11May/100

PHP Code Survival Guide “Rules to Live by”

Throughout my learning of PHP I have gained a few outstanding ideas as to how to make your PHP code survive the test of time. First of all read as many books and articles as time permits. If you truly want to be a proficient programmer of any type, you will never stop reading. Nor will you say, "I am the expert of all experts" no matter what stage your career is in.

Words to live by: One thing I have learned, that is now engrained into my soul is, "Every day I do not learn PHP. I learn how much PHP I do not know."

"Rules to Live by" while programming PHP:

Never assume you know anything. If you have a doubt about the interaction of any function no matter if you created it or not, or whether it is a built in PHP function. Assume you know nothing about it, and research it to the best of your ability prior to using it for the first time, or the one hundredth time.
Always use the XML style PHP open and closing tags:

<?php /*your code*/ ?>

Or use the Script style tags, to defeat hiccups with older style tags:

<?script language='php'> /*your code*/ </script>

I suggest you never use the short stye PHP tags, as it will make all your code far less portable.

<? /*your code*/ ?>

One other major concern when using scripts created during the rein of PHP 4 I see far too often is the use of the PHP environment configuration setting of register_globals to be turned on. This prior to PHP 5 was nativly turned on, in PHP 5+ is is nativly off. The environment variable register_globals can cause your scripts to be breached due to security holes. The setting register_globals when on creates a variable automatically for any form field using the name of the field itself as a variable name. For instance if we had a form field as follows:

<input type="text" name="fieldOne" />

The PHP register_globals would automatically create a variable using the form field name of "fieldOne". That would look like "$fieldOne" in your PHP code. The ability to use this might seem advantageous, however it could allow your users or a hacker to inject their own variables into your script at will unless you take the necessary steps to prevent this from happening. The easiest way to ensure that your scripts are not vulnerable through this type of attack is to turn register_globals off when using a PHP version below version 5, or just use the default setting that come with PHP version 5 or higher.

Tagged as: linkedin, PHP Training, reference, script, web code No Comments

2Oct/090

PHP Email Form Script

This is a PHP script that you can use to place a form on any webpage that can parse PHP code. This PHP code snippet will allow you're users to email you from your web page. All you need to do is place the following XHTML and PHP code onto a page with the ".php" extension; otherwise it will not work as intended.

Paste the PHP code onto your page first. Then paste the XHTML onto your page below the PHP. You will need to change all instances of the email address to your own email; otherwise you will never see any email arrive into your inbox.

If you have any questions please post them and I will gladly point you into the right direction.

The PHP

 
	<?php 
 
	date_default_timezone_set('America/Kentucky/Louisville'); // you may want to change this to your own timezone if you do not live in the EST timezone
 
	// Check for form submission:
	if (isset($_POST['submitted'])) {
 
		// Minimal form validation:
		if (!empty($_POST['name']) && !empty($_POST['email']) && !empty($_POST['comments']) ) {
 
			// Create the body:
			$body = "Name: {$_POST['name']}\n\nComments: {$_POST['comments']}";
 
			// Make it no longer than 70 characters long:
			$body = wordwrap($body, 70);
 
			// Send the email:
			mail('your.email@yourdomain.com', 'Website Email Form Submission', $body, "From: {$_POST['email']}");
 
			// Print a message:
			echo '<p><strong><em>Thank you for contacting me at ' . date('g:i a') . ' ' . 'EST' . ' ' . 'on ' . date('l F j, Y') .'. I will reply ASAP.</em></strong></p>';
 
			// Clear $_POST (so that the form's not sticky):
			$_POST = array();
 
		} else {
			echo '<p style="font-weight: bold; color: #C00">Please fill out the form completely.</p>';
		}
 
	} // End of main isset() IF.
 
	// Create the HTML form:
	?>

The XHTML

 
<div id="email_page">
<!-- Fill in the action inside the quotes if you would like to use a seperate file to parse your file output.  
By default this is blank because the PHP code that handles the form output and response back to your visitors is in built into this code... -->
<form action=" " method="post"> 
	<p>Please fill out and submit this form to contact <em>Your Name</em> via e-mail at <a href="mailto:your.email@yourdomain.com" title="Email Me" title="Email Me">your.email@yourdomain.com</a></p>
	<p>Name: 
	<input type="text" name="name" size="42" maxlength="60" value="<?php if (isset($_POST['name'])) echo $_POST['name']; ?>" />
	</p>
<p>Email Address: <input type="text" name="email" size="34" maxlength="80" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /></p>
	<p>Comments: <textarea name="comments" rows="5" cols="30"><?php if (isset($_POST['comments'])) echo $_POST['comments']; ?></textarea></p>
	<p><input type="submit" name="submit" value=" Submit E&#8211;mail "  title="Click Here to Submit Your E-mail to Me"/></p>
	<p><input type="hidden" name="submitted" value="TRUE" /></p>
</form>
</div>