will find that developing a large scale web app in PHP is as easy as it would be in ASP.NET, Ruby or whatever.
However when we come to the development stage, you need to get a nice IDE, use a good database, use a repo., get an MVC / Template system, this runs in the "Structure"-part though.
Just as a side point, splitting the application into different layers: DLF ( Data, Logic, Front ). Use at least these three layers and you will find that the development will go easy.
Use Model-View-Controller framework. It's been said, yes. And, have at least one engineer for each part.
Model: Your DBA should write the Model code. No should else should be allowed to write SQL statements.
View: The one with the best knowledge of CSS and Javascript should do the view part. He/she should write the least PHP code, he is the one using PHP variables.
Controller: She's the real PHP coder, and also back-end server engineer, hopefully, with or without using other script languages.
Closed. This question is opinion-based. It is not currently accepting answers.
Closed 8 years ago.
Locked. This question and its answers are locked because the question is off-topic but has historical significance. It is not currently accepting new answers or interactions.
I would like to be a PHP/MySQL programmer
What are the technologies that I must know?
Like:
Frameworks
IDEs
Template Engines
Ajax and CSS Frameworks
Please tell me the minimum requirements that I must know, and tell me your favourite things in the previous list?
Thanks
First off, there is no must know about learning PHP and MySQL... You go into it not knowing anything, and you'll come out of it knowing a bunch. If there was a must know, then nobody would be able to get into PHP and MySQL development. I personally think you are at a slight advantage going into this without knowing everything about it. It'll give you a fresh perspective and a think outside of the box attitude :)
As far as the object oriented stuff in this thread, it's true. But, as others have said, it's completely up to the programmer (you) to decide how to write your code. You can use object oriented practices, make a spaghetti code junction, or just right a bunch of functions, or whatever. Either way, as everyone else has been saying, it's up to you :)
IRC channel:
Don't really need this, but I find it helpful... See you in here :)
irc.freenode.net #php
Manual:
The manual is your friend and probably the only thing you should know before diving in.
http://www.php.net/manual/en/
http://dev.mysql.com/doc/refman/5.0/en/apis-php.html
Frameworks:
Make sure it's an MVC framework :)
http://www.cakephp.org/
http://www.phpmvc.net/
http://www.codeigniter.com/
http://www.symfony.com/
http://www.laravel.com
http://www.yiiframework.com/
IDE:
Whatever suits you best :)
http://www.eclipse.org/
http://www.vim.org/
http://www.zend.com/en/products/studio/
http://php.netbeans.org/
https://www.jetbrains.com/phpstorm/
Template engines:
PHP is a good template engine
Model view controller frameworks help with this
twig.sensiolabs.org
http://www.smarty.net/
Ajax:
http://jquery.com/
http://www.mootools.net/
http://developer.yahoo.com/yui/
http://www.prototypejs.org/
http://www.extjs.com/
http://code.google.com/webtoolkit/
https://angularjs.org/
CSS:
http://www.yaml.de/en/home.html
http://code.google.com/p/blueprintcss/
http://developer.yahoo.com/yui/reset/
Definitely not an exhaustive list, and things change constantly... But, it's a start :)
Have fun!
Chrelad
Security is an important topic every web programmer should study before being allowed to post code that can be accessed publicly on the internet.
Examples of security issues:
Injection flaws
Cross-site scripting flaws
Cross-site request forgery
There are more security issues that you should know and keep in mind as you write PHP applications. The website http://www.owasp.org contains lots of useful information to help.
PHP was my first language, which I learned on the side while working as an office junior in my first job over 10 years ago. Here is some things from my experience:
Download the PHP manual, print it off, and start reading from page one. Keep going till you're at the end. Skim over the bits you probably won't need (like using KADM5 or Hyperwave) but always read the introductions so you know what PHP is capable of (this will save you trying to re-invent the wheel). The PHP documentation blows the docs of pretty-much every other language I've worked with since out of the water.
