Really guys?

From: ************@live.com
Reply-to: dovmax@gmail.com

Dear Valid User,
Our Account users discovered series of illegal attempts on your mail account from different IP locations.This is for your own safety to avoid your account closed, you will have to verify your account by filling out your Log-in below by clicking the reply button. We apologies for any inconveniences.

User name:……………..
Password:………………
Date Of Birth:………….
Occupation:…………….
Country Of Residence:……

After receiving the information requested you will be able to continue using your Account.

Customer Care
71594822
Copyright © 2011 Mail! Inc. (Co. Reg. No. 2344507D)All Rights Reserved. Intellectual Property Rights Policy.

Related posts:

1. Spartan Coding
2. Twitter Updates for 2009-02-23
3. Twitter Updates for 2009-02-23

If you are putting this at the top of every file…

// i will keep yelling this
// DON'T FORGET TO START THE SESSION !!!
session_start();

You may just be doing php wrong… and I hate you

Related posts:

1. PHP Functions, you’re doing it wrong…
2. PHP SQL Query Builder
3. Job Search Results

Sadly this seems completely accurate…

In order to be effective as an economic ITMP, the usage based price component needs to be established so as to discourage use above the set limit. The price should incent use in excess of the limit only to the extent that the consumer would gain significant value from that usage. If the price is set substantially below the consumer’s value, it will have little influence on usage.

via: http://www.michaelgeist.ca/content/view/5711/125/

Related posts:

1. Are You a COBOL Programmer?
2. Caveat Emptor
3. A look at PostgreSQL

So… This was fun…

Welcome to GatorChat!

You are being connected to a representative in our Technical Support department right now.

For immediate answers to your questions, check out our knowledge base and video tutorials at http://support.hostgator.com.

Your Chat ID is 3333053.

Your question is, “My primary domain is seanja.com. mod_security”

(10:03:41 PM) System: There are currently 3 people in front of you and 86 chat technicians assisting customers.
(10:04:10 PM) System: There are currently 3 people in front of you and 86 chat technicians assisting customers.
(10:04:41 PM) System: There are currently 1 people in front of you and 86 chat technicians assisting customers.
(10:05:11 PM) System: There are currently 0 people in front of you and 87 chat technicians assisting customers.
(10:05:12 PM) Gator Tech Support: has entered the chat.
(10:05:18 PM) Gator Tech Support: Hello, welcome to HostGator Live Chat.
(10:05:32 PM) SeanJA: hi
(10:05:44 PM) Gator Tech Support: How may I assist you today?
(10:06:40 PM) SeanJA: I keep getting a 403 error when trying to use piwik as a tracking server… I have also run into this problem with drupal’s ‘shurly’ module and the oauth login module as well… I believe that it would be related to mod_security?
(10:07:55 PM) Gator Tech Support: It really depends
(10:07:55 PM) SeanJA: I got around the one for oauth and shurly (a bit of hackery in drupal core that I would have liked to avoid…) but the one for piwik seems to be a bit more difficult to get around…
(10:08:07 PM) SeanJA: http://stats.seanja.com/piwik.php?idsite=1&rec=1&rand=0.11890891543589532&h=0&m=7&s=23&url=http%3A%2F%2Fseanja.com%2F&urlref=&res=1920×1200&cookie=1&pdf=1&qt=1&realp=0&wma=0&dir=0&fla=1&java=1&gears=1&ag=0&action_name=seanja.com
(10:08:11 PM) Gator Tech Support: Here is the mod security http://support.hostgator.com/articles/employees/daily-tasks/mod-sec-and-you
(10:08:20 PM) SeanJA: this is the url giving me the 403 error
(10:08:46 PM) Gator Tech Support: I am seeing a 500 error
(10:09:46 PM) SeanJA: odd… I am seeing that now too
(10:10:13 PM) SeanJA: oh… the 500 error is for the ErrorDocument
(10:10:19 PM) Gator Tech Support: here is everything I have on mod_security:

(10:10:45 PM) SeanJA: I keep getting bounced out to support.hostgator.com
(10:11:05 PM) Gator Tech Support: Yes, all I would be able to do is create a ticket that goes to them.
(10:11:14 PM) SeanJA: http://support.hostgator.com/articles/pre-sales-policies/secfilterengine-and-secfilterscanpost
(10:11:41 PM) SeanJA: this is what prompted me to contact you
(10:12:37 PM) Gator Tech Support: Right, but I see a 500 error
(10:13:52 PM) SeanJA: ok… but that is for the Error Document, the title of the page is “Error 403″
(10:14:24 PM) Gator Tech Support: Right
(10:14:47 PM) Gator Tech Support: Those two are very different errors
(10:14:51 PM) SeanJA: http://forums.hostgator.com/mod-security-and-403-errors-t71394.html
(10:16:09 PM) Gator Tech Support: I understand, a 403, is very different then a 500.
(10:16:54 PM) Gator Tech Support: http://support.hostgator.com/articles/cpanel/internal-server-error-help-500-error
(10:17:30 PM) SeanJA: what I see is:

Error 403 Forbidden,

Also a 500 error was thrown when trying to use ErrorDocument to handle the request
(10:17:58 PM) Gator Tech Support: I am getting:Forbidden

You don’t have permission to access /piwik.php on this server.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
(10:18:29 PM) Gator Tech Support: That would just need the pwiik.php permissions changed to 644
(10:19:33 PM) SeanJA: if you go to http://stats.seanja.com/piwik.php you actually get a result though
(10:19:42 PM) Gator Tech Support: Piwik is a free open source web analytics alternative to Google analytics.
(10:20:09 PM) SeanJA: as soon as you add ?url=http://test.com to the url it fails to work because the http:// is caught as “bad”
(10:20:49 PM) Gator Tech Support: I am getting a page with the following text
(10:20:53 PM) Gator Tech Support: Piwik is a free open source web analytics alternative to Google analytics.
(10:21:00 PM) SeanJA: yep
(10:21:09 PM) Gator Tech Support: Piwik is highlighted and so is web analytics
(10:21:14 PM) SeanJA: and the permissions are set to 664
(10:21:29 PM) SeanJA: well.. 0664
(10:22:32 PM) Gator Tech Support: Right, it is working for me
(10:22:38 PM) Gator Tech Support: Have you cleared your cache?
(10:24:00 PM) SeanJA: hitting the page without and url parameters works fine for me
(10:26:23 PM) Gator Tech Support: Is there anything else I can help you with today?
(10:27:11 PM) SeanJA: is there anyway that you could pass me on to someone that can help me with whitelisting stats.seanja.com/piwik.php from mod_security?
(10:28:11 PM) Gator Tech Support: If you tried to change that, you will cause your site to go down, but I can do that for you if you like
(10:28:27 PM) SeanJA: it will go down?
(10:28:35 PM) Gator Tech Support: It is like driving a new car off a cliff
(10:28:49 PM) Gator Tech Support: If it is not broken you dont want to try and fix it
(10:28:57 PM) SeanJA: it is broken though…?
(10:29:20 PM) Gator Tech Support: I do not show that
(10:29:48 PM) SeanJA: it has a blanket ignore urls with http:// in them
(10:30:00 PM) Gator Tech Support: A
(10:30:08 PM) Gator Tech Support: Are you trying to show this: http://stats.seanja.com/
(10:31:24 PM) Gator Tech Support: Hello?
(10:31:28 PM) SeanJA: nope… what /piwik.php does it log a hit to my site
(10:31:53 PM) Gator Tech Support: Ok, what is the php supposed to do?
(10:32:22 PM) SeanJA: on this page: http://seanja.com/tools/unlab-minecraft/
if you look at the net panel in firebug, or the error console in chrome, you will see a 404 for the call to piwik.php?[...]
(10:32:59 PM) Gator Tech Support: I see a picture of a post with yes written on it with graphics of 1996
(10:34:07 PM) SeanJA: yes, but in the error console there is a 403 forbidden error (if you are using chrome: ctrl+shift+i , or firebug F12 in the Net tab (it has to be active on page load though) )
(10:34:23 PM) SeanJA: which means that the hit is not being logged
(10:34:49 PM) Gator Tech Support: I am using firefox
(10:34:58 PM) Gator Tech Support: I will try IE
(10:35:39 PM) SeanJA: probably won’t show up in IE
(10:35:47 PM) Gator Tech Support: is unlabe a mincraft, yes
(10:36:05 PM) Gator Tech Support: is unlab mincraft up
(10:36:06 PM) Gator Tech Support: yes
(10:37:05 PM) SeanJA: I mean the error in the console (IE’s console isn’t great, nor does it exist in IE6/7)
(10:37:29 PM) Gator Tech Support: No, Firefox is fine though.
(10:37:55 PM) SeanJA: do you have firebug installed in firefox?
(10:38:36 PM) Gator Tech Support: Yes
(10:39:20 PM) SeanJA: if you pull it up, and open up the ‘Net’ tab, then reload the page you will see the 403 Forbidden error that I am talking about
(10:39:36 PM) Gator Tech Support: I dont see it.
(10:40:07 PM) SeanJA: is the Net tab actually active?
(10:41:25 PM) SeanJA: I think they disabled it by default in recent releases as it slows down page loads considerably on larger sites
(10:41:53 PM) Gator Tech Support: It may be a bug issue but if you just want that mod sec changed I can do that
(10:43:04 PM) SeanJA: I think I have found another way around it… I will just do what I did to drupal:

