Some tips when using PHP

Sunday, 14/06/2020

Tram Ho

Preamble

PHP programming has increased rapidly since its humble beginnings in 1995. Since then, PHP has become the most popular programming language for Web applications. Many popular websites are built with PHP and most of the source code and Web projects are built with popular languages.
This tutorial is aimed at people who have just started learning PHP and are ready to roll up their sleeves and code.
Here are some great techniques that PHP developers should learn and use every time they program.
These tips will speed up proficiency and make the code cleaner and more optimized for performance.

content

1. Avoid SQL Injection

For example, when a user enters login information and clicks login, the user’s information is sent to the server via a POST request which is then assigned to an SQL statement. The code will look like this:

$query <span class="token operator">=</span> <span class="token string">"SELECT * FROM users WHERE email = '"</span> <span class="token punctuation">.</span> $_POST <span class="token punctuation">[</span> <span class="token string">'email'</span> <span class="token punctuation">]</span> <span class="token punctuation">.</span> <span class="token string">"' AND password = '"</span> <span class="token punctuation">.</span> $_POST <span class="token punctuation">[</span> <span class="token string">'password'</span> <span class="token punctuation">]</span> <span class="token punctuation">.</span> <span class="token string">"'"</span> <span class="token punctuation">;</span>

$query = "SELECT * FROM users WHERE email = '" . $_POST [ 'email' ] . "' AND password = '" . $_POST [ 'password' ] . "'" ;

Assuming that the data sent to email=" [email protected] " and password="12345678" , the query will look like this:

$query <span class="token operator">=</span> <span class="token string">"SELECT * FROM users WHERE email=' <a class="__cf_email__" href="/cdn-cgi/l/email-protection">[email protected]</a> ' AND password='12345678'"</span>

1 2	$query <span class="token operator">=</span> <span class="token string">"SELECT * FROM users WHERE email=' <a class="__cf_email__" href="/cdn-cgi/l/email-protection">[email protected]</a> ' AND password='12345678'"</span>

This is the case if the user entered correctly, what if the user intentionally entered wrong?

The query results will be as below, users only need to enter the email to be able to access.

<span class="token keyword">SELECT</span> <span class="token operator">*</span> <span class="token keyword">FROM</span> users <span class="token keyword">WHERE</span> email <span class="token operator">=</span> <span class="token string">' <a class="__cf_email__" href="/cdn-cgi/l/email-protection">[email protected]</a> '</span> <span class="token operator">OR</span> <span class="token number">1</span> <span class="token operator">=</span> <span class="token number">1</span> <span class="token punctuation">;</span> 
<span class="token comment">-- ' AND password='123456' </span>

SELECT * FROM users WHERE email = ' <a class="__cf_email__" href="/cdn-cgi/l/email-protection">[email protected]</a> ' OR 1 = 1 ;

-- ' AND password='123456'

So how to avoid SQL Injection attacks

Never trust the user input.
Validate data on server side: Use the mysql_real_escape_string() function to remove characters that may affect SQL statements.

<span class="token variable">$email</span> <span class="token operator">=</span> <span class="token function">mysql_real_escape_string</span> <span class="token punctuation">(</span> <span class="token variable">$_POST</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'email'</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> 
<span class="token variable">$password</span> <span class="token operator">=</span> <span class="token function">mysql_real_escape_string</span> <span class="token punctuation">(</span> <span class="token variable">$_POST</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'password'</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span>

$email = mysql_real_escape_string ( $_POST [ 'email' ] ) ;

$password = mysql_real_escape_string ( $_POST [ 'password' ] ) ;

Use command parameters https://www.php.net/pdo

<span class="token php language-php"><span class="token delimiter important">&lt;?php</span>
<span class="token variable">$query</span> <span class="token operator">=</span> <span class="token variable">$db</span> <span class="token operator">-</span> <span class="token operator">&gt;</span> <span class="token function">prepare</span> <span class="token punctuation">(</span> <span class="token single-quoted-string string">'SELECT * FROM users WHERE email=:email AND password=:password'</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span>

