Hello
I'm about to write a prototype for a business application, but since
this my first real web application, I'm looking for a good book or
article that sums up the different issues web developers will
encounter when coming from the world of dedicated applications (VB,
Delphi, etc.)
I'm thinking of issues specific to web apps like the statelessness of
HTTP, dealing with the back button, etc.
Any good resource? It'd be even better if they have examples in PHP,
but a language-agnostic resource is good enough.
Thank you!
20  1988 
Vincent Delporte wrote:
Hello
I'm about to write a prototype for a business application, but since
this my first real web application, I'm looking for a good book or
article that sums up the different issues web developers will
encounter when coming from the world of dedicated applications (VB,
Delphi, etc.)
I'm thinking of issues specific to web apps like the statelessness of
HTTP, dealing with the back button, etc.
Any good resource? It'd be even better if they have examples in PHP,
but a language-agnostic resource is good enough.
Thank you!
php.net has the majority of what you will need, i find the user
commenst to be the most useful part.
Flamer.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Vincent Delporte wrote:
I'm about to write a prototype for a business application, but since
this my first real web application, I'm looking for a good book or
article that sums up the different issues web developers will
encounter when coming from the world of dedicated applications (VB,
Delphi, etc.)
First and foremost: Don't trust user input. Ever.
In other words: whenever you receive data from the user (usually by a posted
form, or by some GET variables), clean, check and double-check the data for
validity. Don't ever assume that the user has put a valid value in a form
input field.
Another point to take into account: Every page is a *different* run of your
program. HTTP is a stateless protocol, ya' know. That means:
- - Be careful when passing data from one page to another
- - Be careful about race conditions
- --
- ----------------------------------
Iván Sánchez Ortega -i-punto-sanchez--arroba-mirame-punto-net
¿Quieres aprender a leer?, Escríbeme!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEyVpJ3jcQ2mg3Pc8RArI4AJwJO9/SuQqZa3HNpOd9WulKz6C6PgCfaBnk
loUkJdewmsA6FiW17VDNork=
=5j0L
-----END PGP SIGNATURE-----
On Fri, 28 Jul 2006 02:28:56 +0200, Iván Sánchez Ortega
<i.***************@rroba--mirame.punto.netwrote:
>First and foremost: Don't trust user input. Ever.
Thx guys. So, no article or book on the subjet?
The info you are looking for is usually scatterd among different sites and books. The OReilly online book store is usually a good place to start (www.oreilly.com).
But if you need an overview, have a look at the book:
"Deliver First Class Web Sites: 101 Essential Checklists"
Ronald :cool:
On Fri, 28 Jul 2006 16:11:30 +0100, "Tony Marston"
<to**@NOSPAM.demon.co.ukwrote:
>Do a google search using "php security" and you will see some useful
articles.
OK, but my question isn't specifically about security. It's a more
general question about the web-specific issues that desktop
applications don't have to deal with.
On Fri, 28 Jul 2006 21:15:29 +0200, Vincent Delporte wrote:
On Fri, 28 Jul 2006 16:11:30 +0100, "Tony Marston"
<to**@NOSPAM.demon.co.ukwrote:
>>Do a google search using "php security" and you will see some useful
articles.
OK, but my question isn't specifically about security. It's a more
general question about the web-specific issues that desktop applications
don't have to deal with.
The number one thing is understanding the difference between client-side
and server-side.
--
The USA Patriot Act is the most unpatriotic act in American history.
Feingold-Obama '08 - Because the Constitution isn't history,
It's the law.
On Fri, 28 Jul 2006 14:51:36 -0500, Ivan Marsh <an*****@you.now>
wrote:
>The number one thing is understanding the difference between client-side
and server-side.
With AJAX, there's no such thing ;-)
Vincent Delporte wrote:
On Fri, 28 Jul 2006 14:51:36 -0500, Ivan Marsh <an*****@you.now>
wrote:
>The number one thing is understanding the difference between
client-side and server-side.
With AJAX, there's no such thing ;-)
Oh yes there is, and no little difference at that. There's a lot different
in posting/getting information over HTTP (or any other protocol) and a local
application.
It seems it's more userfriendly/doesn't take that much trips to the server
and back (*) using the capabilities from AJAX, that's true. AJAX is usefull
in some cases, but hardly the holy grail here.
(*) From the users standpoint. Normally there's even more traffic going on
when people are using ajax, only not on specific request from the user.
Grtz,
--
Rik Wasmus
Vincent Delporte wrote:
Hello
I'm about to write a prototype for a business application, but since
this my first real web application, I'm looking for a good book or
article that sums up the different issues web developers will
encounter when coming from the world of dedicated applications (VB,
Delphi, etc.)
