« Blaine Cooke Talks About Twitter on the Gillmor Gang | Main | Scalability Strategies Primer: Database Sharding »

November 29, 2008

Comments

Greg Tidwell

I thought playing with your framework might be a good way to start learning about MVC. However, it looks like I need to start with learning about apache's rewrite module. When trying to view an article (localhost/simplemvc/article/view) I get a 500 Internal Server Error. The apache error_log shows:
"RewriteEngine not allowed here"

Any idea?

Max Indelicato

Greg, you're right, you'll need to make sure that your Apache installation has the Rewrite module installed as well. What kind of development environment are you on (LAMP, WAMP, etc?), as the installation instructions will differ depending on which environment you're running under. If you're working with a shared host, contact your hosting provider and they can install it for you.

To get you started, here's a good tutorial on getting mod_rewrite working under a typical Debain LAMP stack:
http://www.debian-administration.org/articles/136

And here are a few other links to some good URL Rewriting resources:
http://httpd.apache.org/docs/2.0/misc/rewriteguide.html
http://articles.techrepublic.com.com/5100-10878_11-5068743.html

Good luck!

Craig Francis

Sorry to be picky, but I thought I would have a quick read over the code and see how you have got things working.

However I've found a couple of points I'm not quite sure on...

Just looking at the

/model/article_model.php

Where, under the selectArticleByArticleId() and insertArticle() functions, you perform a query but there does not seem to be any escaping of the values, so SQL injection may be possible:

http://php.net/mysql_real_escape_string
http://php.net/security.database.sql-injection

Also, I know this is an example, but the "SELECT *", especially the one used in selectArticles() is perhaps a little excessive - i.e. imagine that the index page, listing the first 10 articles (title, summary, and link), pulls back the whole database of article information of perhaps 10,000 records all containing the full body of article text... typically I would allow the calling function to specify which fields it needs, and perhaps some way to express the ORDER BY and LIMIT values... there may even be a WHERE clause so you can limit the articles to those in a specific category.

And with your addsubmit() function... I don't think it is an issue in this case, but please make sure you add an exit() call after the Location header... I've seen a few sites that don't realise that script execution continues afterwards, and just use this when authentication fails. For example, imagine an admin control panel which just sends the Location header when authentication fails, it will allow someone to POST data to create a new admin account, and although the browser will be re-directed by the failed authentication check, the script will continue to execute (and add the user).

As to the "ModelBase", is there a reason why a new connection to the database is created for every time a query is executed? It might be worth defining a private "conn" variable on the object which is NULL on load... then every time a query is executed, check to see if its NULL (if so, call a connect method), and the continue with the query.

Hope these queries are easy to address.

Mohammad

Thank you,
PHP MVC For Dummies !

Max Indelicato

Craig, thanks for pointing those pitfalls out. I've replied to your question by appending an update to the post.

Mohammad, glad you enjoyed the post. More to come!

thibauld

Hi,

This post about your MVC framework for PHP is interesting! I personally support the idea that the methodology one use to build his web app is more important than the framework one use even if using a good framework can help. I plan to elaborate on this very subject soon on my blog, but I already blogged on what makes a web framework great.
Looking forward to your next post!
Cheers,

Thibauld

The comments to this entry are closed.

About

  • Max Indelicato. Chief Software Architect and technology enthusiast.

Other Services I Use

January 2009

Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31