Preamble
- PHP programming has increased rapidly since its humble beginnings in 1995. Since then, PHP has become the most popular programming language for Web applications. Many popular websites are built with PHP and most of the source code and Web projects are built with popular languages.
- This tutorial is aimed at people who have just started learning PHP and are ready to roll up their sleeves and code.
- Here are some great techniques that PHP developers should learn and use every time they program.
- These tips will speed up proficiency and make the code cleaner and more optimized for performance.
content
1. Avoid SQL Injection
- For example, when a user enters login information and clicks login, the user’s information is sent to the server via a POST request which is then assigned to an SQL statement. The code will look like this:
1 2 | $query <span class="token operator">=</span> <span class="token string">"SELECT * FROM users WHERE email = '"</span> <span class="token punctuation">.</span> $_POST <span class="token punctuation">[</span> <span class="token string">'email'</span> <span class="token punctuation">]</span> <span class="token punctuation">.</span> <span class="token string">"' AND password = '"</span> <span class="token punctuation">.</span> $_POST <span class="token punctuation">[</span> <span class="token string">'password'</span> <span class="token punctuation">]</span> <span class="token punctuation">.</span> <span class="token string">"'"</span> <span class="token punctuation">;</span> |
- Assuming that the data sent to
email=" [email protected] "
andpassword="12345678"
, the query will look like this:
1 2 | $query <span class="token operator">=</span> <span class="token string">"SELECT * FROM users WHERE email=' <a class="__cf_email__" href="/cdn-cgi/l/email-protection">[email protected]</a> ' AND password='12345678'"</span> |
- This is the case if the user entered correctly, what if the user intentionally entered wrong?
- The query results will be as below, users only need to enter the email to be able to access.
1 2 3 | <span class="token keyword">SELECT</span> <span class="token operator">*</span> <span class="token keyword">FROM</span> users <span class="token keyword">WHERE</span> email <span class="token operator">=</span> <span class="token string">' <a class="__cf_email__" href="/cdn-cgi/l/email-protection">[email protected]</a> '</span> <span class="token operator">OR</span> <span class="token number">1</span> <span class="token operator">=</span> <span class="token number">1</span> <span class="token punctuation">;</span> <span class="token comment">-- ' AND password='123456' </span> |
So how to avoid SQL Injection attacks
- Never trust the user input.
- Validate data on server side: Use the
mysql_real_escape_string()
function to remove characters that may affect SQL statements.
1 2 3 | <span class="token variable">$email</span> <span class="token operator">=</span> <span class="token function">mysql_real_escape_string</span> <span class="token punctuation">(</span> <span class="token variable">$_POST</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'email'</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token variable">$password</span> <span class="token operator">=</span> <span class="token function">mysql_real_escape_string</span> <span class="token punctuation">(</span> <span class="token variable">$_POST</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'password'</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> |
- Use command parameters https://www.php.net/pdo
1 2 3 4 5 6 7 8 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token variable">$query</span> <span class="token operator">=</span> <span class="token variable">$db</span> <span class="token operator">-</span> <span class="token operator">></span> <span class="token function">prepare</span> <span class="token punctuation">(</span> <span class="token single-quoted-string string">'SELECT * FROM users WHERE email=:email AND password=:password'</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token variable">$query</span> <span class="token operator">-</span> <span class="token operator">></span> <span class="token function">execute</span> <span class="token punctuation">(</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'email'</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token variable">$_POST</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'email'</span> <span class="token punctuation">]</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'password'</span> <span class="token operator">=</span> <span class="token operator">></span> <span class="token variable">$_POST</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'password'</span> <span class="token punctuation">]</span> <span class="token punctuation">,</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> </span> |
2. Differences between comparison operators
- This is a good tip, but needs a practical example that demonstrates when a non-rigorous comparison can cause problems.