I'm thinking of issues specific to web apps like the statelessness of
HTTP, dealing with the back button, etc.
Any good resource? It'd be even better if they have examples in PHP,
but a language-agnostic resource is good enough.
Thank you!
Can I assume you come from the world of LAN apps, or Client/Server? If so,
I can share some experience, which I hope may be of use.
Probably the most important thing is to identify the architectural
differences between web and your past experiences and to embrace them
thoroughly in your new designs.
For instance, consider statelessness. My background in desktop and C/S apps
made this incomprehensible to me at first glance. How could anything
possibly work with no memory of the last request? At first I began
investigating sessions and schemes for maintaining state with the idea in
mind of keeping my stateful mindset. Though I learned a lot, this did not
give me a working system. At some point it dawned that statelessness must
be embraced and worked into my entire mindset, at which point the code
flowed and the systems worked.
The same goes for the back button. You can't stop them from hitting it. A
desktop guy will attempt to prevent it by popping up a browser window with
no toolbars. But all such schemes can be defeated because the reality of
the web is that the user is in control of the client, so you have to
embrace that fact in your design and enforce your needs in other ways.
Same goes for input. You can't control what the user sends, they can send
any kind of malicious code imaginable, so you have to code that assumption
in.
Anyway, that's my experince, hope it helps in some small way.
And good luck! Come on in, the water's fine!
--
Kenneth Downs
Secure Data Software, Inc.
(Ken)nneth@(Sec)ure(Dat)a(.com)
On Sat, 29 Jul 2006 09:57:37 -0400, Kenneth Downs
<kn**************@see.sigblockwrote:
>Probably the most important thing is to identify the architectural
differences between web and your past experiences and to embrace them
thoroughly in your new designs.
Thanks for the input. Considering how different the two environments
are, I'm suprised not to have found a book, or at least one with a
good chapter that would spell out the differences, and list the issues
peculiar to web apps that desktop developers don't have to deal with.
Unless someone can recommend an application server for PHP, I'll go
next door and read up on TurboGears :-)
On Sat, 29 Jul 2006 00:16:15 +0200, Vincent Delporte wrote:
On Fri, 28 Jul 2006 14:51:36 -0500, Ivan Marsh <an*****@you.nowwrote:
>>The number one thing is understanding the difference between client-side
and server-side.
With AJAX, there's no such thing ;-)
Uh... that's so incorrect I doesn't even deserve an answer.
--
The USA Patriot Act is the most unpatriotic act in American history.
Feingold-Obama '08 - Because the Constitution isn't history,
It's the law.
On Sat, 29 Jul 2006 02:13:04 +0200, Rik wrote:
Vincent Delporte wrote:
>On Fri, 28 Jul 2006 14:51:36 -0500, Ivan Marsh <an*****@you.nowwrote:
>>The number one thing is understanding the difference between
client-side and server-side.
With AJAX, there's no such thing ;-)
Oh yes there is, and no little difference at that. There's a lot
different in posting/getting information over HTTP (or any other
protocol) and a local application.
It seems it's more userfriendly/doesn't take that much trips to the
server and back (*) using the capabilities from AJAX, that's true. AJAX
is usefull in some cases, but hardly the holy grail here.
(*) From the users standpoint. Normally there's even more traffic going
on when people are using ajax, only not on specific request from the
user.
Indeed... AJAX changes nothing about the client-side/server-side dynamic.
Just because you're making a server-side call asynchronously doesn't mean
you're not making a server-side call.
--
The USA Patriot Act is the most unpatriotic act in American history.
Feingold-Obama '08 - Because the Constitution isn't history,
It's the law.
On Mon, 31 Jul 2006 10:21:45 -0500, Ivan Marsh <an*****@you.now>
wrote:
>Uh... that's so incorrect I doesn't even deserve an answer.
Chill out. Was just a joke ;-)
That's a good answer, Kenneth wrote here.
My experience is, that most people writing PHP are using it just to pep up
their web pages,
which is quite a different task compared to writing a real web application.
If you get serious with web applications (information systems, complex data
models, large databases, transactions, and that stuff)
you probably need an application framework with a good metaphor behind it.
For instance it must allow to synchronize
user transactions with database transactions.
If you like the idea that a web application should not re-invent the GUI
wheel
but should support a dialog flow similar to what we are used to at the
desktop,
you may like the GGF Framework ( http://de.geocities.com/ggf_team/).
regards
Jerry
"Kenneth Downs" <kn**************@see.sigblockwrote in message
news:34************@pluto.downsfam.net...
Vincent Delporte wrote:
Hello
I'm about to write a prototype for a business application, but since
this my first real web application, I'm looking for a good book or
article that sums up the different issues web developers will
encounter when coming from the world of dedicated applications (VB,
Delphi, etc.)