<span class="token variable">$query</span> <span class="token operator">-</span> <span class="token operator">&gt;</span> <span class="token function">execute</span> <span class="token punctuation">(</span> <span class="token punctuation">[</span>
    <span class="token single-quoted-string string">'email'</span> <span class="token operator">=</span> <span class="token operator">&gt;</span> <span class="token variable">$_POST</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'email'</span> <span class="token punctuation">]</span> <span class="token punctuation">,</span>
    <span class="token single-quoted-string string">'password'</span> <span class="token operator">=</span> <span class="token operator">&gt;</span> <span class="token variable">$_POST</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'password'</span> <span class="token punctuation">]</span> <span class="token punctuation">,</span>
<span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span>
</span>

<?php

$query = $db - > prepare ( 'SELECT * FROM users WHERE email=:email AND password=:password' ) ;

$query - > execute ( [

'email' = > $_POST [ 'email' ] ,

'password' = > $_POST [ 'password' ] ,

] ) ;

2. Differences between comparison operators

This is a good tip, but needs a practical example that demonstrates when a non-rigorous comparison can cause problems.
If you use strpose() to determine if a substring exists in a string (it returns FALSE if no substring is found and returns the first occurrence of substring), the result is yes. Misleading:

<span class="token php language-php"><span class="token delimiter important">&lt;?php</span>

<span class="token variable">$authors</span> <span class="token operator">=</span> <span class="token single-quoted-string string">'Chris &amp; Sean'</span> <span class="token punctuation">;</span>

<span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">strpos</span> <span class="token punctuation">(</span> <span class="token variable">$authors</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'Chris'</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
    <span class="token keyword">echo</span> <span class="token single-quoted-string string">'Chris is an author.'</span> <span class="token punctuation">;</span>
<span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span>
    <span class="token keyword">echo</span> <span class="token single-quoted-string string">'Chris is not an author.'</span> <span class="token punctuation">;</span>
<span class="token punctuation">}</span>
</span>

<?php

$authors = 'Chris & Sean' ;

if ( strpos ( $authors , 'Chris' ) ) {

echo 'Chris is an author.' ;

} else {

echo 'Chris is not an author.' ;

}

Because the substring Chris appears at the beginning of ‘Chris & Sean’, strpose() returns exactly 0, indicating the first position in the string.
Because the conditional statement treats this as a Boolean, it returns FALSE. and the result will be Chris is not an author. -> Logically wrong
This can be corrected by a rigorous comparison:

<span class="token php language-php"><span class="token delimiter important">&lt;?php</span>

<span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">strpos</span> <span class="token punctuation">(</span> <span class="token variable">$authors</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'Chris'</span> <span class="token punctuation">)</span> <span class="token operator">!==</span> <span class="token constant">FALSE</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
    <span class="token keyword">echo</span> <span class="token single-quoted-string string">'Chris is an author.'</span> <span class="token punctuation">;</span>
<span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span>
    <span class="token keyword">echo</span> <span class="token single-quoted-string string">'Chris is not an author.'</span> <span class="token punctuation">;</span>
<span class="token punctuation">}</span>
</span>

<?php

if ( strpos ( $authors , 'Chris' ) !== FALSE ) {

echo 'Chris is an author.' ;

} else {

echo 'Chris is not an author.' ;

}

3. Shortcut The Else

Check user is not admin? based on username.

<span class="token php language-php"><span class="token delimiter important">&lt;?php</span>

<span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">auth</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token single-quoted-string string">'admin'</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
    <span class="token variable">$admin</span> <span class="token operator">=</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span>
<span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span>
    <span class="token variable">$admin</span> <span class="token operator">=</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span>
<span class="token punctuation">}</span>
</span>

<?php

if ( auth ( $username ) == 'admin' ) {

$admin = TRUE ;

} else {

$admin = FALSE ;

}

The above code looks fine, but if the developer then adds another role.