- If you use
strpose()
to determine if a substring exists in a string (it returns FALSE if no substring is found and returns the first occurrence of substring), the result is yes. Misleading:
1 2 3 4 5 6 7 8 9 10 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token variable">$authors</span> <span class="token operator">=</span> <span class="token single-quoted-string string">'Chris & Sean'</span> <span class="token punctuation">;</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">strpos</span> <span class="token punctuation">(</span> <span class="token variable">$authors</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'Chris'</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">echo</span> <span class="token single-quoted-string string">'Chris is an author.'</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token keyword">echo</span> <span class="token single-quoted-string string">'Chris is not an author.'</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> </span> |
- Because the substring Chris appears at the beginning of ‘Chris & Sean’,
strpose()
returns exactly 0, indicating the first position in the string. - Because the conditional statement treats this as a Boolean, it returns FALSE. and the result will be
Chris is not an author.
-> Logically wrong - This can be corrected by a rigorous comparison:
1 2 3 4 5 6 7 8 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">strpos</span> <span class="token punctuation">(</span> <span class="token variable">$authors</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'Chris'</span> <span class="token punctuation">)</span> <span class="token operator">!==</span> <span class="token constant">FALSE</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">echo</span> <span class="token single-quoted-string string">'Chris is an author.'</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token keyword">echo</span> <span class="token single-quoted-string string">'Chris is not an author.'</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> </span> |
3. Shortcut The Else
- Check user is not admin? based on username.
1 2 3 4 5 6 7 8 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">auth</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token single-quoted-string string">'admin'</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$admin</span> <span class="token operator">=</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token variable">$admin</span> <span class="token operator">=</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> </span> |
- The above code looks fine, but if the developer then adds another role.
1 2 3 4 5 6 7 8 9 10 11 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">auth</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token single-quoted-string string">'admin'</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$admin</span> <span class="token operator">=</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">elseif</span> <span class="token punctuation">(</span> <span class="token function">auth</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token single-quoted-string string">'mod'</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$moderator</span> <span class="token operator">=</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token variable">$admin</span> <span class="token operator">=</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span> <span class="token variable">$moderator</span> <span class="token operator">=</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> </span> |
- In the above code, if the user provided the runer’s name in the condition
auth($username) == 'mod'
then $ admin has not been initialized. This may result in unwanted results or security holes. - Additionally, a case similar to
$moderator
not initialized when running theauth($username) == 'admin'
. - By initializing
$admin
and$moderator
first to avoid this situation.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token variable">$admin</span> <span class="token operator">=</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span> <span class="token variable">$moderator</span> <span class="token operator">=</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">auth</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token single-quoted-string string">'admin'</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$admin</span> <span class="token operator">=</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">elseif</span> <span class="token punctuation">(</span> <span class="token function">auth</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token single-quoted-string string">'mod'</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$moderator</span> <span class="token operator">=</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token variable">$admin</span> <span class="token operator">=</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span> <span class="token variable">$moderator</span> <span class="token operator">=</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> </span> |
- Should create a
function
to handle users allowed to view a specific page.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token keyword">function</span> <span class="token function">authorized</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token operator">!</span> <span class="token function">isBlacklisted</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">isAdmin</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">elseif</span> <span class="token punctuation">(</span> <span class="token function">isAllowed</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> </span> |
- If you want to reduce the number of lines, you can join the following condition.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token keyword">function</span> <span class="token function">authorized</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token operator">!</span> <span class="token function">isBlacklisted</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">isAdmin</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">||</span> <span class="token function">isAllowed</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> </span> |
- You can reduce the whole function to a single join condition
1 2 3 4 5 6 7 8 9 10 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token keyword">function</span> <span class="token function">authorized</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token operator">!</span> <span class="token function">isBlacklisted</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">&&</span> <span class="token punctuation">(</span> <span class="token function">isAdmin</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">||</span> <span class="token function">isAllowed</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> </span> |
- Finally, the
function
may be reduced to areturn
1 2 3 4 5 6 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token keyword">function</span> <span class="token function">authorized</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> <span class="token punctuation">(</span> <span class="token operator">!</span> <span class="token function">isBlacklisted</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">&&</span> <span class="token punctuation">(</span> <span class="token function">isAdmin</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token operator">||</span> <span class="token function">isAllowed</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> </span> |
- If your goal is to reduce the number of lines, you’re done. However, the code look very lie, confusing.
