Home > Backend Development > PHP Tutorial > Some excellent practices of Codeigniter_PHP tutorial

Some excellent practices of Codeigniter_PHP tutorial

WBOY
Release: 2016-07-13 10:18:48
Original
884 people have browsed it

Some excellent practices of Codeigniter

Recently I am planning to take over and improve a project written by others using Codeigniter. Although I have used CI before, I wrote it completely according to my own wishes. Didn't follow some of CI's routines. For projects used by the public, it is best to follow the framework specifications, so it is better to summarize it to avoid making others laugh when they take over it in the future.

1. First is MVC

If you don’t know MVC yet, you should learn it as soon as possible. You will quickly realize the value of accessing data in the Model, performing business logic in the Controller, and writing HTML code in Views. You may wrinkle your forehead if you haven't programmed using this model before, but you should give yourself a chance to try it.

A rule of thumb is to put less stuff into the Controller and remember the DRY principle: don’t reinvent the wheel. When writing the same code in more than one place, you should try to write a library, helper, or model depending on its type. For example, the database connection class is used frequently, so it is made into a model (provided by the system).

Once you understand the essence of MVC, this will become a habit, and you will benefit a lot from MVC's concise code.

One principle is: leave complex operations to the Model. Controller is more like an architect. Model is hard work. View is the painter. The Controller only needs to throw things into the Model, and does not need to care whether the data is abnormal, and then returns a flag and corresponding data. In this way, the MVC architecture is reflected.

Model is actually like an electrical appliance such as a microwave oven. The simpler it is to use, the more people like it. (Put the food in - press start - ok, the rice is cooked.) The advantage of having fewer interfaces is that the Model upgrade code is optimized At that time, the coupling to the outside world was not high. Even if you write poorly internally, the interface is clean and easy to use.

2. Application and System paths

It is best to place the system and application folders outside the webroot. If index.php is placed under the /public_html/ path of the FTP server, you should try to place the System under the root directory /system. In this case, only Your PHP files can be accessed through index.php.

Don’t forget to modify the values ​​of $system_folder and $application_folder in the index.php file. The value of $system_folder should be relative to the index.php file, and the value of $application_folder should be relative to the system directory.

3. Error reporting and debugging

A common mistake is to forget to turn off PHP error and database error reporting, which is risky. In any public site, error_reporting should be set to 0, and can only be set to E_ERROR at most. The database setting db_debug should be set to false. Based on other security considerations, set error information not to be displayed ini_set('display_errors', 'Off');

As you code and debug, you should set error_reporting to E_ALL and address every note and warning before releasing your application.

A simple method is to set the value of db_debug to a constant MP_DB_DEBUG in the application/config/database.php file. When the website is running, set it as follows:

ini_set('display_errors', 'Off');
error_reporting(0);
define('MP_DB_DEBUG', false);  
Copy after login

In coding and debugging set to:

ini_set('display_errors', 'On');
error_reporting(E_ALL);
define('MP_DB_DEBUG', true);  
Copy after login

4. Security issues are very important

Before receiving any data to your program, whether it is POST data submitted by a form, COOKIE data, URI data, XML-RPC data, or data in the SERVER array, we recommend that you practice the following three steps:

  1. Filter bad data.
  2. Validate data to ensure correct type, length, size, etc. (Sometimes this step can also replace the first step)
  3. Convert data before submitting it to your database.

Regarding SQL injection, XSS, and CSRF, you should first understand them before deciding whether to adopt methods to prevent them. You can refer to the security guidelines in the CI manual and the input and security categories. Perhaps the most important principle is to check all user input before submitting data to the database or file system.

