If your looking for well written books covering an array of technologies and design then check out Friends of Ed (an Apress Publishing Company). They offer the source code and sample files for all there publications which makes for a nice resource for learning something new (book purchase not required for source code download).
The MVC paradigm is a way of breaking an application, or even just a piece of an application’s interface, into three parts: the model, the view, and the controller. MVC was originally developed to map the traditional input, processing, output roles into the GUI realm. Think of it this way:
Input –> Processing –> Output
Controller –> Model –> View
The user input, the modeling of the external world, and the visual feedback to the user are separated and handled by model, viewport and controller objects. The controller interprets mouse and keyboard inputs from the user and maps these user actions into commands that are sent to the model and/or viewport to effect the appropriate change. The model manages one or more data elements, responds to queries about its state, and responds to instructions to change state. The viewport manages a rectangular area of the display and is responsible for presenting data to the user through a combination of graphics and text. Read the rest of this entry »
Every software application can conceptually be broken up into three layers: the front end, which consists of the user interface and application controls; the middle tier, which consists of the code; and the back end, which consists of the database, data structures and other assorted gremlins.
When building software, the trick is to design in such a way that when you place these layers one on top of the other, the parts fit exactly. This is far more complicated than it sounds, and fairly difficult to do at the best of times. But don’t let that discourage you - a number of tools are available to assist in this process…and one of the better ones is called a functional specification.
A functional specification can substantially simplify and streamline the process of application development. Intended to describe how a piece of software works, it provides a ready reference for software developers and aligns large and disparate development teams to a single goal. In the process, it provides technical clarity on how the different components of a particular applications are to be designed, implemented and integrated with each other, and (if used correctly) significantly reduces the time and cost component of any development exercise. Read the rest of this entry »
Good article summarizing the dangers of Cross-Site Scripting and how to prevent them. Examples are in Perl but the basic message is never trust anything from the browser.
Where cross-site scripting is concerned, particular caution needs to be taken if you allow visitors to your site to add content to it or “echo back” values they’ve submitted (such as a word they’re searching for).
These days it’s better to use PHP libraries like PEAR::HTML_QuickForm or PEAR::Validate to prevent oversights when using regular expressions to validate incoming data.
When you need to allow visitors to add marked up content, the most effective approach is BBTags (common to vBulletin and phpBB) - PEAR::HTML_BBCodeParser can help. “One to watch” in that area is KSES which is an “HTML and XHTML filter”, if you want visitors to be able to use native tags.
I also found these excellent articles:
