cpd

<?php $image_properties=array( 'src'=> (!empty ($this->session->userdata('avatar') ) ) ? 'assets/peach/img/sprites/userinfo/'.$this->session->userdata('avatar') : 'assets/peach/img/sprites/userinfo/avatars/avatar.png'), 'height' => '80px', 'width' => '80px', 'alt' => 'Avatar' ); ?> Sorry I put the colon and question mark the wrong way round. You also had an addition concatenation symbol and single apostrophe somewhere around the previous if statement; that's now been taken out.

Yeah, it's called debugging and you don't do it by sticking the whole thing on one line. Split everything up as follows: <?php $image_properties=array( 'src'=> if(!empty ($this->session->userdata('avatar') ) ) { 'assets/peach/img/sprites/userinfo/'.$this->session->userdata('avatar').'; } else { 'assets/peach/img/sprites/userinfo/avatars/avatar.png'; }, 'height' => '80px', 'width' => '80px', 'alt' => 'Avatar' ); ?> Having spaced it out I can see you have a wack-off if statement in the middle of your bloody array. Not allowed, you've got to use an inline-if statement: <?php $image_properties=array( 'src'=> (!empty ($this->session->userdata('avatar') ) ) : 'assets/peach/img/sprites/userinfo/'.$this->session->userdata('avatar') ? 'assets/peach/img/sprites/userinfo/avatars/avatar.png'), 'height' => '80px', 'width' => '80px', 'alt' => 'Avatar' ); ?>

Implies your going to be having more then one website or perhaps be interacting with multiple websites? Not quite sure. You need to clarify your intentions. What the fuck? I think your saying you want to SELECT data from a table and display it in a textbox? Unless its a random message, displaying in a textbox isn't particularly advisable. Elaboration on this is definitely required. By "queries they load" I would assume you mean "data from the database the end user loads"? From the sounds of it, your database is very simple, not extensive. You need to be far clearer in your descriptions and must stop using "this/that/over there" because we've no idea what your talking about; English may not be your native language and I think we all appreciate that here but we can't help unless your more specific. Finally, what's the problem? I can't really see anywhere you've specified any sort of issue or asked for any sort of help? With regards to the links you've posted you look like your heading the right way but you definitely need to pick up a book and get the basics before attempting anything complex - although this doesn't sound overly complex. Be clearer Define your questions clearly so we can help you as much as possible with the route problem Start reading and post questions about things you don't understand in your book

From our perspective the code works perfectly as you haven't actually highlighted any issues, narrowed it down, or presented any data to suggest what the error is or how it's replicated... We can not help unless you explain, in detail, what the problem is. And by "we" I mean myself and possibly others.

I would argue that further validation would still be required at the model layer as a good security system involves multiple layers of security. Its one of the reasons a "middle tier" is implemented in systems amongst making a unified method for talking to the database etc. By further validation I mean ensuring the content being input by the end user is expected - and I use that term loosely. I do completely agree sanitisation should be occurring at the "database layer" so to speak; PHP are pushing towards it hence the massive red splash across PHP's MySQL page. We have however, now split the discussion between sanitisation and validation - yet another discussion . Really good discussion in here anyhow! Has clarified many points and will be very useful for future onlookers.

If you're attempting to make a comparison between a hashed string in the database and POST data you can hash the POST data and compare the two hashed strings.

What if you want to use the same data from the model in a different environment that needs different sanitation? Then you'd have to have different models/methods to fetch identical data but format it differently. No, that should be handled in the controller or the view. It makes your application more flexible and more extensible. Just to clarify, I was referring to inbound sanitisation; you're now referring to outbound sanitisation to prevent attacks such as cross-site scripting. In that case it wouldn't make sense to sanitise in the model as the process is reversed. When inserting, your insert data is passed through the controller to the model. When you select, data is often passed through the controller to the view. Following this ethos, it makes sense to have sanitisation at the end point; however as already mentioned, it may be more appropriate to carry it out at the controller layer as it could be generic sanitisation for output. Well pointed out scootstah. Apologies Andy-H for not being clearer about my referencing!

