EBOOK OOP PHP INDONESIA
First Published 21 December , Tinju Cepat OOP dengan PHP version Code Example: PHP Ebook Tinju Cepat OOP dengan PHP + Full Source Code. 50 results Framework/Teori/Ebook PHP Cepat OOP Bahasa Indonesia - Ane Tamfan _). pdf Framework/Teori/Object Oriented Programming in studioportolano.net Kumpulan buku pemrograman gratis dalam bahasa indonesia dan inggris untuk belajar PHP The Right Way (Bahasa Indonesia) · Tutorial Ebook PHP.
|Language:||English, Spanish, Indonesian|
|ePub File Size:||28.64 MB|
|PDF File Size:||10.34 MB|
|Distribution:||Free* [*Regsitration Required]|
PHP has a very complete set of object-oriented programming features including support for classes, abstract classes, interfaces, inheritance. The hardest thing to learn (and teach btw,) in object oriented PHP is the basics . But once you get working with objects using php's built-in OOP capabilities. PHP is the most widely-used language for programming on the web. Not only is OOP a way to break your code into separate, logical sections.
Additionally, many PHP functions that operate on strings have an optional parameter letting you specify the character encoding. You should always explicitly indicate UTF-8 when given the option. For example, htmlentities has an option for character encoding, and you should always specify UTF-8 if dealing with such strings. Note that as of PHP 5. This will use mbstring if it is available, and fall back to non UTF-8 functions if not.
See example code below. This is critically important. Note that you must use the utf8mb4 character set for complete UTF-8 support, not the utf8 character set! See Further Reading for why. Today, it is common to set the character set in the HTTP response header like this:.
Disclaimer for newcomers: This way is, however, hardly recommended for serious projects, as it poses some maintenance issues along the road - some might appear in the very beginning, such as pluralization. The most classic way and often taken as reference for i18n and l10n is a Unix tool called gettext.
It dates back to and is still a complete implementation for translating software. It is easy enough to get running, while still sporting powerful supporting tools. It is about Gettext we will be talking here. Also, to help you not get messy over the command-line, we will be presenting a great GUI application that can be used to easily update your l10n source.
There are common libraries used that support Gettext and other implementations of i18n. Some of them may seem easier to install or sport additional features or i18n file formats. In this document, we focus on the tools provided with the PHP core, but here we list others for completion:. Other frameworks also include i18n modules, but those are not available outside of their codebases:.
If you decide to go for one of the libraries that provide no extractors, you may want to use the gettext formats, so you can use the original gettext toolchain including Poedit as described in the rest of the chapter. You might need to install Gettext and the related PHP library by using your package manager, like apt-get or yum.
Here we will also be using Poedit to create translation files. There are three files you usually deal with while working with gettext. Those template files are not mandatory: There are some cases, in big projects, where you might need to separate translations when the same words convey different meaning given a context. In those cases, you split them into different domains.
In Symfony projects, for example, domains are used to separate the translation for validation messages. A locale is simply a code that identifies one version of a language. For rare languages , three letters are used. For some speakers, the country part may seem redundant. To use Gettext, we will need to adhere to a specific structure of folders. First, you will need to select an arbitrary root for your l10n files in your source repository. As we said in the introduction, different languages might sport different plural rules.
However, gettext saves us from this trouble once again. When creating a new. When calling Gettext in code, you will have to specify the number related to the sentence, and it will work out the correct form to use - even using string substitution if needed.
Plural rules include the number of plurals available and a boolean test with n that would define in which rule the given number falls starting the count with 0. For example:. When calling out Gettext to do localization on sentences with counters, you will have to give him the related number as well.
Gettext will work out what rule should be in effect and use the correct localized version. You will need to include in the.
Browse more videos
The first section works like a header, having the msgid and msgstr especially empty. It describes the file encoding, plural forms and other things that are less relevant. The second section translates a simple string from English to Brazilian Portuguese, and the third does the same, but leveraging string replacement from sprintf so the translation may contain the user name and visit date.
The last section is a sample of pluralization forms, displaying the singular and plural version as msgid in English and their corresponding translations as msgstr 0 and 1 following the number given by the plural rule. The plural forms always have two msgid singular and plural , so it is advised not to use a complex language as the source of translation.
