Sunday, September 30, 2007

Form processing

Always, the greater problem, is to process sent data. We are going to make a pursuit of which things are necessary to review for each form. As a previous notion, we must consider that all the data that client sends (POST, GET, COOKIE) is unreliable.

  1. Review the permission of the user
    All the users do not have permissions for all the forms, that is clear. It is necessary to establish if the user can send that form or no, or if only he can do it partly.

  2. Validate all the data
    It means that by each form, it is necessary to establish conditions. In general, the text fields must have a maximum length (normal it is to establish it according to the data base) or fixed (for example, the credit cards codes). Also it is necessary to review the format (usually for the email directions). There are data that only can be numerical, or dates that can not be valid.
    Checkbox, radio buttons and dropdowns have a range of prefixed options and they are not possible to left it.
    All these things it is necessary to have them in account, because an erroneous data can cause that information lost, but can be avoided if him force to the user to correct that error.

  3. Save data
    Depending the destiny on the entered data, it is necessary to save the data of the form that corresponds. In general, we are going to keep them in databases, reason why the functions *_escape_string provide a form easy to escape the data according to the type of database that we use.
    In this point, it is necessary to have well-taken care of with the “magic quotes” (magic_quotes_gpc), that if they are enabled can cause the data doubly escaped. The best thing is to clear the quotes, if this config is in On.
    So why don't we forget to escape data, if we have magic_quotes_gpc?
    The idea of magic_quotes was not to have to escape data, and to facilitate the task to the programmer. The problem of this function, is that it escapes data in an arbitrate way and without considering in where they are used such.
    Another possible error is to want to keep data that the user did not submit, but to have magic_quotes_gpc On we did not escape, incorrectly.

  4. Save the results
    The data are valid, and prepared… The only thing that is is to save it, and to make any other process that is necessary.

  5. Show the results
    Still our work did not finish. The information that we kept, probably we want it to show somebody. In this point it is very important to escape the data again. Previously we kept it as the user submitted it, but at the time of showing it in a page, it is necessary to avoid malisiosa information. In general, to escape HTML entities is enough for this, but it would be better to escape all the entities, “even more rare” to display the information correctly.
These 5 points are necessary for most of the data processing. It seems troublesome and complicated, but it is not it as much.

Tuesday, September 25, 2007

Conexión por IP

Recently I discovered that is faster to connect to a server used its IP that its name. For example, instead of mysql_connect(“localhost”); one can use mysql_connect(“127.0.0.1”); and it ends up improving the speed of connection. A small optimization, but frequent.

Sunday, September 23, 2007

Storing array elements in a variable

The other day, called the attention to read that is slower to accede to an array element than to a variable. I decided to prove whatever is the difference, and if it is worth the trouble. My conclusion is that the difference exists and if is called more than 10 times to the same index, can be worth the trouble to create a variable for that, but is also only recommendable to do it within a function, in a “scope” so that it is not all along in the memory.

View example

Thursday, September 20, 2007

Reading the manual

I must read the manual
I must read the manual
I must read the manual
I must read the manual


Yeah, it is boring, but it is necessary to consider that PHP has many functions that one perhaps ignores and we can avoid us to rediscover the wheel.
Also it is necessary to read the commentaries of the users, many holes are covered there.

The last function I discover: dl

Sunday, September 16, 2007

Iterate over array

Perhaps it sounds repeated to the for - while post, but now instead of executing a code N times, I want to run all the positions of an array. Which is the most advisable way?
In the first place, we have the optimized for.
On the other hand, we can use foreach, that exactly crosses the array of data.
A last alternative is to be crossing the array using its internal pointer.

In this case, the best alternative is foreach, specially dedicated for this.

