Delphi for PHP first impressions

I tried out Delphi for PHP for the first time this weekend.

Install on Vista was smooth. The setup installs its own copy of Apache 2 and PHP 5. A few minutes later and I was up and running.

The IDE is Delphi-like. Here is a scrunched-up image to give you a flavour:

 

I have a standard application I build when trying out a new development tool. It is a to-do list with a listbox, a textbox, and buttons to add and remove items from the list. I started well, and soon had the controls placed, though they are tricky to line-up nicely. I resorted to setting the Left property as the snap-to-grid did not work for me.

Then I double-clicked the Add button. As expected, I was greeted with an empty Click handler. What to type? After a little experimentation I came up with this:

$this->lstItems->AddItem($this->ebItem->Text,null,null);

When you type ->, the editor pops up autocomplete choices. Nice. I clicked the run button and the application opened in my web browser. I set a breakpoint on the line; that worked nicely, especially after I displayed the Locals window so I could see the value of variables.

The next step is to implement removing an item. This is fractionally more challenging (I realise this is little more than Hello World), since I need to retrieve the index of the selected item and then work out how to remove it.

I am embarrassed to admit that it took me some time. Yes, I tried the documentation, but it is terrible. Unbelievably bad. Someone ran a thing called Doc-O-Matic over the code. Here’s the entire description of the ListBox control:

A class to encapsulate a listbox control 

There’s also a reference which lists methods, again with a one-line description if you are lucky. Here’s the one for ListBox.getItems:

This is getItems, a member of class ListBox.

I gave up on the docs. I had figured out AddItem; I had discovered that the itemindex property has the index of the selected item; but there is no RemoveItem or DeleteItem. I went back to basics. The ListBox has an _items member field which is an array. In PHP you remove an item from an array with unset. I resorted to editing the VCL for PHP by adding a RemoveAt method to CustomListBox:

function RemoveAt($index)
{
unset($this->_items[$index]);
}

Note that I am not proposing you do the same. There must be a better way to do this. I just couldn’t work it out quickly from the docs; and I was determined to get this up and running.

Here’s my code for removing an item:

$selindex = $this->lstItems->itemindex;

if ( $selindex > -1)
{
$this->lstItems->RemoveAt($selindex);
}

Now my app worked fine. What about deployment? I used the deployment wizard, which essentially copies a bunch of files into a directory, ready for upload. There are a lot. 44 files to be precise, mostly of course the VCL for PHP. Still, it was painless, and you can configure a web server to share these files between different applications.

All I needed to test it was a web server running PHP 5.x (it will not work with PHP 4). Fortunately I had one available, so I uploaded my first Delphi for PHP application. It looked good, but although it worked on my local machine, the deployed app throws an error when you click a button:

Application raised an exception class Exception with message ‘The Input Filter PHP extension is not setup on this PHP installation, so the contents returned by Input is *not* filtered’

I note that this user has the same problem. My hunch is that Delphi for PHP requires PHP 5.2 – I only have 5.1 at the moment.*

In addition, I don’t like the way the default deployment handles errors, by publishing my callstack to the world, complete with the location of the files on my web server.

How secure are all these VCL for PHP files anyway? What assurance do I have about this? Will they be patched promptly if security issues are discovered?

Important questions.

There will be plenty more to say about Delphi for PHP. For the moment I’m reserving judgment. I will say that the release looks rushed, which is a shame.

Update: I’ve now seen a fix posted to the Borland newsgroups for the input filter exception, showing how to remove the code which raises it. However I suggest you do not apply this fix, for security reasons, unless you are deploying on a trusted intranet. It is vital to sanitize PHP input on the internet.

*PHP 5.2 is not the answer. It could even be a problem. Delphi for PHP ships with PHP 5.1. There is an input filter extension which you can add for PHP 5.x; see http://pecl.php.net/package/filter. However these are built into PHP 5.2; but the version used by VCL for PHP is old and seems to be incompatible. What a mess.

Technorati tags: , , ,

VN:F [1.9.18_1163]
Rate this post
Rating: 0.0/10 (0 votes cast)

Related posts:

  1. First impressions of Google TV – get an Apple iPad instead?
  2. A virtual conference for Delphi 2007, Delphi for PHP, JBuilder
  3. Delphi XE includes licenses for older versions back to Delphi 7
  4. First impressions of Microsoft Kinect – great hardware waiting for great software
  5. Delphi for PHP is done

35 comments to Delphi for PHP first impressions

  • Thanks, Tim! Nice post. I have my initial first impressions (along with a small app, and the experiences I had) here: http://delphi4php.blogspot.com/2007/03/delphi-for-php-my-first-project-and.html.