As you might have noticed, we are using as source ID the actual sentence in English. That msgid is the same used throughout all your. The Gettext manual favors the first approach as, in general, it is easier for translators and users in case of trouble. That is how we will be working here as well. However, the Symfony documentation favors keyword-based translation, to allow for independent changes of all translations without affecting templates as well.
In a typical application, you would use some Gettext functions while writing static text in your pages.
Those sentences would then appear in. One of the great advantages Gettext has over custom framework i18n packages is its extensive and powerful file format. This guide is based on PoEdit 1. Now, save the file - using that directory structure we mentioned as well.
After setting those points it will run a scan through your source files to find all the localization calls. After every scan PoEdit will display a summary of what was found and what was removed from the source files. Save it and a. As you may have noticed before, there are two main types of localized strings: The first ones have simply two boxes: On the other hand, plural form strings include two boxes to show the two source strings, and tabs so you can configure the different final forms.
Whenever you change your sources and need to update the translations, just hit Refresh and Poedit will rescan the code, removing non-existent entries, merging the ones that changed and adding new ones. It may also try to guess some translations, based on other ones you did. It is also useful if you have a translation team and someone tries to write something they are not sure about: From that menu, you can also open parts of the UI that allow you to leave contextual information for translators if needed.
It happens the first time it is read, and then, to update it, you might need to restart the server. Many custom i18n libraries from frameworks use something similar to t as well, to make translated code shorter. However, that is the only function that sports a shortcut. It is just a field in the.
You need to include there the specifications of those new functions, following a specific format:. After including those new rules in the. Dependency injection is a software design pattern that allows the removal of hard-coded dependencies and makes it possible to change them, whether at run-time or compile-time. This quote makes the concept sound much more complicated than it actually is.
Dependency Injection is providing a component with its dependencies either through constructor injection, method calls or the setting of properties. It is that simple. Here we have a Database class that requires an adapter to speak to the database.
We instantiate the adapter in the constructor and create a hard dependency. This makes testing difficult and means the Database class is very tightly coupled to the adapter. Now we are giving the Database class its dependency rather than creating it itself. These are the complex problems that Dependency Injection solves. In terms of Dependency Injection, this means loosening our dependencies by controlling and instantiating them elsewhere in the system.
For years, PHP frameworks have been achieving Inversion of Control, however, the question became, which part of control are we inverting, and where to?
For example, MVC frameworks would generally provide a super object or base controller that other controllers must extend to gain access to its dependencies. This is Inversion of Control, however, instead of loosening dependencies, this method simply moved them.
Dependency Injection allows us to more elegantly solve this problem by only injecting the dependencies we need, when we need them, without the need for any hard coded dependencies at all. The Single Responsibility Principle is about actors and high-level architecture. The largest benefit of this approach is that it enables improved code reusability. By designing our class to do just one thing, we can use or re-use it in any other program without changing it.
Practically speaking, this means that we should write classes that implement and adhere to interfaces , then type-hint against those interfaces instead of specific classes. The largest benefit of this approach is that we can very easily extend our code with support for something new without having to modify existing code, meaning that we can reduce QA time, and the risk for negative impact to the application is substantially reduced. We can deploy new code, faster, and with more confidence.
The Liskov Substitution Principle is about subtyping and inheritance. For example, if we have a FileInterface interface which defines an embed method, and we have Audio and Video classes which both implement the embed method, then we can expect that the usage of the embed method will always do the thing that we intend.
If we later create a PDF class or a Gist class which implement the FileInterface interface, we will already know and understand what the embed method will do. The largest benefit of this approach is that we have the ability to build flexible and easily-configurable programs, because when we change one object of a type e.
For example, a Car or Bus class would be interested in a steeringWheel method, but a Motorcycle or Tricycle class would not.
Conversely, a Motorcycle or Tricycle class would be interested in a handlebars method, but a Car or Bus class would not. There is no need to have all of these types of vehicles implement support for both steeringWheel as well as handlebars , so we should break-apart the source interface.
The Dependency Inversion Principle is about removing hard-links between discrete classes so that new functionality can be leveraged by passing a different class. Do not depend on concretions. We can easily refactor the above example to follow this principle. There are several benefits to the Database class now depending on an interface rather than a concretion.