Like I said you've gotta be careful. Some of my classes I use everywhere doing random stuff. Many classes I don't. I'm moving more towards DI every day actually but at the minute its all integrated... fun times.

On a side note, I've begun using Registries and DI together harmoniously and its working quite well. You've got to be extremely careful what you put in the registry but even so its good.

Yes DI is very good, just don't become obsessive as some situations may be more suited to hard-coded dependency but if it can be avoided, avoid it.

My examples were merely to demonstrate how validation code can easily be re-written when content is validated within controllers. I did not intend on going into detail with regards to dependencies etc. No matter what you do, there will always be some form of dependency. If there was no dependency to some degree, classes probably would never interact with one another or you'd end up going into procedural programming or something. Not really sure, never thought about it in depth. Edit: you seem like your heading along the right lines. You've encapsulated what looks like some form of router perhaps inside your deploy method so when it comes to writing another controller you may find your copying and pasting code. Take a look at the Proem Framework written by Thorpe. Its very nice and may give you a better idea of how MVC works and a nice way for it to be implemented. Bare in mind this is a framework not an actual MVC website. Its designed to handle the MVC methodology, thorpe can elaborate should he wish to but I really like it!

"Helpers" as people often refer to them, are often directly related to the class they are helping or group of classes they help. So you could interpret a validation class as a helper to the models but it depends on whether or not its specific validation or generalised validation. Generalised could be Validate::characters($string, "^(a-zA-Z)$"); where the content of the string is validated using a general regex string. Specific validation could be ensuring some POST data from a select tag is an acceptable option thereby eliminating the possibility of tampering. This is specific to that field and model. I'm making the examples up as I go along but hopefully you get the gist. To re-itterate my point on validation in controllers I'll provide an example: class ControllerA { public function processData($input){ $this->validateContent($input); (new Model)->insertData($input); } private function validateContent($input){ } } class ControllerB { public function processData($input){ $this->validateContent($input); (new Model)->insertData($input); } private function validateContent($input){ } } class Model { public function insertData($input){ } } This demonstrates code being re-typed and re-written in different places just to get the entire thing to work consistently. Many human errors can occur. class ControllerA { private validataion; public function __construct(ValidationObject $validation){ $this->validation = $validation; } public function processData($input){ $this->validation->validateContent($input); (new Model)->insertData($input); } } class ControllerB { private validataion; public function __construct(ValidationObject $validation){ $this->validation = $validation; } public function processData($input){ $this->validation->validateContent($input); (new Model)->insertData($input); } } class ValidationObject { public function validateContent($input){ } } class Model { public function insertData($input){ } } We now have a validation object which is executed in both controllers but again, this is re-writing code and completely unnecessary. class ControllerA { public function processData($input){ (new Model)->insertData($input); } } class ControllerB { public function processData($input){ (new Model)->insertData($input); } } class Model { public function insertData($input){ (new ValidationObject)->validateContent($input); // SQL Insert statement } } class ValidationObject { public function validateContent($input){ } } Unlike the first two examples, this one clearly shows the validateContent being called ONCE within the Model as opposed to twice (once in each controller class). As a result, we eliminate any validation dependency on the controllers and write less code in the long run with possibly less human errors. Hopefully that clears it up for you.

Perhaps you should post the code you have at the minute as I think I've confused the problem even further with previous posts.

I see what your saying. As far as I'm aware, the SoapServer is not concerned with the parameters as YOU the developer should know if parameters are required. If you provide parameters upon calling said method, the SoapServer will pass those parameters to the registered method which is being called and the method will then do its thing. So as long as you register the method, in the SoapServer using SoapServer::setFunction(FuncName) you should be fine.

