I’ve been doing a significant amount of PHP development lately. There were two projects in particular that made me think about PHP best practices.
The first was just a website with a login feature that stopped working when it was moved from one server to another. The problem turned out to be how the query was being assembled to check the users credentials. The query was created by interpolating values into a string. The string, when assembed with PHP on the new server, was malformed SQL.
In PHP, a literal string is terminated by single quotes. It’s pretty straight forward:
$my_string = 'This is my string';
This is best when all you need is a simple string. But, you also have the option of using an interpolated string, which is kind of cool. Note the double quotes instead of single quotes.
$my_name = 'Doug';
$my_string = "My name is $my_name.";
When you use $my_string, it becomes ‘My name is Doug.’ Interpolation is a useful feature, but it can be misused or become confusing. When it comes to SQL queries, using prepared statements are the preferred way. Prepared statements are more secure and can actually perform better.
PHP prepared statements are a little tedious, but not bad. If you’re using MySQL version 4.1.3 or better, it is recommended that you use the mysqli PHP extension. The following is an example of a prepared statement using mysqli.
$handle = new mysqli('server', 'user', 'pword', 'db_name');
$query = $handle->prepare("update table1 set field = ? where ID = ?");
$query->bind_param('si', $variable1,$variable2);
$query->execute();
With the above example, you create a handle to the database server and one of its databases. Then, using the prepare method, you create a string template for your query. The bind_param method’s first argument is a string of characters that indicate what datatype the variables contain. The ‘s’ is for a string and the ‘i’ is for an integer. See? Not so bad!
The second project was a site we setup on our PHP server so we could examine it and add onto it. It turned out that the whole site was built with short tags. Up until now, I don’t think I’ve ever seen a website developed with short tags.
Your “normal” PHP mark up tags look like this:
<?php // some PHP code here. ?>
Short tags look like this:
<? // some PHP code here. ? >
PHP can also be configured to use ASP style tags:
<% // some PHP code here. %>
Now, there’s some conflict online as to where or if short tags should be used or not. One benefit of the short tag is you can output a string into HTML markup more concisely. Like so:
<?= $some_variable ?>
The long form looks like this:
<?php echo $some_variable; ?>
There’s also a concern that the simple ‘<?’ tag can cause issues with using PHP and XML. It is actually quite the hot topic online. However, the primary reason not to use short tags, in my opinion, is that short tag support will not be available in PHP6. Right or wrong, best get into the habit now!
While researching this post, I discovered some really cool things about PHP that I didn’t know. Check out the links below.
http://www.phpvs.net/2008/06/04/ten-php-best-practices-tips-that-will-get-you-a-job/
March 15, 2023
Why continue to utilize a mess of spreadsheets to run your operations? We think there’s a better way. Here are the top 7 reasons you should switch to custom software.
February 3, 2023
Wait. What’s the problem again? Several years ago I was working in Healthcare for a tech startup. At the time, healthcare systems could not bill patients until a chart was signed off and locked by a provider (MD, PA, or NP). The provider had to step through every single screen and check a box regardless […]
September 14, 2022
Why build software of our own? Any good story of a project starts with a problem that needs to be addressed. We work with many clients in the manufacturing vertical and during our time spent with them, we noticed a challenge with synchronization with their dealers. Much of the dealers’ in-office time was spent hunting […]
May 23, 2022
Is local the real secret sauce leaders deploy for a successful development project? Rod Smith, Volano Software Partner, and Co-founder defines the benefits of working with a local development shop.
March 25, 2022
Are you relentlessly passionate about every detail and every pixel when it comes to front-end development? We’re looking to add a Senior Front-end Developer to join our growing team. At Volano, you will work with a variety of clients and projects alongside a remarkable team of back-end and front-end developers, designers, and management to build […]
March 15, 2022
It was 8:00 am on a sunny morning in Hawaii in January. People were hustling to get to their typical morning responsibilities. Cars were on the highway commuting to work, school, and other destinations when all of a sudden chaos breaks out. People start to panic, kids have been thrust down sewers for safety, everyone […]