Bob,

A must have: phpDesigner

While I haven't had a chance to play with Joe's suggestion (I just went to their website a few minutes ago)

check out:

obviously: Firefox, IE (6,7,8), Opera, Safari

a) Codelobster (gotta love the name)
b) php.net (and download the help too)
c) I like Syn (no intellisense though)
d) Ulltraedit (still on my to play with list)
e) FirstPage 2000/2006 - mostly abandoned by the developer 2006 has MUCH more in it (annoying nag and some people have had problems) but I routinely use the 2000 version for html

f) Western Civ (Stylemaster) for CSS - comes with boku templates too
g) the w3c validators and standards themselves - awesome
h) Wordpress as a cms framework and then style as needed
i) php 5+ (try to get php 5.3+) supposedly has SQLITE support - haven't had the chance to play with it.

J) WAMPSERVER (http://www.wampserver.com) free apache/mysql/php for windows all automated and easy to use (I've used it for years and found nothing better)

That's the quick list. Hope it helps

JS

Favorite tools

Thanks guys, plenty to look at.

I've been trying to install MySQL on a machine that may have had an earlier version of it installed since I'm having problems with the configuration steps. It keeps telling me the InnoDB tables are in use by something else which I assume is the earlier instance.

I've checked tasks and services and had removed all I could find.

It also indicated while installing that I had to supply the current password??? Since there was nothing in Add/Remove programs and there are no other instances of msqld I'm stumped. I guess I'll uninstall and check the registry entries too to make sure nothing was left around.

Ever had this problem?

Bob Mechler

Tools I use.

For editing/creating:
Pick any "text editor" which works to your liking. Some prefer editors capable of syntax highlighting, debugging, project management. Others go with plain vanilla Notepad. I'm using PrimalScript, because I mainly do ASP (no .NET yet) and PrimalScript supports ASP quite good.

For debugging:
Firefox along with with some addons, namely
- ColorZilla (a color picker/revealer)
- DOM Inspector (needed by some other addons)
- HTML Validator (What it says)
- Inspect This (Show the selected element in the DOM tree)
- JSView (View external JavaScripts/CSS files)
- Page Info Forms and Links (adds a tab "Forms" and "Links" to the Page Info dialogue)
- Tamper Data (View/Modify data from HTTP POST and GET requests)
- View Cookies (What it says)
- View Dependencies (Adds a tab "Dependencies" to the Page Info dialogue, lists all links, images etc. of a page in a hierarchical manner)
- Web Developer (A toolbar with lots of interesting (developer) stuff)
- Yellowpipe Lynx Viewer Tool (Simulates how a page looks in a Lynx style text web browser. Useful for testing how search engines "see" your page, semantic coding and checking if your page makes sense if used with screen readers (barrier-free))

I'm not a professional web developer, though. Just coding for our company's intranet and private pages.

Needs to run Windows, Mac and Linux

If you mean that users are on Windows, Mac and Linux then you have a good change, just stick to html and javascript. But having the aplication run on Windows, Mac and Linux forget it. The only language that can be used with a high degree of compatiablity between the different platforms is c++. It has been tried and failed, the designers end up having to specifically designing a version for each platform as they are all so very different.

In the case of linux you have to choose the evironment and the distribution because they are all so different. If you consider java it behaves differently on each and every platform and with the different versions and release of java. Php is better in some things but you run into same problems as java.

Want to keep you sanity, write you application as web based application that generates HTML Javascript pages and use a Windows server to host all the applications. I use Powerbasic PBCC for the applications and PBDLL for the dll's and it is more than a match for anything out there. My cuurent work I am replacing a java application suit and I getting up 200 fold increase in speed and it is just about bullet proof.

Can't say I have. Step one would be set up a virtual machine and go for the install on that. Just to check (assuming you have a VPC set up).

I don't suppose you could wipe the drive and reinstall windows? Might be faster than trying to debug.

JS

my favorite web tools:

PBCC
UltraEdit for HTML/Javascript/CSS
Paintshop Pro

I do 98% of my sites with those 3 tools

To use PBCC, I would have to use a Windows Server right? That's not really a problem except how to test clients who have browsers resident on the Mac. (This is important because my former vertical market was small newspapers who are almost universally on Mac's)

PHP is interesting because you can run CGI but also load it as a module in IIS (if I'm reading the documentation correctly. I wish Powerbasic could do the same).

In playing with IIS and the configuration page I see a lot of file extensions depending on aspnet_isapi.dll to run. When installing php there was a dll like that to associate with the php extension. Has anybody tried to create a PB DLL for the same purpose?

