PAWDD E-Training

PHP Code Survival Guide “Rules to Live by”

Throughout my learning of PHP I have gained a few outstanding ideas as to how to make your PHP code survive the test of time. First of all read as many books and articles as time permits. If you truly want to be a proficient programmer of any type, you will never stop reading. Nor will you say, "I am the expert of all experts" no matter what stage your career is in.

Words to live by: One thing I have learned, that is now engrained into my soul is, "Every day I do not learn PHP. I learn how much PHP I do not know."

"Rules to Live by" while programming PHP:

  1. Never assume you know anything. If you have a doubt about the interaction of any function no matter if you created it or not, or whether it is a built in PHP function. Assume you know nothing about it, and research it to the best of your ability prior to using it for the first time, or the one hundredth time.
  2. Always use the XML style PHP open and closing tags:
  3. <?php /*your code*/ ?>
  4. Or use the Script style tags, to defeat hiccups with older style tags:
  5. <?script language='php'> /*your code*/ </script>
  6. I suggest you never use the short stye PHP tags, as it will make all your code far less portable.
  7. <? /*your code*/ ?>
  8. One other major concern when using scripts created during the rein of PHP 4 I see far too often is the use of the PHP environment configuration setting of register_globals to be turned on. This prior to PHP 5 was nativly turned on, in PHP 5+ is is nativly off. The environment variable register_globals can cause your scripts to be breached due to security holes. The setting register_globals when on creates a variable automatically for any form field using the name of the field itself as a variable name. For instance if we had a form field as follows:
  9. <input type="text" name="fieldOne" />
  10. The PHP register_globals would automatically create a variable using the form field name of "fieldOne". That would look like "$fieldOne" in your PHP code. The ability to use this might seem advantageous, however it could allow your users or a hacker to inject their own variables into your script at will unless you take the necessary steps to prevent this from happening. The easiest way to ensure that your scripts are not vulnerable through this type of attack is to turn register_globals off when using a PHP version below version 5, or just use the default setting that come with PHP version 5 or higher.
Comments (0) Trackbacks (10341)

No comments yet.

Leave a comment

You must be logged in to post a comment.

Credit card machine rental