// © by Andriy Gerasika from GerixSoft, Ltd.
if (is_int($return) && $return == MENU_NOT_FOUND) {
$uri = $_SERVER['REQUEST_URI'];
$uri = str_replace('http://', urlencode('http://'), $uri);
$path = parse_url($uri, PHP_URL_PATH);
//FIX: SeanJA don't use ereg, use preg_match
$paths = array('/shurly/api/shorten', '/openid/authenticate');
if (in_array($path, $paths) || preg_match('/^\/user\/[0-9]+\/openid$/', $path)!=0) {
$path = substr($path, 1);
$query = 'q=' . $path . '&' . parse_url($uri, PHP_URL_QUERY);
$_SERVER['QUERY_STRING'] = $query;
parse_str($query, $_REQUEST);
parse_str($query, $_GET);
$return = menu_execute_active_handler();
}
}

(10:43:26 PM) SeanJA: basically refill the $_GET and $_REQUEST variables before they are checked
(10:44:08 PM) Gator Tech Support: I see
(10:44:09 PM) Gator Tech Support: Is there anything else I can help you with today?
(10:44:14 PM) SeanJA: nope
(10:44:28 PM) Gator Tech Support: Ok, let us know if you have any further questions
(10:44:31 PM) Gator Tech Support: Thank you for using HostGator Live Chat. If you could take a minute to rate your experience with HostGator as well as my overall performance, that would help us to improve our customer service. To do that, just click the button that says Rate and Exit in the upper right hand corner. The survey takes less than a minute to fill out.

In the end, I didn’t trust him not to screw up my site… so now I have to do a bunch of hackery to get it to work…

1 star

Related posts:

1. Twitter Updates for 2008-10-18
2. Twitter Updates for 2008-11-05
3. links for 2009-04-08

Just a quick tip today. If your function looks something like this:

 
<?php
/**
 * A really long function definition
 * @param string $has
 * @param bool $a
 * @param int $lot
 * @param float $of
 * @param assoc_array $parameters
 * @param string $I
 * @param string $wonder
 * @param int $what
 * @param int $they
 * @param int $do 
 */
function myfunction(
	$has=null,
	$a=null,
	$lot=null,
	$of=null,
	$parameters=null,
	$I=null,
	$wonder=null,
	$what=null, 
	$they=null,
	$do=null
	){
	//do some magic
}
 