- This brings us to the tip that will return immediately if the condition is met.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token keyword">function</span> <span class="token function">authorized</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">isBlacklisted</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> <span class="token constant">FALSE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">isAdmin</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> <span class="token constant">TRUE</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">return</span> <span class="token function">isAllowed</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">,</span> <span class="token variable">$page</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> </span> |
- Although it uses more lines of code, it is very simple, easy to understand and useful when your logic is more complex.
4. Always use {} after the conditional expression
- See the following example:
1 2 3 4 5 6 7 8 9 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">date</span> <span class="token punctuation">(</span> <span class="token single-quoted-string string">'d M'</span> <span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token single-quoted-string string">'21 May'</span> <span class="token punctuation">)</span> <span class="token variable">$birthdays</span> <span class="token operator">=</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'Al Franken'</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'Chris Shiflett'</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'Chris Wallace'</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'Lawrence Tureaud'</span> <span class="token punctuation">]</span> <span class="token punctuation">;</span> </span> |
- You had the birthday list on
21 May
and then called theparty(TRUE);
functionparty(TRUE);
1 2 3 4 5 6 7 8 9 10 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">date</span> <span class="token punctuation">(</span> <span class="token single-quoted-string string">'d M'</span> <span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token single-quoted-string string">'21 May'</span> <span class="token punctuation">)</span> <span class="token variable">$birthdays</span> <span class="token operator">=</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'Al Franken'</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'Chris Shiflett'</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'Chris Wallace'</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'Lawrence Tureaud'</span> <span class="token punctuation">]</span> <span class="token punctuation">;</span> <span class="token function">party</span> <span class="token punctuation">(</span> <span class="token constant">TRUE</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> </span> |
- But not
party(TRUE);
functionparty(TRUE);
Always run without thedate('d M') == '21 May'
conditiondate('d M') == '21 May'
. - Therefore, it is advisable to use
{}
after the conditional expression even if there is only one command line in it.
1 2 3 4 5 6 7 8 9 10 11 12 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">date</span> <span class="token punctuation">(</span> <span class="token single-quoted-string string">'d M'</span> <span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token single-quoted-string string">'21 May'</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$birthdays</span> <span class="token operator">=</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'Al Franken'</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'Chris Shiflett'</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'Chris Wallace'</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'Lawrence Tureaud'</span> <span class="token punctuation">]</span> <span class="token punctuation">;</span> <span class="token function">party</span> <span class="token punctuation">(</span> <span class="token constant">TRUE</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> </span> |
5. Functions str_replace (), ereg_replace () and preg_replace ()
- If you use regular expressions,
ereg_replace()
andpreg_replace()
will be faster thanstr_replace
. Because strstr_replace
does not support pattern matching. - The choice between string functions and regular expression functions is appropriate for the purpose, not faster.
- If you need to match a pattern, use the regular expression function
ereg_replace
,preg_replace
. - If you need to match the string use
str_replace
.
6. Be careful when using the triad operator.
- See the following example:
1 2 3 4 5 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token variable">$host</span> <span class="token operator">=</span> <span class="token function">strlen</span> <span class="token punctuation">(</span> <span class="token variable">$host</span> <span class="token punctuation">)</span> <span class="token operator">></span> <span class="token number">0</span> <span class="token operator">?</span> <span class="token variable">$host</span> <span class="token punctuation">:</span> <span class="token function">htmlentities</span> <span class="token punctuation">(</span> <span class="token variable">$host</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> </span> |
- The author wants
$host = htmlentities($host)
if the string length is greater than 0, but instead accidentally does the opposite.
7. Use a Framework to develop web applications
- Should use a framework to develop web applications, some php frameworks like Symfony , CodeIgniter , Yii , CakePHP , Laravel …
8. Use isset () instead of strlen ()
- See the following example:
1 2 3 4 5 6 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">isset</span> <span class="token punctuation">(</span> <span class="token variable">$username</span> <span class="token punctuation">[</span> <span class="token number">5</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token comment">// The username is at least six characters long.</span> <span class="token punctuation">}</span> </span> |
- When you consider strings as arrays, each character in the string is an element in the array.
- By determining whether a particular element exists, you can determine if the string is at least many characters long. (Note that the first character is the 0 element, so $ username [5] is the sixth character in $ username).
- Reason: The function
isset()
will be faster thanstrlen()
becausestrlen()
is a function alsoisset()
is alanguage construct
more .