- Review the permission of the user
All the users do not have permissions for all the forms, that is clear. It is necessary to establish if the user can send that form or no, or if only he can do it partly. - Validate all the data
It means that by each form, it is necessary to establish conditions. In general, the text fields must have a maximum length (normal it is to establish it according to the data base) or fixed (for example, the credit cards codes). Also it is necessary to review the format (usually for the email directions). There are data that only can be numerical, or dates that can not be valid.
Checkbox, radio buttons and dropdowns have a range of prefixed options and they are not possible to left it.
All these things it is necessary to have them in account, because an erroneous data can cause that information lost, but can be avoided if him force to the user to correct that error. - Save data
Depending the destiny on the entered data, it is necessary to save the data of the form that corresponds. In general, we are going to keep them in databases, reason why the functions *_escape_string provide a form easy to escape the data according to the type of database that we use.
In this point, it is necessary to have well-taken care of with the “magic quotes” (magic_quotes_gpc), that if they are enabled can cause the data doubly escaped. The best thing is to clear the quotes, if this config is in On.
So why don't we forget to escape data, if we have magic_quotes_gpc?
The idea of magic_quotes was not to have to escape data, and to facilitate the task to the programmer. The problem of this function, is that it escapes data in an arbitrate way and without considering in where they are used such.
Another possible error is to want to keep data that the user did not submit, but to have magic_quotes_gpc On we did not escape, incorrectly. - Save the results
The data are valid, and prepared… The only thing that is is to save it, and to make any other process that is necessary. - Show the results
Still our work did not finish. The information that we kept, probably we want it to show somebody. In this point it is very important to escape the data again. Previously we kept it as the user submitted it, but at the time of showing it in a page, it is necessary to avoid malisiosa information. In general, to escape HTML entities is enough for this, but it would be better to escape all the entities, “even more rare” to display the information correctly.
Sunday, September 30, 2007
Form processing
Always, the greater problem, is to process sent data. We are going to make a pursuit of which things are necessary to review for each form. As a previous notion, we must consider that all the data that client sends (POST, GET, COOKIE) is unreliable.
Tuesday, September 25, 2007
Conexión por IP
Recently I discovered that is faster to connect to a server used its IP that its name. For example, instead of mysql_connect(“localhost”); one can use mysql_connect(“127.0.0.1”); and it ends up improving the speed of connection. A small optimization, but frequent.
Sunday, September 23, 2007
Storing array elements in a variable
The other day, called the attention to read that is slower to accede to an array element than to a variable. I decided to prove whatever is the difference, and if it is worth the trouble. My conclusion is that the difference exists and if is called more than 10 times to the same index, can be worth the trouble to create a variable for that, but is also only recommendable to do it within a function, in a “scope” so that it is not all along in the memory.
View example
View example
Thursday, September 20, 2007
Reading the manual
I must read the manual
I must read the manual
I must read the manual
I must read the manual
Yeah, it is boring, but it is necessary to consider that PHP has many functions that one perhaps ignores and we can avoid us to rediscover the wheel.
Also it is necessary to read the commentaries of the users, many holes are covered there.
The last function I discover: dl
I must read the manual
I must read the manual
I must read the manual
Yeah, it is boring, but it is necessary to consider that PHP has many functions that one perhaps ignores and we can avoid us to rediscover the wheel.
Also it is necessary to read the commentaries of the users, many holes are covered there.
The last function I discover: dl
Sunday, September 16, 2007
Iterate over array
Perhaps it sounds repeated to the for - while post, but now instead of executing a code N times, I want to run all the positions of an array. Which is the most advisable way?
In the first place, we have the optimized for.
On the other hand, we can use foreach, that exactly crosses the array of data.
A last alternative is to be crossing the array using its internal pointer.
In this case, the best alternative is foreach, specially dedicated for this.
View example
In the first place, we have the optimized for.
On the other hand, we can use foreach, that exactly crosses the array of data.
A last alternative is to be crossing the array using its internal pointer.
In this case, the best alternative is foreach, specially dedicated for this.
View example
Thursday, September 13, 2007
Post or Get
Which is the criteria to choose if a form must go by Post or Get?
