I can understand your frustration but it sounds like the issue you are having is with PHP, not with Flex. Flex/Flash can work with whatever you would like on the backend. How your PHP application is structured is totally up to you. That said, I haven't tried to use the wizards.
But I use either a collection of PHP, pre-written PHP classes that are included in my app, or whichever combination that seems to work best to get the needed output. I would hazard a guess to say that the tutorials you have seen may intentionally be simple purely because there are so many tutorials out on the web for building apps with PHP and mysql. The tutorials are only showing the essentials needed to connect that to flex, i.e. using POST requests, GET requests, etc. As in your related post about using one or multiple PHP files, that is totally up to you and how you want to structure your app. But that again is not directly related to Flex.
You can even use a system like Drupal, Codeigniter, etc. as your backend. For example:
The options are endless...
You make some good points here. You also support my 'rant' in that the tutorials for how to get Flex to work with MySQL are weak, very weak. What they show is not the 'basics' of Flex/MySQL communications, they are much too simple with 'Bad' coding technique, to be of any use to someone who is not experienced with PHP. I do not accept the idea that you should be an experienced PHP programmer to be able to get Flex to access MySQL.
I see no reason for the examples & tutorials for Flex should be this poor, nor has anyone given me what I can except as viable explanation why this condition is allowed to continue.
Once again, thanks for your points and link to a set of PHP tutorials.
I think the problem is that Flex examples tend to deal with, well, Flex coding. Database connections (or web service connections, etc) are first and foremost to do with server-side coding, and Flex makes, on the whole, a very clear and clean division between client and server. This is in contrast with technologies like ASP.NET which (unless you are very careful) leaves you with tightly-coupled client and server code. I can take my Flex apps, write a thin server-side piece of code and migrate the app to a completely different server technology with no problems, whereas I have encountered huge problems trying to do the same with Java and ASP interfaces. That has to be cool.
Now, your example is PHP+mySQL+Flex. But this is a combination I never have to use in a commercial environment. I am regularly working with combinations like C#+Oracle+Flex or ASP+SQLServer+Flex or JSP+Oracle+Flex - no doubt lots of folk onlist never have to worry about those... but Flex is versatile enough to easily accommodate all of those cases and many more. So, while I can sympathise with your frustration, the real issue you are facing surely is a lack of PHP examples rather than Flex?
You and Richard are correct that the problem is with the PHP files in the examples. An, yes, if I were an experienced PHP programmer I'd most likely not be having any problems. That said, the PHP files used in both the examples & tutorials use very bad coding techniques. I'm sure neither you or Richard would code like that, no experienced programmer who wishes to be considered competent would write like that.
To use such code in examples and/or tutorials is worse than bad, its aiding and abetting 'Hacking'. Tutorials need to show the inexperienced user how to do things right, using good coding practices with real world examples. As this is what was done with the Flex/Cold Fusion tutorials I can not help but think that the poor quality of the Flex/MySQL examples was done knowingly.
I maybe wrong in my feelings, the people responsible for the examples and/or tutorials may just be lazy or incompetent, or they just might not care. It really doesn't mater. What maters is that all we currently have is example code that demonstrates that Flex/Flash can communicate with MySQL using PHP. “Big Deal”.
What I'm asking for are examples and tutorials that use real world situations with real world coding practices and security. Or is that too much to expect? I'd like to know.
Check out this website www.baoandassociates.com and run the demos.
You seem to have a grasp of programming languages. Out of curiosity, is PHP one of the requirements for your project or you would just like to learn PHP? For the example code you posted, you want a backend that can connect to a database and return xml data. If PHP is not required, you can use any backend language you like. Python (another favorite of mine), Ruby, etc.
I actually haven't seen the tutorials you mentioned that are so poor. When I first started learning Flex and wanting to connect to a backend, I first understood how Flex communicates with a backend, i.e. the HttpService as you noted. But from there I went off and learned what I needed with the appropriate resources for the language/tool I wanted to use. This is only a guess but the Cold Fusion examples might be better because that is also an Adobe product. As such they are responsible for producing good tutorials for that.
But really there are countless examples on the web on how to make mysql generate web data. There are many debates about what constitutes "best practices" but generally a developer inexperienced in a language should go to the resources dedicated to that particular language/tool. You'd be surprised at the number of competent developers who do the very things you say shouldn't be done simply because it solves their particular issue quickly and easily.
So to answer your follow up question, in my opinion, I do think it's too much to expect for Adobe to present a complete app with real world coding practices and security for every language I think should be represented, and especially to make that approachable for someone inexperienced in the technologies involved. It might be nice for them to do that, but then there would be just as many arguments shooting down what they provide as a "best practice" and "why not this language?", the list goes on.
Here is a good example of someone who posted a good set of example code. Check out the comments.
Perhaps you could use something like that actually, just generate xml instead of json.
PHP is part of LAMP. They are becoming popular because they are FREE. Everyone is cheap during the bad economy.
I guess you are using PHP to access MySQL, not produce HTML (you are using Flex for UI, right?). I'm not sure how good
PHP in a server cluster, but if you are using stick session, it should be OK. Session fail-over is hard even with Java.
Just for info I've started using a component called 'AS3FlexDBKit' to do my db work. It's still got some holes in it but it works just fine as a starting point. I'd love to hear any comments on it if you've used it.
Two good sites. The first one's PHP code demonstrates one of the big complainants I have, no security.
Look at the code snippet:
define( "DATABASE_SERVER", "localhost" );
define( "DATABASE_USERNAME", "user" );
define( "DATABASE_PASSWORD", "pass" );
define( "DATABASE_NAME", "flex" );
//connect to the database
$mysql = mysql_connect(DATABASE_SERVER, DATABASE_USERNAME, DATABASE_PASSWORD) or die(mysql_error());
As you can see the user name and password are hard coded. This is very bad since PHP files on the server can be read by anyone who knows just a little hacking. User names and/or passwords should NEVER EVER be hard coded. Most especially in human readable format.
Just out of curiosity, where/how do you store/use your passwords for PHP (or like languages) then?
You don't store passwords or usernames, they are passed in from the HTML page or in this case the Flex servace call. Like this
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
// 1. Create a database conection
$connection = mysql_pconnect(DB_SERVER, $username, $password);
I think there might be a confusion about how those usernames/passwords
are being used. The ones hardcoded in the code are for database access,
as opposed to individual user access.
I believe most systems/frameworks do have these database credentials
hardcoded in the source as part of settings, configs, etc. I don't see
where else they can be stored.
Securely passing it from the client could be done over HTTPS, but that
would require the user to know the database access credentials which
isn't what I think you intend.
For individual user access, those are typically transferred by POST
requests as you outlined but then those credentials wouldn't be used to
connect to the database, but only to be tested against the database to
see if that user is valid in the app.
I agree with Michael here. It is very common to have a single set of database credentials that is used to access the db itself (and if using mySQL then you can restrict access by host name/IP as well). These would be written into the server-side code so inaccessible to end-users.
The issue of access to the web pages themselves, and any related implications about what they are allowed to see or edit, is managed quite differently, for example by LDAP, or by access roles built in to the web server environment.
There may well be situations where you use the same credentials for both, but personally I'd keep them separate.