Excellent php code should be structured; excellent PHP code should be standardized; excellent PHP code should be adaptive; excellent PHP code should be safe ...... When I was an interviewer at SitePoint, I was certain to ask: what do you think are the advantages and disadvantages of PHP code? This problem gives me a general idea of the type of programmer the applicant is, rather than simply understanding his understanding of PHP functions (this Zend PHP certification is doing well, yahoo's excellent php code should be structured; excellent PHP code should be standardized; excellent PHP code should be adaptive; excellent PHP code should be safe ......
When I was an interviewer at SitePoint, I was certain to ask: what do you think are the advantages and disadvantages of PHP code? This problem gives me a general idea of the type of programmer the applicant is, rather than simply understanding his understanding of PHP functions (this Zend PHP certification is doing well, yahoo's PHP programmer interview questions also fall into this category ).
What's important is that this question allows me to know if a candidate has experienced such a thing-getting a piece of messy code from a lazy programmer for reuse, you can also help other members in the team to handle such tasks.
It is true that I have no satisfactory answer to this question, but I know what answers I want to hear:
The excellent PHP code should be structured. Code of large segments should be divided into functions or methods, and comments should be added for small sections of code that are not eye-catching so that they can be used clearly in the future. In addition, we should try our best to separate front-end code such as HTML, CSS, and javascript from the program. The object-oriented programming feature of PHP can help programmers sort the code well.
The excellent PHP code should be standardized. Whether it is to set the naming rules for the variable name and function name, or to standardize some reusable processes such as database operations and error handling, or to define how the code is indented, these normalization can greatly improve the readability of the code.
The excellent PHP code should be adaptive. PHP has many features such as magic quotes and short tags. opening and closing of these features will affect the running of the program. Therefore, a good programmer should add appropriate statements in his code so that the program can be adjusted according to the environment.
Good PHP code should be safe. Although PHP is an efficient and flexible language without a fixed framework, it leaves the security issue to programmers. A deep understanding of potential security vulnerabilities, such as XSS, CSRF, code injection, and character encoding loops, it is crucial for today's professional programmers.
When the applicant answers these questions, I can clearly know whether to hire him. Of course, sometimes programmers cannot clarify this issue well, and we will ask them to perform some PHP tests. Many problems in the test seem simple on the surface, but it also gives the candidates a chance to show themselves, because they can find problems as long as they observe carefully.
The following section of the "poor" PHP code is a simplified test question. This is like a question: how do you optimize this code?
Echo ("
Search results for query :".
$ _ GET ['query']. ".
");
?>
The main problem with this code is that it directly displays the data submitted by the user on the webpage, resulting in an XSS vulnerability. There are actually many ways to fill this vulnerability. So what code is what we want?
Echo ("
Search results for query :".
Htmlspecialchars ($ _ GET ['query']). ".
");
?>
This is the minimum requirement. The XSS vulnerability is filled by the htmlspecialchars function, thus blocking invalid characters.
If (isset ($ _ GET ['query'])
{
Echo'
Search results for query :',
Htmlspecialchars ($ _ GET ['query'], ENT_QUOTES ),'.
';
}
?>
The person who can write such code should be the one I want to hire.
Determine whether the value of $ _ GET ['query'] is null before outputting it.
The extra parentheses in the echo command are removed.
The string is limited by single quotes, saving PHP time to search for replaceable variables from the string.
Use commas instead of periods to save the echo time.
Pass the ENT_QUOTES identifier to the htmlspecialchars function to ensure that the single quotation marks are also escaped. Although this is the most important thing, it is also a good habit.
Unfortunately, few programmers can give such satisfactory answers. It took us three months to recruit programmers who satisfied us.
So how do you answer the question raised at the beginning of the article? What do you think are the advantages and disadvantages of PHP code? What qualities do you think a PHP programmer should possess?
From: http://www.yeeyan.com/articles/view/38585/18736
Link: http://www.sitepoint.com/blogs/2007/05/25/good-and-bad-php-code/