PHP 9 Experience Summary of development

1. Primary Awareness: Security

Most of the time we develop web programs that need to deal with databases, so it's almost as if SQL injection is a problem that you can't avoid talking about. And in recent years, like XSS and csrf attacks have become a great way, so that "hackers" seem to have a sharp weapon, and we are always in a passive state. But we have to remember the following two principles:

1. Never trust what the user has entered. (The old saying, but it's true)

2. Escape the data that you want to output.

In simple terms: filter in put, escape output

If you're a novice, stop using a query like this:

SELECT from users WHERE username = $_post[' username '] and password = $_post[' password '];

Also, use PDO or mysqli, and don't use the old-fashioned MySQL operation anymore.

For the CSRF solution, the current contact is a token value for each form submission, which is then validated when the form is submitted.

2. Clearly know the difference between the various comparison operators

PHP's comparison operator, which can be said to be a very small point of attention, but at some point it is really important. For example, many times we have to think about whether to use = = or = =, if you have used Strpos () This function, the following code may give you an intuitive feeling:

The result of this code is actually the output of Chris is isn't an author, but the reality is that Chris & Sean are really author, so what's going on? Actually, Chris is just appearing in Chris & Sean first started, that is, 0 this position, so substr () returned, because the conditional judgement statement in bool, so 0 as a false processing, so the program output Chris is not a author, but in this case what should we do? We can actually do this:

The difference between the!== and the!= is reflected here.

3. Can reduce the use of else and less use else

This seems to be an idea from my first contact with programming, because each time I see the IF () {}else{} There is a feeling that this paragraph can actually be written better, because once you reduce the ELSE keyword, your code will be reduced by two lines! Yes, two lines are our pursuit, and, from my experience, Less code seems more readable to me.

if (this condition) {$x = 5;} else{$x = 10;}

If the default value for $x is 10, it's better to write it down like this:

$x = 10;

if (This condition)

{$x = 5;}

4. Remove unnecessary brackets

The purpose here is the same as the Else keyword part, we are for shorter code and better readability, and you should consider optimizing the code for the following situations:

if ($gollum = = ' halfling ') {$height-;}

In fact, it can be like this:

if ($gollum = = ' halfling ') $height--;

You can even do this:

Is there a kind of short and clear feeling?

5. Multi-use Str_replace ()

In many cases we need to replace some strings, and in PHP there are several functions that can be used to achieve this goal:

Str_replace ()

Ereg_replace ()

Preg_replace ()

If you really need to use a regular match, use Preg_replace (), and if you can implement a replacement, use Str_replace (), because according to incomplete statistics, str_replace () is the highest efficiency among these three.

6. Using Ternary operators

This may be a lot of people have this feeling, after using the ternary operator, we can remove a bunch of if else statements, the code is short and cool.

$host = strlen ($host) > 0? $host: Htmlentities ($host);

7. Using caching

The current PHP popular caching technology may be redis and memcached, in the official PHP document, there are memcached tutorial, as for Redis, I recently in the study, follow-up will give some tutorials, if all goes well.

8. Use of the framework

The benefits of the framework are many, there may be some loss in performance, there seems to be no need for the framework of reasons, the framework can speed up your development speed, you can write code in the process of the comfortable, and think a lot of security issues, you will be a good solution. I here the first laravel, but like Yii2 Slim symfony are very good frame, in addition to the symfony has not tasted outside, the remaining three I have to use experience, and finally the basic is to use Laravel. But I suggest that the laravel may not be suitable for you, it still depends on a person's liking.

9. Replace strlen () with Isset ()

If you need to make conditional judgments based on the length of a string in your project code, it is highly recommended that you use Isset () directly, because after the same condition, the speed of isset () is about five times times that of strlen (), so:

All of the above two criteria can be used to achieve the same goal, but I recommend the first one.