Consider that we are working in a team and the adapter is being worked on by a colleague. In our first example, we would have to wait for said colleague to finish the adapter before we could properly mock it for our unit tests. An even bigger benefit to this method is that our code is now much more scalable. If a year down the line we decide that we want to migrate to a different type of database, we can write an adapter that implements the original interface and injects that instead, no more refactoring would be required as we can ensure that the adapter follows the contract set by the interface.
The first thing you should understand about Dependency Injection Containers is that they are not the same thing as Dependency Injection. A container is a convenience utility that helps us implement Dependency Injection, however, they can be and often are misused to implement an anti-pattern, Service Location.
Injecting a DI container as a Service Locator in to your classes arguably creates a harder dependency on the container than the dependency you are replacing. It also makes your code much less transparent and ultimately harder to test. Most modern frameworks have their own Dependency Injection Container that allows you to wire your dependencies together through configuration.
What this means in practice is that you can write application code that is as clean and de- coupled as the framework it is built on. Many times your PHP code will use a database to persist information. You have a few options to connect and interact with your database. The recommended option until PHP 5. Native drivers are great if you are only using one database in your application, but if, for example, you are using MySQL and a little bit of MSSQL, or you need to connect to an Oracle database, then you will not be able to use the same drivers.
The mysql extension for PHP is incredibly old and has been superseded by two other extensions:. Not only did development stop long ago on mysql , but it was deprecated as of PHP 5. To save digging into your php. Even if you are not using PHP 7. Not only is that a gross oversimplification, it misses out on the advantages that mysqli provides, such as parameter binding, which is also offered in PDO. More importantly, PDO allows you to safely inject foreign input e.
This is possible using PDO statements and bound parameters. This ID should be used to fetch a user record from a database. This is the wrong way to do this:.
This is terrible code. You are inserting a raw query parameter into a SQL query. This will get you hacked in a heartbeat, using a practice called SQL Injection. Just imagine if a hacker passes in an inventive id parameter by calling a URL like http: This is correct code. It uses a bound parameter on a PDO statement. This escapes the foreign input ID before it is introduced to the database preventing potential SQL injection attacks. You should also be aware that database connections use up resources and it was not unheard-of to have resources exhausted if connections were not implicitly closed, however this was more common in other languages.
Using PDO you can implicitly close the connection by destroying the object by ensuring all remaining references to it are deleted, i. When developers first start to learn PHP, they often end up mixing their database interaction up with their presentation logic, using code that might look like this:. While there are many other solutions to doing this - depending on if you prefer OOP or functional programming - there must be some element of separation. That is a good start.
Create a simple. This is essentially the same as what most modern frameworks are doing, albeit a little more manual. You might not need to do all of that every time, but mixing together too much presentation logic and database interaction can be a real problem if you ever want to unit-test your application. PHPBridge has a great resource called Creating a Data Class which covers a very similar topic, and is great for developers just getting used to the concept of interacting with databases.
Many frameworks provide their own abstraction layer which may or may not sit on top of PDO. These will often emulate features for one database system that is missing from another by wrapping your queries in PHP methods, giving you actual database abstraction instead of just the connection abstraction that PDO provides.
This will of course add a little overhead, but if you are building a portable application that needs to work with MySQL, PostgreSQL and SQLite then a little overhead will be worth it the sake of code cleanliness. Some abstraction layers have been built using the PSR-0 or PSR-4 namespace standards so can be installed in any application you like:.
Templates provide a convenient way of separating your controller and domain logic from your presentation logic. The main benefit to using templates is the clear separation they create between the presentation logic and the rest of your application. Templates have the sole responsibility of displaying formatted content. They are not responsible for data lookup, persistence or other more complex tasks. This leads to cleaner, more readable code which is especially helpful in a team environment where developers work on the server-side code controllers, models and designers work on the client-side code markup.
1.0 Program Output
Templates also improve the organization of presentation code. This approach encourages code reuse where larger blocks of code are broken into smaller, reusable pieces, often called partials. For example, your site header and footer can each be defined as templates, which are then included before and after each page template. Finally, depending on the library you use, templates can offer more security by automatically escaping user-generated content.
Some libraries even offer sand-boxing, where template designers are only given access to white-listed variables and functions. They are a natural choice since PHP is actually a template language itself. This is beneficial to PHP developers as there is no new syntax to learn, they know the functions available to them, and their code editors already have PHP syntax highlighting and auto-completion built-in.