Next step; set up PHP. Manually. Don't use XAMPP or anything else, do it yourself. It always helps to know how your environment is set up.
Don't bother with an IDE at the beginning. Getting to know a language means getting up-close-and-personal. IDEs obscure things in an attempt to help you GetThingsDone which works great when you know what you're doing and know your target environment, but when you're starting out they just get in the way and hide what's important.
Don't bother with frameworks at the beginning, either. Again, they're there to help you GetThingsDone which only works when you know what you're doing in the first place. Start with the basics, otherwise you'll be learning the framework and not PHP.
PHP is essentially an advanced templating engine. Don't fall into the trap of over-hyped "PHP templating engines". They're just doing what PHP already does, doubling-up on the work and running twice as slow as PHP does. Stick with inline html/php to start with. Again, this'll help you get to understand what PHP is, how it works, and when to use it.
As with AJAX and CSS... they're nothing to do with PHP, but with the output you produce from PHP (and with AJAX getting input in). Don't load your plate with too much to eat at once. Start with plain PHP+HTML, and do your CSS by hand. Then, when you're happy, mix in a little javascript.
The best thing you can do with any language is learn the environment you're going to be working in, because programming is (relatively) similar across all of them. They all have loops, data structures, input/output, etc, but they all work just that little differently.
Don't believe the hype. I'm moving from PHP to Python at the moment and I could've just jumped on the Django band-wagon to GetThingsDone, but I know that if I came across a problem I wouldn't know where to begin to fix it. So I'm taking my own advice and starting from the beginning; reading the manual, setting up an test system, parsing simple files, getting input/output, getting it linked in with a web server... all part of getting to know my new environment.
What should every PHP programmer know ?
You need to know a language that is not PHP. I'm not saying you shouldn't develop your sites in PHP, it's actually really good for that, but you really need to know at least one other language to get some perspective.
Why? PHP is broken and full of bad design and misfeatures. You can write excellent code in PHP, but you're never going to be able to spot the bad design and failures of PHP itself if you don't know any better.
I'd suggest python, ruby, or C#
PS: If you don't think this is a helpful suggestion, then by all means downmod this answer, but if you are downmodding because you feel insulted by my claim that PHP is broken and badly designed, don't shoot the messenger, I'm just telling the truth!
First of all, that PHP itself IS a templating system
Security.
Just like Lucas Oman said - it is up to you in PHP to write the code well; and it does not coddle you. If you don't understand why you need to confirm a logout, or why you can't just validate in javascript, or why register_globals is bad - your app will be vulnerable in some form or another.
You need to learn the following (I would suggest in this order):
Basic Object-Oriented Principles (such as inheritance, polymorphism, and encapsulation)
The PHP language itself. Specifically, PHP 5.
Database Design Principles such as tables, keys, relationships, normalization, etc.
SQL - Structured (or Standard never can remember which) Query Language. Specifically learn the basics of select, insert, update, and delete queries.
Good design principles and coding practices (you can find posts here on StackOverflow for one) such as dividing presentation and business logic.
A Framework, Any Framework - this will help you become introduced to more advanced concepts of object-oriented design patterns and allow you to follow tutorials that will encourage good design and coding practices.
Object-Oriented Design Patterns like MVC, Database Abstraction Models and the like
Advanced SQL and other database stuff like triggers, stored procedures, and other functions.
Ignore the mysql_* functions. Not only do they provide no straightforward method of writing secure code, they actually go out of their way to make it painful and tedious if you try. Use mysqli or PDO instead (and you've got no excuse now - PHP 4 was end-of-life'd months ago).
All good answers, but there is something important missing: If you want to seriously get into PHP, then you should be aware that there are a lot of PHP programmers out there who are lazy, inept, ignorant, misguided and unfortunately get their code released to the public. The history of PHP means that it supports some questionable features (not just things like register_globals but also smaller things like automatic initialization) and people still use them. You don't want to.