  • SQL注入。使用 CI 自带的 Active Record 可以解决这个问题。
  • XSS (跨站脚本)。通过设置 $config['global_xss_filtering'] = TRUE; 开启自动过滤POST和COOKIE中的跨站脚本攻击,但需要消耗一些资源。也可以在每次处理POST和COOKIE的时候单独使用,把第二个参数设为TRUE,如 $this->input->post('some_data', TRUE); 表单验证类也提供了 XSS 过滤选项,如 $this->form_validation->set_rules('username', 'Username', 'trim|required|xss_clean');
  • CSRF (跨站请求伪造)。CI 2.0 将内置 CSRF 检查,在 Google 上搜索 "CSRF tokens" 学习更多关于在保护表单提交和 URL 链接的知识,在 Ajax 应用方面可以搜索 "double cookie submission" 或 "双提交 cookie"。
  • SPAM (垃圾留言和恶意注册)。通过保护你的邮件表单,评论表单,以及其他各种免费用户提交的数据来防止垃圾信息,一个简单的方法是只允许一个IP/User客户端在一分钟之内只能提交一次,一个比较好的方式是使用 Captcha ,CI2中内置了一个CAPTCHA的辅助函数。

5. 数据库 和 ORM

CodeIgniter 有一个自带的库 Active Record 能够帮助你在不使用 SQL 语句的情况下写查询语句。这在你不太精通 SQL 语句或不知道怎样防止SQL注入的情况下是一个很好的方法。

当你需要更强大的工具时,你可以考虑使用 Object Relational Mapper ,就是鼎鼎大名的 ORM 了,遗憾的是,CodeIgniter 没有自带 ORM 库,不过也有一些其他很好的选择。

最流行的或许是 DataMapper OverZealous Edition (DMZ),还可以使用 Doctrine (这里有一个教程),另一个选择 RapidDataMapper 是作者自己的作品。

6. 代码实践

编写简洁的代码,并且理解你的代码,不要只是复制粘贴别人的代码,并且不断提高编码能力。手册上的开发规范是一个能学习怎样更好编写代码的地方。

1. DRY。不要总是重复造轮子,把能重用的代码放在它应该在的地方,比如libraries, helpers 或者是 models,而不是controllers,一个经验准则:当你复制代码的时候,也许你已经第二次把它放在了错误的地方。

2. Caching (缓存)。缓存是一个提高性能的很好的方式,尤其是减少数据库的访问。可以参考网页缓存和数据库缓存,或者在论坛上搜索其他的可选方案,比如 MP_Cache 是作者自己的作品。

3. HTTP headers (HTTP头部)。在客户端你能够通过单独发送HTTP头部使浏览器缓存页面来提高性能,当你使用 AJAX 的时候你也需要了解它来禁止浏览器缓存。

一个禁止缓存的例子:

$this->output->set_header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
$this->output->set_header("Cache-Control: no-store, no-cache, must-revalidate");
$this->output->set_header("Cache-Control: post-check=0, pre-check=0", false);
$this->output->set_header("Pragma: no-cache");  
Copy after login

一个长时间保持缓存的例子(比如 css, javascript):

$this->output->set_header('Cache-Control: private, pre-check=0, post-check=0, max-age=2592000');
$this->output->set_header('Expires: ' . gmstrftime("%a, %d %b %Y %H:%M:%S GMT", time() + 2592000));
$this->output->set_header('Last-Modified: ' . gmstrftime("%a, %d %b %Y %H:%M:%S GMT", time() - 20));  
Copy after login

7. 模板渲染不必每次都调用 header 与 footer

在 MY_Controller 头部和 __construct 函数中添加以下内容,用于设定默认的模版信息,其中 SITE_NAME 需要自己在 application/config/constants.php 里面自己定义:

class MY_Controller extends CI_Controller {

    protected $_data;    // 模版传值数组
    protected $_tplext;  // 默认模版后缀
    protected $_header;  // 默认头部模版
    protected $_footer;  // 默认底部模版


    public function __construct () {
        parent::__construct();

        $this->_data['title'] = SITE_NAME;
        $this->_tplext = '.php';
        $this->_header = 'templates/header';
        $this->_footer = 'templates/footer';

        // 开发模式下开启性能分析
        if (ENVIRONMENT === 'development') {
            $this->output->enable_profiler(TRUE);
        }
    }

