2019-07-03 00:42:40

Hi. I want to get started in web development, using php. But what's the best way to get started? If i google how i should gget started it gets me confusing, so many pages.

Lamas with hats, but with sponge bob as carl Stay tuned.

https://www.youtube.com/channel/UCvAUQt … subscriber

2019-07-03 00:49:09

I like the tutorial/reference from w3schools.

Searching google for "getting started with X" really isn't the way to do it and should be treated as more of a last resort than anything else.

Searching "language tutorial" would probably be better.

Still, I'd always start with resources listed on the language's homepage, using google to branch out and get questions answered when you have them.
Of course it all depends.

2019-07-03 19:40:49

Ditto to post 2. W3Schools is a great resource for learning syntax. But be warned that they do not help with installation, environment setup, etc. Honestly, if you want to know how to do something specific, search that in Google. "Getting started" is such a generic phrase that it won't narrow anything down for you. Search instead for "install PHP Ubuntu 18.04LTS." Organizations like Linode or DigitalOcean even have guides to walk you through the process. You can get a full LAMP stack up and running in no time with these guides.

What game will hadi.gsf want to play next?

2019-07-03 23:27:20

I personally learned from w3 schools, then when i had questions used google.

2019-07-04 07:37:35

Why PHP?
It will teach you bad things. I'd advise to learn other programming languages for Backend, such as Python, JS, C#, etc.

2019-07-04 07:41:02

@5. Why don't you let him use what he wants to use?

Paul

2019-07-04 09:07:43

pauliyobo, Maybe he just doesn't know what PHP is.

2019-07-04 14:22:42

maybe he can figure it out while he learns. If he doesn't like it, he'll be the first one changing.

Paul

2019-07-04 16:53:42

@5, teach you bad things? Like what? Please back up that statement with evidence since over 90 percent of the web uses PHP -- that's a very significant amount!

"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."    — Charles Babbage.
My Github

2019-07-05 15:09:36

Lol, teach you bad things. That's why Facebook's front-end is mostly PHP.

What game will hadi.gsf want to play next?

2019-07-05 16:53:53

Facebook, Wordpress, Yahoo, Wikipedia and more. It's estimated that the web is powered by about 80% PHP.

Yeah, bad idea to dev with PHP. It will teach you bad things such as how to develop sites like the above.
Even worse than taking Jonikster's obviously superior advice.

2019-07-05 17:14:28 (edited by leibylucw 2019-07-05 19:10:58)

Using Python to power a website is just too much work to set up and maintain for people just starting out with web dev. Having to use a specific version of the interpreter on top of using a framework that is constantly being updated is just too much unnecessary work. Work smart, not hard. Use PHP!
If you can get a functioning server running a LAMP stack, you pretty much have a skill set that is highly useful and can translate into a multitude of application purposes.
Now, you [can] use Python to power a website, but...Why?To each their own. For the sake of someone starting out, I see no good reason to stay away from PHP. In fact, if you know how to leverage HTML, CSS, and Javascript, it'll become super easy to see why PHP is so useful and why most of the web utilizes it.

What game will hadi.gsf want to play next?

2019-07-05 18:00:18 (edited by Ethin 2019-07-05 18:01:21)

@10-12, yep, my point exactly! It doesn't help that being an expert in PHP, HTML and JS is an excellent way of getting you a great job! smile I'm actually attempting to design a registration/login/account management system. Though I know Python and JS pretty well, I chose not to go with them since I didn't want to sit and handle all the complex routing and all that jaz that web frameworks force you to do when I could easily mix PHP, HTML and JS smoothly and easily. (Hint: did you know that this forum is made in PHP? Did you know that... Google... uses PHP? (Not all of their stuff uses it but some of it does.))

"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."    — Charles Babbage.
My Github

2019-07-05 19:19:16

@13, that's a great project! I'd like to do something similar, although I don't know to what end...Lol, life of a dev. big_smile I have a simple VPS running an Apache2 server with PHP, and it seems to do what I need it to for the most part. I'm currently trying to write a simple survey for the interns at my work to fill out where my website can collect and process their answers into basic text files. Not anything crazy or impressive, but it does keep me busy and teaches me the value of at least pursuing something on my own terms and seeing it through to the end. That's what I really love about development -- you don't necessarily need to study it academically to be good at it.

What game will hadi.gsf want to play next?

