Paul McNally’s Blog

When developers talk about application development they often spout things like

“When developing an application it is beneficial to separate business logic from the presentation logic”

Which all sounds very technical and intellectual, but what are they going on about when they say things like this?

Imagine a simple website. Three pages liked together by hypertext links. Each of the pages contain text and images hard coded as HTML and the files have a .html extension. There’s no processing behind the scenes, no PHP/ASP or Java, the pages content never changes. These are called static pages. It would be fair to say that this website is almost completely made up of presentation logic. Logic, or code concerned with display and not processing any information.

Now, imagine a PHP scrpt that a form on this website posts it’s information to when someone clicks the submit button. Let’s call it ‘process_form.php’, and lets say this form takes the information posted to it, checks the information is usable, and then redirects you to another page depending on what you entered in the form. This processing of information would be an example of business logic.

Often In web applications, business logic and presentation logic, along with CRUD (database logic)  are often fused into single scripts. Such as having a single PHP script that does some processing and outputs the result in HTML format. Though often useful, this can become problematic and cumbersome if you wanted to change the way your web page looked without changing the way it does any processing.

Along comes templating…

Templates allow you to seperate your static content from your processing. This way, you could easily change your static content without worrying about the processing code getting in the way and vice versa.

A simple HTML file could look like this:

If we wanted to output PHP in this file we could do something like this:

This would be an example of single-tier, or fused logic. Which makes it difficult to just change our HTML because the HTML and PHP are intertwined in a single layer. Say we created a template file of our original HTML file that looked like this and gave it the extension .tpl

In this example we have replaced the content withcontent placeholders that we can reference later on.

Now, we can produce a simple PHP function that will replace the placeholders with our content after our PHP business logic layer has finished with it. The function may look something like this:

This way, from our PHP business logic layer, we can easily produce our presentation layer with any data we like without having to alter the template in any way. An example of calling our template from the business logic layer would be something like this:

No comments »

Yesterday I went to an interview for a new job. As with many programming/developer jobs after a bit of a chat the interviewer and a lead developer gave me a small test on my PHP knowledge.

I was given 3 pieces of paper with some PHP code on them that was intentionally erroneous and given 15 minutes to mark all the errors on them.

Hindsight is a beautiful thing I suppose. After leaving the interview something came to mind that i didnt notice straight away.

The code was using something like this:

Because we didn’t first initialize the $loginstatus variable as false using:

the variable might be defined through using the register_globals setting instead, such as from a GET URL query string from a posted form, e.g.

auth.php?loginstatus=1

So, anyone can be seen as authenticated when testing like this!

Oh boy! how dangerous could that be! Even though register_globals had been turned off since PHP 4.2.6 as default, it sould not be taken for granted as when it is turned on can be a security loophole, which is why it’s scheduled for removal.

I cant believe I missed it at the time (although it did come to me afterwards) It’s that easy to create a potentially unsecure application.

As of PHP 6 though this can no longer happen, as the register_globals PHP setting is being removed comletely. Good.

No comments »

I took the second MySQL Certification exam on Friday and I am now proud to call myself a “Certified MySQL 5.0 Developer”. It always feels good to add another qualification to the list, and reinforces the fact that I am actually a LAMP developer and not just a PHP developer.

For those of you who don’t know, MySQL (or Sun or whatever) offer two different certification routes, Developer (CMDEV) and Database Administrator (CMDBA).

The Developer certification, supposedly designed for developers who use MySQL for back-end data storage and processing such as integration with web applications, and the DBA certification, more for those

sysadmins who optimize ,tune and maintain MySQL servers.

Some people may not like this about me, but when it comes to application development I’m a bit of a perfectionist. I put a lot of effort into what I do and I try really hard to get things exactly right. I only bring this up because in some respects it explains my disappointment with the exam.

There were so many visible errors that I was actually angry whilst taking the exam. The numerous errors consisted in simple misspellings of SQL keywords, to missing spaces between parts of SQL queries and repeated words. One question gave a multiple choice of four SQL queries, asking you to select the correct one. In actuality they were all wrong! If I had cut and paste each of those queries as they stood into the mysql client program, none of them would have succeeded.For a company that has such a great product I am saddened by the low spelling quality of the exam questions.

The questions themselves, on the whole were fair. If you could settle with selecting the “best” or “closest” answer instead of the “correct” one. The range of topics tested fairly accurately matches the breakdown stated in the MySQL Certification Study Guide (ISBN 0-672-32812-7), which was almost single handedly my source for study material. The questions given on the supplied CD are exceptionally useful.

There are several things that bother me about this certification at the moment though. Exam spelling mistakes apart, there are only 525 people worldwide who hold the MySQL 5.0 Developer Certification, with only 30 certificate holders here in the UK (USA holding the most at 204). I am the only person in  the whole North-west of England who holds the certification. Now this could be for several reasons, either the CMDEV is:

1. Not very good and not worth having
2. Not recognised by employers
3. Its really hard to pass
4. People do not know about it.

I think It’s safe to rule out 1 & 3. I think the certification testing was adequate and the difficulty level was intermediate. Fair for a cert of this nature.

This leaves 2 & 4. Which in my eyes are related. In my opinion, a certification for developers using the most widely used and successful Open Source RDBMS available should be more widely recognised and utilised by employers and developers.

