The advantages and disadvantages of PHP code

Good PHP code should be structured, good PHP code should be standardized, good PHP code should be self-adapting, good PHP code should be safe ...

The question I would ask when I was an interviewer in SitePoint was: What do you think the pros and cons of PHP code are? Because this problem can let me generally know the candidate is what type of programmer, rather than simply to examine his knowledge of the PHP function (this is a good zend PHP certification, Yahoo's PHP programmer face test also belongs to this category).

The important thing is that this question will let me know if a candidate has experienced something like this--to take a messy piece of code from a lazy programmer to reuse it, or to help other members of the team deal with that sort of thing.

Admittedly, I don't have a satisfactory answer to this question myself, but I know what answers I want to hear:

Good PHP code should be structured. Large segments of code should be split into functions or methods, and those that are not eyelets should be annotated so that they can be used later. And should be as far as possible to the foreground code such as HTML, CSS, JavaScript and other from the program to separate out. The object-oriented programming features of PHP can help programmers to organize the code in order well.

Good PHP code should be normalized. Whether you are setting a naming convention for variable names and function names, or standardizing on some reusable processes such as database operations and error handling, or simply to rule out how code is indented, these normalization can make your code more readable.

Good PHP code should be self-adapting. PHP has many features, such as magic quotes and short tags, which can be turned on and off to affect the operation of the program. Therefore, a good programmer should add the appropriate statements in his code to enable the program to adapt to the environment.

Good PHP code should be safe. Although PHP is an efficient, flexible language that has no fixed framework, it leaves security issues to programmers. A deep understanding of potential security vulnerabilities, such as cross-site scripting attacks (XSS), cross-site request forgery (CSRF), code injection vulnerabilities, character encoding loops, and so on, is critical for today's professional programmers.

When the candidate answers these questions, I can clearly know whether to hire him or not. Of course, sometimes programmers don't do a good job of explaining the problem, and then we'll have them do some PHP testing. Many of the problems in testing appear to be very simple on the surface, but it also gives candidates a chance to show themselves, because if you look carefully, you can find the problem.

Here is a small piece of "bad" PHP code is a simplified test problem. This question is like asking: How do you optimize this code?

Echo ("

Search results for query: ".
$_get[' query ']. ".

");
?>

The main problem with this code is that it displays user-submitted data directly onto the Web page, resulting in an XSS vulnerability. There are many ways to fill this loophole. So what is the code we want?

Echo ("

Search results for query: ".
Htmlspecialchars ($_get[' query '). ".

");
?>

This is the minimum requirement. The XSS vulnerability was filled with the Htmlspecialchars function, thereby shielding the illegal characters.

if (isset ($_get[' query '))
{
Echo '

Search results for query: ',
Htmlspecialchars ($_get[' query '], ent_quotes), '.

';
}
?>

The person who can write this code should be the person I want to hire.

Determine whether it is empty before outputting the value of $_get[' query '].
The extra parentheses in the echo command are removed.
Strings are delimited by single quotation marks, which saves PHP time to search for replaceable variables from a string.
Use commas instead of periods to save echo time.
The ent_quotes identity is passed to the Htmlspecialchars function, which guarantees that the single quotation marks are also escaped. Although this is the most important, but also a good habit.
Unfortunately, there are few programmers who can give such a satisfying response. It took us 3 months to recruit the programmers that we were satisfied with.

So, how would you answer the questions raised at the beginning of the article? What do you think of the advantages and disadvantages of PHP code? What qualities do you think a PHP programmer should have?

This article originates from: http://www.yeeyan.com/articles/view/38585/18736
Original link: http://www.sitepoint.com/blogs/2007/05/25/good-and-bad-php-code/