Further, plain PHP templates tend to be very fast as no compiling stage is required. Outside of frameworks, libraries like Plates or Aura. View make working with plain PHP templates easier by offering modern template functionality such as inheritance, layouts and extensions.
From automatic escaping, to inheritance and simplified control structures, compiled templates are designed to be easier to write, cleaner to read and safer to use.
Compiled templates can even be shared across different languages, Mustache being a good example of this. Since these templates must be compiled there is a slight performance hit, however this is very minimal when proper caching is used.
While it does have exceptions and more of the core is starting to use them when working with objects, most of PHP itself will try to keep processing regardless of what happens, unless a fatal error occurs. This is only a notice error, and PHP will happily carry on.
The only real difference is that Python will freak out over any small thing, so that developers can be super sure any potential issue or edge-case is caught, whereas PHP will keep on processing unless something extreme happens, at which point it will throw an error and report it. PHP has several levels of error severity. The three most common types of messages are errors, notices and warnings.
Notices are advisory messages caused by code that may or may not cause problems during the execution of the script, execution is not halted. Warnings are non-fatal errors, execution of the script will not be halted.
These messages are used to suggest changes to your code to help ensure best interoperability and forward compatibility with upcoming versions of PHP. You can also control whether or not errors are displayed to the screen good for development or hidden, and logged good for production.
For more information on this check out the Error Reporting section. Without the error control operator, this expression could create a PHP Notice: Undefined variable: Undefined index: This might seem like a good idea, but there are a few undesirable tradeoffs. PHP handles expressions using an in a less performant way than expressions without an.
Secondly, the error control operator completely swallows the error. The error is not displayed, and the error is not sent to the error log. For example, our code above could be rewritten like this:. One instance where error suppression might make sense is where fopen fails to find a file to load. You could check for the existence of the file before you try to load it, but if the file is deleted after the check and before the fopen which might sound impossible, but it can happen then fopen will return false and throw an error.
This is potentially something PHP should resolve, but is one case where error suppression might seem like the only valid solution. However, Xdebug has an xdebug. You can set this via your php. Use scream with care, and as a temporary debugging tool. This is a common practice implemented by a large number of modern frameworks such as Symfony and Laravel. In debug mode or dev mode both of these frameworks will display a nice and clean stack trace. There are also some packages available for better error and exception handling and reporting.
Like Whoops! By throwing errors as exceptions in development you can handle them better than the usual result, and if you see an exception during development you can wrap it in a catch statement with specific instructions on how to handle the situation.
Each exception you catch instantly makes your application that little bit more robust. More information on this and details on how to use ErrorException with error handling can be found at ErrorException Class. Exceptions are a standard part of most popular programming languages, but they are often overlooked by PHP programmers. Languages like Ruby are extremely Exception heavy, so whenever something goes wrong such as a HTTP request failing, or a DB query goes wrong, or even if an image asset could not be found, Ruby or the gems being used will throw an exception to the screen meaning you instantly know there is a mistake.
The problem here is that you have to go looking for a mistake and check the docs to see what the error method is for this class, instead of having it made extremely obvious. Another problem is when classes automatically throw an error to the screen and exit the process.
When you do this you stop another developer from being able to dynamically handle that error. Exceptions should be thrown to make a developer aware of an error; they then can choose how to handle this.
The generic Exception class provides very little debugging context for the developer; however, to remedy this, it is possible to create a specialized Exception type by sub-classing the generic Exception class:. This means you can add multiple catch blocks and handle different Exceptions differently. This can lead to the creation of a lot of custom Exceptions, some of which could have been avoided using the SPL Exceptions provided in the SPL extension.
It is very important for every PHP developer to learn the basics of web application security , which can be broken down into a handful of broad topics:.
There are bad people ready and willing to exploit your web application. This is a must read for the security-conscious developer. Survive The Deep End: Eventually everyone builds a PHP application that relies on user login. Usernames and passwords are stored in a database and later used to authenticate users upon login.
It is important that you properly hash passwords before storing them. Hashing and encrypting are two very different things that often get confused. Hashing is an irreversible, one-way function. This produces a fixed-length string that cannot be feasibly reversed. This means you can compare a hash against another to determine if they both came from the same source string, but you cannot determine the original string.
