PHP Server-side Breakout

SERVER SIDE BREAKOUTphp

Wednesday, November 2, 11

5 YEARS AGO (2006)

PHP version 5.2.0 native JSON support

Wednesday, November 2, 11

MODERN USAGE

77% of all websites

Wednesday, November 2, 11

MODERN USAGE

Middleware

Wednesday, November 2, 11

INTERFACES

RESTExt.Direct

Wednesday, November 2, 11

REST

Great for APIsCross-domain

Status code messagesOne setup for all purposes

echo $json

Wednesday, November 2, 11

REST

proxy: { type: 'rest', url: 'api/users' }

Wednesday, November 2, 11

REST

Extra server setup may be neededDifficult concurrency (buffering)Requires access to php://input

Wednesday, November 2, 11

EXT.DIRECT

OOB bufferingEffortless setup

API integration (RPC)Easier RPC role-based method distribution

return $array

Wednesday, November 2, 11

EXT.DIRECT

Ext.ns("Ext.app"); Ext.app.REMOTING_API = { "url":"php\/router.php", "type":"remoting", "actions":{ "TestAction":[ {"name":"doEcho","len":1} ] }};

Wednesday, November 2, 11

EXT.DIRECT

proxy: { type: 'direct', directFn: doEcho }

Wednesday, November 2, 11

EXT.DIRECT

proxy: { type: 'direct',

api: { create : Rpc.users.Add, read : Rpc.users.List, update : Rpc.users.Update, delete : Rpc.users.Delete

}

Wednesday, November 2, 11

EXT.DIRECT

Not cross-domain friendlyNeeds a router (s-s stack)

No file uploadingException stops execution

Wednesday, November 2, 11

SAMPLE USAGE RESTFUL INTERFACE

Wednesday, November 2, 11

EXT.DIRECT

Wednesday, November 2, 11

JSON VS. JSONP

{ ‘name’ : ‘John’, ‘email’ : ‘john@smith.com', ‘dob‘ : 19781213, ‘kids‘ : [‘Sarah’, ‘Norah’]}

Ext.util.JSONP.callback1({‘name’ : ‘John’,

‘email’ : ‘john@smith.com', ‘dob‘ : 19781213, ‘kids‘ : [‘Sarah’, ‘Norah’]})

Wednesday, November 2, 11

JSON VS. JSONP

$callback = $_REQUEST[“callback”];

$select = $db->select()->from('products');$stmt = $select->query();$result = $stmt->fetchAll();$output = json_encode($result);

if ($callback) { header('Content-Type: text/javascript'); echo $callback . '(' . $output . ');';} else { header('Content-Type: application/x-json'); echo $output;}

Wednesday, November 2, 11

BIG APPS

Big apps

Wednesday, November 2, 11

BIG APPS

MVCFat model - thin controller

Wednesday, November 2, 11

BIG APPS

Abstracting

Wednesday, November 2, 11

LOADING APP COMPONENTS

Ext.LoaderSencha command / jsbuilder on the fly

Wednesday, November 2, 11

ENVIRONMENT

Apache

Wednesday, November 2, 11

ENVIRONMENT

Apache+

Nginx reverse proxy

Wednesday, November 2, 11

ENVIRONMENT

SetEnv APP_ENV "development"

$_SERVER['APP_ENV'])

Wednesday, November 2, 11

ENVIRONMENT

MIME handling

JSONP : application/javascriptJSON : application/jsonappcache : text/cache-manifest

Wednesday, November 2, 11

ENVIRONMENT

File structure

Wednesday, November 2, 11

Wednesday, November 2, 11

ENVIRONMENT

DB layout

Wednesday, November 2, 11

TRADITIONAL RELATIONAL MODEL

Wednesday, November 2, 11

CENTRALIZED RELATIONAL MODEL

Wednesday, November 2, 11

Wednesday, November 2, 11

FIREPHP

$logger = new Zend_Log();$writer = new Zend_Log_Writer_Firebug();$logger->addWriter($writer);Zend_Registry::set('logger',$logger);

Wednesday, November 2, 11

FIREPHP

$select = $ssoDb->select() ->from('products');

$logger->log($select->__toString(), Zend_Log::INFO);$logger->log($data, Zend_Log::INFO);

Wednesday, November 2, 11

BAD IDEAS

Enclose entire class in a single try/catch blockUse sleep to wait for another task/thread to finish

Setting global vars to return multiple valuesAltering framework files

Performing DB aggregate operations in PHPKeeping connections open

Wednesday, November 2, 11

BAD IDEAS

Using self-made cyphers for encryptionClear text passwords, CC info, personal details (inc names)

Not checking for user credentials on every requestTrusting client-side input validation

Constructing sql queries by using concatenation Not using DB transactions on multiple changes

Direct access to files for download

Wednesday, November 2, 11

Grgur Grisogono@ggrgur

Wednesday, November 2, 11