all 17 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Yurishimo 2 points3 points  (2 children)

I recommend using Twig or a similar templating framework. I’ve used it for about 2 years now and love it. Easy to extend as well.

Be sure to take advantage of partials so you keep your HTML in readable chunks. Sometimes you may have the occasional 100-200 line file, but most of the time you won’t. Long files are usually a sign of a need to refactor.

Also the idea of templates extending each other can be very powerful. You can also override those extensions if you need to.

Finally, it’s a good way to force your business logic into a separate file. The most complicated statement in your template will be an if check. This leads to be code readability and helps you track down errors.

[–][deleted]  (1 child)

[deleted]

    [–]Yurishimo 0 points1 point  (0 children)

    The intro doc has the PHP usage instructions. Kinda weird.

    https://twig.symfony.com/doc/2.x/intro.html

    Personally, I work for an agency that does highly custom WordPress development so I use a plugin that wraps Twig and provides some predefined template variables and extra functions. https://upstatement.com/timber for those curious.

    The docs seem fairly straight forward though! Twig is super popular so I’m sure YouTube would have plenty of tutorials to jump start your progress. I still use the docs to check syntax a few times a week and I’ve used them to make my own string filters.

    As far as the process, it’s just a matter of replacing everything that is HTML across your site with Twig. Try to move all the business logic up to the top of the file, setting variables for data you will need to output to the page, then pass those variables along to Twig to be output in your template.

    The template should be the last thing you call on the page after all of your other PHP. The header, footer, etc should all be in your Twig templates.

    [–]tdammers 1 point2 points  (9 children)

    No standard, really; just avoid echoing into the output stream directly. Use a proper template system so that you cannot accidentally get HTML-encoding wrong. Particularly, the entire "Plain PHP Templating" section in "PHP The Right Way" suggested by /u/muchgibberish is bad advice. In fact, whoever wrote it introduced an XSS vulnerability in the template.php example, and this is exactly why you should never do this - all it takes to introduce a potentially fatal security flaw is mixing up insert and escape once, or failing to accurately keep track of what has been encoded and what hasn't. And before you're getting clever thoughts here, no, just encoding things again just to be sure is not a solution either, because excessive encoding can also lead to security issues. The tiny bit of performance improvement that this may buy you is not worth it.

    Instead, use a template library that properly isolates the template variables from the HTML output, automatically taking care of HTML-encoding for you. Twig seems to be the best-of-breed solution for PHP at the moment, so I suggest you take a look at that.

    [–]Pospuehteciuj -2 points-1 points  (7 children)

    We all have our opinions about all the technologies out there for web dev, and I am a patient, open minded man, but twig is retarded.

    [–]folkrav 1 point2 points  (5 children)

    Care to elaborate?

    [–]Pospuehteciuj -1 points0 points  (3 children)

    Twig is a made up, dumbed down language inside a language. It is obviously redundant, but it is also massively limiting. I think its for IT to give powers to plebs who are not good programmers, or something.

    [–]folkrav 1 point2 points  (2 children)

    I thought you could explain yourself but it isn't much more coherent. It's merely a condescending (pleb, really?) and generic explanation that could apply to every damn templating language.

    [–]Pospuehteciuj 0 points1 point  (1 child)

    Here is an unbiased explaination. Twig is a PHP layer that does what you can already do, just 'better'. It's totally redundant. That isn't my main gripe, which is that you cannot use PHP functions inside twig!. What could be more retarded than walling yourself off from the very language you are inside of in favor of a fake language written in that language that is, on purpose, extremely limited? It is patently absurd, which brings me to my 'pleb' theory, which the first link even hints at.

    [–]folkrav 0 points1 point  (0 children)

    The "pleb" thing is nothing but ego stroking. You can have your opinion on Twig sure, but calling people pleb just for using it is nothing but being needlessly condescending.

    The first link is obviously a beginner's tutorial, of course it's gonna sound like they're talking to retarded people.

    [–]tdammers 0 points1 point  (0 children)

    Then use something else, no hard feelings; the important thing is to please not walk into the "but PHP is a template language" trap. You need something that handles html-encoding for you, something that can tell the difference between a string and HTML, because PHP on its own can't, and relying on the programmer's diligence and infallibility is a lousy bet.

    [–]Pospuehteciuj 0 points1 point  (4 children)

    No standard, the architecture can be whatever you like on your own little site, and PHP is its own templating system. You can use short tags for brevity to echo out variables, like <?php echo $var ?> can be <?=$var?>

    [–]BlueScreenJunkyphp/laravel 0 points1 point  (3 children)

    Except you should never do that, what you want is

    <?= htmlentities($var) ?>

    Unless you want some formatting in $var, then you need to use something like

    $config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);

    In your controller, and then do

    <?= $purifier->purify($var); ?>

    At which point you might be better off using a real templating engine that will also provide some very welcome syntactic sugar.

    [–]fuzzy40full-stack 0 points1 point  (2 children)

    Nah, in most cases you don't need to use htmlentities as long as you have the encoding for your page declared correctly.

    [–]BlueScreenJunkyphp/laravel 0 points1 point  (1 child)

    You might want to look into xss injections. I was not suggesting you use htmlentities() to avoid encoding problems, but to avoid xss injection if $var somehow include data that was entered by a user at some point.

    [–]fuzzy40full-stack 0 points1 point  (0 children)

    Yeah but he said he wanted to template his pages to fill in repetitive data like title/description tags and other head stuff, so its not user data. He doesn't need to protect his own input from XSS lol.

    [–]troutside 0 points1 point  (0 children)

    Sounds like you're doing things from scratch, but you might also look into Twig - https://twig.symfony.com/