2019-07-05 19:31:58

@14, yeah. I haven't really done much with that PHP project though,am currently trying to make an OS (and it... sort of works). Life of my dev life (ha!): its hard for me to figure out what project I should do. I'm so damn curious about how an OS works I've decided to make one. And its fun! Trying to figure out PCI, FSes and scheduling. Ug. Perhaps this month I'll work on the PHP project ... which really does need attention. smile

"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."    — Charles Babbage.
My Github

2019-07-05 20:33:49

@9
Here I will answer Ethin and all those who consider PHP to be a good programming language.
It will be rude. For this reason, if you don't want, don't read this.
PHP teaches simple things to do through the ass, for example, to work with the RFC 6455 protocol with several lines of code is not enough. The language is old, it was created haphazardly, randomly, by specialists from different languages, very few people write in the language itself, everyone uses frameworks. Often bikes are written in this language, which are already built into the language itself. PHP crap in one word, old. At one time, he fired only due to a simpler syntax than in ASP 1.0 supplied with IIS 3.0. The language itself began with the implementation of a simple counter of visits, the purpose of the language was not to create something big that couldn't affect the implementation of the language itself. Imagine that you need to swim across the river in the wilderness, but you have nothing with yourself except nails and teeth, you will make yourself a boat of twigs and leaves, the creators of PHP did about the same. What do you think this language will teach you?
Besides. In post 2, cartertemm wrote that he liked the tutorial / reference from w3schools.
Here, not only PHP will teach you bad things. W3schools will teach you bad things.
First thing’s first. I’m really glad they put this at the top, but they are still teaching you the wrong way even though they said this themselves. So they aren’t even listening to their own words.
However, with ease comes danger, so always be careful when allowing file uploads!

Ok, let’s take a look at their final code because that’s what we’re going to go after and I’m going to grill it for teaching bad things aka bad coding habits.
1<?php
2$target_dir = "uploads/";
3$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
4$uploadOk = 1;
5$imageFileType =   strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
6// Check if image file is a actual image or fake image
7if(isset($_POST["submit"])) {
8  $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
9  if($check !== false) {
10  echo "File is an image - " . $check["mime"] . ".";
11  $uploadOk = 1;
12  } else {
13  echo "File is not an image.";
14  $uploadOk = 0;
15  }
16}
17// Check if file already exists
18if (file_exists($target_file)) {
19  echo "Sorry, file already exists.";
20  $uploadOk = 0;
21}
22  // Check file size
23if ($_FILES["fileToUpload"]["size"] > 500000) {
24  echo "Sorry, your file is too large.";
25  $uploadOk = 0;
26  }
27// Allow certain file formats
28if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
29&& $imageFileType != "gif" ) {
30  echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
31  $uploadOk = 0;
32}
33// Check if $uploadOk is set to 0 by an error
34if ($uploadOk == 0) {
35  echo "Sorry, your file was not uploaded.";
36// if everything is ok, try to upload file
37} else {
38  if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
39  echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
40  } else {
41  echo "Sorry, there was an error uploading your file.";
42  }
43}
44?>
Ok so the first few lines of code already teaches you the wrong way of doing it.
1basename($_FILES["fileToUpload"]["name"])
That’s how NOT to do it.
What does this line do? Well, it pretty much takes the original name and then you can append it to a variable which you can then reference. The intent of doing so is just to be able to upload the file and give the file its original name. This is actually incredibly bad. Not just bad practice, but security wise as well.
Here’s a scenario to demonstrate why that’s bad. So say Person A uploads a file from their phone called IMG_001.JPG. It successfully goes through and they can view that image. Looks pretty cool on the web. Now, let’s say Person B comes along and uploads a file from their phone called IMG_001.JPG. Whoops, now Person B just replaced and overwrote Person A’s image because you have that line to give the uploaded file its original name.
You think that’s appropriate to do if you want people to upload hundreds of images? Not really.
This is also a security concern because in a poorly implemented upload system, someone can actually overwrite your uploading file whether it’s named upload.php or index.php, they can pretty much overwrite and replace that uploader.

Now, let’s take a look at this line.
1$imageFileType =   strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
This line pretty much is for the intent of checking to make sure the image is an actual image. However, this is not the way you should be doing it. The PHP documentations and the official language does not say for you to do this. This is what “w3schools” is telling you to do. “w3schools” is not affiliated nor are they connected or have any relevance to the official PHP site, documentations, nor the official PHP team. “w3schools” is a fan made website.
Now, let’s dig in deeper what that line is actually doing. pathinfo() actually can take in 2 parameters. The first parameter is the file path and the 2nd parameter which is an optional parameter allows you to pass in a constant of either PATHINFO_DIRNAME, PATHINFO_BASENAME, PATHINFO_EXTENSION, PATHINFO_FILENAME, or a mixed combination of all of those.
The second function (strtolower()) that’s wrapped around pathinfo() just pretty much converts the entire string to all lower case.
Now, here’s the problem. Since this sole intent is to check whether the image is really an image, this is actually poorly written. Say I create an image in NotePad and name it malicious_file.txt, then write some malicious code into that file. I then rename malicious_file.txt to malicious_file.jpg and upload it to that poorly implemented uploading system. Would you look at that, it goes through simply because the file extension is .jpg. The returned extension name from pathinfo($target_file,PATHINFO_EXTENSION) is actually jpg.
So regardless if the file is malicious or not, it will still be uploaded. That’s a security problem.
This line of code wasn’t written by the PHP documentation nor the PHP team. They have no intent of allowing this to happen. But the source (w3schools) is the one writing this incredibly horrible code. Again, the PHP language, the PHP documentations, and the official PHP team does not teach you this. They only supply you with what the code does. Whatever people have concocted/ combined/ mixed is all on the person who wrote that code which would be w3schools.

