digg

Facebook Connect Join Digg About

10 things you didn’t know about PHP.

blog.rightbrainnetworks.com Here’s a short list of cool features that might have slipped under your radar.

Who dugg this? Made popular Aug 18, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

126 Comments

show profanity settings
expand all
  • craigb, on 10/10/2007, -2/+26If you take away 1 thing from this article, make it #7. Never report errors to users. ever.
    seriously.
  • traphik, on 10/10/2007, -2/+25Here is something not very known

    $a = 'test';
    ${$a . '_var'} = 'Hello World';
    echo $test_var;

    Not very useful but still interesting!
  • mattmcm, on 10/10/2007, -1/+14I agree. I was somewhat taken aback by your closing statement, but overall, you made a strong point.
  • rafor, on 10/10/2007, -3/+15Great list and I think it will come in handy as I learn even more about PHP.
  • Fireman84, on 10/10/2007, -2/+13I've learned something new :)
  • nova912, on 10/10/2007, -4/+14Damn nothing new, I have read all that in books printed 2 years ago =/, I want more!

    echo empty($promise) ? 'Sad' : 'Happy';
  • traphik, on 10/10/2007, -2/+11I'm not going to digg you down for suggesting Ruby on Rails. I'm going to digg you down for suggesting a framework as a language...
  • geminitojanus, on 10/10/2007, -1/+10That's quite possibly the ugliest snippet of code I've ever seen in my entire life. And I maintained a perl airline ticketing application for three years.
  • Terr01, on 10/10/2007, -1/+9I must disagree with #4.

    The ternary operator is in some ways a "perl-everything-on-one-line" construction. Sure, it's handy if you're typing, but the vast majority of cost for software is in upgrades and maintenance, and using "if/else" is easier on whatever poor shmoe who has to do the work. I never use the ternary operator for this reason--readability and how the code scans.

    #6: Also consider highlight_string. For debugging, I really like highlight_string(var_export($DATA,true)). It's better than print_r because it keeps line breaks in HTML, and also because "false" is "false" and not a blank entry, etc. Less ambiguity.

    #9: Make sure you understand PHP4/5 differences in reference passing before experimenting.
  • DietMountainDew, on 10/10/2007, -1/+910 should be the most important. Poorly written scripts can lead to a SQL injection with little effort from the wrong doer.

    Also something I didn't see, be sure to test your scripts well. Put yourself in the place of a hacker, it is better you find any flaws before they do...
  • vh1`, on 10/10/2007, -3/+11I'll dig you down because comparing a language to a framework isn't fair at all
  • vh1`, on 10/10/2007, -1/+8especially since it's been possible to do that same thing using arrays / hashes / objects, in a much more sane way
  • p0tent1al, on 10/10/2007, -2/+9Magic Quotes are not needed, which is why PHP 6 is phasing them out completely. It's the act of PHP escaping all user inputted quotes because of possible attacks. The problem arises when you are trying to handle user input, for instance if I put a Contact Us page on my site, and the user types a question and e-mails it to me via the site, any apostrophe's they use are preceeded with backslashes, which I have to then make a custom php function to strip all the backslashes out before it is served to the e-mail.

    Long story short, you don't need magic quotes, they are a pain, you are going to have to properly validate user input regardless. And magic quotes has to do with the way the server is set up, so it all depends on what settings your hoster has set up.
  • prockcore, on 10/10/2007, -1/+8Here's one that might be new to you. PEAR::Validate is a class that makes it easy to validate email addresses, urls, and other various user input.

    require "Validate.php"
    $validate=new Validate();
    if ($validate->email($email_address)) ....
    if ($validate->email($email_address,true)) ...

    the first one will check to see if $email_address contains a valid email address
    the second will do that, as well as check that the domain resolves.
  • rauz, on 10/10/2007, -5/+11Well here's one thing you didn't know about you - you're an ass!
  • tempusrob, on 10/10/2007, -1/+7Or you just have a pluralize() function:

    function pluralize($singular, $plural, $count) {
         if($count === 0 || $count > 1) return $plural;
         else return $singular;
    }

    echo "You have {$count} pluralize('item', 'items', $count) in your cart."
  • traphik, on 10/10/2007, -1/+7Or you can not compare RoR to a language... If you use a framework for php such as CakePHP you won't need to write sql either.
  • jessehadden, on 10/10/2007, -2/+8Isn't that like saying that a trans-Atlantic jet is "pathetic" because it can't fly to the moon? Maybe so, but when you want to cross the Atlantic and don't need to reach the moon, it's just the right fit.
  • ttfkam, on 10/10/2007, -1/+7Digg's captcha really needs work... Anyway, back on topic:

    1. ip2long and long2ip only handle IPv4. At least with strings you can migrate to IPv6 relatively seamlessly. (Obviously the logic to determine subnets must be modified.) It's 2007! You should at least address IPv6 (no pun intended) in your standard library. It's not like detecting which type has been passed is terribly complex or resource-intensive.