If passwords are not hashed and your database is accessed by an unauthorized third-party, all user accounts are now compromised. Unlike hashing, encryption is reversible provided you have the key. Encryption is useful in other areas, but is a poor strategy for securely storing passwords. Passwords should also be individually salted by adding a random string to each password before hashing. Hashing and salting are vital as often users use the same password for multiple services and password quality can be poor.
Additionally, you should use a specialized password hashing algoithm rather than fast, general-purpose cryptographic hash function e. The short list of acceptable password hashing algorithms as of June to use are:. In PHP 5.
It will be updated in the future to support more algorithms as needed though. Below we hash a string, and then check the hash against a new string. Never ever ever trust foreign input introduced to your PHP code. Always sanitize and validate foreign input before using it in code. Foreign input can be anything: Remember, foreign input is not limited to form data submitted by the user.
Uploaded and downloaded files, session values, cookie data, and data from third-party web services are foreign input, too. While foreign data can be stored, combined, and accessed later, it is still foreign input.
Every time you process, output, concatenate, or include data in your code, ask yourself if the data is filtered properly and can it be trusted. Data may be filtered differently based on its purpose. Another example is passing options to be executed on the command line. One last example is accepting foreign input to determine a file to load from the filesystem. This can be exploited by changing the filename to a file path.
When you use bound parameters with PDO , it will sanitize the input for you. This is very hard to do and many avoid it by using other more restricted formatting like Markdown or BBCode, although whitelisting libraries like HTML Purifier exists for this reason. It is dangerous to unserialize data from users or other untrusted sources. You should therefore avoid unserializing untrusted data.
Validation ensures that foreign input is what you expect. For example, you may want to validate an email address, a phone number, or age when processing a registration submission. When creating configuration files for your applications, best practices recommend that one of the following methods be followed:.
As of PHP 5. This is only included as a warning for anyone in the process of upgrading a legacy application. This can easily lead to security issues as your application cannot effectively tell where the data is coming from. For example: Error logging can be useful in finding the problem spots in your application, but it can also expose information about the structure of your application to the outside world. To effectively protect your application from issues that could be caused by the output of these messages, you need to configure your server differently in development versus production live.
To show every possible error during development , configure the following settings in your php. Passing in the value -1 will show every possible error, even when new levels and constants are added in future PHP versions.
What does this mean? In terms of reporting every possible error in version 5. To hide errors on your production environment, configure your php. With these settings in production, errors will still be logged to the error logs for the web server, but will not be shown to the user. For more information on these settings, see the PHP manual:.
Writing automated tests for your PHP code is considered a best practice and can lead to well-built applications. Automated tests are a great tool for making sure your application does not break when you are making changes or adding new functionality and should not be ignored. Test-driven development TDD is a software development process that relies on the repetition of a very short development cycle: Unit Testing is a programming approach to ensure functions, classes and methods are working as expected, from the point you build them all the way through the development cycle.
By checking values going in and out of various functions and methods, you can make sure the internal logic is working correctly. When you create a class or function you should create a unit test for each behavior it must have. At a very basic level you should make sure it errors if you send it bad arguments and make sure it works if you send it valid arguments.
This will help ensure that when you make changes to this class or function later on in the development cycle that the old functionality continues to work as expected. The other use for unit tests is contributing to open source. The materials contained in this web site are protected by applicable copyright and trade mark law. Use License Permission is granted to temporarily download one copy of the materials information or software on www.
This is the grant of a license, not a transfer of title, and under this license you may not: Modify or copy the materials; Use the materials for any commercial purpose, or for any public display commercial or non-commercial ; Attempt to decompile or reverse engineer any software contained on www. This license shall automatically terminate if you violate any of these restrictions and may be terminated by www. Upon terminating your viewing of these materials or upon the termination of this license, you must destroy any downloaded materials in your possession whether in electronic or printed format.
Disclaimer The materials on www. Further, www. Limitations In no event shall www.
Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you. Revisions and Errata The materials appearing on www. We does not, however, make any commitment to update the materials.For years, PHP frameworks have been achieving Inversion of Control, however, the question became, which part of control are we inverting, and where to?
What does this mean? It is just a field in the.
Until recently, PHP did not have a good way to manage these project dependencies. This is a living document and will continue to be updated with more helpful information and examples as they become available.