W3c gives us a list to decide. We are going to use that list as it bases, and to try to extend it a bit
GET
* W3C: The interaction is more like a question (?)
* It is a data that is used as guide for the presentation
* It is wanted to be able to offer the possibility of copying and pasting to keep it, enter it in a page, to pass it to it to another person
POST
* W3C: The interaction is more like an order
* W3C: The interaction changes the state of the resource in a way that the user would perceive
* W3C: The user be held accountable for the results of the interaction
* Rebound second of the W3C like very important: to try to maintain the processings of forms like Post
* It handles “sensible” data like passwords
* The information is much (the amount of characters of URI can be limited pro the servant)
BOTH
* When data are processed, it is moral convention to make Post/Redirect/Get
W3c gives us a list to decide. We are going to use that list as it bases, and to try to extend it a bit
GET
* W3C: The interaction is more like a question (?)
* It is a data that is used as guide for the presentation
* It is wanted to be able to offer the possibility of copying and pasting to keep it, enter it in a page, to pass it to it to another person
POST
* W3C: The interaction is more like an order
* W3C: The interaction changes the state of the resource in a way that the user would perceive
* W3C: The user be held accountable for the results of the interaction
* Rebound second of the W3C like very important: to try to maintain the processings of forms like Post
* It handles “sensible” data like passwords
* The information is much (the amount of characters of URI can be limited pro the servant)
BOTH
* When data are processed, it is moral convention to make Post/Redirect/Get
Tuesday, September 11, 2007
Error reporting
One does not program correctly, if errors exist. And if these errors escape of our sight, it will be more difficult to detect them and to correct them. An error that does not cause negative consequences, continues being an error. Commonest, in this sense, it is to verify the value of variables that are not initialized, or we do not know if they are it… If we proved the difference between
1) if ($variable)
2) if (isset ($variable))
3) if (! empty ($variable))
The first that calls to me attention is the more slow is the first option, if the variable is not defined, but is variable is defined is the more fast that empty and that isset, with which if he is sure that the variable exists, this is the best solution, but before the doubt he is preferable to use empty/isset.
Returning to the subject of the errors, whenever it is codified is good for seeing the errors, therefore always it is good for executing
error_reporting (E_ALL);
while it is being developed, and to reduce the level to E_NONE when he is in a site live, or to eliminate error_display
View example
1) if ($variable)
2) if (isset ($variable))
3) if (! empty ($variable))
The first that calls to me attention is the more slow is the first option, if the variable is not defined, but is variable is defined is the more fast that empty and that isset, with which if he is sure that the variable exists, this is the best solution, but before the doubt he is preferable to use empty/isset.
Returning to the subject of the errors, whenever it is codified is good for seeing the errors, therefore always it is good for executing
error_reporting (E_ALL);
while it is being developed, and to reduce the level to E_NONE when he is in a site live, or to eliminate error_display
View example
Sunday, September 9, 2007
Listing directories
The necessity to look for all the archives in a folder is common. The common way is to use opendir, but the function glob approaches to us alongside dark side of the force, offering us a simpler alternative… Nevertheless, this solution is slower.
Another alternative is the function to dir, that returns a directory object, a more “elegant” solution if it is wanted, but is not more than wrapper of the same, reason why it is not faster.
View example
Another alternative is the function to dir, that returns a directory object, a more “elegant” solution if it is wanted, but is not more than wrapper of the same, reason why it is not faster.
View example
Saturday, September 8, 2007
Avoid double functions calls
I was thinking that I can take any function and optimize it by storing results already calculated in a temporary variable.
Therefore, I took common mathematical formula, the “quadratic one” that is used to obtain the roots of a polynomial of degree two, and began to prove forms to improve it.
Several were the attempts, and the conclusion at which I arrived is that although he is better to store results of calls of functions, is not the best thing to keep it from operating simpler like the multiplication.
View example
Therefore, I took common mathematical formula, the “quadratic one” that is used to obtain the roots of a polynomial of degree two, and began to prove forms to improve it.
Several were the attempts, and the conclusion at which I arrived is that although he is better to store results of calls of functions, is not the best thing to keep it from operating simpler like the multiplication.
View example
Pair or odd
How can we know if an integer number is pair or odd?