    Oh yeah, the fact that the function returns -1 on error is dumb too since they will likely be ignored and MySQL doesn't support check statements as a safety catch.

    2. No comment.

    3. You shouldn't use either. Your queries should not be hard-coded in your code, and you should not intimately tie your app to any particular database without good reason. This is of course completely glossing over the fact that PHP lacks namespacing, which is why you have "mysql_" and "mysqli_" prefixes in the first place. But I digress.

    4. The ternary operator does not enhance performance. Use it only when it enhances readability. When an if-else statement would be more readable, avoid the ternary. A better suggestion would be to learn to love easily readable code. Code is for humans, not computers. Computers are more than willing to accept a long series of ones and zeros. It's we humans that don't handle the ones and zeros too well.

    5. Agreed, code reuse is best. PEAR is far better than reinventing the wheel. Too bad the author missed that PEAR also includes a database abstraction layer.

    6. Not "some care," a huge amount of care. In fact, you should make sure calls like that are only from authenticated or otherwise protected URLs.

    7. Good tip. Of course if more coders spent even a little bit of time on error handling, the net would be a better place.

    8. Depends on the database. PostgreSQL and some other databases compress and decompress textual data automatically in the background. This tip only helps work around one of MySQL's limitations.

    9. Good tip, just don't overuse it.

    10. This tip should be, "Don't ever use magic quotes, period!" String concatenation should *never* be used for database access in a public-facing app. Scratch that. String concatenation should *never* be used for database access, period! Use either prepared statements or simple parameterized statements with SQL. Don't wait for that one time you were coding at 4am and forgot to escape the query input. Let the built-in libraries do that for you.

    String concatenation for SQL queries is not a choice, it's always a bug. Use examples like this instead:

    $res = $db->query( 'SELECT id FROM users WHERE login=?', array( $name ) );

    No muss, no fuss, just as efficient (if not more so), easy to read, and always safe from an SQL injection attack.
  • voetsjoeba, on 10/10/2007, -3/+9Or you can stop preaching Ruby on Rails everywhere you go?
  • mcprogrammer, on 10/10/2007, -2/+8I know what you mean with the ternary operator; it definitely has potential to be misused. There are some cases where I think it's more clear though. One example is pluralizing a word:

    echo "You have $count item" . ($count != 1 ? "s" : "") . " in your cart.";

    compared to

    if ($count == 1) {
    echo "You have 1 item in your cart.";
    }
    else {
    echo "You have $count items in your cart.";
    }
  • p0tent1al, on 10/10/2007, -4/+10I'd rather use PHP than MS's proprietary bullsh*t, sorry. ASP.NET has it's place, but unless you absolutely need it, there is no use for it. That and PHP will eventually have all the features (especially OOP wise) that ASP.NET has. And no I'm not digging you down, but I'm not digging you up either.
  • MellerTime, on 10/10/2007, -2/+8Write a custom function? You mean like... stripslashes()? In any case, I get what you mean: magic quotes are evil. It's just a way to help lazy (or incompetent / un-knowledgeable) programmers avoid totally screwing up....
  • prockcore, on 10/10/2007, -1/+6Those are objects. Primitives are still passed by value by default. Since he was talking specifically about people wanting to return more than one thing, it's assumed he's not dealing with objects.
  • Terr01, on 10/10/2007, -1/+6The problem with your example (and with prockcore's) is that you aren't actually using it for ternary logic. The benefit you get isn't ternary logic, but instead the syntactic sugar of inlining the result for concatenation.
  • TenebrousX, on 10/10/2007, -2/+7because it doesn't...
  • k4st, on 10/10/2007, -1/+5http://digg.com/programming/15_Really_Cool_Things_Most_People_Don_t_Know_About_PHP
  • zeptobyte, on 10/10/2007, -2/+6I'm not going to digg you down for suggesting Ruby on Rails. I'm not going to digg you down for suggesting a framework as a language. I'm going to digg you down for telling me that Rails is something I didn't know about PHP.
  • Nick22, on 10/10/2007, -1/+5What do you use? Ruby on Rails? If so, then you just helped confirm my just-made theory that RoR users are snobs
  • Terr01, on 10/10/2007, -2/+6http://www.php.net/manual/en/migration5.oop.php

    " In PHP 5 there is a new Object Model. PHP's handling of objects has been completely rewritten, allowing for better performance and more features. In previous versions of PHP, objects were handled like primitive types (for instance integers and strings). The drawback of this method was that semantically the whole object was copied when a variable was assigned, or passed as a parameter to a method. In the new approach, objects are referenced by handle, and not by value (one can think of a handle as an object's identifier)."
  • Terr01, on 10/10/2007, -1/+5Also, you can more easily deal with irregular items, especially where you can't simply append to them.

