Newbie questions for the PHP5 experts in this ng

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi All,

I have just recently (~ 3wks) playing around with PHP. I come from an  
OOP background (mostly C++) so I have taken to PHP5 like a duck to  
water. However, I have a number of nagging questions that I have not yet  
manage to resolve (all the websites I have visited seem to assume I  
already know the answers - or could it be that PHP is so loosely held  
together that it lets one get away without a proper architecture for an  
application (is "application" the correct term for a bunch of PHP  
scripts running server side or is there another term?)

Question 1:
Is there any such thing as a PHP application (or are PHP solutions just  
a bunch of "loosely coupled" scripts thrown together)?

Question 2:
Assuming there IS such a thing as a PHP application, how does one go  
about putting one together?. In the C++ world, there is the concept of  
libraries, in Java there are packages, In .Net there are assemblies.

i). How do PHP solutions logically partition functionality?.

Writing extensions in C seems to be one way to go, but apart from that  
being overkill, I my ISP may not even allow me to load my extension.  
There must be a simpler way to partition logic surely ?.

Question 3:
I have seen a few examples that seem to partition functionality by  
splitting objects into various files (a bit like the use of header files  
in C/C++), along with a liberal showering of calls to include() in the  
code - however, unlike header files, the files "included" contain not  
just the class definitions etc, but also (more critically), the  
implementation (i.e. any business logic that may show how your system  
may be compromised).

i). Is it possible to have your "header" files (i.e. class  
implementation source code) stored in a directory location that is  
hidden in some way - the main goal is to thwart any hacker who may  
simply look at your include() method calls, casually navigate to the  
appropriate directories and peruse your source code at his/her leisure.

ii). There are potential issues about using include().
a). I remember reading somewhere that you have a performance hit (I/O  
bottleneck) every time you call include
b). There are potential security issues - You can't use include() if you  
use a function called something like basedir() (or something - sorry, I  
don't remember the function name). But this function allows one to  
restrict users from accessing files above the parent of a specified  
directory. Any (informed) feedback on this will be much appreciated.

I would be very pleased to get informed feedback on this last question  
(Q3) in particular because the thought of having code that shows a  
hacker how authentication or licensing (for example) is implemented at  
the server side does not bear thinking about. I look forward to hearing  
from the PHP5 gurus in this ng.

Many Thanks

Re: Newbie questions for the PHP5 experts in this ng

An noise sounding like Josse Barrera said:
Quoted text here. Click to load it
Depends how you want to define it yourself, but I'd say Yes. You can have a
php application.

Quoted text here. Click to load it
Generally work with a library of php classes which have the common
functionality I want across multiple applications.
Either classes written specifically for a job, or ones available freely on the

Quoted text here. Click to load it
Yes. Have the class files etc in a path outside of the webtree, and then
define your include path to include those directories. Will thwart a casual
cracker, someone who is persistent enough will always get it. But you
shouldn't worry about it. That is up to the sys admin, not the developer.


Trees with square roots don't have very natural logs.
What's the difference between ignorance and apathy? Who knows? Who cares?

Re: Newbie questions for the PHP5 experts in this ng

Josse Barrera wrote:
Quoted text here. Click to load it

Yes, it's possible to store them in any directory for which your PHP
instance has read access (on the same local filesystem), for example a
directory in your homedir alongside public_html. PHP header or include
files are often called .inc or .inc.php. If your webserver is not
configured to treat .inc files the same as .php files, then naming them
.inc.php at least conceals the source of the file when requested directly
because that way they are parsed as php files. Whenever concealment is not
critical and include files are kept in the same dir as the php scripts, I
often prepend inc_ to their name for easier sorting (because they have the
same final extension .php).

E. Dronkert

Re: Newbie questions for the PHP5 experts in this ng

Following on from Josse Barrera's message. . .
Quoted text here. Click to load it
Please define "proper architecture" :)

You might like to ponder how an 'application' would help out Apache (or  
any web server) which has the job of delegating lots of different  
requests to PHP.

All your other points can be 'explained' better (for example how  
security works) if you think in terms of serving web pages rather than  
syntax/type checking/language constructs.

PETER FOX Not the same since the adhesive company came unstuck
2 Tees Close, Witham, Essex.
Gravity beer in Essex  <

Re: Newbie questions for the PHP5 experts in this ng

Quoted text here. Click to load it
It sounds to me like what you're asking for is a framework. Frameworks  
provide a logical grouping of PHP scripts. Remember that PHP is a scripting  
language. Unlike C++ which gets compiled into a single executable it really  
is a bunch of "loosely coupled" scripts. A framework will organize these  
scripts into logical sets of modules that, when written correctly, can ease  
the development and maintenance of the application.

The best frameworks take advantage of the Model-View-Controller (MVC) design  
pattern. MVC separates data objects (model), the presentation layer (view),  
and the business logic (controller). There is a lot of good info on MVC out  
there. A quick Google search should help you out.

There are several frameworks out there which I have used. The most robust is  
Struts, but I have not seen a good enough PHP port of it yet.

I've used Fusebox ( with quite a bit of success. It is quite  
powerful when combined with FLiP, the Fusebox Lifecycle Process.

There are numerous other frameworks out there and of course you can roll  
your own. I would strongly suggest that you find one you feel comfortable  
with and develop all your applications within it. This will speed up your  
development immensely as you start effectively reusing code from modules you  
write. It will also help with debugging, unit testing and readability of  
your code.

Quoted text here. Click to load it
Again, follow the principles of MVC!

Quoted text here. Click to load it

Be careful! There is a LOT of garbage PHP code out there. There are a lot of  
people who go into PHP scripting without having any idea of software  
engineering or programming principles. Don't end up following the wrong  

Quoted text here. Click to load it

Yes. You can also encrypt your PHP files if you want. Take a look at Zend.

Quoted text here. Click to load it

Not really true. There is a small I/O hit but most of the pages get cached  
anyway so this is not that much of a problem in a well configured system.  
Again, take a look at Zend and their free Optimizer.

The bigger problem is that using a lot of includes all over the place is  
like using a bunch of GOTOs. Remember that BASIC nightmare?

Quoted text here. Click to load it

You can include files from anywhere on the server. You can even include  
files from an entirely different server through a URL. What matters is that  
the included file's permissions are set up correctly. They should be  
readable by the apache process only. And you can always use Zend Encoder or  
something similar to encrypt the code in these files.

Your bigger problem will be the security of your database. I'm assuming you  
will be storing login information in a database? In this case you have to  
make sure your db is configured properly and sensitive information, such as  
passwords, etc., is encrypted.

You will also have to make sure that your sessions management is configured  
properly. Do not pass IDs along in the URL and use SSL where possible. Do  
not use global variables, etc.

Quoted text here. Click to load it

Well, although I've been doing web development for over 10 years now, I've  
only been working with PHP for about 5. So, I consider myself more of a  
novice than a guru, but I hope this was helpful.


Re: Newbie questions for the PHP5 experts in this ng

Balazs Wellisch wrote:

Quoted text here. Click to load it

Thank you very, very much Balazs, this has been *very* helpful. Your  
10yrs experience clearly shows. Mucho gracias !.

Site Timeline