I’ve been doing a significant amount of PHP development lately. There were two projects in particular that made me think about PHP best practices.
The first was just a website with a login feature that stopped working when it was moved from one server to another. The problem turned out to be how the query was being assembled to check the users credentials. The query was created by interpolating values into a string. The string, when assembed with PHP on the new server, was malformed SQL.
In PHP, a literal string is terminated by single quotes. It’s pretty straight forward:
$my_string = 'This is my string';
This is best when all you need is a simple string. But, you also have the option of using an interpolated string, which is kind of cool. Note the double quotes instead of single quotes.
$my_name = 'Doug';
$my_string = "My name is $my_name.";
When you use $my_string, it becomes ‘My name is Doug.’ Interpolation is a useful feature, but it can be misused or become confusing. When it comes to SQL queries, using prepared statements are the preferred way. Prepared statements are more secure and can actually perform better.
PHP prepared statements are a little tedious, but not bad. If you’re using MySQL version 4.1.3 or better, it is recommended that you use the mysqli PHP extension. The following is an example of a prepared statement using mysqli.
$handle = new mysqli('server', 'user', 'pword', 'db_name');
$query = $handle->prepare("update table1 set field = ? where ID = ?");
With the above example, you create a handle to the database server and one of its databases. Then, using the prepare method, you create a string template for your query. The bind_param method’s first argument is a string of characters that indicate what datatype the variables contain. The ‘s’ is for a string and the ‘i’ is for an integer. See? Not so bad!
The second project was a site we setup on our PHP server so we could examine it and add onto it. It turned out that the whole site was built with short tags. Up until now, I don’t think I’ve ever seen a website developed with short tags.
Your “normal” PHP mark up tags look like this:
<?php // some PHP code here. ?>
Short tags look like this:
<? // some PHP code here. ? >
PHP can also be configured to use ASP style tags:
<% // some PHP code here. %>
Now, there’s some conflict online as to where or if short tags should be used or not. One benefit of the short tag is you can output a string into HTML markup more concisely. Like so:
<?= $some_variable ?>
The long form looks like this:
<?php echo $some_variable; ?>
There’s also a concern that the simple ‘<?’ tag can cause issues with using PHP and XML. It is actually quite the hot topic online. However, the primary reason not to use short tags, in my opinion, is that short tag support will not be available in PHP6. Right or wrong, best get into the habit now!
While researching this post, I discovered some really cool things about PHP that I didn’t know. Check out the links below.
June 13, 2023
Data is like a vast set of building blocks, each has different shapes, sizes, and colors. Just like each brick has its unique utility, every piece of data carries a unique piece of information. As a business owner, how can you possibly start understanding what all the pieces of data from those fancy reports mean? […]
June 2, 2023
For small manufacturing companies with less than 100 employees and revenues of around $20–50 million, several key factors contribute to their success. Here are some important considerations: By focusing on these key factors, small manufacturing companies can enhance their competitiveness, achieve sustainable growth, and maintain profitability. It’s important to adapt these factors to the specific […]
June 1, 2023
Several years ago, I was working on a product that required some attention from the software product teams. This happens to all software over time because a user’s needs change, features need to be added, and bugs happen (naturally). The undertaking was large enough, so our team agreed it would be ideal to talk with […]
May 30, 2023
There’s an ongoing debate: custom software versus off-the-shelf Software as a Service (SaaS). A few misconceptions tend to cloud everyone’s judgment and influence decisions in this area. It’s time to put these myths to rest and bring clarity to the conversation. Myth 1: Custom Software is Outdated Custom software is inherently outdated, which couldn’t be […]
March 15, 2023
Why continue to utilize a mess of spreadsheets to run your operations? We think there’s a better way. Here are the top 7 reasons you should switch to custom software.
February 3, 2023
Wait. What’s the problem again? Several years ago I was working in Healthcare for a tech startup. At the time, healthcare systems could not bill patients until a chart was signed off and locked by a provider (MD, PA, or NP). The provider had to step through every single screen and check a box regardless […]