don't click here

The present and near future in web development

Discussion in 'Technical Discussion' started by ICEknight, Mar 26, 2012.

  1. ICEknight

    ICEknight

    Researcher Researcher
    I normally use CodeIgniter for PHP coding, but as of late I've been noticing that many of the stuff I find myself coding by hand might be easier to do when using one of the existand CMSs around. So, when thinking about possible personal and professional future projects, a question came to mind:

    As of 2012, what's the best way of coding a PHP site that could get as big and complicated as it can get?



    I wouldn't be aiming for a small blog, but for something that could be expanded as much as it keeps evolving into, while still having the possibility of having total control over what happens.

    Are CMSs really the future in web development, rendering frameworks like CodeIgniter useless? Do Drupal and Joomla really have such a slow performance as it's been constantly said in the past?



    Please, do share your experiences in PHP coding here.
     
  2. CalamityJames

    CalamityJames

    Toot Toot Sonic Warrior Member
    83
    8
    8
    Tunbridge Wells, Kent
    Paying customs charges from Japan ¬_¬
    Late reply, but it piqued my interest so I thought I'd post my 2 cents.

    I'm still really not a fan of off-the-shelf CMS systems like Joomla etc, because I find them inherently harder to develop additional features for when compared to things I've coded myself.

    At work myself and another dev are currently developing our own 'framework' if you will with features that can be added/removed such as CMS, online shopping, time management, restaurant menus etc.

    It's literally just PHP and Twig, but the simple nature of it makes it so easy to develop for, and because we did it from the ground up, we know it inside out. I'm a firm believer than home-grown code is best, provided it's written well :)
     
  3. ICEknight

    ICEknight

    Researcher Researcher
    Well, that's also what we're currently doing where I work, but after all the troubles we're going through, I can't help but thinking that all the hard work might be just for making a CRM that almost manages to do the same stuff as those I mentioned.


    It feels like trying to make your own SDK for a gaming console instead of getting the official (and more polished) one. I mean, these are open source and being constantly improved and tested by thousands of professionals around the world, after all... right? So they might be worth adapting to, or perhaps they're too inefficient and give too many problems?


    I wouldn't care about being able to sell the new CMS, because I'm just assisting the main programmer and I wouldn't get a dime for it, so I'd like to know what would be best for at least some of my future projects, for which I'd need a "solid" foundation.



    By the way, perhaps this should be moved to Technical Discussion... EDIT: Thanks.
     
  4. Elratauru

    Elratauru

    Little Shiny Emurralds Member
    Indeed, I like to create php from scratch but I must admit that I love Wordpress too. Joomla is cool, but way to messy and heavy to me.

    Remember that when creating a cms from scratch the most important part is its security. You don't want people messing with the sites db's easily after all. Be careful when using forms and I'd recommend using MySQLi for stuff.
     
  5. Miles Prower

    Miles Prower

    Renard Oldbie
    698
    0
    16
    Something akin to CakePHP maybe?
     
  6. ICEknight

    ICEknight

    Researcher Researcher
    Well, we're using CodeIgniter for the CMS, which I believe takes care of part of the security stuff.

    Out of curiosity, what did you find "messy" and "heavy" in Joomla that made you stay out of it?




    Well, CakePHP is a framework just as CodeIgniter, we just didn't like it as much so we chose the other.
     
  7. Rolken

    Rolken

    Tech Member
    Quality developer time is rare and expensive; that's the entire reason why prebuilt CMSs are popular.

    For similar reasons, PHP itself is neither the present nor future of web development, it's the past. Rails is the present, and Node.js is the future.
     
  8. ICEknight

    ICEknight

    Researcher Researcher
    I'd love to read why you have that oppinion...
     
  9. Rolken

    Rolken

    Tech Member
    Rails lets you do more in less time with less hassle.

    Node.js is even more seamless (a web server stub is six lines of code), but it's too young to have as much framework support as Rails, which is why it's the future and not the present. I'm using it for a personal project, but I can't objectively recommend it as The Way.

    Honestly, the biggest problem with PHP is that it encourages subpar coders to produce subpar code, in the same way that IE6 taught all the HTML-slingers that they could write bullshit HTML and reload until it looked right, only now the playing field is SQL injections and URL hacking. And since you're talking specifically about future projects of unbounded complexity, I would strongly recommend spending a day apprising yourself of all the options, if nothing else just so you know what's out there.

    Rather than pontificate all day, if you're interested, here's an example guide comparing CodeIgniter and Rails directly. It's a couple years old, so you might want to skim it rather than take it as line-for-line gospel. To see the latest state of Rails, try the official getting started guide.

    edit: just found a fantastic summary of the state of node.js, its advantages, and what's holding it back (so far), with bonus observations on the ascent of Rails.
     
  10. ICEknight

    ICEknight

    Researcher Researcher
    That is really interesting, thanks!

