This article mainly introduces the PHP development of the 9 recommendations, are some of the personal experience summary, the need for small partners can refer to.
This article is just a personal experience from the actual development of some of the things, not a famous aphorism, written out to have two purposes: one is to remind themselves to follow these points of knowledge to write their own code, the second is to share, perhaps to you useful? In case, yes ...
1. Primary Awareness: Security
Most of the time, we develop web programs that need to deal with databases, so it's almost possible to say that SQL injection is a problem that can't be avoided to discuss. And in recent years, like XSS and csrf attacks have become a big way, so that "hackers" seem to have a weapon, and we are always in a passive state. But we have to remember the following two principles:
1. Never trust what the user has entered. (The old saying, but it's true)
2. Escape the data you need to output.
In simple terms: filter input, Escape output
If you're a novice, don't use a query like this:
SELECT from users WHERE username = $_post[' username ' and password = $_post[' password '];
Also, use PDO or mysqli to stop using old-fashioned MySQL operations.
For the CSRF solution, the current contact is to give each time the form submission is set a token value, and then when the form submitted to verify the time.
2. Clearly know the difference between the comparison operators
PHP comparison operators, which can be said to be a very small point of attention, but at some point it is really important. For example, many times we have to consider whether the use = = or = = =, if you have used Strpos () This function, the following code may give you an intuitive feeling:
?
123456789 |
<?php $authors = ' Chris & Sean ' ; if ( strpos ( $authors ' Chris ' &NBSP;&NBSP; echo ' Chris is an author. ' } else { &NBSP;&NBSP; echo ' Chris is Not an author. ' } |
The result of the above code is actually the output of Chris is not a author, but the reality is, Chris & Sean really is author Ah, how come back to this? This is true: Chris appears at the beginning of Chris & Sean's first position, which is 0, so substr () returns, because the bool judgment in the conditional judgment statement, so 0 as false processing, so the program output Chris is not an Author, but what are we going to do with this? We can actually do this:
?
1234567 |
<?php if ( strpos ( $ Authors ' Chris ' ) !== FALSE) { &NBSP;&NBSP; echo ' Chris is an author. ' } else { &NBSP;&NBSP; echo ' Chris is Not an author. ' } |
The difference between!== and! = is reflected here.
3. You can reduce the use of else less using else
This seems to be an idea from the first touch of programming, because every time I see if () {}else{} There is a feeling that this paragraph can actually write better, because once you reduce the use of else keyword, you have to reduce the code by two lines! Yes, the two lines are also our pursuit, and, from my experience, the else less code seems more readable, for me.
?
1234567 |
if ( this condition ) { $x = 5; } else { $x = 10; |
If the default value in $x is 10, it feels better to write the following:
?
12345 |
$x = 10; if ( this condition ) { $x = 5; } |
4. Remove unnecessary brackets
The purpose here is the same as the Else keyword section, we are for shorter code and better readability, you should consider optimizing the code for the following situations:
?
123 |
if ( $gollum == ‘halfling‘ ) { $height --; } |
In fact, this is possible:
?
1 |
if ( $gollum == ‘halfling‘ ) $height --; |
You can even do this:
?
12345678 |
if (
$gollum ==
‘halfling‘
)
$height --;
else $height ++;
if (
$frodo !=
‘dead‘
)
echo ‘Gosh darnit, roll again Sauron‘
;
foreach (
$kill as $count
)
echo ‘Legolas strikes again, that makes‘ .
$count .
‘for me!‘
;
|
Is there a kind of short and clear feeling?
5. Multi-use Str_replace ()
In many cases we need to replace some strings, in PHP there are several functions to achieve this goal:
?
123 |
str_replace () ereg_replace () preg_replace() |
If you do need to use a regular match, use Preg_replace (), and if it is possible to replace it, use Str_replace (), because the efficiency of str_replace () is the highest among the three, as a result of incomplete statistics.
6. Using the ternary operator
This may be a lot of people have this feeling, after using the ternary operator, we can remove a bunch of if else statements, the code is short and cool.
?
1 |
$host = strlen ( $host ) > 0 ? $host : htmlentities( $host ); |
7. Using the Cache
Currently the PHP popular cache technology may be redis and memcached, in the official PHP document, there are also memcached use of the tutorial, as for Redis, I recently in the study, follow-up will give some tutorials, if all goes well.
8. Using Frames
Framework benefits Many, may be in the performance of the loss, it seems to find no framework for reasons, the framework can speed up your development speed, but also allows you to write code in the process of comfortable, and think a lot of security issues, you will be well resolved. I here first laravel, but like Yii2 Slim Symfony is a very good frame, in addition to symfony have not tasted, the remaining three I have used experience, and finally basically with Laravel. However, I suggest that the laravel may not be suitable for you, it still depends on a person's liking.
9. Replace strlen () with Isset ()
If you need to make conditional judgments based on the length of a string in your project code, it is highly recommended that you use Isset () directly, because after the same conditions, isset () is about five times times the speed of strlen (), so:
?
12345678910 |
<?php if (isset( $username [5])) { // The username is at least six characters long. } if ( strlen ( $username ) >= 6) { // The username is at least six characters long. } |
The two criteria above can be used to achieve the same goal, but I recommend the first one.
9 Tips for PHP development