}
Copy after login

8. 不必所有的类都继承 CI_Controller

新增的控制器不再继承 CI_Controller,而改继承 MY_Controller:

class Index extends MY_Controller {

    public function __construct () {
        parent::__construct();
    }


    /**
     * 前台首页
     */
    public function index () {
        $this->_data['title'] = '首页';  // 不指定则使用默认标题 SITE_NAME
        $this->_view('index/index');
    }

}
Copy after login

末了,再补充两个:

9. CodeIgniter的文件结构

cache用以存储缓存文件,codeigniter文件夹包含了CI的基类CI_Base,为了兼容php4和php5,CI_Base有两个版本,其中php4版本的CI_Base继承于CI_Loader。libraries里存放了大部分常用的类库,最主要的三个类:Model,View和Cotronller,自己写的任何mvc都要继承于已有的mvc类;helpers里是一些函数(方法)集合,用以辅助其他模块的方便工作。language是一个语言包,用以支持多语言。

application文件夹用以存储您的应用程序,CI已经在内部为您增加了一些子文件,包括models、views、controllers、config、errors、hooks和libraries。其中前三个文件夹是用以创建模型、视图和控制器的。您的大部分工作都应该是创建属于自己的MVC,并可在config里加入配置文件,libraries里加入一些对象和方法,用来辅助您的模型和控制器工作。而hooks也是对CI_Hooks的扩展,具体内容见下面的章节。

10. CodeIgniter的工作过程

当有一个http请求时,如http://www.google.com/blog/,首先进入CI的引导文件index.php。接下来我们看看index.php里做了哪些事情。

index first sets the application folder name to application and the system folder name to system. Then it makes a series of strict judgments and converts them into unix-style server absolute file paths. Specifically, it defines two The more important constant, APPPATH, is the folder path of the application. According to analysis, this path can be at the same level as system: htdocs/application/, or it can be placed in the system folder as its subfolder: htdocs/system/ application/, but it is recommended to use the second method, which looks neater; BASEPATH, the basic file path of the website document, is probably htdoc/system/; in the end, the index boot file is introduced into codeigniter/codeigniter.php. Next we take a look at what is done in codeigniter.

codeigniter.php introduces three files at the beginning: Common.php, Compat.php and config/constants.php. Common contains some functions, including load_class for loading class libraries and log_message for recording logs. , and show_404 that introduces error pages are several important functions; Compat mainly solves the function incompatibility problem in php4 and php5, while constants defines some constants for reading and writing file permissions.

Then codeigniter loads the first class library, Benchmark. One of the simplest applications of this class library is to calculate the time it takes from the beginning to the end of compilation of a web page, so you put a mark at the beginning of compilation. After the rendering is completed and a mark is added, the time spent can be calculated.

Then the second class library, Hooks, is loaded. Like Benchmark, this class library is under systemlibraries. The function of this class library is to provide you with an opportunity to perform other things before the program starts compiling. Hooks will Approximately 8 opportunities are provided for you to perform other tasks, see the User Guide for details. Here it imports the first hook.

Then load the Config, URI, Router, Output and other class libraries respectively. Then, check whether there is a cache_override hook. This hook allows you to schedule your own function to replace the _display_cache method of the Output class. If not, directly Call Output's _display_cache to check whether there is cache content. If there is, the cache will be output directly and exit; if not, the execution will continue.

After that, continue to load Input and Language. Note that the class libraries loaded before are all references; then there is another important load, which is the loading of the CI_Base object. First, the version of php will be judged. If it is php4 version, Loader will be loaded first, and then Base4, because CI_Base in Base4 inherits from CI_Loader, but in Base5, CI_Base and CI_Loader have no inheritance relationship.

The next step is also the really critical step. This step starts by loading a Controller class. This is an instance, not a reference; then the http address is parsed through the Router to get the names of the controller and methods, and then look at the application controllers Whether there is such a controller and method, if not, an error will be reported; if there is, the judgment will begin.

Summary

I will summarize this much first and will add more later.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/881582.htmlTechArticleSome excellent practices of Codeigniter. Recently I am planning to take over and improve a project written by others using Codeigniter. Although I have used CI before, But I wrote it completely according to my own ideas, without any CI...
Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template