All-round questions about PHP application _ PHP Tutorial

All-round questions about PHP applications. Exercise caution when using comparison operators, because PHP has no type, but the underlying C implementation engine has a type. Eventually there will be type conversion. for example, if the 0abc result is true, this may not be what we want

Exercise caution when using the = comparison operator, because PHP has no type, but the underlying C implementation engine has a type. Eventually there will be type conversion. for example, the result of 0 = "abc" is true, which may not be what we want

In terms of semantics, we need to use relevant functions to clearly convert them to intval...
Define the file inclusion path of PHP in one place. in this way, do not include the path when the file is included in each place of the project, as long as the file name is enough to facilitate file transfer.

Another problem with PHP applications is that you should not use PHP global variables directly in functions and class methods. Instead, you should provide a proxy for accessing global variables separately, which can be an object, it can also be a simple function. if you access global variables in the class and modify it to an object that uses the global variables proxy, the two objects have a clear dependency relationship, do not directly use global variables or global variables in a function. a function should only use the data transmitted by function parameters. Try not to use global variables and then use global variables everywhere. pay attention to the repeated submission of forms. This can use a token.

Determines whether the system is single-entry or multi-entry.

Note encoding: file storage encoding, page encoding, database encoding, and the user's operating system encoding (FF when the user directly inputs content on the address, opera will encode the content according to the operating system's urlencode, while IE6 is as is)

Do not expose the file path

After a request is submitted, the user closes the browser, clicks the browser to stop, or if the network is disconnected for other reasons, does PHP continue to process or stop processing? How does PHP know the above situation: connection-handling (ignore_user_abort, register_shutdown_function, connection_status ...)

Time zone problems, if the application is distributed

The explode application generates an array containing one item on a null value: array (""), but the latter is not false. That is, null is a false value, but explode (',', null) is the true value, so be careful with the condition such as if (explode (',', $ var)

$ Var = null; the result of isset ($ var) is false.

Security issues of PHP applications

Verify the input and do not trust the data (GET, POST, COOKIE) from the user. for a PHP application, the data should be filtered in a unified manner, such as encoding html tags to prevent XSS, prevents SQL injection.

At the same time, PHP needs to verify the content once, because various client-side verification can be easily skipped (pseudo form, disable js and firebug tools that can modify html at will ).

Pay attention to the data size submitted by the user. For example, if post or get data is too large, there may be buffer overflow problems.

Be careful about non-php files on the server. If an application can upload or download a file, do not read the file directly through the file name, but the file name is provided by the user. you may provide some files that you should not see, but the PHP program read it. At the same time, do not display the file path in the returned html. the file storage path should not be visible to users. users may guess other files they should not see based on these paths.

If the session is stored in a file and there are other unknown users (such as the rented web host) on the web server, you should modify the location where the session file is saved, or write the session to the database through the PHP session handler, because the session is saved in the temporary directory by default, which can be accessed by others. it is dangerous to save information such as passwords in the session.

The above are the solutions to PHP application problems.

Bytes. Eventually there is a type conversion, for example, 0 = abc, the result is true, this may not be what we want...