No doubt now a days PHP is most popular open source scripting language. PHP can run on various plateform lke Windows, Linux, Unix, Mac OS X, etc and it is compatible to all servers Apache, IIS, etc. Biggest blogging system WORDPRESS is in PHP, largest social network FACEBOOK is in PHP and it is easy to learn. Because it is easy to learn and very friendly so there are more chances of mistakes by developers. Here we are pointing on some very common mistakes.
Use of suppression operator
Normally programmers use the suppression operator @ to prevent the notice from being printed on screen. This symbol is a shorthand of ignore, which doesn’t display notices and warning, we should try to fix warning and notices. For example if array is not define then it will display notice. Each variables should be defined. In condition should use ‘isset’ keyword where required.
use of Mysql
Many developers use mysql extension while it is officially depreciated. Developer should use current alternative of mysql extension like mysqli or PDO.
It can be use by small modification in mysql extension for example
Mysql $con = mysql_connect("DBhost", "DBuser", "DBpass"); mysql_select_db("database",$con); $result = mysql_query("SELECT * FROM employee"); $res = mysql_fetch_assoc($result); Mysqli $mysqli = new mysqli("DBhost", "DBuser", "DBpass", "database"); $result = $mysqli->query("SELECT * FROM employee"); $res = $result->fetch_assoc();
Single and double quotes
String can be use in single quotes but not variables and in double quote we can use variable also. For eaxmple see below example
$str1 = 'Hello'; $str2 = 'PHP ninza'; $str3 = 'Hello $str2'; $str4 = "Hello $str2";
In above example str1 will print hello and str2 will print PHP ninza. Because in str3 single quote and it has variable also but single quote will treat it as a string and print Hello $str2, while str4 will print variable value and it will display Hello PHP ninza.
If PHP application is using a database, it is strongly advised that system should have some kind of database caching. Memcached is most popular caching software. It is free and application will gain the power of db queries. If your application is on production, it’s strongly advised to use the caching system.
PHP has a good feature Error reporting, and developer should use it and really turn it on. It is very important for debugging code, and speeds up your overall development time.
E_ALL is a very strict type of error reporting, and ensures that even the smallest error is reported and it is a good thing to write great code.)
After development when app is going to production, be sure to turn off your reporting.
Normally PHP programmers doesn’t use security for data generated by users, it can harm the system and your database. A good practice is to sanitize data before any storage, like a database.
Values from post or get method should be validate like this.
Instead of using echo $_POST[‘age’], we should use echo htmlspecialchars($_POST[‘age’], ENT_QUOTES);