It seems like the only solution with PBCC is a cgi app. When that is run, the people I deal with get real nervous when they see that .exe running in the URL. Is there a way to hide that? I would like the only url shown to be the domain name and never change. I've seen other websites do this but don't know how.

I saw Martin's reference to PB DLL'S and am not sure how that would work. Are they called from the initial PBCC exe? Are they persistant once loaded or are they loaded and then released?

How are session's handled? Session cookies generated by the PBCC program?

If I could do that, then CGI would be acceptable if the web hosting service allowed it, like Shawn's does.

Some of these things should be different threads, probably.

I'm frustrated because the web paradigm is not something where the light has turned on for me just yet.

What many people like me would probably like to see is a project with the following items in their simplest form.

1. How to build a proper login validated against an sql table like sqlite.
2. How to build the page that does the login
3. Based on the login how to branch to different applications based on the person logging in.
4. How to establish a session for the user
5. How to start the app using the PBCC.EXE startup cgi executable
6. How to call functions in DLL's as needed. Would each DLL be a complete application?
7. How to manage an sql server connection from a DMZ network area to an SQL Server inside the domain.
8. Example scripts and grids and should they be populated with XML or variables defined in the web page.
9. How to secure the site using best practices.

I've been reading a lot of things on w3schools.com and am in agreement that the web page should be served up via a web page generator and ajax methods should be used to grab data but how to make all this work with PBCC and PBDLL is quite beyond me.

Both the books and the current available samples are way deficient in 'turning the light on'

I don't mind writing thousands of lines of code if I know the end result is a web application that will rival desktop apps in responsiveness and functionality. I don't want to start though until I understand how it would work and satisfy all requirements.

Bob Mechler

Bob,

I've been where you are, I understand all that you are asking.

For me, it finally came down to looking at what the 'masses' were doing. I love PB; I learned a LOT from writing PB-CGI apps. Now I use PHP nearly exclusively. It took a few days worth of reading and playing around with, but its an easy thing to master. There is NO way a CGI app (PBCC or other) is going to compare to PHP. PHP was designed to do web apps. Right tool for the right job sort of thing.

As for the .exe part of the URL, the web browser couldn't care less what the CGI program is named. You can simply compile your program and call it: webapp.mechler and as long as you configure the web server properly, the CGI will function just fine.

Same thing with MAC vs PC. Its only the server you have to be concerned about. Doesn't matter at all what the client (browser) is. In the end, the CGI is only pumping out plain old HTML, so its only the execution of the CGI app that requires Windows.

The answer to questions 1-9 IMO are easy. Use PHP. All of those functions are done with a couple of easy code lines. Sessions/cookies/SQL while doable with PB will take considerably more time and code to accomplish.

Not knocking PB in ANY way, just the reality of the matter here. PHP (and Javascript to some extent) was designed as a web technology. PB, for the most part, was designed as a GUI/Console technology. Both can do what the other does best, but neither can do what the other does better.

1. How to build a proper login validated against an sql table like sqlite.

Most of my larger web pages are just one or two HTML pages. Everything else is generated dynamically and the same page is updated using AJAX.
My login process is this:
I set up global javascript variables like "user" and "password".
The user types in a user/pw which goes into the CGI.
If the user is OK after comparing user/pw to a database (sqlLite, Access, MySql, or whatever), the CGI returns and runs the javascript that sets the values for user and password. After that, every time I go back to the server, I pass the user/pw as part of the AJAX request and verify user/password.

2. How to build the page that does the login
The first page is just a simple HTML form.

3. Based on the login how to branch to different applications based on the person logging in.
Using AJAX, when I verify the user/password (see #1) I return the menu system that is allowed for that user.

4. How to establish a session for the user
The only sessions I use are to pass a time/date string back and forth as part of my AJAX requests. If too much time has passed, an error is handled.

5. How to start the app using the PBCC.EXE startup cgi executable
you mean run a CGI from the first HTML page?
I would just run a javascript function.

6. How to call functions in DLL's as needed. Would each DLL be a complete application?
I know this comes back to the in/out of process for DLL vs. EXE files, but with modern servers that are fast with lots of RAM, you really can't tell a difference. DLLs are harder to work with if you're making lots of changes, like during website development.

7. How to manage an sql server connection from a DMZ network area to an SQL Server inside the domain.
If you use MySql, most of the administration is web based.

8. Example scripts and grids and should they be populated with XML or variables defined in the web page.
I have an admission about XML: I never use it. I have created AJAX that creates XML, but I can do so much more, so much easier creating complete HTML in my CGI and passing it back to the calling page.

9. How to secure the site using best practices.
A huge thing would be to use a SSL. Also, use some sort of encryption when storing sensitive data.

