In article <db**********@panix3.panix.com>,
ad****@panix.com (Al Dykes)
wrote:
I've just grabbed a PHP book and can deal with the syntax and now I
need to decide to learn specific packages and features.
Define "framework".
What are the major framework flavors ?
Under what conditions can I use two or more frameworks?
Sorry for the beginners question.
Thanks
A frame work is a set of classes that can be used to perform the more
mundane manipulations of the data in your application.
The stuff on
http://pear.php.net could be considered a framework of
sorts. There are bunches of classes that provide some utility and
abstraction of different processing.
For example, PEAR DB lets you use the same code to interact with
multiple types of databases. So instead of coding mysql_query() and
pg_query() in your app, you simply instance an object of class DB,
define the database type and connection via the DSN and use the _same_
methods in the class to interact with _whatever_ database it is. In
short, your app user can use any database supported by PEAR DB without
modifying the code (SQL excepted - that is more a database level thing
than a PHP thing.)
I recently wrote some code that lets me take in user input in an
Unsafe(), SafeSQL(), or SafeHTMLSQL() manner in PHP/PostgreSQL E-Zine
Issue 2
http://amduus.com/phpezine/archive/Issue2.pdf Source code (
http://amduus.com/phpezine/archive/issue2.zip ). It takes into account
sourcing from _POST, _GET, _SERVER, etc.
If I want something from what the user entered, I do:
-----
include_once("ObjSafeIO.php");
$IO = new ObjSafeIO;
// Protect from SQL Injection
$FirstName = $IO->SafeSQL("FirstName");
or
// Protect from SQL Injection / Cross scripting attacks
$FirstName = $IO->SafeHTMLSQL ("FirstName");
-----
The class searches across the _POST, _GET, etc for an entry of FirstName
and then applies the manipulations to it to make it safe for SQL use and
for display on a web based app... or not safe depending on what I want
to use the value for.
Hope this helps explain things.