Of course, it is not too hard.
When I was just starting, I remembered I have looked for a way to do this, not too practical
floor($a / 2) == $a / 2;
The result is correct, but it can be much easier knowing the % operator
$a % 2 == 0;
However, you can still do it faster, but not necessarily easier, checking if the binary contains the 1 or not.
$a & 1 == 0
View example
Of course, it is not too hard.
When I was just starting, I remembered I have looked for a way to do this, not too practical
floor($a / 2) == $a / 2;
The result is correct, but it can be much easier knowing the % operator
$a % 2 == 0;
However, you can still do it faster, but not necessarily easier, checking if the binary contains the 1 or not.
$a & 1 == 0
View example
str_replace - strtr
This two functions are too similar. Usually, str_replace is more famous, but which one is better? Let's try...
str_replace('e','a','hello world');
strtr('hello world','e','a');
Let's compare a simple replace. In this comparison, str_replace takes a point.
What happens if it is wanted to replace a text that is not?
Both functions are quicker, but str_replace still more optimal. At this instance, it seems this options is better, but both functions allows multiple replacements at a time. Let's try it.
str_replace(array('o','e'),'a','hello world');
strtr('hello world',array('o' => 'a','e' => 'a'));
Here we reeplace "o" and "e" for "a", and str_replace still likes better... Let's give strtr a las chance
str_replace(array('o','e'),array('i','o'),'hello world');
strtr('hello world',array('o' => 'i','e' => 'o'));
In this case, the replacements are 'o' for 'i', and 'e' for 'a', and surprisely strtr takes the victory.
Conclusion: usually, its preferable to use str_replace, but when you want to replace many characters for many others characters (and not only a value) strtr is better.
View example
str_replace('e','a','hello world');
strtr('hello world','e','a');
Let's compare a simple replace. In this comparison, str_replace takes a point.
What happens if it is wanted to replace a text that is not?
Both functions are quicker, but str_replace still more optimal. At this instance, it seems this options is better, but both functions allows multiple replacements at a time. Let's try it.
str_replace(array('o','e'),'a','hello world');
strtr('hello world',array('o' => 'a','e' => 'a'));
Here we reeplace "o" and "e" for "a", and str_replace still likes better... Let's give strtr a las chance
str_replace(array('o','e'),array('i','o'),'hello world');
strtr('hello world',array('o' => 'i','e' => 'o'));
In this case, the replacements are 'o' for 'i', and 'e' for 'a', and surprisely strtr takes the victory.
Conclusion: usually, its preferable to use str_replace, but when you want to replace many characters for many others characters (and not only a value) strtr is better.
View example
Naming variables
It is important that our code can be read, by ourself or by others, so it is very likely to name of our vars explain what they contain.
Personally, I don't like to include the data type in the variable name, but what it mean.
As an usual exception to this rule you have the variables with no real sense, but useful, for example
for ($i = 0; $i < N; $i++) {
for ($j = 0; $j < M; $j++) {
}
}
Personally, I don't like to include the data type in the variable name, but what it mean.
As an usual exception to this rule you have the variables with no real sense, but useful, for example
for ($i = 0; $i < N; $i++) {
for ($j = 0; $j < M; $j++) {
}
}
for - while
Usually, to iterate a code N times you do
for ($a = 0; $a < N; $a++) {
but, thinking a bit, this code can be optimized, because the second and third sentence can be joined, so we get this
for ($a = -1; ++$a < N;) {
Also, you can think it in this way
$a = 0;
while (++$a < N) {
but the previous approach seems (a bit) better, in the practice. This optimization can improve not much your code, we have to keep in mind this is one of the most common iterations, and you can repeat it a lot along your work.
View example
for ($a = 0; $a < N; $a++) {
but, thinking a bit, this code can be optimized, because the second and third sentence can be joined, so we get this
for ($a = -1; ++$a < N;) {
Also, you can think it in this way
$a = 0;
while (++$a < N) {
but the previous approach seems (a bit) better, in the practice. This optimization can improve not much your code, we have to keep in mind this is one of the most common iterations, and you can repeat it a lot along your work.
View example
Subscribe to:
Posts (Atom)
