The Bard in Green

I know an engineer who had several ponds near his property who built an elaborate contraption to attract and electrocute them. He killed tens of thousands. Hundreds more ignored it and bit him anyway.

Very rarely, but probably only in situations where you would too. No, usually I put my HTML in HTML files. They’re usually building blocks… page components, not a full page. I regulate the page flow in PHP, and I don’t like it cluttered up with tons of HTML, inside or outside of echos. I have been known to do stuff like this though:

echo “<div class=‘whatever-container’>”.$Page->pagecomponents[‘contents_of_some_html_file’].“</div>”;

If I go and look at $Page, it will show that $this->pagecomponents is set by reading my template files in so I can grab HTML structures dynamically. If the contents of pagecomponents[‘component’] are set dynamically (they usually are), there won’t be some ugly <php ?> tag in the HTML file, but my $Page class will handle populating it somehow. The architecture I usually use is $Validator is instantiated for a page load, then $Data, so whatever user activity $Validator has detected and cleaned up tells $Data what to do with the data backend (which is usually a combination of Maria and Redis) then $Data gets fed into $Page which figures out what page to build, looks at all my HTML building blocks and figures out how to put them together and populate whatever it needs to. So it will usually be something like (very simplistically)

$Validator = new Validator($_GET, $_POST);

$Data = new Data($Validator);

$Page = new Page($Data);

renderPage($Page->Page);

Bad ass answer.

I don’t like reading it captain pedantic. Deal with it. :)

On the one hand, you do have good reasons to use classes.

1. Interacting with your database.
2. Sanitizing your inputs.
3. Building pages from templates.

Rather than piecemeal loading all these functions from every page where a bunch of them aren’t being used, you can create three classes.

1. has all your database interactions in it and then you can treat all database interactions as an object. My queries are usually all executed with $Data->runQuery();

2. Since you’re working in raw PHP with no frameworks or libraries, you NEED to validate every input users send, or bots are going to spam the shit out of your database. The way you have things now, you’re probably either calling some function(s) on every form submit (every time $_SERVER[‘request_method’]===‘POST’) OR you’re just not doing it. When working in raw PHP, I always write a Validator class which sits in between every $_GET and $_POST and makes damn sure what ever is coming in meets a set of criteria that I expect. I’m happy to go into the architecture of this with you if that would be helpful.

3. I’m assuming you might have something for each page like

include(‘header.php’);

<my page specific PHP is here>

include(‘footer.php’);

Instead, I like to write a page builder class that constructs my pages dynamically based on routing. So then any given page becomes and instance of $Page and you populate it with various methods (like $Page->renderForm(‘form’);) You can also then base the routing logic on your form submissions.

On the other hand… it’s probably fine at this stage to just not use classes and if it works, why fix it?

You probably feel like you don’t have a need for classes because you’re just not comfortable working with them yet, and need more experience thinking through architecture. This is fine. This is normal. This is exactly where you should be, given what you say about your experience level.

SQL injection probably didn’t work because PDO protects you from that to some extent. Doesn’t mean you shouldn’t account for it in your input processing.

Most of my HTML comes from echo.

Good, it should. I effing HATE reading through code where people are tagging in and out of PHP all the time. It looks so ugly. That’s not a standard best practice, just MY personal practice. IMHO, for HUMAN readability purposes, HTML should either be in echos or template files.

I fricken hate this: <a> <bunch> <of> <html> <php? run_some_php('here'); />

Don’t effing make me read that. I co-run an independent coding shop and whenever we work in PHP, I tell people please not to do that.