    I hope you and your readers find it helpful, as all of us are excited about this, but we are all still exploring ..

  • Hey Tim,

    I tend to agree with you on the lack of documentation. I wrote about it briefly on my blog http://delphi4php.vox.com

    I was a bit frustrated (being more of a noob) by the lack of info coming with the product. Hopefully Codegear will get something better together, or some new books will be coming out soon. For now I guess the web and the VCL Reference at Sourceforge are it.

    I will be trying out your test app tutorial this week. So far I have used the dbgrid and the paginator.

  • Michael Urban

    Hi Tim,

    nice article that seconds my first impressions… When I tried fiddling with a treeview I had to go into the VCL files to add a function that is called from somewhere else in the VCL, but simply isn’t present (go think…).

    I am not sure about security of VCL4PHP. From reading the Borland newsgroups, I am about to get the impression that this will be a “hey, the VCL is open source – fix it yourself” kind of thing. Same goes for the documentation I fear…

    I have fought for a day to get a working app that filters records in a dbgrid on a selection done in a treeview – forget about it, not possible. I got it “almost” working in Firefox, but then it failed miserably in IE.

    The VCL seems to have big fundamental problems – i.e. when change the “BasicAjax” example to leave the button alone and only change the label, the buttons “OnBeforeShow” event is still called… Why?

    regard,s
    Michael

  • Hi.

    My name is adler medrado and i own the blog (www.neshertech.net/adler) that you pointed to in your post.

    The problem that i’ve found on the deployment is that the vcl uses the filter extension, but the version that it uses is older, so some functions doesn’t more exists on this extensions. I am using PHP 5.2 and the filter extension that i am using is not compatible. You can test your deploy only commenting the line 226 of the file system.inc.php

    Sorry for my english, it is not so good and i hope this help you and your readers!

    best regards,

    adler medrado
    http://www.neshertech.net/adler

  • Tim

    Thanks Adler.

    Frankly it looks like a mess to me. There is this note in the readme:

    The first release of the VCL for PHP does not provide pure PHP input filtering. That feature will be added in the open source project.
    If you try to access user input without having the Input Filter extension set up, an exception is raised to remind you it needs to be set up. You have two options: Set up the extension or delete the exception being raised from the VCL code.

    It is all very well talking about “having the Input Filter extension set up”, but as you say there are several versions; and people using shared hosts may not be able to install PHP extensions in any case.

    Commenting line 226 looks like a very bad idea to me, for a deployment on the public internet. And displaying the callstack is poor security as well.

    Tim

  • I stumbled onto the new companion VCL site hosted by Qadram. I write about it on
    my blog. I was quite excited to see this in light of the recent discussion about the dearth of documentation. Let me know what you think. I just gazed over it but it looks like a good start.

  • Yeah. They say that we need the filter extension, but this extension is not stable yet and some functions have changed its names.
    The class as it is now, will not work if you don’t comment the line 226 if you don’t have the correct extension installed. It is not a good idea? Yeah i think it is, but if you want to use this without the extension, you will need to do it. And about print the stacktrace, i put there because that is my local server, i don’t need to worry about security in this case. I dont show stacktraces on my production server and i don’t use the Delphi 4 PHP in serious projects. Not now at least.
    Regards,
    adler medrado

  • Ah. Sorry for my english. It is not perfect =]

  • Chris

    Hi Tim,

    Nice Post.

    Can you tell me which Borland Newsgroup where you read the bug fix from. I have searched the world over and couldn’t find it.

    Thanks

  • I’m having the same problem with “The Input Filter PHP extension is not setup on this PHP installation”. Any idea how to install this extension? I don’t care if it’s not a stable release, yet. I just need it to work during development. Commenting line 226 isn’t working for me.

  • Tim

    Can you tell me which Borland Newsgroup where you read the bug fix from

    Most of the discussion is in borland.public.delphiphp.non-technical

    Tim

  • Tim

    I’m having the same problem with “The Input Filter PHP extension is not setup on this PHP installation”. Any idea how to install this extension? I don’t care if it’s not a stable release, yet. I just need it to work during development. Commenting line 226 isn’t working for me.

