NotionCommotion

Using MVC, the controller does some logic, gets data from the model, and the view presents the content. Where should the reverse be performed? For instance, I have an edit page which is pre-populated with values from the model, and the view changes 1000 to $1,000, 0.4 to 40%, and 2014-10-09 09:31:41 to 10/09/2014 09:31:41 AM. Now I need to save the values, and must convert them back to their original format before doing so. Should this functionality be performed in the controller, model, or view? Thanks

I have some function or method. Is there a better design patter to implement this? function myFunction($a=null,$b=null,$c=null,$d=null,$e=null,$f=null,$g=null,$h=null) { //Do a bunch of stuff } Maybe the second function? function myNewFunction($data=array()) { $data=array_merge(array('a'=>null,'b'=>null,'c'=>null,'d'=>null,'e'=>null,'f'=>null,'g'=>null,'h'=>null),$array); //Do a bunch of stuff } Please provide decision making factors why you would use one approach over the other.

Hello mstevens, Have you attempted to execute your code? Did it give you any descriptive error descriptions? If not, turn error reporting on! When you do, it will tell you that you can't have back to back else statements and must close your first if-do code.

You can't do so with static classes. See http://php.net/manual/en/language.types.string.php#language.types.string.parsing

It looks like your file upload dialog is some sort of JavaScript plugin, right? If so, your problem revolves around your configuration of the plugin and not the server-side PHP which processes the file. Also, I am sure you already did so, the dialog seems to validate that only files of specific extensions could be uploaded. You did try to upload these file types, right?

$_POST is empty, so you are not correctly posting data from the client to the server. As such, it has nothing to do with your script that handles the POST data, and only your script which creates the initial HTML. To troubleshoot, the first thing you should do is verify that the rendered HTML is valid. Often, a site requires authentication and sessions, and the validation site cannot handle. As such, the best approach is direct input of HTML using http://validator.w3.org/#validate_by_input. To obtain the HTML, don't use the PHP script directly, but use your browser to display the HTML. Only once you know you are posting the correct data, start working on the script that validates/saves the data.

Have you validated your HTML? http://validator.w3.org/ Do you have a form around your inputs? What is $pb1 and $pb2 all about?

Thanks Kicken, I've never used Moment.js, but was considering it. Or as you suggest, maybe I should just format it server-side and be done with it.

I asked a similar question on http://forums.phpfreaks.com/topic/291982-where-should-dates-be-formatted/, but never received an answer to the question I really needed help with. Server can provide some JSON such as the following. I wish the date to be displayed like "10/09/2014 09:31:41 AM". I "could" use the server to format the date, but I understand that this is bad practice as it is not the view. Note that I might be using handlebars to render the JSON to HTML, however, I don't think this is relevant. Please provide recommendations on where and how the date should be formatted. Thank you [ {"id":123,"filename":"someFile1.pptx","datetime":"2014-10-09 09:31:41","size":"6299 KB"}, {"id":321,"filename":"someFile2.pptx","datetime":"2014-10-29 04:35:42","size":"4629 KB"}, {"id":444,"filename":"someFile3.pptx","datetime":"2014-10-19 02:33:43","size":"6599 KB"} ]

I typically just have one or maybe a couple of entry points: index.php //error settings, date settings, etc... session_start(); //based on $_GET['page'], figure out which part of script to run...

No, it is perfect as is assuming you want it to do exactly what it does. If you want it to do something different, please let us know what that is.

What is the value of $_POST['quantity']? Is it an array? To check, use print_r() or var_dump().

Start using PDO for your database interface. Also, try to separate your HTML generation and your database and logic. OOP makes it a little more straight forward, but isn't necessary.

What about the following? Also, you might wish to consider a template engine like Twig. echo "<td>" . ($row['quantity']?'In Stock':'Out of Stock') . "</td>";

The JSON document is a list of data which is used to add content to the current page where the dates should be formatted like "10/09/2014 09:31:41 AM". Yes, it "could" be parsed client side, however, JavaScript doesn't seem to have a clean way of doing so. [ {"id":123,"filename":"someFile1.pptx","datetime":"2014-10-09 09:31:41","size":"6299 KB"}, {"id":321,"filename":"someFile2.pptx","datetime":"2014-10-29 04:35:42","size":"4629 KB"}, {"id":444,"filename":"someFile3.pptx","datetime":"2014-10-19 02:33:43","size":"6599 KB"} ]

Thanks Jacques, What if the server is generating JSON instead of HTML?

