web development today
TRANSCRIPT
About meHesham A. AminPrincipal Software Engineer
@heshamamin http://forloveofsoftware.blogspot.com/
+HeshamAmin
https://eg.linkedin.com/in/heshamaamin
Publishing your site• You need public access• Domain name (www.example.com)• Hosting• Data center• Shared Hosting
• Publishing• FTP• Web Deploy
MVC: Model-View-Controller• A software Architectural Pattern
• Model• Data - Business Domain
• View• Display content - UI
• Controller:• Handle user actions• Request model to change it's state
PHP Before MVC:<!DOCTYPE html><html><head><style>table, th, td { border: 1px solid black;}</style></head><body>
<?php$servername = "localhost";$username = "username";$password = "password";$dbname = "myDB";
// Create connection$conn = new mysqli($servername, $username, $password, $dbname);// Check connectionif ($conn->connect_error) { die("Connection failed: " . $conn->connect_error);}
$sql = "SELECT id, firstname, lastname FROM MyGuests";$result = $conn->query($sql);
if ($result->num_rows > 0) { echo "<table><tr><th>ID</th><th>Name</th></tr>"; // output data of each row while($row = $result->fetch_assoc()) { echo "<tr><td>" . $row["id"]. "</td><td>" . $row["firstname"]. " " . $row["lastname"]. "</td></tr>"; } echo "</table>";} else { echo "0 results";}
$conn->close();?>
</body></html>http://www.w3schools.com/php/showphpfile.asp?filename=demo_db_select_oo_table
PHP After MVC<?phpclass Category extends AppModel { var $name = 'Category';}?>
<?phpclass CategoriesController extends AppController {
var $name = 'Categories';
function index() { $this->set('categories', $this->Category->find('all')); }}?>
<!-- File: /app/views/categories/index.ctp -->
<h1>Categories</h1><table> <tr> <th>Id</th> <th>Title</th> </tr>
<?php foreach ($categories as $category): ?> <tr> <td><?php echo $category['Category']['id']; ?></td> <td> <?php echo $html->link($category['Category']['name'], array('controller' => 'categories', 'action' => 'view', $category['Category']['id'])); ?> </td> </tr> <?php endforeach; ?>
</table>
Client Side Technologies• HTML5• JavaScript is winning :(• So Far!
• jQuery• MV* Frameworks:• AngularJS, Ember, Knockout
• Typescript, CoffeeScript, Dart• ES6, ES7
Ready-made CMSs• Wordpress• 70M+ sites!!• Bata - TechCrunch - Sweden official site
• Drupal• Joomla• Media Wiki
Security• Application level attacks• OWASP top 10
• A1-InjectionA2-Broken Authentication and Session ManagementA3-Cross-Site Scripting (XSS)A4-Insecure Direct Object ReferencesA5-Security MisconfigurationA6-Sensitive Data ExposureA7-Missing Function Level Access ControlA8-Cross-Site Request Forgery (CSRF)A9-Using Components with Known VulnerabilitiesA10-Unvalidated Redirects and Forwards
SQL Injection"Select * from UsersWhere Username = '$username' and password = '$pass'"
$username = "USER' /*"$pass = "*/ OR 'a'='a"
"Select * from Users Where Username = 'USER' /*' and password = '*/ OR 'a'='a' "
"Select * from Users Where Username = 'USER' OR 'a'='a' "