    First, commenting line 226 in system.ini.php can’t help but work; this is the line that throws the exception:

    function process($input)
    {
    //TODO: Our own input filtering class in native PHP code
    //NOTE: Comment this line to don’t raise the exception an get the unfiltered input
    throw new Exception(“The Input Filter PHP extension is not setup on this PHP installation, so the contents returned by Input is *not* filtered”);
    return($input);
    }

    So if you comment the line, you may get a different problem, but you will not get the same one.

    Second, installing the filter can be tricky. You can use PECL: http://pecl.php.net/, if you have full command-line access to your server, and if it is *nix. But it appears that the latest version doesn’t work with the VCL for PHP.

    Presumably these issues are why the developers are looking for a native PHP implementation.

    Tim

  • Well, you’re right in that commenting line 226 does stop the exception from being thrown, but that doesn’t mean the application works. When I comment out that line, pressing a button that has a little bit of code attached now gets me a blank page instead of the call stack and error message. No improvement.

    I’ve now tried this on a Fedora Core 6 server and I even tried it on a Windows Server today, just to see if I could get what amounts to “Hello World” to work. I’ve posted on Experts-Exchange. Nobody there knows, either.

    It’s amazing to me that this is so hard. Didn’t they test this stuff at all before shipping it? This product is totally unusable if I can’t deploy my applications.

  • I forgot to address one point you made: I did install the PECL extensions. No change. Same error. I’m going to need extra blood pressure meds, soon.

  • Tim

    Well, you’re right in that commenting line 226 does stop the exception from being thrown, but that doesn’t mean the application works.

    Sorry, no idea at the moment. Clearly there is another problem in addition to the filter issue.

    Tim

  • Rob

    If you were familiar with the VCL this would not happen.
    Do not blame Codegear for your lack of knowledge of programming.Codegear are a wonderful company with a wonderful product.

    Please everyone, buy this product since they need money to stay afloat.And email your friends to buy it too. If your company has extra budget, you should buy an extra copy of this promising product from this wonderful but sadly misunderstood company.

    Support Codegear while it is still around or it may not be around very soon !

    Buy at least one copy of Delphi for PHP despite this unreasonably negative review.

    Actually I wonder why it is so negative. I have my suspiciouns but will not post them here.

  • Here it works fine. i had no problem commenting it. The difference is that commenting that line your app will not filter the users inputs.

  • Those who are using PHP 5.2x. In PHP 5.2 they added the pecl filter to PHP, so you no longer have to include it — it is compiled in by default now.

    However, they renamed one of the functions. So D4P doesn’t know that you have the filter, and can’t use it. I have a patched copy of the system.inc.php file on my site (www.delphi4php-hosting.com) that you can download that supports both 5.1 and 5.2. I have let Jose (at Qadram know about it — so it might already be in the sourceforge by now)

    Nathan.

  • Tim

    Rob,

    > Actually I wonder why it is so negative. I have my suspiciouns
    > but will not post them here.

    Please tell. And just to be clear:

    - This is not a review, it is first impressions
    - I know the (old) VCL intimately
    - Many of us want CodeGear to succeed, but that’s no reason to excuse what appears to be a rushed release.

    Tim

  • Chris

    i just noticed that there are updated versions of system.inc.php and vcl.inc.php on sourceforge. these seems to fix the filter problem but you need at least php 5.2.1

    http://vcl4php.svn.sourceforge.net/viewvc/vcl4php/trunk/vcl/

  • Well i just bouth a copy of it. And all do its not prefect im realy trilled to see that its easy for you guys to hunt bugs and even correct them (and compaining about them).
    But think of the posibilities.
    I can now atleast debug a php file and get code inside without having to learn annything (i use delphi daily) so for me its a bug plus.

    Debugging osCommerce with this is already a big thing. I have also like you played around with it to get something done my test app usaly consist of a DB grid. Now with the records limit set to 10 i never seem to get the next 20. Its probably just a matter of time before all requests are gathered and the first sales are known. On that they will surely base the need for a patch :-).

    I compile a opensource Delphi project osFinancials that links to PHP code (osCommerce and VTiger) so i get more and more the need to code in php.

    It was always a barier for me that just coding in notepad made the code far to hard to read.

    So i hope this will atleast be more efficient for me :-0

  • Steve

    If you are deploying to a site running 5.1 of PHP, this is the same version as that shipping with Delphi PHP. Check out the PHP.INI file and see how the input filter is set up. You may even be able to copy over the DLLs.

