Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End HTML Templates for PHP

  • This topic is empty.
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #24411
    timbo
    Member

    Hey gang,

    I’m new to this board, but I’ve been a fan of CSS-Tricks for a while now.

    Does anybody have experience creating HTML templates with an engine like Smarty, or do you roll your own? I’m curious about what other folks do. Have you come across any security issues using a template engine like this guy describes?

    http://dtm.livejournal.com/33960.html

    #55292
    Rob MacKay
    Participant

    HTML Template language? wow I never knew it existed lol I mean what?!

    Personally I have never and would never let anything do my coding for me, mainly because it normally comes out a complete mess and you have to, at some point, navigate your way around it…

    Code it yourself, it will be better for all in the long run :)

    As for the template generation things like smarty I have no idea lol, the idea of a "HTML Template Language" tickles me though :)

    #55299
    Quote:
    Personally I have never and would never let anything do my coding for me, mainly because it normally comes out a complete mess and you have to, at some point, navigate your way around it…

    I don’t think that’s what he means Rob. He’s talking about templating systems – templates with placeholders for variables in them, that sort of thing.

    When PHP was first developed, it was a template language. That is programmers would take an HTML page and insert <?php ?> tags all over the place whenever they needed some calculated value or a field from a database. That’s all well and good but if you are working as part of a larger team then that can lead to problems. Also, it doesn’t fit very well in today’s MVC oriented mindset.

    One of the problems I hit in the past is graphic designers are prone to breaking php when they edit the files in DreamPage (or whatever it is they use). Fortunately modern versions of these programs understand php, asp, ruby and such and hide their uglyness from these kinds of people, but it can still happen.

    Then there’s the issue of security. Is the guy that’s editing the templates the kind of guy you want to have the power to type mysql_query("DELETE FROM customers;")? Or maybe he’ll just accidently break some code that needs to be there. This is where Django’s template system shines, since it’s not based on any underlying language like php or ruby it only let’s the template authors do what the CMS is programmed to let them do. This means it has lots of nifty functions specially designed to cater for template authors (like truncatewords:"100", for instance) but without a) the designers needing to learn php and b) the developers needing to worry about what the designers are doing to their code.

    This is not such an issue for me at the moment as I’m just working up a few sites for people I know and as such WordPress is great for me. Although the templates are peppered with php, and yes if used incorrectly I’m sure there could be security issues, as I’m the only one working on the files it suits me fine.

    #55302
    Rob MacKay
    Participant
    "davesgonebananas" wrote:
    I don’t think that’s what he means Rob. He’s talking about templating systems – templates with placeholders for variables in them, that sort of thing.

    Yea it was the page link that get me confused – and gave me the giggle… lol

    Anyway, the problem with virtually every HTML templating language out there is that they make it easier for the person writing HTML templates to add…
    #54810
    rcmatt4321
    Member

    I would highly advise against a template engine. I tried smarty once, and found the syntax to be ugly and confusing.

    If you’re going to use a "Template Engine", I suggest using a PHP framework such as Codeigniter. It allows for even more sepeation, and keeps the normal php syntax in your HTML. The only difference is, that Database calls are dealt with by your model, and your controller loads the views, responds to data and calls on the model for database information.

    Its a really nice, simple, clean way to write PHP. Writing plain PHP without a framework is something I just don’t do anymore.

Viewing 5 posts - 1 through 5 (of 5 total)
  • The forum ‘Back End’ is closed to new topics and replies.