On Fri, Dec 16, 2011 at 11:53 PM, Eric Butera <eric.but...@gmail.com> wrote:

> To all the people who responded to this thread:
> It is 2011 - please stop writing code like this.
> To the OP:
> I'm glad you're asking questions and realizing you're not happy with
> your current abilities and suspect there's a better way.  I've read
> the replies in this thread and feel a bit let down.  Use a templating
> language - yes, I understand that is what php is for - but I won't go
> into it.  You should not be echoing, printing, or any other method of
> concatenating html dealing with escaping quotes inside your php logic
> code.  Please separate your concerns.
> Not sure what that means?  That's OK!  If you want to move forward,
> look up how modern frameworks deal with this issue using their views
> or template views.  You don't have to use a framework if you do not
> want to, that's perfectly fine.  If it works, it works.  But in the
> end, it the separation of logic and html is essential to code
> maintenance.


There are many posters to this list, and there exists a broad range of
programming styles and abilities. I'll bet you're a competent programmer,
and that you've worked hard to hone your craft. It takes passion and drive
to improve one's skill set. However, I'd encourage you to focus that
passion on the list in a way that facilitates the growth of those with
questions whilst staying true to their current, specific needs.

Frankly, every answer on the list could begin with the suggestion that they
just use a framework. The list is here to help build up the entire skill
set of PHP developers.

Let's reexamine the original post:

Hello all.
> Can someone tell me which of the following is preferred and why?

Use of the word "Which" implies that there were a closed set of options
they wanted to consider, although we did offer some others, but they all
stayed relatively true to his original options.

>  echo "<a style='text-align:left;size:**14;font-weight:bold'
> href='/mypage.php/$page_id'>$**page_name</a><br>";
>  echo "<a style='text-align:left;size:**14;font-weight:bold'
> href='/mypage.php/".$page_id."**'>".$page_name."</a><br>";


Please note there is no logic anywhere in this example. PHP is truly
serving merely as a templating language here. So, while I agree with the
general notion that logic should not be intermingled with markup, this
particular example does not serve as the anti-pattern you suggest.

Also, note that we aren't sure where the $page_id and $page_name variables
are coming from. In instances where these are set manually within the
script (like a view variables at the top of the page), there's no need to
escape anything. That said, you're right, if the data is coming from
somewhere else, escaping should happen, but there's not enough information
to infer that, as you say, "You should not be echoing, printing, or any
other method of concatenating html dealing with escaping quotes inside your
php logic code."

> When I come across the above code in line 1, I have been changing it to
> what you see in line 2 for no other reason than it delineates out better in
> BBEdit.  Is this just a preference choice or is one method better than the
> other?

The above statement suggests there's an existing codebase that was being
worked through. In this light, the answers mostly focused on answering the
OP's original question, realizing that this was existing code that he was
refactoring lightly as he goes.

This is not to say that I disagree with all that you said, as I actually
developed my own framework that:

   - Cleanly separates PHP from HTML to avoid the intermingling of logic
   and presenation:
   - Automatically handles output escaping, input validation:
   - And lots of other features that coincide with the general focus of
   your words.

Given that work, I think it's fair to say that I do agree with several of
your general points for web development overall. However, this question
wasn't a big picture question on how to do web development with PHP. It was
a simple question that was answered in a helpful, specific manner by
several on the list.


Nephtali:  A simple, flexible, fast, and security-focused PHP framework

Reply via email to