//this is how it would be called
myfunction(null, false, null, 1.2, array('one'=>1, 'two'=>2), 'I', null, 1, null, 3);

You are doing it wrong, if all of these parameters are really nullable and required for your function, and there is no way for you to split it up, then you _can_ refactor it like this:

 
<?php
/**
 * Quickly refactored to make it easier to use
 * @param array $array containing: (string)'has', (bool)'a', (int)'lot', (float)'of', (assoc_array)'parameters', (string)'I', (string)'wonder', (int)'what', (int)'they', (int)'do'
 */
function myFunction(array $array){
	//make sure we are only taking in parameters that we recognize...
	$has = isset($array['has'])? $array['has']:null;
	//array key exists because it is a fake boolean value... it has 3 possibilities
	$a = array_key_exists('a', $array)? $array['a']:null;
	$lot = isset($array['lot'])? $array['lot']:null;
	$of = isset($array['of'])? $array['of']:null;
	$parameters = isset($array['parameters'])? $array['parameters']:null;
	$I = isset($array['I'])? $array['I']:null;
	$wonder = isset($array['wonder'])? $array['hwonders']:null;
	$what = isset($array['what'])? $array['what']:null;
	$they = isset($array['they'])? $array['they']:null;
	$do = isset($array['do'])? $array['do']:null;
 
	//some magic
}
 
//it could also be written:
 
/**
 * Quickly refactored to make it easier to use
 * @param array $array containing: (string)'has', (bool)'a', (int)'lot', (float)'of', (assoc_array)'parameters', (string)'I', (string)'wonder', (int)'what', (int)'they', (int)'do'
 */
function myFunction(array $array){
	//make sure we are only taking in parameters that we recognize...
	$args = array('has', 'a', 'lot', 'of', 'parameters', 'I', 'wonder', 'what', 'they', 'do');
	foreach($args as $arg){
		$$arg = array_key_exists($arg, $array)? $array[$arg]:null;
	}
	//some magic
}
 
 
 
//this is how it would be called
//equivalent to:
//myfunction(null, false, null, 1.2, array('one'=>1, 'two'=>2), 'I', null, 1, null, 3);
myfunction(array('a'=> false, 'lot'=>1.2, 'parameters'=>array('one'=>1, 'two'=>2), 'I'=>'I', 'what'=>1, 'do'=>3));

It may be more to type, but it is harder to get it wrong when you are using named parameters. You don’t have to remember what each of the parameters do in their specific positions either so it is easier to understand the code as you quickly glance at it. Note that this is similar to the way that a lot of ruby functions are written, except we don’t have a short hand for named parameters like they do (it would be awesome if we did…):

 
myfunction(:a => false, :lot => 1.2, :parameters => { :one => 1, :two => 2 }, :I => 'I', :what => 1, :do => 3)

While this is definitely easier to read and remember, it is probably worth refactoring a function like this (as it is an extreme case) further because it is likely that you are doing way too many things within it.

Related posts:

1. Documenting PHP Code
2. RE: Top 10 PHP Techniques That Will Save You Time and Effort
3. PHP Pop Quiz Hotshot

I realise that I already posted something today, but this seemed like an emergency…

I thought maybe this was a serious post when I clicked on it, then when I got to number 2 on the list (I had skipped reading his post about how you should write an index page), I thought maybe he was joking, but at the end of it I realised that he was not.

1. How to Properly Create a Website Index Page
See my post about how to do it right.
[... snip]

$page = isset($_REQUEST['page']) ? $_REQUEST['page'] : 'home';
 
switch($page)
{
    case 'home':           break;
    case 'mail':           break;
    case 'contact':        break;
    default:
        $page = 'home';
}
 
include("$page.php");

[... snip]

Apparently this is the right way. I do like the single point of entry idea, and at least he is filtering the variables so you can’t load other php pages right? It really is too bad my $_COOKIE['page'] = ‘mail’… I wonder what the rest of the site is like. This also makes it a pain to add new pages, and causes a massive switch statement.