The funny part is that they use getimagesize() which actually verifies if the uploaded file is an actual image since the returned data is an array that gives out the width, height, and multiple information. I have no idea why they were attempting to write in their own “image checker” when they could of just used getimagesize() to check if the uploaded file was an actual image. Again, the people who wrote this bad code isn’t the PHP language, the PHP documentations, nor the official PHP team. It’s the source (w3schools) who wrote this horrible code. Once again, w3schools have no affiliation, connection, nor anything to do with the PHP language, the PHP documentations, nor the official PHP team.

I don’t want to go any further because well, I’ve written a very lengthy post already and I haven’t even gotten to the end of the code yet.

2019-07-05 20:46:47

Wait, so now it's W3Schools that's the problem, (which I am willing to acquiesce as a more sound argument) rather than PHP, even though your first post on this thread said PHP was teaching people bad things? Lol, you love to do 180's.

What game will hadi.gsf want to play next?

2019-07-05 21:21:32 (edited by Ethin 2019-07-05 21:31:38)

@16, I stopped reading your post about 2 lines in out of the shear stupidity of it. OMG dude, just because people use frameworks in PHP does not mean its suddenly not PHP. GTFO!
OK, so I read through some of your last few paragraphs... and it seems like your copypasting stuff. The code you claimed is a "security problem" is not actually a security problem. A security problem is any kind of vulnerability or exploit that an attacker can use as leverage to gain access to a system, or to take down a system, etc. The example you provided is *not* a security problem. That is a simple error. If it were linked into a larger system that had permissions and access control, and the permissions were set incorrectly, and person B used that to their advantage and overrode the first picture with a malicious one, then yes, that would be a security problem, but it would not be on the server unless, of course, the server loaded and opened pictures and read them through an insecure mechanism. If the server read them through a secure mechanism i.e. antivirus/antimalware solutions), or just streamed the file to the user like a download, the chance of the server getting an exploit is quite low unless there was some kind of external component at work.
W3 schools being a problem? I'll agree with that. But please don't talk about subjects that you clearly don't understand.

"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."    — Charles Babbage.
My Github

2019-07-05 21:35:52

If no one has posted this yet.
https://www.w3schools.com/php7/

Much less active on this forum than in the past.

Check out my live streams: http://lerven.me
follow me on Twitter: http://twitter.com/liamerven

2019-07-05 21:54:08

Anyone watching this topic please disregard any advice jonikster gives. It is always wrong! I have never used PHP myself, but I was able to disprove jonikster's nonsense on this topic by doing a simple, simple google search.

Guitarman.
What has been created in the laws of nature holds true in the laws of magic as well. Where there is light, there is darkness,  and where there is life, there is also death.
Aerodyne: first of the wizard order

2019-07-06 05:02:24

I usually hate "ganging up on somebody," but it's without a doubt that every time I've seen jonikster post, what I read never made much sense, whether what was being said was plain wrong, or it completely dismantled what an earlier post said (just like here).
Not to blacklist anybody from the dev community, but I wish we didn't have to deal with such garbage. GIGO is a thing in social interactions just as much as it is in programming. This is purely one of the biggest reasons why newcomers are discouraged -- they have to deal with the buffoonery from people like jonikster. I myself am by no means an expert, but the difference is I don't make such bold, inaccurate, and ridiculous claims.

*thank you for attending my TED Talk*

What game will hadi.gsf want to play next?

2019-07-06 05:18:05 (edited by Ethin 2019-07-06 05:18:54)

@21, very true. I try not to make false claims or give out false information, but I don't think I've ever gone so far as to make claims of this level. I mean, I've told him off countless times and he just keeps on going. I don't think he'll ever learn until he tries to secure someting or to make something he doesn't actually understand and he miserably fails at it. God I hope a business manager or someone like that doesn't come to him, he's going to drive a business to data theft and data loss at a level no one's ever seen before because he'll tell a business how to secure something and it will be the *wrong* way to do it. I mean, he claims something as insecure and then completely demonstrates how new he is to the world of information security by handing out incorrect information.

"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."    — Charles Babbage.
My Github

2019-07-06 09:45:54

Guys, why are you so negative towards Jonikster.
I'm a Senior PHP developer, I work as a Team Lead in a Ukrainian company that develops web applications.
And I agree with Jonikster.
A programming language is just a tool. But PHP can teach bad habits that are hard to get rid of.
Bad learning materials like w3schools also play a big role.
Now Python is more promising.

2019-07-06 10:49:17 (edited by jonikster 2019-07-06 11:36:40)

@Belov, Don't you understand?
Most here don't have any good experience.
They can speak, but I have not seen real projects.

2019-07-06 11:29:41

@24, to be frank, I haven't seen anything from you, nor from belov, so I could say the same about you two.

Paul