<span class="token php language-php"><span class="token delimiter important">&lt;?php</span>

<span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">auth</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token single-quoted-string string">'admin'</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
    <span class="token variable">$admin</span> <span class="token operator">=</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span>
<span class="token punctuation">}</span> <span class="token keyword">elseif</span> <span class="token punctuation">(</span> <span class="token function">auth</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token single-quoted-string string">'mod'</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
    <span class="token variable">$moderator</span> <span class="token operator">=</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span>
<span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span>
    <span class="token variable">$admin</span> <span class="token operator">=</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span>
    <span class="token variable">$moderator</span> <span class="token operator">=</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span>
<span class="token punctuation">}</span>
</span>

<?php

$admin = TRUE ;

} elseif ( auth ( $username ) == 'mod' ) {

$moderator = TRUE ;

} else {

$admin = FALSE ;

$moderator = FALSE ;

}

In the above code, if the user provided the runer’s name in the condition auth($username) == 'mod' then $ admin has not been initialized. This may result in unwanted results or security holes.
Additionally, a case similar to $moderator not initialized when running the auth($username) == 'admin' .
By initializing $admin and $moderator first to avoid this situation.

<span class="token php language-php"><span class="token delimiter important">&lt;?php</span>

<span class="token variable">$admin</span> <span class="token operator">=</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span>
<span class="token variable">$moderator</span> <span class="token operator">=</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span>

<span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">auth</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token single-quoted-string string">'admin'</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
    <span class="token variable">$admin</span> <span class="token operator">=</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span>
<span class="token punctuation">}</span> <span class="token keyword">elseif</span> <span class="token punctuation">(</span> <span class="token function">auth</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token single-quoted-string string">'mod'</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
    <span class="token variable">$moderator</span> <span class="token operator">=</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span>
<span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span>
    <span class="token variable">$admin</span> <span class="token operator">=</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span>
    <span class="token variable">$moderator</span> <span class="token operator">=</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span>
<span class="token punctuation">}</span>
</span>

<?php

$admin = FALSE ;

$moderator = FALSE ;

$admin = TRUE ;

$moderator = TRUE ;

} else {

$admin = FALSE ;

$moderator = FALSE ;

}

Should create a function to handle users allowed to view a specific page.

<span class="token php language-php"><span class="token delimiter important">&lt;?php</span>

<span class="token keyword">function</span> <span class="token function">authorized</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
    <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token operator">!</span> <span class="token function">isBlacklisted</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">isAdmin</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
            <span class="token keyword">return</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span>
        <span class="token punctuation">}</span> <span class="token keyword">elseif</span> <span class="token punctuation">(</span> <span class="token function">isAllowed</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
            <span class="token keyword">return</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span>
        <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span>
            <span class="token keyword">return</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span>
        <span class="token punctuation">}</span>
    <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span>
        <span class="token keyword">return</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</span>

<?php

function authorized ( $username , $page ) {

return TRUE ;

} elseif ( isAllowed ( $username , $page ) ) {

return TRUE ;

} else {

return FALSE ;

}

} else {

return FALSE ;

}

If you want to reduce the number of lines, you can join the following condition.

<span class="token php language-php"><span class="token delimiter important">&lt;?php</span>

<span class="token keyword">function</span> <span class="token function">authorized</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
    <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token operator">!</span> <span class="token function">isBlacklisted</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">isAdmin</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">||</span> <span class="token function">isAllowed</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
            <span class="token keyword">return</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span>
        <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span>
            <span class="token keyword">return</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span>
        <span class="token punctuation">}</span>
    <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span>
        <span class="token keyword">return</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</span>

<?php

if ( isAdmin ( $username ) || isAllowed ( $username , $page ) ) {

return TRUE ;

} else {

return FALSE ;

}

} else {

return FALSE ;

}

You can reduce the whole function to a single join condition

<span class="token php language-php"><span class="token delimiter important">&lt;?php</span>

<span class="token keyword">function</span> <span class="token function">authorized</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
    <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token operator">!</span> <span class="token function">isBlacklisted</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">&amp;&amp;</span> <span class="token punctuation">(</span> <span class="token function">isAdmin</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">||</span> <span class="token function">isAllowed</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token keyword">return</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span>
    <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span>
        <span class="token keyword">return</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</span>

