On Sat, Dec 17, 2011 at 12:59 AM, Adam Richardson <simpleshot@xxxxxxxxx> wrote: > On Fri, Dec 16, 2011 at 11:53 PM, Eric Butera <eric.butera@xxxxxxxxx> wrote: >> >> To all the people who responded to this thread: >> It is 2011 - please stop writing code like this. >> >> To the OP: >> I'm glad you're asking questions and realizing you're not happy with >> your current abilities and suspect there's a better way. I've read >> the replies in this thread and feel a bit let down. Use a templating >> language - yes, I understand that is what php is for - but I won't go >> into it. You should not be echoing, printing, or any other method of >> concatenating html dealing with escaping quotes inside your php logic >> code. Please separate your concerns. >> >> Not sure what that means? That's OK! If you want to move forward, >> look up how modern frameworks deal with this issue using their views >> or template views. You don't have to use a framework if you do not >> want to, that's perfectly fine. If it works, it works. But in the >> end, it the separation of logic and html is essential to code >> maintenance. > > > Eric, > > There are many posters to this list, and there exists a broad range of > programming styles and abilities. I'll bet you're a competent programmer, > and that you've worked hard to hone your craft. It takes passion and drive > to improve one's skill set. However, I'd encourage you to focus that passion > on the list in a way that facilitates the growth of those with questions > whilst staying true to their current, specific needs. > > Frankly, every answer on the list could begin with the suggestion that they > just use a framework. The list is here to help build up the entire skill set > of PHP developers. > > Let's reexamine the original post: > >> Hello all. >> >> Can someone tell me which of the following is preferred and why? > > > Use of the word "Which" implies that there were a closed set of options they > wanted to consider, although we did offer some others, but they all stayed > relatively true to his original options. > >> >> >> echo "<a style='text-align:left;size:14;font-weight:bold' >> href='/mypage.php/$page_id'>$page_name</a><br>"; >> echo "<a style='text-align:left;size:14;font-weight:bold' >> href='/mypage.php/".$page_id."'>".$page_name."</a><br>"; > > > Simple. > > Please note there is no logic anywhere in this example. PHP is truly serving > merely as a templating language here. So, while I agree with the general > notion that logic should not be intermingled with markup, this particular > example does not serve as the anti-pattern you suggest. > > Also, note that we aren't sure where the $page_id and $page_name variables > are coming from. In instances where these are set manually within the script > (like a view variables at the top of the page), there's no need to escape > anything. That said, you're right, if the data is coming from somewhere > else, escaping should happen, but there's not enough information to infer > that, as you say, "You should not be echoing, printing, or any other method > of concatenating html dealing with escaping quotes inside your php > logic code." > >> >> >> When I come across the above code in line 1, I have been changing it to >> what you see in line 2 for no other reason than it delineates out better in >> BBEdit. Is this just a preference choice or is one method better than the >> other? > > > The above statement suggests there's an existing codebase that was being > worked through. In this light, the answers mostly focused on answering the > OP's original question, realizing that this was existing code that he was > refactoring lightly as he goes. > > This is not to say that I disagree with all that you said, as I actually > developed my own framework that: > > Cleanly separates PHP from HTML to avoid the intermingling of logic and > presenation: > http://nephtaliproject.com/documentation/markup/ > Automatically handles output escaping, input validation: > http://nephtaliproject.com/documentation/examples/contact.php > And lots of other features that coincide with the general focus of your > words. > > Given that work, I think it's fair to say that I do agree with several of > your general points for web development overall. However, this question > wasn't a big picture question on how to do web development with PHP. It was > a simple question that was answered in a helpful, specific manner by several > on the list. > > Adam > > -- > Nephtali: A simple, flexible, fast, and security-focused PHP framework > http://nephtaliproject.com Hi Adam, Thanks for the reply, noted! I was coming from the angle that I've had to deal with a lot of code that is 2000 lines of php/html/javascript inside heredocs, mixed quote escaping, etc. I was hoping to prevent that from becoming a new thing in this persons code if that was the case. Apologies for assuming. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
