Nine suggestions summarized by a PHP developer

Nine suggestions summarized by a PHP developer

From: https://jellybool.com/post/9-things-that-php-developer-should-know-abo...

This article is just something I have summarized from my actual development experience. it is not a famous saying. It has two purposes: I always remind myself to write your own code based on these knowledge points, second, it may be useful to you for sharing? In case, right...

1. first awareness: Security

Most of the time, the Web programs we develop need to deal with databases, so here we can say that SQL injection is a problem that cannot be avoided. In addition, XSS and CSRF attacks have become popular in recent years, making "hackers" seem to have another powerful tool, and we are always passive. However, we should remember the following two principles:

1. never trust what users enter. (Old saying, but this is true) 2. escape the data that you need to output.

Simply put: filter input, escape output

If you are a newbie, do not use query statements similar to the following:

SELECT FROM users WHERE username = $_POST['username'] AND password = $_POST['password'];

Also, use PDO or Mysqli instead of using old mysql.

For the CSRF solution, currently, a token value is set for each form submission and can be verified when the form is submitted.

2. clearly understand the differences between different comparison operators

PHP comparison operator, which can be said to be a very small point of attention, but sometimes it is really important. For example, we often have to consider whether to use the = or = function. if you have used the strpos () function, the following code may give you an intuitive feeling:

   
The running result of the above code is actually the output of Chris is not an author, but the reality is that Chris & Sean is really Author. how can this happen? In fact, it is like this: Chris appears at the beginning of Chris & Sean, that is, the position 0, so substr () returns, because bool in the condition judgment statement determines, so 0 is treated as false, so the program outputs Chris is not an author. but in this case, what should we do? We can actually do this:
  
    
Here! = And! = Is different.
3. else is less used than else.
This seems to have been an idea from the very beginning, because every time I see if () {} else {}, this section can actually be better written, because once you reduce the use of else keywords, your code will be reduced by two lines! Yes, the two lines are our pursuit. in my experience, the less else code seems to be more readable for me.
  
if( this condition ){$x = 5;}else{$x = 10;
  
If the default value of $ x is 10, it is better to write as follows:
  
$x = 10;if( this condition ){$x = 5;}
4. remove unnecessary parentheses
The purpose here is actually the same as that of the else keyword. we want to make the code shorter and more readable. you should consider optimizing the code in the following situations:
  
if ($gollum == 'halfling') {$height --;}
  
In fact, it can be like this:
  
if ($gollum == 'halfling') $height --;
  
You can even do this:
  

if ($gollum == 'halfling') $height --;else $height ++; if ($frodo != 'dead')echo 'Gosh darnit, roll again Sauron';foreach ($kill as $count)echo 'Legolas strikes again, that makes' . $count . 'for me!';
  
Is there a short and clear feeling?
5. use str_replace ()
In many cases, we need to replace some strings. the following functions can be used in PHP:
  
str_replace()ereg_replace()preg_replace()
  
If you do need regular expression matching, use preg_replace (). if replacement can be implemented, use str_replace () because incomplete statistics are collected, str_replace () is the most efficient among the three.
6. use the ternary operator
Many people may have this feeling. after using the ternary operator, we can remove a bunch of if else statements, and the code is short and refreshing.
  
$host = strlen($host) > 0 ? $host : htmlentities($host);
7. use cache
Currently, PHP's popular cache technologies may be Redis and Memcached. in the official PHP documents, there are also Memcached usage tutorials. as for Redis, I have been studying this recently, some tutorials will be provided in the future, if everything goes well.
8. framework
The framework has many advantages, which may be caused by performance loss. it seems that you cannot find the reason for not using the framework. the framework can speed up your development, you can also be comfortable when writing code, and think about a lot of security issues, you will be well resolved. I'm introducing Laravel here, but Yii2 Slim Symfony is a great framework. except for Symfony, I have not tried it, but I have all the other three, the last step is to use Laravel. However, Laravel I suggest may not be suitable for you, but it depends on your personal preferences.
9. replace strlen () with isset ()
If you need to determine the conditions based on the length of a string in the project code, we recommend that you directly use isset () because after the same conditions, isset () the speed is about five times that of strlen (), so:
  
   = 6) {    // The username is at least six characters long.}
  
Both of the above conditions can achieve the same purpose, but I recommend the first one.
  
Happy Hacking