NOW, my opinion of PHP. We host a couple hundred websites using PHP, and it has some nice features. One big advantage is the huge amount of PHP examples available, including complete programs.

I have NEVER seen anything in PHP that I cannot duplicate as well as or better using PBCC and AJAX. I will also say that we've had several PHP websites hacked.... I've never had a PBCC/AJAX site hacked.

I'm getting close to finishing a 2-year AJAX website project for a customer. When it's done, I'll post some videos...
The synopsis: Raising hogs is big business. My customer is a PhD with a complete staff that analyzes and reports on the quality of pig semen. I know it sounds funny but it is a high-end, big money, clinical process. The website tracks every meticulously detailed aspect of the process from receipt of the specimen to the ending reports. This web project is being picked up by a major university who has an affiliation with my customer, who tried and failed to do it themselves. It was done completely with UltraEdit, PBCC, Paint Shop Pro and the AJAX methodology. It uses a MySql database and a Windows web (IIS 6) server.

Thanks very much. Very complete. I can actually use these answers.

I found the Ajax approach with just a few actual web pages where the content is generated by the PBCC to be very interesting.

This method could start out simple and with a good skeleton going for generating different generic web page layouts (single form,form with grid, tabbed form, PDF support for printouts, generic field data type validation using Javascript functions, validation routines against file data and of course CSS for styling)

I am definitely interested in the videos and/or demo websites anyone might have whether done in PHP or PBCC. I can understand that folks might not want to show what they have because it might reveal their third party market.

I believe the intranet market is ready to explode. I know with my association with newspapers, the only new application they can be interested in is a browser based system. I think it will be my way to break back into a market I had really good success at form 1983 to 2001.

Bob Mechler

I forget whether it was Paul or Eric who was experimenting with a way to combine PB and php. It was a little over a year ago. Search the forum

But on a windows server there might be a way to set up custom php modules (or services) which can be called from the web server

sounds complex and might be better suited to a stand alone product. In fact that was the original idea which didn't fully develop as I recall. But it was far enough along that <whomever> was going with custom licensing.

Hope this helps.

JS

Thanks John, I'll do the search.

Bob Mechler

It was Eric, and he was generous enough to send me an evaluation copy. I fooled around with it a little bit for a larger project I was quoting. I never really did anything with it, but from what I saw, it should work as advertised. It was this project, btw, that made me look deeper into the various Web development options which lead me to choose PHP for my web projects instead of CGI.

Hi Bob,

I've been a lurker on these forums for some time, and thought I would chime in with a few ideas.

HTML/CSS Editors
A text editor, though slow at first, is the best way to learn how to write HTML, CSS, JavaScript, etc. WYSIWYG tools don't always give you what you expect, and if you don't understand the underlying code, it's difficult to fix your site. I started with WYSIWYG tools and have used Nvu (found it very buggy), but I now find that I'm more productive with a text editor.

I'm a bit of a text editor collector. For a long time I used the free PSPad, but about 6 months ago switched to HippoEdit. It's a really great editor with very nice syntax colouring capabilities. For instance, it can highlight code within code, such as PHP and JavaScript within HTML.

Having said all that, if you really want Intellisense type editors, then take a look at the ones from Tanggaard Software. They really are quite nice.

Server Side Scripting
PHP is what I'm most familiar with, though I have done a lot of ASP (not .Net) in the past. The "problem" with PHP and their ilk is that, without a supporting framework, you often end up with the issue of presentation layer code (html) mixed with programming logic (php).

Of course, people long ago realized this issue, and now there are many PHP frameworks to choose from. Personally, I'm a fan of CodeIgniter. It's lightweight, speedy, and uses the Model View Controller design approach. It is not a template system, such as Smarty for PHP, though it could be used as such. It has great documentation and a lot of nice "helper" classes/functions that make your coding life a little easier.

PHP has its critics and it is not perfect, but it does work well and is very popular, so there are lots of resources around. As a BASIC programmer, you won't find it difficult to learn.

Client Side Scripting (AJAX & JavaScript)
AJAX is a methodology, not really a technology, but since you're interested in JavaScript frameworks or tools that support AJAX, you might want to look at jQuery, ExtJS, or MooTools. JQuery has become very popular lately, but each of those tool sets is geared to slightly different developer needs, so you may wish to read up on them before making a decision. Others out there include Prototype, DoJo, and YUI.

Web Server
For a web server, you will do well with Abyss. I have it running on Windows, OSX, and Linux. It's easy to set up, lightweight, and very stable. It supports ASP, ASP.Net, and PHP. The 1.x version, and that's all you really need for development, is free. The paid 2.x version is inexpensive.