I think that MySQL /Sun need to increase people’s awareness of their certification program as this could be a very handy little cert to have.

No comments »

Released as a beta on the 2nd September, Google’s entrance into the User agent market doesn’t really come as a surprise. But the oucome may be!

Google Chrome, which utilises the WebKit rendering engine, originally created as part of the KDE Konquror browser library, and later part part of apple’s Safari browser has some interesting features.

The first thing that I noticed is that there is no Home button. Instead, Chrome’s URL address bar doubles up as a search engine search box, set to google as default (naturally!), but can just as easily be set to yahoo, MSN or whatever through the options settings.

Chrome’s URL address bar has a few other tricks up it’s sleeve. Just like in Firefox, typing in Chrome’s “Omnibox” (the name google have given given to the multi-purpose URL bar) will unleash the power of it’s auto-suggest functionality.

Now, with this feature, Google seem to have got it right where Mozilla Firefox 3 got it wrong. Google’s auto-suggest feature will suggest a few (of the most popular or similar) search terms, but will also auto-suggest the closest matches to previous searches or website addresses you have typed in. But only the explicit URL’s you have typed in, not all the similar search queries etc like FF3’s address bar. Bravo Google! Thumbs up!

Not having a home page button did leave me a little disorientated though. I like having a starting point. Not to say that Chrome doesn’t have a starting page per se. It has a handy “home” page, which has an Opera-like Speed-dial feel to it, which displays thumbnails of your most visited web pages. Nothing amazing really. Similar can be seen in Opera, and as an add-on to Firefox.

What Chrome adds to this is the auto-population of the list with your most visited sites. Could be useful. Not sure if I like this feature yet though. What would be nice, is some kind of blacklist, for sites you don’t want to show up in this list. Or at least a way of deleting individual items from this list or from your browsing history without having to delete data for the whole day.

Chrome does have ‘incognito’ mode. A kind of safe mode where browsing history and search history is not saved and no cookies are saved etc. I like this functionality, however I would still prefer more control over what Google Chrome was saving in its browsing history in normal mode.I would also prefer if Google added a home button, just like other user agents which would take me to the default page, instead of having to open a new tab every time I want to get there. Overall, I think Google’s history centric approach to browsing needs a bit more customisability, but has potential.

Chrome’s tabs are useful too. The ability to drag tabs from the chrome window into a separate window stands out as a useful function. The only problem I encountered was that the tab close button is very close to the new tab button. I have already opened several new tabs when meaning to close another. It could be disastrous if I was to happen the other way round!

As a web developer I’m very fond of the developer-orientated add-ons that are available for Firefox. Especially the web developer toolbar. It would seem in comparrison that Chrome’s developer tools are very limited.  Just possessing the bare minimum of a source code viewer (with clickable links for some URI’s such as images, opening them in a new tab) and a JavaScript console and debugger.

Google Chrome does not support any extensions at the moment and I wouldn’t expect it to compete with FF in that department, but some simple things like a spell checker would be nice.

Google Chrome’s first release has passed the Acid1 and Acid2 tests, but failed the Acid3 test with a score of 78/100 which is better that both Internet Explorer 7 and Firefox 3. The Acid tests test how well a browser complies with a given set of Web standards. So Google have something to be prowd of here also.

One of the best things about Google Chrome in my opinion is its V8 JavaScript engine. An Open Source JavaScript engine Developed by a Google team in Denmark. The V8 JavaScript engine increases performance by compiling JavaScript to native machine code before running it, rather than to bytecode or interpreting it. Thus, JavaScript applications will run at the speed of a compiled binary. The end result means that JavaScript applications, according to Google, run approximately twice as fast as Firefox 3 and Safari 4 beta.

The major concern I have with Google Chrome is the data collection functionality of the “Omnibox” search bar. Information entered into the Omnibox search bar is automatically sent back to, and stored by Google, along with the computer’s IP address even before the user presses enter. An article posted on CNET News by Ina Fried provides more detail on this “feature” and how to disable it. But, I fear, many people will not disable it and personally I feel this is an invasion of a user’s privacy and more information than Google should be allowed to collect. It is for similar reasons that I have been put off using Google’s search engine in recent times. I feel that with their browsing history “features” that they are attempting to collect too much information about me without my consent and I don’t like this.

Overall, I think Google Chrome is a nice looking, fast browser with some interesting features but could do with some more customisability.

You can download Google Chrome for Windows here, while OS X and Linux versions are still under development.

No comments »

When producing a website a content rating identifies the type of content, such as language and pictorial content of the website through a method of labelling. This can be used to stop unsuitable material being displayed to the wrong people, such as sexually explicit or obscene material to schoolchildren.

The ICRA (Internet Content Rating Association), part of the Family Online Safety Institute is an independent body that produces a questionnaire for webmasters to fill out regarding the content on their websites. The answers to these questions generate a small file which contains a series of labels that can associated with a particular domain that identifies the type of content contained therein. Users can then use filtering software (sometimes integrated into their browsers as a plug-in but not always) to allow or deny access to a domain and its content depending on these labels.

The ICRA’s content rating system is totally optional and is a self-rating system where the websites administrators generate the rating themselves by answering the questionnaire, however the resulting ratings are still checked by the ICRA.
There are other methods that can be utilised by third parties to produce a content rating for your site, but these are done by others and not in the hands of the web publisher.

No comments »