    If anybody else has had any experience with these, or is comfortable with using something else, please do post about it as well.
     
  11. Meat Miracle

    Meat Miracle

    Researcher
    1,664
    5
    18
    I'd like to see this point elaborated. Do the other frameworks you mentioned force things like auto-sanitizing form submissions unless specifically told not to? Or they have some more specialized or more automatic protection against injections? Because the things you mentioned, sql injections through forms - either GET or POST - are so basic that I'm honestly surprised that they still work on some sites.
     
  12. Rolken

    Rolken

    Tech Member
    Rails is MVC and expects you to use active record model classes. So it has 'specialized protection' as part of its general eschewing of writing straight SQL. (If you choose to write straight SQL, you have to take care of it yourself.)

    But what I meant by "PHP encourages subpar coders to produce subpar code" was as much cultural as technical. Just on a lark, I googled 'php sample form code' and got this complete garbage. Google 'rails sample form code' and you get this complete reference.

    This is unbelievably important! Someone seeking to learn PHP is being taught worse techniques and becomes a worse programmer than someone learning Rails. This is at the core of why you still see sql injections in PHP in 2012. (And in my personal experience, every business PHP site I've been asked to look at has been ludicrously open to hackery.)

    Worth noting that the one time the Rails team made the wrong decision on security, with mass assignment, it turned into a shitstorm and they're being forced to reconsider (heh).
     
  13. Elratauru

    Elratauru

    Little Shiny Emurralds Member
    Actually, its not that I stay out of it, its just that I prefer other alternatives when it comes to using it. The problem I have with Joomla is that everything is a plugin/module and its way too structured. If you want to create a totally unique site, you're gonna need to edit a tonshit of files right off the bat. Short Story, It works for corporate sites, but for modern, trending, and good designed sites you will need something that gives you more freedom, Wordpress is an example of a CMS that lets you do whatever you want or need to without obstructing your site pages, no need for modules and stuff, only a header, main body and footer to arrange wherever you need to.

    Also, on the Rails discussion, Rails is awesome... I believe a really good killer combo would be its usage for data stuff, and Less (Framework) for appearance, but that's when writing stuff from scratch of course...I'm not that used to Ruby though.
     
  14. I think it depends on how much work you want to put into it. For my personal website I use the Invision Power suite, IPB and IP.Content for the CMS. Its parser is really weird and so writing code for it can be really quirky and time consuming compared to just writing something from scratch in a blank PHP file. On the flipside though, there's a lot that I can do a lot faster with IP.Content, and it allows me to easily give my website an integrated unified feel, which is really nice

    So overall yeah I'd say that CMS is gaining some share for web development but there's something to be said for writing something cool from scratch

    Also Joomla is slow as shit in my experience I'm not a big fan of it
     
  15. Meat Miracle

    Meat Miracle

    Researcher
    1,664
    5
    18
    Eh, so just because people write idiot guides, the language is suddenly crap? I don't see the problem with the guide you linked to - it only covers forms, not security. It's basic information to get started with, but not something meant to be the backbone of your site. Yes, someone using just that guide would end up creating a honeypot without knowing, but if you blame people for being stupid and ignorant - and others for taking advantage of this - then you might as well blame the entire human race, not PHP.
     
  16. Rolken

    Rolken

    Tech Member
    I will freely admit that I am not entirely persuaded by your alternative suggestion of blaming the entire human race for being stupid and ignorant. I think I'll just keep focusing on using the best tools available to build the greatest systems I can with the most driven colleagues I can find. Call me crazy.
     
  17. Sik

    Sik

    Sik is pronounced as "seek", not as "sick". Tech Member
    6,718
    10
    0
    being an asshole =P
    The problem is that SQL requests are essentially passing a small piece of code to an interpreter, and as you can imagine things like strings and such need to be properly escaped to not mess with the language syntax... and most lazy programmers will completely forget to escape the user input.
     
  18. Rolken

    Rolken

    Tech Member
    Well, in a random bit of timeliness, Eevee has put way waaaaaaaaaay more effort into detailing PHP's issues than I ever would. Yikes. If you prefer 100 paragraphs to 100 words, he's got you covered.
     
  19. Metal Man88

    Metal Man88

    Time Traveller Oldbie
    2,137
    0
    0
    All of that said, use Built queries and mysqli to dodge the stupid SQL injection. Then avoid using as much of the "broken" stuff. Then you're fine. People who use other languages HATE PHP, but that doesn't mean you can't use it.

    Peer pressure should not be a factor here.
     
  20. Overlord

    Overlord

    Now playable in Smash Bros Ultimate Moderator
    19,477
    1,090
    93
    Long-term happiness
    Let's also not forget that Ruby on Rails is also far from flawless: http://erratasec.blogspot.co.uk/2012/03/rubygithub-hack-translated.html