  • Hi all,

    We have developed a little patch for the
    Input filter problem on PHP 5.2.

    http://blogs.bittime.it/

    Regards


    Daniele Teti
    R&D Director
    bitTime Software

  • There is a new forums website dedicated to Delphi for PHP: Delphi-PHP Forums. Check it out. Its full of useful hints and tips on using Delphi for PHP.

  • @Tim: Nice write-up. It pretty much echoes my first impressions too. I am somewhat proficient with PHP, but a noob with Delphi. Delphi 4 PHP is not “there” yet, but it does show promise.

    @Nathan: Thank you for the patch. It seems to solve my problem on PHP 5.2.0. I think it reinforces the principle that updating the VCL will is a community effort. I hope that means that any security issues in future will be dealt with swiftly :-)

  • Scott

    Delphi4php is a joke.
    Just open the master detail sample in the vcl data-aware folder.
    Then go up and down through the master list.
    watch how incredibly slow it retrieves detail records.
    When you play long enough with it you will notice the ajax retrieval will get out of sync too..just showing the wrong detail records (and even throwing errors messages).

    I advise anyone to avoid this delphi4php and use a real IDE like Eclipse (with pdt plugin) and start coding with the Akelos framework here: http://www.akelos.org

  • What disappoints me is that when something goes wrong with the installation (in my case due to a failing windows update) php for Delphi refuses to run (cannot register due to the fact that it already is, and it cannot run due to a missing licence). Yes, CodeGear support is trying to solve the isue, but the problem currently excists for over 2 weeks now and even GodeGear cannot find the right answer. Appearantly the registration procedure is too complex, where illegal copies could be found within a week or so. So be aware that when using restorepoints your installation might go corrupt and cannot be restored!

  • ayt

    hi, i m using for delphi for php and mssql server.
    I post table object , but return me ‘invalid object name error 208′.
    button click :
    $this->Table1->Insert();
    $this->Table1->ALAN1=”ABC”;
    $this->Table1->ALAN2 =”1234″;
    $this->Table1->Post();
    $this->Table1->Refresh();
    Return error message :
    ‘mssql error: [208: Invalid object name 'deneme'.] in EXECUTE(“INSERT INTO deneme ( “ALAN1″, “ALAN2″ ) VALUES ( ‘ABC’, ’1234′ )”)

    But alles true(database,loginname,table name vs…)

    What is the problem ?
    Thanks a lot.

  • Scott

    ayt go to this forum for help:
    http://forums.delphi-php.net/

    anyone interested in php frameworks should check out the qcodo framework. akelos is nice if you are into rails but qcodo is more mature and great at producing stuff rapidly.
    check out their cool screencasts here:
    http://www.qcodo.com/demos/

  • Just thought I’d follow up to the comments I made earlier. Update 1 from Codegear appears to resolve the Input Filter issue. There are literally hundreds of other issues left, however, and these will become evident to anyone that actually uses Delphi/PHP in a production environment (which I am doing).

    Despite the comments above by Rob, this was a horribly rushed release and, while I understand the need to do that type of thing occasionally, nobody should be surprised when people note that things don’t work.

    At this point, the pros outweigh the cons and I’m still determined to make it work. I hope and pray there’s a version 2 soon, however.

  • Well I’ve got to say that I think visual programming for UI development is great idea cos I’m writing my own toolkit (and published long before I heard about this one). I’d like to take issue with the fact that D4PHP is MSWindows only but I can’t get PfP Studio to work on a MSWin server (Mac OS X, Linux, BSD, Solaris serverside and just about any DHTML capable browser client side)

    And its cheaper too!

    pfp-studio.sourceforge.net

  • ettaieb

    hi!!
    sorry i don’t know if it’s the right place to say it but … i have blank page when runing a very simple page with delphi PHP??!!! just a page with a frame… can someone help?
    thanks to all.

  • ab

    Delphi for PHP Update 2 is released now and there is a nice documentation about the VCL in progress at http://www.qadram.com/vcl4php/vcldoc_beta/

    Seems things are progressing nicely.

  • As a long time Delphi user I was keen to see how Delphi4PHP performed and how easy it made app development, not very well in either case!

    I see that version 2.0 has now been released, will await your review Tim and maybe tempted to dip my toe back in the water!

    Gary

  • Ron

    I tried Delphi for php and found it confusing and slow. I’m a long time Codecharge Studio user and must say I see no reason to change to Delphi for php.