Every programmer makes mistakes. It especially hurts when security hole was found and used. So it is important to test security before launching a project.
There is really nice and open web security resource on the web. It is called OWASP. It is open, not affiliated with any commercial structure, so its cool and free :)
You can jump and start reading whole security guide here: OWASP Testing Guide. Have a lucky testing ;)
I had one weird bug recently. I’ve made “LOVE” module for opencart which is working in http://www.mothereleganza.com. Basically this module is some sort of image gallery. So i’ve grabbed default opencart’s style to add images:
As you can see there are list of allready uploaded images, a file upload form fields and a remove buttons. So, If you hit Save button, you get uploaded new images, replaced old images if there are specified files and removed unneeded images. It looks like ease to use interface, but there is one bug: you have as many file uploads as files are uploaded. So after client added 20 images, all upload stuff stopped working. Why? Because PHP limits not only file size, but even a file count. In current server max_file_uploads option was set to 20. So it is possible to upload 20 files at once.
Fast decision was to remove file input fields from uploaded images. It will not be able to replace current image with a new one, but it is not necessary in my case.
When you become higher level than basic PHP coder, you start to ask yourself: do I need to rewrite these common pieces of code again and again? New webapp and again - I need to implement connection to database, content selection, input validation and use some sort of template system? But its boring! And I’m to lazy to repeat this again and again. :) And here comes helpful tools, like custom written classes, collection of functions reusable in most projects etc.
But sometimes even these are not enough. So what to do? I suggest you to give a chance to a framework. There are a bunch of these: CodeIgniter, CakePHP, Kohana, Symfony, Yii, Zend and much more! I think http://www.phpframeworks.com/ will help you to choose framework for your taste.
Personally I have tried two of them: CakePHP and Kohana. CakePHP was “first date” with a MVC framework. As I was young and inexperienced, it didn’t give me a very good impression. Even sample given with documentation didn’t work. Oh, I even didn’t understood why I need it. :)
But time passed, and I started to understand – using MVC is great option building bigger webapps or websites. So I gave another chance to a framework called Kohana.
Kohana is a PHP 5 framework that uses the Model View Controller architectural pattern. It is Originally based on CodeIgniter.
Why MVC? Well About MVC you can read here: Model-View-Controller. Usually in Model you write database queries, return them to a Controller which handles given data and returns it to a View. In a View goes all data layout or simply – template. But that’s not a limit, you even don’t need to use database sometimes to use MVC and so on. That’s great when application logic is separated from layout!
So, if you choose to start learning KohanaPHP, begin from great tutorial – Kohana 101. It is tutorial written by Oscar Bajner and shows how to write basic webapp using Kohana PHP framework. You can read it here: kohana 101 or Download it here: kohana101.
After reading and completing your first web site by yourself, go straight to Kohana documentation page, here you will get all needed help, also they have informative and helpful forum.
Okay, Kohanians, off we go… ;)