2. Use the Request Global Array to Grab Data
There is actually no reason to use $_GET and $_POST arrays to grab values. $_REQUEST, is another global array that fetches you either a get or form request. Therefore, it’s most times more convenient to use something like this to parse data…

No! This is wrong, the $_REQUEST array contains not only the $_POST and $_GET variable contents but it also contains the contents of the $_COOKIE array. The arrays are merged in the order described by your php.ini file, generally $_GET, $_POST, $_COOKIE but not always. So, use the $_POST variable when you mean for it to come from the $_POST variable, use the $_GET for get variables, and the $_COOKIE for things in the cookie. Don’t take the lazy way out.

3. Debugging PHP is About var_dump
If you’re looking for php debugging techniques, i have to say that var_dump is most times the way to go about it…

Wrong again. var_dump simply tells you what is in whatever object/array/whatever you are var_dumping. The xdebug extension is a much better alternative:

The Xdebug extension helps you debugging your script by providing a lot of valuable debug information. The debug information that Xdebug can provide includes the following:

* profiling information for PHP scripts
* code coverage analysis
* capabilities to debug your scripts interactively with a debug client

http://xdebug.org/

4. PHP Handles The Code Logic, Smarty Handles The Presentation
… Learn to use smarty as a template engine for your websites, it will pay off, i promise.

While I am not advocating combining “Code Logic” and “Presentation”, there are much better tools out there than Smarty. Smarty is a horrid piece of archaic spaghetti that had it’s purpose a long time ago, but no longer really does. Or you could learn to separate the presentation from the logic by using one of the myriads of frameworks out there. You could even go one better by separating it out to use the MVC pattern.

5. When You Absolutely Need Global Values, Create a Config File
… Doing it for database tables or database connection information is a good idea, but do not use global variables throughout your PHP code. Moreover, it is always a better idea to keep your global variables at a single config.php file.

Actually… this one isn’t bad, polluting the global namespace is something you should try to avoid, and keeping all of your config values in one place makes them easy to find.

6. If NOT Defined, Access Denied !
If you’re creating your pages the correct way, there will absolutely no reason for anybody to access any other php page other than index.php or home.php.

This goes back to #1, a horrible way to make an index page.

7. Create a Database Class
If you’re doing database programming (pretty common in PHP), it would be a very good idea to create a database class to handle any database management functions.

He then goes on to suggest you make a dbExec($query) function which calls $this->db->exec($query), and a sanitize($var1, $var2…) function which will not actually sanitize the input (it appears to just be making sure the input is numeric?). In his examples he is using the PEAR classes for his database abstraction, which already does this… so I am not sure what the point of putting a database abstraction ontop of a database abstraction is here. Also, use the escape functions that are already given to you by php (or the pear library so that your code is portable across database backends), do not write your own, you will get it wrong.

8. A php File Handles Input, a class.php File Handles Functionality
[...] The php file gets any input that we need and then redirects execution to a function residing to the class file. [...]

It almost seems like he is implementing a poorman’s MVC? I think? Mostly? A much better way would be to actually use an MVC framework (or to look at a tutorial online and see a much better way to do it).

9. Know Your SQL and Always Sanitize
Let me present you an example of a function that uses mySQL and sanitazes using the function seen on point #7

   private function getSentMessages($id)
   {
$this->util->sanitizeInput($id);
 
       $pm_table = $GLOBALS['config']['privateMsg'];
$users = $GLOBALS['config']['users'];
 