I'm thinking of issues specific to web apps like the statelessness of
HTTP, dealing with the back button, etc.
Any good resource? It'd be even better if they have examples in PHP,
but a language-agnostic resource is good enough.
Thank you!
Can I assume you come from the world of LAN apps, or Client/Server? If
so,
I can share some experience, which I hope may be of use.
Probably the most important thing is to identify the architectural
differences between web and your past experiences and to embrace them
thoroughly in your new designs.
For instance, consider statelessness. My background in desktop and C/S
apps
made this incomprehensible to me at first glance. How could anything
possibly work with no memory of the last request? At first I began
investigating sessions and schemes for maintaining state with the idea in
mind of keeping my stateful mindset. Though I learned a lot, this did not
give me a working system. At some point it dawned that statelessness must
be embraced and worked into my entire mindset, at which point the code
flowed and the systems worked.
The same goes for the back button. You can't stop them from hitting it.
A
desktop guy will attempt to prevent it by popping up a browser window with
no toolbars. But all such schemes can be defeated because the reality of
the web is that the user is in control of the client, so you have to
embrace that fact in your design and enforce your needs in other ways.
Same goes for input. You can't control what the user sends, they can send
any kind of malicious code imaginable, so you have to code that assumption
in.
Anyway, that's my experince, hope it helps in some small way.
And good luck! Come on in, the water's fine!
--
Kenneth Downs
Secure Data Software, Inc.
(Ken)nneth@(Sec)ure(Dat)a(.com)
On Mon, 31 Jul 2006 22:40:12 +0200, "gerald Zincke"
<ge***********@aon.atwrote:
>you may like the GGF Framework (http://de.geocities.com/ggf_team/).
Thx I'll take a look.
"gerald Zincke" <ge***********@aon.atwrote in message
news:44**********************@newsreader01.highway .telekom.at...
That's a good answer, Kenneth wrote here.
My experience is, that most people writing PHP are using it just to pep up
their web pages,
which is quite a different task compared to writing a real web
application.
If you get serious with web applications (information systems, complex
data
models, large databases, transactions, and that stuff)
you probably need an application framework with a good metaphor behind it.
For instance it must allow to synchronize
user transactions with database transactions.
If you like the idea that a web application should not re-invent the GUI
wheel
but should support a dialog flow similar to what we are used to at the
desktop,
you may like the GGF Framework (http://de.geocities.com/ggf_team/).
regards
Jerry
"Kenneth Downs" <kn**************@see.sigblockwrote in message
news:34************@pluto.downsfam.net...
>Vincent Delporte wrote:
Hello
I'm about to write a prototype for a business application, but since
this my first real web application, I'm looking for a good book or
article that sums up the different issues web developers will
encounter when coming from the world of dedicated applications (VB,
Delphi, etc.)
I'm thinking of issues specific to web apps like the statelessness of
HTTP, dealing with the back button, etc.
Any good resource? It'd be even better if they have examples in PHP,
but a language-agnostic resource is good enough.
Thank you!
Can I assume you come from the world of LAN apps, or Client/Server? If
so,
>I can share some experience, which I hope may be of use.
Probably the most important thing is to identify the architectural
differences between web and your past experiences and to embrace them
thoroughly in your new designs.
For instance, consider statelessness. My background in desktop and C/S
apps
>made this incomprehensible to me at first glance. How could anything
possibly work with no memory of the last request? At first I began
investigating sessions and schemes for maintaining state with the idea in
mind of keeping my stateful mindset. Though I learned a lot, this did
not
give me a working system. At some point it dawned that statelessness
must
be embraced and worked into my entire mindset, at which point the code
flowed and the systems worked.
The same goes for the back button. You can't stop them from hitting it.
A
>desktop guy will attempt to prevent it by popping up a browser window
with
no toolbars. But all such schemes can be defeated because the reality of
the web is that the user is in control of the client, so you have to
embrace that fact in your design and enforce your needs in other ways.
Same goes for input. You can't control what the user sends, they can
send
any kind of malicious code imaginable, so you have to code that
assumption
in.
Anyway, that's my experince, hope it helps in some small way.
And good luck! Come on in, the water's fine!
If you want a web framework that allows you to write large CRUD applications
then look no further than RADICORE ( http://www.radicore.org/ ). This was
invented by someone who spent 20+ years in developing and using frameworks
for the desktop, then translated all that knowledge and experience into a
PHP framework. It deals with database transactions, handles the back button,
has a dynamic menu system, role based access control system, audit logging
without database triggers, a data dictionary, and a workflow engine.
