amuck-landowner

Keep Track of Your Services! (Lightweight PHP script)

KuJoe

Well-Known Member
Verified Provider
I think my biggest issue with this script is the SQLite3 stuff, half of the documentation I found online didn't work and I was looking at it the wrong way. I'll go through the code again next week when I'm feeling 100% and probably rewrite it with authentication so it can be publicly accessible.
 

lbft

New Member
That's one of the reasons PDO is so handy in PHP - you only have to learn one thing and it (basically) works for a bunch of different databases.

However if you're not confident then maybe an ORM would be a better idea.
 

KuJoe

Well-Known Member
Verified Provider
That's one of the reasons PDO is so handy in PHP - you only have to learn one thing and it (basically) works for a bunch of different databases.

However if you're not confident then maybe an ORM would be a better idea.
What is ORM exactly? I checked out Google but I'm not finding anything specific to MySQL. I prefer OO when it comes to MySQLi because my limited exposure to prepared statements was too confusing for me.
 

devonblzx

New Member
Verified Provider
Thanks @splitice. I'll stick with OO for now.
Object oriented programming and object relational mapping go hand in hand.  If you know OOP, then ORM is a way to use database tables as objects.

A simple ORM example would be:

Instead of


$pdo->prepare('INSERT INTO user (name, address, phone) VALUES (?,?,?)');
...

The code is:


$user = new User;
$user->name = 'John Doe';
$user->address = '1234 Main St';
$user->phone = '555-5555';
$user->save();
There are a variety of different ORM implementations with PHP, but that is simple example of how they work.
 

KuJoe

Well-Known Member
Verified Provider
Pushed a few updates last night. Now it automatically updates the Due Date field once the date passes kinda (if you have an invoice due on the 29th, 30th, or 31st of a month then it will break eventually because of how PHP handles "+1 month" and none of the workarounds I found worked correctly) and the Due Date field highlights yellow if it's due that month (although once the due date passes it will update the due date). I also added a new field for Services (i.e. HTTP, DNS, MySQL, etc...) per a request.

@GIANTCRAB submitted an update so now you can retrieve data using JSON which is really awesome.
 

Hxxx

Active Member
PDO should be the default option for everyone connecting to a db from php. And like others said the flexibility of being multi db compatible is a +.

However let me thank you for your effort , specially for contributing to the community instead of opening drama posts like uh um (..) other people here. If only we had more KuJoe's in the community ...

Is kind of annoying when one collaborate and the community , specially these people that think that know everything try to spank you and instantly point flaws, instead of fixing the code and pushing it to the git. More do, less talk.

Again, thank you for participating in the community.
 

Zigara

New Member
PDO should be the default option for everyone connecting to a db from php. And like others said the flexibility of being multi db compatible is a +.

However let me thank you for your effort , specially for contributing to the community instead of opening drama posts like uh um (..) other people here. If only we had more KuJoe's in the community ...

Is kind of annoying when one collaborate and the community , specially these people that think that know everything try to spank you and instantly point flaws, instead of fixing the code and pushing it to the git. More do, less talk.

Again, thank you for participating in the community.
Learning about security concerns and how to fix them yourself is a lot more rewarding than having someone do it for you.
 

KuJoe

Well-Known Member
Verified Provider
Yes the security flaws were my own and shouldn't have been there to begin with but at the time I was coding this my focus was on getting it working as quickly as possible without any concern for security because the system itself is 100% secure even if the code was not. That being said the community here made me realize not everybody would read the README I wrote so I made it more secure to protect people from themselves. :)


I pushed another update so service info can be "imported" now for faster adding (along with a script for grabbing resources).
 

raindog308

vpsBoard Premium Member
Moderator
PDO should be the default option for everyone connecting to a db from php.
And beyond that, you should always use prepared statements/bind variables in any environment.


Beyond security, they are more performant.

For small projects you won't see a difference but for bigger things, you save DB hard parses. In other words, if you constantly send


SELECT FROM superheroes WHERE ready_for_combat = 1 and location = 'HQ' and injured = 0;

then every time the DB engine has to parse that. This is a huge headache for all these goofy ORM engines that construct SQL on the fly - there's virtually no reuse of prepared statements because it's all dynamically generated SQL.

If however you prepare a statement with


SELECT FROM superheroes WHERE ready_for_combat = ? and location = ? and injured = ?;

then if you make 1,000 calls, there is only one parse on the first call. On subsequent calls the DB is just plugging in variables.  Of course, could be SELECT, INSERT, UPDATE, etc.