<?php

if ( ! isBlacklisted ( $username ) && ( isAdmin ( $username ) || isAllowed ( $username , $page ) ) {

return TRUE ;

} else {

return FALSE ;

}

Finally, the function may be reduced to a return

<span class="token php language-php"><span class="token delimiter important">&lt;?php</span>

<span class="token keyword">function</span> <span class="token function">authorized</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
    <span class="token keyword">return</span> <span class="token punctuation">(</span> <span class="token operator">!</span> <span class="token function">isBlacklisted</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">&amp;&amp;</span> <span class="token punctuation">(</span> <span class="token function">isAdmin</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">||</span> <span class="token function">isAllowed</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span>
<span class="token punctuation">}</span>
</span>

<?php

return ( ! isBlacklisted ( $username ) && ( isAdmin ( $username ) || isAllowed ( $username , $page ) ) ;

}

If your goal is to reduce the number of lines, you’re done. However, the code look very lie, confusing.
This brings us to the tip that will return immediately if the condition is met.

<span class="token php language-php"><span class="token delimiter important">&lt;?php</span>

<span class="token keyword">function</span> <span class="token function">authorized</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>

    <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">isBlacklisted</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token keyword">return</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

    <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">isAdmin</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token keyword">return</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

    <span class="token keyword">return</span> <span class="token function">isAllowed</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span>
<span class="token punctuation">}</span>
</span>

<?php

if ( isBlacklisted ( $username ) ) {

return FALSE ;

}

return TRUE ;

}

return isAllowed ( $username , $page ) ;

}

Although it uses more lines of code, it is very simple, easy to understand and useful when your logic is more complex.

4. Always use {} after the conditional expression

See the following example:

<span class="token php language-php"><span class="token delimiter important">&lt;?php</span>
<span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">date</span> <span class="token punctuation">(</span> <span class="token single-quoted-string string">'d M'</span> <span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token single-quoted-string string">'21 May'</span> <span class="token punctuation">)</span>
    <span class="token variable">$birthdays</span> <span class="token operator">=</span> <span class="token punctuation">[</span>
        <span class="token single-quoted-string string">'Al Franken'</span> <span class="token punctuation">,</span>
        <span class="token single-quoted-string string">'Chris Shiflett'</span> <span class="token punctuation">,</span>
        <span class="token single-quoted-string string">'Chris Wallace'</span> <span class="token punctuation">,</span>
        <span class="token single-quoted-string string">'Lawrence Tureaud'</span>
    <span class="token punctuation">]</span> <span class="token punctuation">;</span>
</span>

<?php

if ( date ( 'd M' ) == '21 May' )

$birthdays = [

'Al Franken' ,

'Chris Shiflett' ,

'Chris Wallace' ,

'Lawrence Tureaud'

] ;

You had the birthday list on 21 May and then called the party(TRUE); function party(TRUE);

<span class="token php language-php"><span class="token delimiter important">&lt;?php</span>
<span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">date</span> <span class="token punctuation">(</span> <span class="token single-quoted-string string">'d M'</span> <span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token single-quoted-string string">'21 May'</span> <span class="token punctuation">)</span>
    <span class="token variable">$birthdays</span> <span class="token operator">=</span> <span class="token punctuation">[</span>
        <span class="token single-quoted-string string">'Al Franken'</span> <span class="token punctuation">,</span>
        <span class="token single-quoted-string string">'Chris Shiflett'</span> <span class="token punctuation">,</span>
        <span class="token single-quoted-string string">'Chris Wallace'</span> <span class="token punctuation">,</span>
        <span class="token single-quoted-string string">'Lawrence Tureaud'</span>
    <span class="token punctuation">]</span> <span class="token punctuation">;</span>
    <span class="token function">party</span> <span class="token punctuation">(</span> <span class="token constant">TRUE</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span>
</span>

<?php

$birthdays = [

'Al Franken' ,

'Chris Shiflett' ,

'Chris Wallace' ,

'Lawrence Tureaud'

] ;

party ( TRUE ) ;

But not party(TRUE); function party(TRUE); Always run without the date('d M') == '21 May' condition date('d M') == '21 May' .
Therefore, it is advisable to use {} after the conditional expression even if there is only one command line in it.