View example

Thursday, September 13, 2007

Post or Get

Which is the criteria to choose if a form must go by Post or Get?
W3c gives us a list to decide. We are going to use that list as it bases, and to try to extend it a bit

GET

* W3C: The interaction is more like a question (?)
* It is a data that is used as guide for the presentation
* It is wanted to be able to offer the possibility of copying and pasting to keep it, enter it in a page, to pass it to it to another person


POST

* W3C: The interaction is more like an order
* W3C: The interaction changes the state of the resource in a way that the user would perceive
* W3C: The user be held accountable for the results of the interaction
* Rebound second of the W3C like very important: to try to maintain the processings of forms like Post
* It handles “sensible” data like passwords
* The information is much (the amount of characters of URI can be limited pro the servant)


BOTH

* When data are processed, it is moral convention to make Post/Redirect/Get

Tuesday, September 11, 2007

Error reporting

One does not program correctly, if errors exist. And if these errors escape of our sight, it will be more difficult to detect them and to correct them. An error that does not cause negative consequences, continues being an error. Commonest, in this sense, it is to verify the value of variables that are not initialized, or we do not know if they are it… If we proved the difference between

1) if ($variable)
2) if (isset ($variable))
3) if (! empty ($variable))

The first that calls to me attention is the more slow is the first option, if the variable is not defined, but is variable is defined is the more fast that empty and that isset, with which if he is sure that the variable exists, this is the best solution, but before the doubt he is preferable to use empty/isset.

Returning to the subject of the errors, whenever it is codified is good for seeing the errors, therefore always it is good for executing

error_reporting (E_ALL);

while it is being developed, and to reduce the level to E_NONE when he is in a site live, or to eliminate error_display

View example

Sunday, September 9, 2007

Listing directories

The necessity to look for all the archives in a folder is common. The common way is to use opendir, but the function glob approaches to us alongside dark side of the force, offering us a simpler alternative… Nevertheless, this solution is slower.
Another alternative is the function to dir, that returns a directory object, a more “elegant” solution if it is wanted, but is not more than wrapper of the same, reason why it is not faster.

View example

Saturday, September 8, 2007

Avoid double functions calls

I was thinking that I can take any function and optimize it by storing results already calculated in a temporary variable.
Therefore, I took common mathematical formula, the “quadratic one” that is used to obtain the roots of a polynomial of degree two, and began to prove forms to improve it.

Several were the attempts, and the conclusion at which I arrived is that although he is better to store results of calls of functions, is not the best thing to keep it from operating simpler like the multiplication.

View example

Pair or odd

How can we know if an integer number is pair or odd?
Of course, it is not too hard.
When I was just starting, I remembered I have looked for a way to do this, not too practical

floor($a / 2) == $a / 2;

The result is correct, but it can be much easier knowing the % operator

$a % 2 == 0;

However, you can still do it faster, but not necessarily easier, checking if the binary contains the 1 or not.

$a & 1 == 0

View example

str_replace - strtr

This two functions are too similar. Usually, str_replace is more famous, but which one is better? Let's try...

str_replace('e','a','hello world');
strtr('hello world','e','a');

Let's compare a simple replace. In this comparison, str_replace takes a point.

What happens if it is wanted to replace a text that is not?
Both functions are quicker, but str_replace still more optimal. At this instance, it seems this options is better, but both functions allows multiple replacements at a time. Let's try it.

str_replace(array('o','e'),'a','hello world');
strtr('hello world',array('o' => 'a','e' => 'a'));

Here we reeplace "o" and "e" for "a", and str_replace still likes better... Let's give strtr a las chance

str_replace(array('o','e'),array('i','o'),'hello world');
strtr('hello world',array('o' => 'i','e' => 'o'));

In this case, the replacements are 'o' for 'i', and 'e' for 'a', and surprisely strtr takes the victory.

Conclusion: usually, its preferable to use str_replace, but when you want to replace many characters for many others characters (and not only a value) strtr is better.

View example

Naming variables

It is important that our code can be read, by ourself or by others, so it is very likely to name of our vars explain what they contain.
Personally, I don't like to include the data type in the variable name, but what it mean.
As an usual exception to this rule you have the variables with no real sense, but useful, for example

for ($i = 0; $i < N; $i++) {
for ($j = 0; $j < M; $j++) {

}
}

for - while

Usually, to iterate a code N times you do

for ($a = 0; $a < N; $a++) {

but, thinking a bit, this code can be optimized, because the second and third sentence can be joined, so we get this

for ($a = -1; ++$a < N;) {

Also, you can think it in this way

$a = 0;
while (++$a < N) {

but the previous approach seems (a bit) better, in the practice. This optimization can improve not much your code, we have to keep in mind this is one of the most common iterations, and you can repeat it a lot along your work.

View example