       $sql = "SELECT PM.*, USR.username as name_sender FROM $pm_table PM, $users USR
	    WHERE id_sender = '$id' AND sender_purge = FALSE AND USR.id = PM.id_receiver AND is_read = TRUE
	    ORDER BY date_sent DESC";
$result = $this->dbQueryAll($sql);
 
       return $result;
   }

The message is the right one. Sanitize your input. However, it would be awesome if he used some coding standards for naming his variables $user and $pm_table are both tables apparently. The well named function sanitizeInput should probably be renamed to checkInt or something similar since that is what it appears to do. He should also probably not be putting his variables straight in the string, to make it easier to change the query later on when he realises that he missed something. Don’t even get me started on the fact that this function is private and presumably extends his database abstraction class…

10. When You Need Just an Object, Use a Singleton Pattern
It happens pretty often in PHP that we just need a single object created one time and then used globally throughout our whole program. A good example of this is the smarty variable that has to be initialized once and then is used all over the place.
[..snip...]

function smartyObject()
{
    if ($GLOBALS['config']['SmartyObj'] == 0)
    {
        $smarty = new SmartyGame();
        $GLOBALS['config']['SmartyObj'] = $smarty;
    }
    else
        $smarty = $GLOBALS['config']['SmartyObj'];
    return $smarty;
}

[.../snip...]

The singleton pattern: you’re doing it wrong.

This is not actually a singleton pattern, while yes it lets you get the instance that you created earlier, you can still create the object by normal means, so I could have $GLOBALS['config']['SmartyObj'], $GLOBALS['config']['SmartyObj2'], $GLOBALS['config']['SmartyObj3'] which would all be instances of the smarty object, but they can all have different properties and values. If it were a singleton this would not be the case. The proper way of doing this is to use the pattern described in the php.net manual under Patterns Singleton. That way it is always the same object everywhere that you use it, and you do not have to muck around with the $GLOBALS array (which I am pretty sure is a code smell…).

Read his full post here. If you think I may have been too harsh, or not harsh enough, on him, leave a comment.

Related posts:

1. Dynamic Images with PHP
2. PHP Functions, you’re doing it wrong…
3. Documenting PHP Code

When c like languages say so

$a = 5;
$b = 1;
 
$result = $a---$b;
echo $a; #=>4
echo $b; #=>1
echo $result; #=>4

public class FunMaths{
	public static void main(String[] args) {
		int result;
		int a = 5, b = 1;
		result = a---b;
		System.out.println(a);
		System.out.println(b);
		System.out.println(result);
	}
}

Related posts:

1. Orms and Circular References
2. Trollin Oracle
3. PHP Functions, you’re doing it wrong…

When naming your functions, there are certain function prefix/postfixes that should only return specific types. They help the programmers who follow in your footsteps to grasp what it is you were trying to do. It also reduces the number of comments you need because the naming conventions are self explanatory. Here is a short list of some of those function modifiers and the expected return values.

The following should only return boolean values, they should not set anything in the class. They are idempotent. If they are not, you have probably done something wrong or your function is misnamed. Rename it quick before anyone else mistakes it for something that it is not and causes a long bug search.

is_something();
something_exists();

The following should probably not return a value (but if they do it should be true or false based on their success).

set_something();
unset_something();
import_something();
read_something();
calculate_something();
something_calculation();
//this one obviously shouldn't return a value... it could throw an exception though
$something->var = $something_else;

The following should only return values not set them or change anything prior to returning them.

get_something();
retrieve_something();
$something_else = $something->var;
something_value();

The following should only return an integer (long, double…).

count_something();
something_count();

The following are similar, they should also return a number of some sort (could be a float, an int, a double).

total_something();
something_total();
sum_something();

Another thing, don’t use this naming scheme:

get_something();
get_somethings();

There is not enough difference when you are glancing at them quickly or trying to debug something, or you are scrolling through them in an auto-complete pop-up, or documentation. Rather use this one, it is easier to differentiate.

get_something();
get_all_somethings();

Remember:

Always code as if the person who ends up maintaining your code is a violent psychopath who knows where you live.

