Advanced Php Tips
PHP programming has climbed rapidly since its humble beginnings in 1995.
Since then, PHP has become the most popular programming language for Web
applications. Many popular websites are powered by PHP, and an overwhelming
majority of scripts and Web projects are built with the popular language.Because
of PHP’s large quality, it's become virtually not possible for internet developers to
not have a minimum of a operating information of PHP.
Since then, PHP has become the most popular programming language for Web
applications. Many popular websites are powered by PHP, and an overwhelming
majority of scripts and Web projects are built with the popular language.Because
of PHP’s large quality, it's become virtually not possible for internet developers to
not have a minimum of a operating information of PHP.
This tutorial is aimed toward those who square measure simply past the start
stages of learning PHP and square measure able to roll up their sleeves and obtain
their hands dirty with the language Listed below square measure ten wonderful
techniques that PHP developers ought to learn and use each time they program.
These tips can speed up proficiency and build the code way more responsive,
cleaner and additional optimized for performance.
stages of learning PHP and square measure able to roll up their sleeves and obtain
their hands dirty with the language Listed below square measure ten wonderful
techniques that PHP developers ought to learn and use each time they program.
These tips can speed up proficiency and build the code way more responsive,
cleaner and additional optimized for performance.
1.Know The Difference Between Comparison Operators
It’s a good tip, but it is missing a practical example that demonstrates when a
non-strict comparison can cause problems.If you use strpos() in php code to
determine whether a substring exists within a string,the results can be misleading:
<?php
$authors = 'Chris & Sean';
if (strpos($authors, 'Chris')) {
echo 'Chris is an author.';
} else {
echo 'Chris is not an author.';
}
?>
Because the substring Chris occurs at the very beginning of Chris & Sean, strpos()
correctly returns 0, indicating the first position in the string. Because the
conditional statement treats this as a Boolean, it evaluates to FALSE, and the
condition fails.
This can be corrected with a strict comparison:
<?php
if (strpos($authors, 'Chris') !== FALSE) {
echo 'Chris is an author.';
} else {
echo 'Chris is not an author.';
}
?>
2. Use An SQL Injection Cheat Sheet
It is a link to useful resource with no discussion on how to use it.There is much
more to Web app security than SQL injection.We can offer some much-need
ed context, however as a result of we have a tendency to don’t need to focus an
excessive amount of on one attack, we’ll 1st take a step back.Every developer
ought to be conversant in smart security practices, and apps ought to be designed
with these practices in mind.A basic rule is to never trust information you receive
from in other places.Another rule is to flee information before you send it in other
places.Combined, these rules will be simplified to form up a basic dogma of
security: filter input, escape output (FIEO).
more to Web app security than SQL injection.We can offer some much-need
ed context, however as a result of we have a tendency to don’t need to focus an
excessive amount of on one attack, we’ll 1st take a step back.Every developer
ought to be conversant in smart security practices, and apps ought to be designed
with these practices in mind.A basic rule is to never trust information you receive
from in other places.Another rule is to flee information before you send it in other
places.Combined, these rules will be simplified to form up a basic dogma of
security: filter input, escape output (FIEO).
The root reason behind SQL injection may be a failure to flee output.More
specifically, it's once the excellence between the format of associate degree SQL
question and also the information employed by the SQL question isn't fastidiously
maintained.The root cause of SQL injection is a failure to escape output. More
specifically, it is when the distinction between the format of an SQL query and
the data used by the SQL query is not carefully maintained. This is common in
PHP apps that construct queries as follows:
specifically, it's once the excellence between the format of associate degree SQL
question and also the information employed by the SQL question isn't fastidiously
maintained.The root cause of SQL injection is a failure to escape output. More
specifically, it is when the distinction between the format of an SQL query and
the data used by the SQL query is not carefully maintained. This is common in
PHP apps that construct queries as follows:
<?php
$query = "SELECT *
FROM users
WHERE name = '{$_GET['name']}'";
?>
3. Shortcut The Else
This tip accidentally stumbles upon a useful practice, which is to always initialize
variables before you use them.If a user provides a username that triggers the
elseif condition, $admin is not initialized. This can lead to unwanted behavior, or
worse, a security vulnerability.
4. Drop Those Brackets
Based on the content of this tip, we believe the author means “braces,” not
brackets. “Curly brackets” may mean braces to some, but “brackets” universally
means “square brackets.”
This tip should be unconditionally ignored. Without braces, readability and
maintainability are damaged.
Consider a simple example:
<?php
if (date('d M') == '21 May')
$birthdays = array('Al Franken',
'Chris Shiflett',
'Chris Wallace',
'Lawrence Tureaud');
?>
We recommend always using braces:
<?php
if (date('d M') == '21 May') {
$birthdays = array('Al Franken',
'Chris Shiflett',
'Chris Wallace',
'Lawrence Tureaud');
party(TRUE);
}
?>
5. Favor Str_replace() Over Ereg_replace() And Preg_replace()
We hate to sound disparaging, but this tip demonstrates the sort of misunderstanding that
leads to the same misuse it’s trying to prevent. It’s an obvious truth that string functions
are faster at string matching than regular expression functions, but the author’s attempt to
draw a corollary from this fails miserably:
If you’re using regular expressions, then ereg_replace() and preg_replace() will be much
faster than str_replace().
Because str_replace() does not support pattern matching, this statement makes no sense.
If you need to match a pattern, use a regular expression function. If you need to match a
string, use a string function.
6. Use Ternary Operators
Here is a line of code from an audit we performed recently:
<?php
$host = strlen($host) > 0 ? $host : htmlentities($host);
?>
The ternary operator may be fine for one-liners, prototypes, and templates, but we
strongly believe that an ordinary conditional statement is almost always better. PHP is
descriptive and verbose. We think code should be, too.
strongly believe that an ordinary conditional statement is almost always better. PHP is
descriptive and verbose. We think code should be, too.
Our company, IPCS provides best PHP training in Trivandrum.It includes basic to
advanced level of PHP. We have the syllabus based on latest technologies. In our PHP
training program, you will learn PHP coding, CSS, MySQL. MySQL is a reliable
database that is integrated with PHP to make web applications.We provide certification
training. Practical experience to aid the theory knowledge.
advanced level of PHP. We have the syllabus based on latest technologies. In our PHP
training program, you will learn PHP coding, CSS, MySQL. MySQL is a reliable
database that is integrated with PHP to make web applications.We provide certification
training. Practical experience to aid the theory knowledge.
Comments
Post a Comment