PHP Code specification (not to be continued)
The importance and benefits of standardization
Programmers can learn any code to understand the state of the program
New people can quickly adapt to the environment
Prevent new access to PHP from the time-saving needs, create a set of style and develop lifelong habits
Prevent new people from contacting PHP making the same mistakes again and again
In a consistent environment, people can reduce the chance of making mistakes.
One, code tags
1, <?php?>
2, <?>//need to write php.ini Short_open_tag
Choose to use the 1th type of marker
Second, the note
Write as many comments as possible, even if you spend some time.
Iii. Rules of Writing
[PHP]View Plaincopy
- The Unit convention for each indentation is a tab (4 whitespace character width), note the following notation, the space between the statement or the keyword and the parentheses
- if ($a ==1) {
- Echo 1;
- } Else {
- Echo 0;
- }
Iv. Naming and writing
1. File naming
class file
xxx.class.php
function file
xxx.func.php
Include file
xxx.inc.php
All above in English lowercase letters
2. Constant command
[PHP]View Plaincopy
- Constant name All letters are capitalized in English
- Define (' DEBUG ', FALSE);
- Define (' Project_root ', substr (dirname (__file__), 0,-7));
3. Variable commands and function commands (or class method commands)
[PHP]View Plaincopy
- All are named in English lowercase letters, and the words are uniformly separated by underscores.
- function User_add ($username) {
- $name = $username;
- }
4. The file contains
Contains the calling program file, using require_once uniformly to avoid possible duplicate containment issues
Included and called in the code must be './' or project_root. ' /' Start by avoiding the practice of directly writing program file names (for example: require_once ' x.php ')
Require_once Project_root. /include/common.inc.php ';
V. Security
[PHP]View Plaincopy
- Numeric parameter passing, parameter passing as much as possible using numbers
- $page = intval ($_get[' page ');
- String parameter pass-through
- $allow _dos = Array (' Add ',' remove ',' modify ',' view ');
- if (In_array ($_get[' do '),$allow _dos)) {
- //Do something
- }
- MySQL Query
- $sql = "SELECT * from user where username=". Mysql_escape_string ($_post[' username ');
- MySQL Storage
- $username = addslashes ($_post[' username ');
- Prevent XSS Cross-site scripting attacks
- Echo htmlspecialchars ($_post[' message ');
Vi. use of quotation marks
variables, constants, array subscripts, include files as much as possible using single quotes, the contents of the single quotation mark will not be resolved, the efficiency will be higher
$array [' user '] = ' James ';
PHP Code specification