Common PHP mistake

Untitled Document

These are some very common mistakes that are made in PHP. Some of these can be tricky to catch and can lead to all sorts of strange behavior. So here are common PHP coding mistakes to avoid.

1. '=' Vs. '= ='
Using a single '=' in a comparison will cause an assignment and return true, so this mistake can have some pretty unexpected results. It can be hard to catch since it looks perfectly valid to the interpreter if you are comparing something with a variable.
$x = 3; // value of x is now 3
$x == 4; // false. == compares the value of y to x

2 '= =' Vs. '= = ='
There is a big difference between the '= =' (equal) and '= = =' (identical) comparison operators. '= =' will convert types to match before making the comparison, while '= = =' will compare directly without converting. So in situations where the difference between '0' and 'false' matters, you must use '= = ='. Here's some examples:
var_dump(false == 0); // true
var_dump(false === 0); // false
var_dump(false === false); // true
var_dump('0' == 0); // true
var_dump('0' === 0); // false

3 Missing Quotes Around String Keys
When working with arrays with string keys, it is important to quote literal strings. Without quotes, PHP will look for a constant with that name, then convert to string when none is found. Usually this is just a minor performance hit, but it can lead to unexpected results if the constant does happen to exist.
define('foo', 'bar'); // constant foo is 'bar'
$array = Array('foo' => 'This is foo', 'bar' => 'This is bar');

// BAD
var_dump($array[foo]); // 'This is bar'
var_dump($array['foo']); // 'This is foo'

4 Mismatched Quotes or Braces
A common mistake that leads to many syntax errors is mismatched quotes or braces. Some things to remember:
* For every ' there's a '
* For every " there's a "
* For every ( there's a )
* For every { there's a }
* For every [ there's a ]

5 Missing ';'
PHP requires that each statement ends with a semicolon so that it knows where one instruction ends and the next begins. Omitting a ';' will cause PHP to treat everything up to the next ';' as one statement. This usually results in a syntax error (usually from the next line).

6 Misplaced ';'
An extra semicolon can be just as bad as omitting one. Control structures like if and while should not end with a semicolon. Doing so will effectively cause PHP to ignore the results and simply execute the code found in the block, treating it as an empty statement.

The above outputs 'something is wrong' because the if statement is completely ignored.

7. Setting Headers After Output

You can't modify headers once you send them to the client. This means that as soon as any output is sent to the browser, you can't use header, session_start, setcookie, or any other functions that modify headers. You can use the headers_sent function to determine if headers have been sent.
In most cases, this mistake is made when rogue white-space exists at the end of an included file. An easy way to avoid this is to omit the closing "?>" tag in your includes.

8. Using Short Tags

You should always use "<?php" and "?>" around your PHP blocks for portability. Using the convenient short and alternative tags ("<?", "<?=", and "<%") is not supported by default and should be avoided.

9. Using 'ereg*' Functions

As of PHP 5.3, the POSIX (ereg*) family of regex functions have been deprecated, and will be removed in PHP 6. This isn't really a big deal right now, but you should move away from these to future-proof your code. You should instead use the PCRE (preg*) family of functions.
10 Not Using E_ALL During Development

The best way to avoid the majority of mistakes is to turn error reporting all the way up in development. This will tell you about all the little things that can potentially lead to problems. If you can write code that produces no errors under this condition, you are probably good to go!

10. Missing Dollar Signs '$'

A missing dollar sign in a variable name can be easy to miss. PHP will usually give you a parsing error if you have one, or at the very least your script won’t work.

11. NOT Using database caching

If you're using a database in your PHP application, it is strongly advised that you at least use some sort of database caching. Memcached has emerged as the most poplar caching system, with mammoth sites like Facebook endorsing the software.
Memcached is free and can provide very significant gains to your software. If your PHP is going into production, it's strongly advised to use the caching system.

12.Not Using E_ALL Reporting

Error reporting is a very handy feature in PHP, and if you're not already using it, you should really turn it on. Error reporting takes much of the guesswork out of debugging code, and speeds up your overall development time.

While many PHP programmers may use error reporting, many aren't utilizing the full extent of error reporting. E_ALL is a very strict type of error reporting, and using it ensures that even the smallest error is reported. (That's a good thing if you're wanting to write great code.)

13. Not Setting Time Limits On PHP Scripts
When PHP scripts run, it's assumed that they'll eventually finish in a timely manner. But every good programmer knows that nothing should be assumed in a piece of code. Nothing makes a program crankier than an unresponsive script.
You can get around this issue by simply setting a time limit on the script (set_time_limit). While it may seem like a trivial thing, it's always clever to prepare for the worst.

14. Not Protecting Session ID's

A very common PHP security mistake is not protecting session ID's with at least some sort of encryption. Not protecting these Session ID's is almost as bad as giving away a user's passwords. A hacker could swoop in and steal a session ID, potentially giving him sensitive information. MT Soft an example of how to protect Session ID's with sha1:
view plaincopy to clipboardprint?

if ($_SESSION['sha1password'] == sha1($userpass)) {   // do sensitive things here 

if ($_SESSION['sha1password'] == sha1($userpass)) {   // do sensitive things here


Adding the shai1 to the ($userpass) gives an added bit of security to the session. Sha1 isn't a bulletproof method, but it's a nice barrier of security to keep malicious users at bay.

15. Not Validating Cookie Data

How much trust do you put into cookies? Most people don't think twice about the seemingly-harmless bit of data that's passed by a cookie. The name "cookie" itself is associated Milk, nap time and Santa, for crying out loud! How could a cookie possibly harmless?

If you're not validating cookie data, you're opening your code to potential harmful data. You should use htmlspecialchars() or mysql_real_escape_string() to validate the cookie before storing it in a database.

Reference :
Digg Google Bookmarks reddit Mixx StumbleUpon Technorati Yahoo! Buzz DesignFloat Delicious BlinkList Furl

0 comments: on "Common PHP mistake"

:) ) ;) ) ;;) :D ;) :p :( ( :) :( :X =(( :-o :-/ :-* :| 8-} :) ] ~x( :-t b-( :-L x( =))
Post a Comment