You don't see these savings if you have only a few calls of course - CPUs are fast today.  But if you're doing tons of DB calls and tons of clients are banging on your DB server, it adds up to significant CPU savings.

Some of the big commercial engines like Oracle will actually analyze on the fly and convert to bind-variables invisibly for you, but it's obviously better to do it yourself.

Besides, prepared statements/bind variables just a saner, sturdier way of dealing with the DB.


Being able to say (pseudo code)


sql_handle->execute($var1, $var2);

is so much nicer than having to quote a bunch of variables.  
 

Dillybob

New Member
LMAO fuck.. 2 pages babbling about escaping and santizing a string.. Lord be with you all.  
 
Last edited by a moderator:

fisle

Active Member
I created a pull request that implements prepared statements, also cleans the code a bit and tries to improve readability, mostly by following PSR-2 standard.

Some feedback about your coding style:

- Really, use prepared statements. It's a good practice to follow everywhere.

- Constant coding style (this is a good read)

- No comments (Every function should have a short description of what it is, what it accepts and what it returns)

- Inline PHP + HTML is bad, mmkay
 

KuJoe

Well-Known Member
Verified Provider
I created a pull request that implements prepared statements, also cleans the code a bit and tries to improve readability, mostly by following PSR-2 standard.

Some feedback about your coding style:

- Really, use prepared statements. It's a good practice to follow everywhere.

- Constant coding style (this is a good read)

- No comments (Every function should have a short description of what it is, what it accepts and what it returns)

- Inline PHP + HTML is bad, mmkay
I saw your pull request and I'll look it over tonight and test it out on my test setup. Thanks for all of your effort and feedback! :)

- Really, use prepared statements. It's a good practice to follow everywhere.

I will make an effort to learn this in the future, the code I spend the majority of my time on cannot use it (Wyvern) and every time I have tried learning it in the past it just confused me but I do understand it's the best method of database manipulation.

- Constant coding style (this is a good read)

In all honesty I thought my coding style was constant. I also didn't know there was a standard or guidelines but being 100% self taught I borrow a lot of my code from all over the internet so it makes sense that it's chaotic.

- No comments

 Yup, I know I'm horrible at this. I should probably work on this now that I'm actually sharing my code with the world.

- Inline PHP + HTML is bad, mmkay

Can you elaborate on this? You mean the echo "Hello<br />World"; thing or <p>Hello<br /><?php echo "World"; ?></p> thing? What is the best practice for this? As you can see I am not a software developer by any stretch of the imagination so I'll take all of the pointers I can get. :)
 
Last edited by a moderator:

fisle

Active Member
I saw your pull request and I'll look it over tonight and test it out on my test setup. Thanks for all of your effort and feedback! :)

- Really, use prepared statements. It's a good practice to follow everywhere.

I will make an effort to learn this in the future, the code I spend the majority of my time on cannot use it (Wyvern) and every time I have tried learning it in the past it just confused me but I do understand it's the best method of database manipulation.

- Constant coding style (this is a good read)

In all honesty I thought my coding style was constant. I also didn't know there was a standard or guidelines but being 100% self taught I borrow a lot of my code from all over the internet so it makes sense that it's chaotic.

- No comments

 Yup, I know I'm horrible at this. I should probably work on this now that I'm actually sharing my code with the world.

- Inline PHP + HTML is bad, mmkay

Can you elaborate on this? You mean the echo "Hello<br />World"; thing or <p>Hello<br /><?php echo "World"; ?></p> thing? What is the best practice for this? As you can see I am not a software developer by any stretch of the imagination so I'll take all of the pointers I can get. :)

Good on you for being self taught, that's how I roll, too.

My eye caught some minor spacing issues with codelines, like "foreach (" and "if(" (notice that "foreach" has space after the word, while "if" doesn't). Good practice is to have a space after the keyword. Also sometimes there was a space after a comma, sometimes it was not there. Spacing improves the readability a lot, IMO.

It's also a good idea to break those huge oneliners and split them to multiple lines.

By inline PHP+HTML I meant that one should separate logic and template from each other. That way things are simpler and easier to comprehend. This probably is an overkill for this particular project, but if you'd like to grow as a developer I think you should look it up.

Some links here on the subject:

http://www.broculos.net/2008/03/how-to-make-simple-html-template-engine.html

http://code.tutsplus.com/tutorials/roll-your-own-templating-system-in-php--net-16596

http://www.smashingmagazine.com/2011/10/17/getting-started-with-php-templating/
 
Top
amuck-landowner