9 Lessons from PHP development _php Tutorial

9 Summary of PHP development experience

1. Primary Awareness: Security

Most of the time, we develop web programs that need to deal with databases, so it's almost possible to say that SQL injection is a problem that can't be avoided to discuss. And in recent years, like XSS and csrf attacks have become a big way, so that "hackers" seem to have a weapon, and we are always in a passive state. But we have to remember the following two principles:

1. Never trust what the user has entered. (The old saying, but it's true)

2. Escape the data you need to output.

In simple terms: filter in put, escape output

If you're a novice, don't use a query like this:

SELECT from users WHERE username = $_post[' username ' and password = $_post[' password '];

Also, use PDO or mysqli to stop using old-fashioned MySQL operations.

For the CSRF solution, the current contact is to give each time the form submission is set a token value, and then when the form submitted to verify the time.

2. Clearly know the difference between the comparison operators

PHP comparison operators, which can be said to be a very small point of attention, but at some point it is really important. For example, many times we have to consider whether the use = = or = = =, if you have used Strpos () This function, the following code may give you an intuitive feeling:

The result of the above code is actually the output of the Chris is isn't an author, but the reality is, Chris & Sean really is author Ah, how come back to this? This is actually the case: Chris happens to be in Chris & Sean first began, that is, 0 this position, so substr () returned, because the conditional judgment statement in the bool judgment, so 0 as a false processing, so the program output Chris is not an author, but in this case, what should we deal with? We can actually do this:

The difference between!== and! = is reflected here.

3. You can reduce the use of else less using else

This seems to be an idea from the first touch of programming, because every time I see if () {}else{} There is a feeling that this paragraph can actually write better, because once you reduce the use of the Else keyword, you have to reduce the code by two lines! Yes, two lines are our pursuit, and, from my experience, Else less code seems more readable to me.

if (this condition) {$x = 5;} else{$x = 10;}

If the default value in $x is 10, it feels better to write the following:

$x = 10;

if (This condition)

{$x = 5;}

4. Remove unnecessary brackets

The purpose here is the same as the Else keyword section, we are for shorter code and better readability, you should consider optimizing the code for the following situations:

if ($gollum = = ' halfling ') {$height--;}

In fact, this is possible:

if ($gollum = = ' halfling ') $height-;

You can even do this:

Is there a kind of short and clear feeling?

5. Multi-use Str_replace ()

In many cases we need to replace some strings, in PHP there are several functions to achieve this goal:

Str_replace ()

Ereg_replace ()

Preg_replace ()

If you do need to use a regular match, use Preg_replace (), and if it is possible to replace it, use Str_replace (), because the efficiency of str_replace () is the highest among the three, as a result of incomplete statistics.

6. Using the ternary operator

This may be a lot of people have this feeling, after using the ternary operator, we can remove a bunch of if else statements, the code is short and cool.

$host = strlen ($host) > 0? $host: Htmlentities ($host);

7. Using the Cache

Currently the PHP popular cache technology may be redis and memcached, in the official PHP document, there are also memcached use of the tutorial, as for Redis, I recently in the study, follow-up will give some tutorials, if all goes well.

8. Using Frames

Framework benefits Many, may be in the performance of the loss, it seems to find no framework for reasons, the framework can speed up your development speed, but also allows you to write code in the process of comfortable, and think a lot of security issues, you will be well resolved. I here first laravel, but like Yii2 Slim Symfony is a very good frame, in addition to symfony have not tasted, the remaining three I have used experience, and finally basically with Laravel. However, I suggest that the laravel may not be suitable for you, it still depends on a person's liking.

9. Replace strlen () with Isset ()

If you need to make conditional judgments based on the length of a string in your project code, it is highly recommended that you use Isset () directly, because after the same conditions, isset () is about five times times the speed of strlen (), so:

The two criteria above can be used to achieve the same goal, but I recommend the first one.

http://www.bkjia.com/PHPjc/1042065.html www.bkjia.com true http://www.bkjia.com/PHPjc/1042065.html techarticle 9 Lessons from PHP Development 1. Primary awareness: Security Most of the time, we develop web programs that need to deal with databases, so it's almost possible to say that SQL injection is a ...