When just generating HTML, where should dates be formatted? What about when generating JSON (I've found that date formatting is not so straight forward using JavaScript)? Are there factors which may make one approach better than the other (i.e. querying one record versus a list of records)? How important is consistency of an approach? Any other factors I should consider? Please provide rational for your decision. Thank you At the database? DATE_FORMAT(my_date, "%m/%d/%Y %r") AS my_date In the controller? $date = new DateTime($my_date); $my_date=$date->format('m/d/Y'); In a twig or smarty template? {{ mydate|date("m/d/Y g:i A") }} At the client using handlebars and the Moment library? UI.registerHelper("formatDate", function(datetime, format) { if (moment) { f = DateFormats[format]; return moment(datetime).format(f); } else { return datetime; } }); ... {{formatDate MyISOString "short"}}

$temp is set to an array containing the filename and file extension, and then $extension is set to the last element of that array. The code is not complete, and you should add something like if(isset($allowedExts[$extention] {... to ensure only valid files are uploaded. In regards to $newfilename, it changes the name from "myimage.gif" to "123myimage.gif" where 123 is the user's PK. Why, I have no idea. In then sets $newfilename to "123myimage.gif.gif". Again, why, I have no idea.

Thanks again Jacques1, I will stay away from JS template engines until I have a better need. In regards to my original question, is this safe? Note that I didn't use attr but used href. $(function(){ $.getJSON('getJSON.php', function(list) { var $MyElem = $("#MyElem"); for (var i in list) { $('<a/>', {href: 'index.php?id=' + encodeURIComponent(list[i]['id']),text: list[i]['firstname']}) .wrap("<li>").parent().appendTo('#MyElem'); }; }); });

Which line do you have questions?

Thanks Jacques1, Your advice makes sense. Maybe I shouldn't be using jQuery/JavaScript to create this content directly, but use some sort of template system (P.S. I love Twig!). I assume it has methods to deal with XSS and encoding URLs. Given my brief research, sounds like HandleBars might be a good start. Do you have any advice? Thanks

I have some PHP which sends some user provided data to the client: <?php header('Content-type: application/json'); $data=array( array('id'=>10,'firstname'=>'John','lastname'=>'Doe'), array('id'=>14,'firstname'=>'Jane','lastname'=>'Doe'), array('id'=>19,'firstname'=>'XSS!','lastname'=>'XSS!'), ); echo(json_encode($data)); ?> The client then displays the data: $.getJSON('getJSON.php', { something: 123 }, function(list) { var string = ''; for (var i in list) { string += '<li>< a href = "index.php?id=' + list[i]['id'] + '">' + list[i]['firstname'] + '</a></li>'; } $("#MyElem").html(string); }); Does this represent any XSS risk? If so, how do I prevent it?

Ah, I now see you you are creating a file with a separate class to validate and sanitize each given thing. If one wanted to add a new method, they would add a new file with a new class for the given thing, right? I was planning on creating a single class which includes core methods as well as all validation methods and sanitation methods. If one wanted to add a new method, they would just extend that class and add the method. I probably see the advantage of your approach, but please confirm you feel it is the right way to go. Below is my total implementation. The validation class is attached (tried to add to this post, but must have been too long and didn't format correctly). I realize it is a bunch of script and don't expect you to go through it all, but would appreciate any comments. Thanks Main page <!DOCTYPE html> <html> <head> <script type="text/javascript" src="jquery.js" /></script> <script type="text/javascript" src="getValidationObj.php" /></script> <script type="text/javascript"> (function() { $("#myForm").validate(validation_JSON); }); </script> </head> <body> <form id="myForm"> <input name="name" type="text" /> <input name="email" type="text" /> </form> </body> <html> getValidationObj.php Note that I know Jacques1 said not to use PHP to generate JS, however, I don't know a workaround. Yes, I could create JSON instead, however, the client would on same cases need to use eval() which is also not ideal <?php header('Content-Type: application/javascript'); $config_file='/path/to/aGivenPagesValidationFile.json'; $modify_file=array('isNameRequired'=>true); $validate=new validate($config_file,$modify_file); exit("var validation_JSON ={$validate->getJSON()};"); ?> aGivenPagesValidationFile.json { "rules": { "name": "{isNameRequired}", "email": { "required": true, "email": true } }, "messages": { "name": "Please specify your name", "email": { "required": "We need your email address to contact you", "email": "Your email address must be in the format of name@domain.com" } } "sanitizers": {} } Script to save data <?php $config_file='/path/to/aGivenPagesValidationFile.json'; $modify_file=array('isNameRequired'=>true); $validate=new validate($config_file,$modify_file); $data=$validate->sanitize($_POST); $errors=$validate->validate($data); if(empty($errors)) { //Save the data } ?> validate.php

Thank you Requinix, I didn't think I was. Please let me know why you feel so. I decide to add a new method to the jQuery validition plugin which validates that the input is a given Yiddish word. Unfortunately, my PHP class doesn't have this validation function, so I will need to add it to it as well. Again, no Yiddish. Haven't dived into it yet, but I expect I don't I like Option #3, and dislike option #2 even more. Please let me give this more thought. Oh yea, I forgot. A big one is create the JavaScript object which is used by the jQuery validation plugin, but I think/hope I have that one covered. I am lost. Probably me, but please elaborate

My validation class. http://forums.phpfreaks.com/topic/291358-client-and-server-side-validation-passing-data-from-server-to-client/ I've created a method which does the same thing as every jQuery validation plugin method. Those are the tasks. Validate that a value is provided, validate that it is a valid phone number, etc. The main classes are Load Configuration JSON, Validate, Sanitize, etc.