And no, validation shouldn't be in the controller and the view couldn't give a shit about sanitization. The model, or more specifically model helpers, should be handling this. Some people may argue differently but I see no point in validating within ControllerA as the minute you utilise the same model in ControllerB, you must revalidate in ControllerB; therefore re-writing code which isn't really OO.

You shouldn't really try to find a pattern for something your creating. You should be thinking about it logically and creating interfaces or abstract classes or just a range of classes where appropriate. The answers you'd receive for this question could be so broad it would be too much. One person may have a preferred method over another persons. That same person may find method A better today, but tomorrow they prefer method B. You should find a methodology that suits you for your given task. That said, a knowledge and understanding of a variety of patterns is very useful as well as it would lead to you being able to adopt the most appropriate in any given situation. We can offer advice on our own thinking but ultimately it comes down to you adopting a method your comfortable with. For example I love to employee the Registry pattern but I know many people dislike it due to its global state and tendency to make debugging near on impossible; each to their own.

What do you mean you've no idea how to get the parameters? Have you created a web service or are you just trying to execute a method a web service offers? If you've created a web service, what language are you writing your web service in? Executing a web service will often return some sort of result be it a boolean value or perhaps a JSON string. You must then interpret the returned data. E.g. A weather web service - you can find many on the internet - may have a method "getWeatherByLocation(String location)". In calling this method you may get an XML dataset which tells you the temperature in C and F, the humidity, cloud coverage, wind speed/direction. You must then parse this XML data and read it in PHP...

I think you've misunderstood how that would function and how to implement it. If you want the website to redirect all content to one page you would do RewriteRule ^(.*)$ index.php/$1 [L] What are you actually trying to achieve? If you redirect something you must handle it on the page its being redirected too...

The FTP class should be included with a path relative to the file including the Fax file. In other words if you have a file structure as: Library/ MyFoo/ Foo.php MyBar/ Bar.php Test.php Bar.php <?php include '../MyFoo/Foo.php'; ?> Test.php <?php include 'Library/MyBar/Bar.php'; ?> An error will occur because Test.php will go back a directory into LibraryParent/ then try to find a directory called MyFoo/ in there so the overal relative link Test.php searches for via Bar.php is LibraryParent/MyFoo/Foo.php which doesn't exist. That's why your error is cropping up.

Very simple. Assuming you want that match specifically you can do ^/?(a-zA-Z0-9-)?/?(a-zA-Z0-9-)?/?$ That matches lower and upper case letters, numbers and hyphens. You may also want \+ to include plus signs. Alternatively, just write ^(a-zA-Z0-9-\+)$ index.php/$1 And it'll map everything matching the criteria.

"text/html" is the correct mime type. If you ever want to know what the correct term - otherwise known as a mime type - is just search "mime types" in google.

You should nl2br the code when outputting it. Not inserting it into the database. Wherever your echoing the content just wrap it in nl2br(); and it'll sort it right out

$myArray = array(); // OR $myArray = []; // PHP 5.4+ $myArray[] = "foo"; $myArray['foo'] = "bar"; foreach($myArray as $key=>$val){ // Do something } If you understand how arrays work in JS you should be able to use them in PHP.

In answer to your original question. The only real way - that I know of - you can get all your IDs is using a stored procedure; all the new IDs generated can be returned as a result set. Moreover, you can add further control to the system by creating a table called "InsertIDs", or similar, which houses all your table names along with the "next ID" to be used upon insert. You should note not ever table may required manual tracking of the ID. This would eliminate an auto increment field in any table you then manage and you can easily track the IDs being inserted with multi insert statements. This would however then require you to handle the procedures arguments which would need to be XML or something as your inserting multiple rows etc... you get the gist, hopefully. Quite a bit of work to do though.

Its dependent on your deciding factor. If you have a field in the database to say "outcome" with 1 being failure 2 being success and a default value of 0 you can just read that value and then send the appropriate email using an if statement. You need a determining factor and a simple if statement. That should suffice but again, its dependent on your methods.