<span class="token php language-php"><span class="token delimiter important">&lt;?php</span>

<span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">date</span> <span class="token punctuation">(</span> <span class="token single-quoted-string string">'d M'</span> <span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token single-quoted-string string">'21 May'</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
    <span class="token variable">$birthdays</span> <span class="token operator">=</span> <span class="token punctuation">[</span>
        <span class="token single-quoted-string string">'Al Franken'</span> <span class="token punctuation">,</span>
        <span class="token single-quoted-string string">'Chris Shiflett'</span> <span class="token punctuation">,</span>
        <span class="token single-quoted-string string">'Chris Wallace'</span> <span class="token punctuation">,</span>
        <span class="token single-quoted-string string">'Lawrence Tureaud'</span>
    <span class="token punctuation">]</span> <span class="token punctuation">;</span>
    <span class="token function">party</span> <span class="token punctuation">(</span> <span class="token constant">TRUE</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span>
<span class="token punctuation">}</span>
</span>

<?php

$birthdays = [

'Al Franken' ,

'Chris Shiflett' ,

'Chris Wallace' ,

'Lawrence Tureaud'

] ;

}

5. Functions str_replace (), ereg_replace () and preg_replace ()

If you use regular expressions, ereg_replace() and preg_replace() will be faster than str_replace . Because str str_replace does not support pattern matching.
The choice between string functions and regular expression functions is appropriate for the purpose, not faster.
If you need to match a pattern, use the regular expression function ereg_replace , preg_replace .
If you need to match the string use str_replace .

6. Be careful when using the triad operator.

See the following example:

<span class="token php language-php"><span class="token delimiter important">&lt;?php</span>

<span class="token variable">$host</span> <span class="token operator">=</span> <span class="token function">strlen</span> <span class="token punctuation">(</span> <span class="token variable">$host</span> <span class="token punctuation">)</span> <span class="token operator">&gt;</span> <span class="token number">0</span> <span class="token operator">?</span> <span class="token variable">$host</span> <span class="token punctuation">:</span> <span class="token function">htmlentities</span> <span class="token punctuation">(</span> <span class="token variable">$host</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span>

</span>

<?php

$host = strlen ( $host ) > 0 ? $host : htmlentities ( $host ) ;

The author wants $host = htmlentities($host) if the string length is greater than 0, but instead accidentally does the opposite.

7. Use a Framework to develop web applications

Should use a framework to develop web applications, some php frameworks like Symfony , CodeIgniter , Yii , CakePHP , Laravel …

8. Use isset () instead of strlen ()

See the following example:

<span class="token php language-php"><span class="token delimiter important">&lt;?php</span>

<span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">isset</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">[</span> <span class="token number">5</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
    <span class="token comment">// The username is at least six characters long.</span>
<span class="token punctuation">}</span>
</span>

<?php

if ( isset ( $username [ 5 ] ) ) {

// The username is at least six characters long.

}

When you consider strings as arrays, each character in the string is an element in the array.
By determining whether a particular element exists, you can determine if the string is at least many characters long. (Note that the first character is the 0 element, so $ username [5] is the sixth character in $ username).
Reason: The function isset() will be faster than strlen() because strlen() is a function also isset() is a language construct more .

References

Share the news now

Source : Viblo

Some tips when using PHP

Preamble

content

1. Avoid SQL Injection

So how to avoid SQL Injection attacks

2. Differences between comparison operators

3. Shortcut The Else

4. Always use {} after the conditional expression

5. Functions str_replace (), ereg_replace () and preg_replace ()

6. Be careful when using the triad operator.

7. Use a Framework to develop web applications

8. Use isset () instead of strlen ()

References

TikTok becomes the second largest social platform in South Africa

The fastest depreciating after 9 months of launch, iPhone 14 Pro Max continues to break the bottom in Vietnam

Beginner's guide to R: Introduction

10 essential SublimeText plugins for JavaScript developers