I’ve been doing a significant amount of PHP development lately. There were two projects in particular that made me think about PHP best practices.
The first was just a website with a login feature that stopped working when it was moved from one server to another. The problem turned out to be how the query was being assembled to check the users credentials. The query was created by interpolating values into a string. The string, when assembed with PHP on the new server, was malformed SQL.
In PHP, a literal string is terminated by single quotes. It’s pretty straight forward:
$my_string = 'This is my string';
This is best when all you need is a simple string. But, you also have the option of using an interpolated string, which is kind of cool. Note the double quotes instead of single quotes.
$my_name = 'Doug';
$my_string = "My name is $my_name.";
When you use $my_string, it becomes ‘My name is Doug.’ Interpolation is a useful feature, but it can be misused or become confusing. When it comes to SQL queries, using prepared statements are the preferred way. Prepared statements are more secure and can actually perform better.
PHP prepared statements are a little tedious, but not bad. If you’re using MySQL version 4.1.3 or better, it is recommended that you use the mysqli PHP extension. The following is an example of a prepared statement using mysqli.
$handle = new mysqli('server', 'user', 'pword', 'db_name');
$query = $handle->prepare("update table1 set field = ? where ID = ?");
$query->bind_param('si', $variable1,$variable2);
$query->execute();
With the above example, you create a handle to the database server and one of its databases. Then, using the prepare method, you create a string template for your query. The bind_param method’s first argument is a string of characters that indicate what datatype the variables contain. The ‘s’ is for a string and the ‘i’ is for an integer. See? Not so bad!
The second project was a site we setup on our PHP server so we could examine it and add onto it. It turned out that the whole site was built with short tags. Up until now, I don’t think I’ve ever seen a website developed with short tags.
Your “normal” PHP mark up tags look like this:
<?php // some PHP code here. ?>
Short tags look like this:
<? // some PHP code here. ? >
PHP can also be configured to use ASP style tags:
<% // some PHP code here. %>
Now, there’s some conflict online as to where or if short tags should be used or not. One benefit of the short tag is you can output a string into HTML markup more concisely. Like so:
<?= $some_variable ?>
The long form looks like this:
<?php echo $some_variable; ?>
There’s also a concern that the simple ‘<?’ tag can cause issues with using PHP and XML. It is actually quite the hot topic online. However, the primary reason not to use short tags, in my opinion, is that short tag support will not be available in PHP6. Right or wrong, best get into the habit now!
While researching this post, I discovered some really cool things about PHP that I didn’t know. Check out the links below.
http://www.phpvs.net/2008/06/04/ten-php-best-practices-tips-that-will-get-you-a-job/
January 19, 2021
Software development is a team-based endeavor because of the complexity involved in launching a new system. Gone are the days when one developer can be point on the whole back-office software stack. It now takes multiple specialized roles to (appropriately) fulfill the software delivery lifecycle. A typical software project requires: Leadership Product management Project management […]
January 13, 2021
One definition of rot is the process of deterioration. Something that decays over time. By this standard – software rots like food in the Nebraska heat. It’s true. If your software isn’t regularly updated, it deteriorates and breaks down. Consider this – software is written to work at a moment in time…but time marches on. […]
January 4, 2021
OMAHA, NE, January 4, 2021 – In late 2020, Volano Solutions announced it has changed its name to Volano Software and launched a new website: www.volanosoftware.com. The name change was made to more accurately reflect what the company does, and the website was designed to be more informative and user-friendly to clients and prospective clients […]
June 2, 2020
According to LinkedIn technology (software) has a higher overall turnover rate than retail. With that, it isn’t a matter of if, but a matter of when. Volano has engineered a culture of “by developers, for developers” and this helps our retention. In fact, most of the folks that work at Volano have been here +5 […]
June 2, 2020
It is hard enough to build a successful business, and few want to invest time and resources into worrying about an Intellectual Property Assignment. But alas, you must do your homework. Fortunately, we make it easy for Volano customers. When asked – “Who owns the software and IP for my project?” – it is an […]
May 28, 2020
Many of us remember the grade school game Telephone. It was funny to see how a simple message would get garbled as it was passed along from person to person. But it’s not as funny when that message is a critical business requirement that will be turned into software that will power your business. Yet, […]