Database
MySQL is a popular database, but I stopped using it some time ago due to corruption problems. I would never put business critical information on MySQL. If you really want to use a 100% free and open source database, then look at PostgreSQL. It is rock solid and a joy to work with.

I hope this helps. If you have any other questions, I'll do my best to answer them.

--
Kevin Powick

This isn't very secure. If I'm reading this correctly, you have the user/pw in every page. You would be better off to at least pass a token, such as a GUID, back and forth and validate that against some type of session table in your database.

Again, this is easier, cleaner, and more secure using a token to verify and update against your own, internal session table.

I don't think this is what the OP was after. It's essentially a security question about how does a website on the outside of a firewall communicate securely with a database behind the firewall.

Although a lot of people put their databases on the web server, it's a huge security risk. But if the database is behind a secure firewall, you don't want to open up a port on the firewall that would allow direct access to the machine hosting the database, so how do you handle it? There are a number of security products and firewall options to help you to do this more securely, but you can also set things up so that your web server does not make direct database calls, but rather makes calls to a service that provides the data required.

Example: Instead of your web sever executing a straight SQL statement such as "SELECT first_name, last_name FROM customers WHERE id = 12345", it would make a "function" call like GetCustomer(12345).

It is very dangerous to actually have your webserver make direct SQL calls into your database due to the risk of SQL injection - Injecting malicious statements into SQL passed to the server.

At the very least, you should call stored procedures, but even better are calls to a service that in turn makes calls to your database's stored procedures. The service acts as a broker between the database and the web server. Another advantage is that this service broker, if designed correctly, can be used to support other applications besides just your website.

Very true, but it only scratches the surface of securing a website and the data behind it. As we see by the examples of hacked websites and stolen data in the news all the time, site security is not easy to do.

This may be true, but it's akin to saying the same thing about using assembler over a higher level language. While your approach is valid and you are comfortable with it, you are doing a lot of tedious hand coding. You could combine PBCC with a server scripting language such as PHP and have the best of both worlds. Another question I would ponder about your design is, "Who can maintain it?"

Security through obscurity is a fallacy and a big risk. I'm not sure how you can sell that to a client.

--
Kevin Powick

I have to think security. The online app I help install (but did not write) caused a good deal of interaction with network security admins and auditors.

In one case an SSL certificate and a leased server was turned down at a hospital research funding scenario. They did however accept a web server in their web server farm with SSL in a DMZ zone. We worked out communication with their Ms SQL cluster via IPSec security on ports 1433 (TCP) and 1434(UDP). The security was enhanced so that these IP addresses could only talk to each other, the DMZ computer IP address and the Domain SQL Cluster's computer IP address. They probably did other things on their router. The Ipsec first blocked all ports and then opened up just a handfull with specific IP ranges for back and forth communication.

Bob Mechler

Though using a token is a better idea, how could anything in the request be sniffed out over a SSL? Very unlikely.

to me this 6/half dozen

Isn't that what PHP does? Using CGI calls a "function" EXE. It is simple to have your CGI screen the sql request for possible injections.

Of course, there are books on security. I wasn't trying to over simplify.

It's not like I'm re-coding everything. I have PB libraries just like there are PHP libraries. As far as who can maintain it.... Anybody here who also knows javascript and HTML.

No fallacy here. The problem with PHP is that most of it is scripted and much of it is allowable to be gone through by anyone. For instance, how many Zen Carts are out there? It gets hacked all the time. No one is able to hack a compiled binary file....

Hi Shawn,

First, SSL is only browser to website security, not end to end security. Though your design is not clear/known to me, it seems that one would just have to view the source of one of your web pages in the browser to see the user name and pw, no? Btw, that user password, how's it stored in your database - Plain text, encrypted, hashed, salted?

You mean make direct SQL calls to a database? No, It's not that PHP "does" this, but it is a popular way to code websites that interact with databases. PHP is just one scripting language that allows this. It is also a very insecure way to communicate with a database.

It's actually not that simple. SQL injection, XSS, and other website exploits can be rather sophisticated.

Not sure what this means as PHP is server side code. Anyone can't just "go through it" by default.

If you mean that the source for PHP itself and 3rd party add-ons are available for people to view, possibly to search for weaknesses and exploits, you are correct. In the end it's of great benefit to have many bright minds examining source code for security flaws. Your own system will be limited by your abilities. Such is the case with any code that a single author writes.

This comment is dangerously naive. Either you don't really understand the potential security issues you face, or they're not that important to you.

My intension has not been to insult you or poke holes in your design, but just to make people realize that security is a big deal and it is not easy. I am not a security expert, but have had to work with companies that have very good ones. I've learned a thing or two along the way and was just hoping to pass it along.

Regards,

--
Kevin Powick