- C2.com via Coding Horror

Related posts:

1. PHP Functions, you’re doing it wrong…
2. Spartan Coding
3. A couple useful jQuery Snippets

I know I have slagged a lot on smarty in the past, both on my blog and on twitter… It is not because I do not understand it, it is because I see it being misused (at least as far as I am concerned, I may be wrong about it) every day in old projects and all over the internet. So, to make up for the slagging that it has received from me, I will now attempt to show you some best practices (or How to use Smarty the smart way). So, without further ado…

Rule 1: Don’t Manipulate the data

First of all, before you even start using smarty, you have to realise that this is a templating language. You are not supposed to process the data, create new data, delete data, get new data (and so on)… When you are ready to display your template you should already have the data retrieved/created, and ready to go. If you are considering doing this in your smarty template, stop and take a look at your backend code, you probably did something wrong back there. I guess I should do these as some kind of list, so…

Sure it is tempting to do:

{assign var='newVar' value=$oldVar.varThatINeed}

But don’t. It means that people have to go looking for not only $newVar in the php code that displayed the template, they also have to go looking through the smarty code for the assignment. If you need to access that variable, do this instead:

{$oldVar.varThatINeed}

If that variable is supposed to get something from an array, do this:

{$arrayVar[$oldVar.varThatINeed]}

Sure it takes a second more to write it out each time, but it is easier to find in the smarty code.

Breaking Rule 1

There are times when you might need to break rule one. If you find yourself doing anything more complicated than:

{math equation="x + y" x=$height y=$width}

in your template, you should take a step back and look at your code again, why are you doing it this way? Should you be doing it this way? Isn’t there a better way?
I think that even this example provided by the smarty documentation is probably a bit much for the template, especially if the equation is likely to change:

{* Calculate something *}
{math equation="(( x + y ) / z )" x=$vars.var1 y=$vars.var2 z=$vars.var3}

It should probably be something more like:

function calculateSomething($vars){
...
}
//notice I don't rename the function so that you can find it easily later on
//if you didn't want your function named this way, name it something else in your php code...
$smarty->register_modifier('calculateSomething', 'calculateSomething');
$smarty->display('my_template.tpl');

{vars|@caclulateSomething}

Notice the @ symbol, this means pass the whole array as one variable. This is important because smarty apply the modifier to each of the variables in the array if you do not (unless that is what you wanted to happen). While in some cases you may need to break the first rule, if you do it this way, it is managable, reusable. An even better way would be to do this before it gets to the template, but it is understandable to no want to go through the data twice, so this seems like a fair trade off as you are still doing the manipulation in php, and displaying the results of the manipulation in smarty.

Related posts:

1. Smarty… again
2. Templating
3. RE: Top 10 PHP Techniques That Will Save You Time and Effort

Smarty again.To those who think that smarty prevents you in any way from writting your business logic into a template… watch this…

 
{php}
 
if (!$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')) {
    echo 'Could not connect to mysql';
    exit;
}
 
if (!mysql_select_db('mysql_dbname', $link)) {
    echo 'Could not select database';
    exit;
}
 
$sql    = '"INSERT INTO unsafe_tabel (unsafe_var) VALUES('".$_GET['unsafe']."')";
 
$result = mysql_query($sql, $link);
 
if (!$result) {
    echo "DB Error, could not query the database\n";
    echo 'MySQL Error: ' . mysql_error();
    exit;
}
 
{/php}

I think I might have just put stuff that actually belongs in the model into the view… and unescaped too… oh dear… (that would be template for you smarty folks). So, no, smarty does not disuade you from doing it, infact it seems that they encourage it a bit by providing you with the option to do so via the {php} {/php} tags, instead of forcing you to use {rdelim} {ldelim} all throughout your code instead (which would surely discourage most people). If I can do that, the people who’s site’s you’ve written can surely do that too… and mess up the nice templates that you have made for them (and their databases too). So, please think of another reason to use Smarty, and if you cannot, then why are you using it?

Related posts:

1. Smarty Best Practices 1
2. Templating
3. RE: Top 10 PHP Techniques That Will Save You Time and Effort