--
Tony Marston http://www.tonymarston.net http://www.radicore.org
Tony Marston wrote:
"gerald Zincke" <ge***********@aon.atwrote in message
news:44**********************@newsreader01.highway .telekom.at...
>>That's a good answer, Kenneth wrote here.
My experience is, that most people writing PHP are using it just to pep up
their web pages,
which is quite a different task compared to writing a real web
application.
If you get serious with web applications (information systems, complex
data
models, large databases, transactions, and that stuff)
you probably need an application framework with a good metaphor behind it.
For instance it must allow to synchronize
user transactions with database transactions.
If you like the idea that a web application should not re-invent the GUI
wheel
but should support a dialog flow similar to what we are used to at the
desktop,
you may like the GGF Framework (http://de.geocities.com/ggf_team/).
regards
Jerry
"Kenneth Downs" <kn**************@see.sigblockwrote in message
news:34************@pluto.downsfam.net...
>>>Vincent Delporte wrote:
Hello
I'm about to write a prototype for a business application, but since
this my first real web application, I'm looking for a good book or
article that sums up the different issues web developers will
encounter when coming from the world of dedicated applications (VB,
Delphi, etc.)
I'm thinking of issues specific to web apps like the statelessness of
HTTP, dealing with the back button, etc.
Any good resource? It'd be even better if they have examples in PHP,
but a language-agnostic resource is good enough.
Thank you!
Can I assume you come from the world of LAN apps, or Client/Server? If
so,
>>>I can share some experience, which I hope may be of use.
Probably the most important thing is to identify the architectural
differences between web and your past experiences and to embrace them
thoroughly in your new designs.
For instance, consider statelessness. My background in desktop and C/S
apps
>>>made this incomprehensible to me at first glance. How could anything
possibly work with no memory of the last request? At first I began
investigating sessions and schemes for maintaining state with the idea in
mind of keeping my stateful mindset. Though I learned a lot, this did
not
give me a working system. At some point it dawned that statelessness
must
be embraced and worked into my entire mindset, at which point the code
flowed and the systems worked.
The same goes for the back button. You can't stop them from hitting it.
A
>>>desktop guy will attempt to prevent it by popping up a browser window
with
no toolbars. But all such schemes can be defeated because the reality of
the web is that the user is in control of the client, so you have to
embrace that fact in your design and enforce your needs in other ways.
Same goes for input. You can't control what the user sends, they can
send
any kind of malicious code imaginable, so you have to code that
assumption
in.
Anyway, that's my experince, hope it helps in some small way.
And good luck! Come on in, the water's fine!
If you want a web framework that allows you to write large CRUD applications
then look no further than RADICORE (http://www.radicore.org/ ). This was
invented by someone who spent 20+ years in developing and using frameworks
for the desktop, then translated all that knowledge and experience into a
PHP framework. It deals with database transactions, handles the back button,
has a dynamic menu system, role based access control system, audit logging
without database triggers, a data dictionary, and a workflow engine.
Why don't you tell them it's your own site, Tony?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
================== This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Geoffrey |
last post by:
We have developed a python class that can read data files created from
another application. These target files are C-ISAM files used for
accounting applications so the "primary" application may be...
|
by: Panchi51 |
last post by:
Hi,
Below is a collection of tips/tricks/caveats for LP64 c coding,
full text is at http://www.cs.albany.edu/~mosh/Text/c-ref.txt.
Hope it helps, corrections welkome.
--...
|
by: Mantorok Redgormor |
last post by:
Should I just avoid them?
I have heard many bad things about them
1) if you set a signal handler, you can't really ignore the signal and
continue with normal program execution, because after that...
|
by: Chad Myers |
last post by:
Before I spend a lot of time reading about something
I might not need to use/worry about, can someone give me
the 5 second take on CAS?
In general, when do I need to worry about it (what type of...
|
by: Jay |
last post by:
Guess this has probably been reported already. Seems if you don't use {}
with for/while etc., the debugger stops at the wrong line. In the example
below, I had a breakpoint at line 6 but the...
|
by: abbu |
last post by:
Hi All,
I have just finished my graduation.
I'am attending my interviews for software companies.
If any one has the book "C Traps and Pitfalls" please send it as
attachment across to my mail...
|
by: idoha |
last post by:
Hi All,
I need to send SNMP traps of a very specific forma (version 2 snmp trap). The format is as following:
07/31/2007 16:31:47 2 172.21.49.66 172.21.49.66 1.3.6.1.4.1.6387.1.2.3.3.1.2.12 ...
|
by: Dirk Van de moortel |
last post by:
{
OOPS, posted this to moderated group perl.cpan.discuss as
well, so it can take a while to get through, if it gets through at all
Otherwise sorry for duplicate posting
}
We need to set up a...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| |