I would say the most important thing is to learn how the whole process of building a page with PHP works - in that requests come from a client (web browser), hit the web server, get passed through to PHP, which then generates the response that is sent back. A solid understanding of this will ground you in
why you can't send headers after output has started
how sessions and cookies work
how each page should be built in a stateless manner (i.e. deliver whatever the request asks for, don't remember what happened last time, or guess what the user is doing)
The difference between HTML, PHP, JavaScript and CSS, and more importantly, what each is used for primarily and where the responsibility of each lies.
Once you've got that down, then you should be quite comfortable with writing any app. But unless you've got that down, you'll start mixing things as I've seen many rookies do before now.
That every value everywhere has to be encoded appropriately. echo $some_variable_that_seems_innocent is evil nine times out of ten.
Use htmlspecialchars() in HTML/XML, prepared statements or at least addslashes() when building SQL queries, json_encode() when inserting values into scripts, rawurlencode() when appending URL components, escapeshellargs() when constructing shell commands, etc.
If you insert text in URL that's part of a script in XHTML document, you'll need to encode data three times.
Although this isn't a technology, I think it's very important that you understand that, when using PHP, it is completely on you to write good code. PHP is capable of it, but it does not encourage it. You are completely responsible for writing code that is well designed and, if you choose, follows OO principles. You will have no help from the language.
Use a great IDE (like Eclipse for example) that let you debug and have some code completion. This will save you some time.
PHP have a lot of programmer and is very popular = a lot of thing is already done for you, before writing some code, doing a google search is always a good idea.
You should use some of the Framework if you start from scratch. This will answer all your question about AJax, template engines... because most of them come with these packages.
Here is some post about how to start choosing a framework: SO 1, SO2, Here is a list of PHP Framework.
You can develop PHP on Windows, Linux or Mac.
Getting a web server setup
To run PHP and MySQL locally on your computer you will need to install Apache webserver with php module and MySQL database server. ie. a LAMP webserver (Linux Apache MySQL PHP).
In the past, I would recommend installing Ubuntu. These days, there are a few solutions available that will give you one click installation webserver without using linux.
For Windows:
http://www.wampserver.com
For OSX:
http://www.mamp.info
After having a LAMP webserver use w3schools.com tutorials to start.
I would say a basic one would be HTML. ;)
No Php framework expert.As templating which make the system much complex then as it.
Understand business logic requirement and think the cons/pro.Hoping for SA to think all for you is not good programmer.
No ajax.I dealing with large of data,rendering to one js file about 4000 k data is very bad.
Start from notepad or VI
After learn php about 1 to 2 years,try learn other language like c# or c++ to improve your php application.
Php is addicted language rather then other language.You type it works.Other language,you type It's Compile It's Hang up.
7.For complexity application,php is the best to me rather then other language,because you think,you write it works.
You should know how to use effectively at least one Debugger/IDE. It is amazing what you can learn from your code by stepping through it and watching it run. It both makes it much simpler to track down bugs, and improves the quality of your code. I believe you should never commit code to a project that you haven't seen execute.
The PHP Language
Go to PHP.net and read through all of the documentation. When you are done, you won't know everything you need to know about php, but you will know where to look.
Be careful of code snippets you find on the web. Often they contain sql in html, which is bad practice, as well as security vulnerabilities such as sql injection. I've seen few that use prepared statements, which is good for security.
Personally, I found the book "Build your own database driven website using PHP and MySQL" extremely helpful.
Other than that, the one thing I found hardest to get used to with PHP is how relaxed it is, compared with any other language I've ever used. By that I mean no types, flexibility about syntax and punctuation. Personally I think that's a good thing, but I also know that it probably encourages pretty bad behavior.
Here's one other tip I have: try to use something like the DRY principle -- i.e., you'll find yourself writing the same little (or big) bits of code over and over again -- make them into functions as early as you can in the process of coding, and life will be a lot easier later on.