小型Web应用程序的体系结构/实现所需的建议[关闭]

I have built applications similar to this in PHP / Mysql and can say that it's a good platform for it, although something like Rails might be quicker to use and require less micromanaging. As Wisdom says, use a framework to cut out some of the grunt work and ensure you're adhering to good security practices.

A few things come to mind that you'll need.

• Clarity about what your database structure will look like. Try to identify: a) all the pieces of information you'll need to store (A user's name? login info? "authority" level to see others' entries?), b) what tables they can go in. (Can "name" and "hours worked" go in the same table? If they are different levels of analysis, should they go in different tables? Are those two bits of information connected somehow? If so, how should I represent that connection?) Relational design is your friend, especially if you're building something that might get revised later. Take the time to understand what it's about.
• A page (view) for each different "type" of activity, would be a good place to start. So have a "Let me see my schedule" page, with links to a "Let me add a time entry" page and a "Let me edit that time entry" page. My experience is that, striving to keep your "view" pages' code as small and easy-to-read as possible, pushes you to better plan your code structure.

• ANY values that you insert into a query string, should be sanitized. So queries to search or select values should always have any PHP variables filtered through a "cleaning" structure:

  $query = sprintf("SELECT * FROM table1 WHERE identifier = %s", mysql_real_escape_string($id));

  Rather than:

  $query = "SELECT * FROM table1 WHERE identifier = ".$id

  because any text which a user types into a search or insert field online, if it ends up in your query, could be executed as part of the query. A hacker could then use this to make your other security features useless.