    One mouse, Two Mice. One shrimp, Four shrimp. One foot, three feet.
  • Terr01, on 10/10/2007, -1/+5If this were an M.N. Shyalaman movie, we'd find out you were actually still there and didn't know it.
  • inactive, on 10/10/2007, -1/+5 ip2long(). heh.
  • Coded1, on 10/10/2007, -2/+6It is intresting but I pitty the fool who tries to use that too often in a project
  • tempusrob, on 10/10/2007, -1/+4I dunno...

    #3 should recommend PDO rather than mysqli, primarily for consistency and security.

    #4 has no warning about readability problems, and using the ternary operator with *discretion.*

    #9 is very poorly worded. Using parameters by reference doesn't *return* anything, it modifies the values of the variables directly and immediately. This can be good or bad depending on the context.

    And #10 is dangerously generic. I can imagine a novice reading that and thinking "Oh, magic quotes must be good."
  • Glum, on 10/10/2007, -0/+2While ActiveRecord does joins, sorts and other things for you it does not free you from writing sql in your models
  • ronster, on 10/10/2007, -0/+2I've been reading php books but didn't know about #7 though. There's a difference between programmers and people who occasionally need to develop snippets!
  • MikeSD34, on 10/10/2007, -1/+3I cry every time...

    "An unexpected error has occurred."
    - MySpace
  • aDJsavedmylife, on 10/10/2007, -1/+3Why don't you make a better list, then?

    I'll add you and see if you submit anything. Doubt you will.
  • tempusrob, on 10/10/2007, -0/+2http://us2.php.net/pdo

    Second paragraph: "PDO does not provide a database abstraction; it doesn't rewrite SQL or emulate missing features. You should use a full-blown abstraction layer if you need that facility."
  • grimw, on 10/10/2007, -0/+2And what was the point of that? Of course you can USE stored procedures already in the database, but the django framework certainly DOES NOT help create them for you the way it helps create some basic queries and tables for you.

    You must've missed the whole last sentence of my post that makes it perfectly clear that I was talking about django creating stored procedures. Learn to read and don't make ridiculous remarks like "lmao; django stored procedures shows results on google."
  • inactive, on 10/10/2007, -1/+3This list can apply to a fairly advanced programmer. I'm glad to know that I use most of these tips every day, the rest are unnecessary or just purely optional usage.
  • mcprogrammer, on 10/10/2007, -1/+3My point is just that, even though it doesn't really add anything to the language, there are a few cases where the syntactic sugar makes it more concise easier to read. I agree that most of the time, it's better to use a normal if/else though. Pluralization is one of the few times I use it.
  • lukasmach, on 10/10/2007, -1/+3Wikipedia openly shows PHP error listing (traceback, even) when error occurs. The same holds true for many other Web 2.0 sites. Are they done by amateurs? I don't think so...
  • ToastedZergling, on 10/10/2007, -1/+3This was just outdated. If you are a real programmer you should know all these features exist and should be utilized (and thus referenced). You would be a good programmer if you didn't already know about SQL injection, proper datatyping and query optimization or similar problems exist in other languages as well.
  • neoform, on 10/10/2007, -0/+2Any "web 2.0" site that does is an amatuar job. that said, I've never seen wikipedia show a php error so I think you'll full of it. if you're talking about your own installation of wikipedia's software, you need to fix that in php.ini yourself.
  • ShadwDrgn, on 10/10/2007, -0/+2s/sux/rox/
  • noverflow, on 10/10/2007, -0/+2Im just trying to help:
    When using a foreach, unless you need the key output you do not need to list it. you can just do foreach($top_10_list as $item){

    But your code is crazy. What not just echo $top_10_list['4'] and concatenate onto it?
    Or did you just want to use code for codes sake?
  • neoform, on 10/10/2007, -0/+2How about you read the first thing i wrote?

    "Stupid list, anyone who learned something from it should pick up a php book and read instead of learning from top 10 lists."
  • rspeed, on 10/10/2007, -0/+1Heh, that's almost exactly what I thought as I was reading this. The only thing I'd add is that I wouldn't really recommend using PEAR. Zend Framework is much more modern and far better quality, but doesn't cover nearly as many uses. The only PEAR library I've felt comfortable using is HTTP_WebDav_Server.
  • Fetching more discussions...
    Show 51 - 100 of 123 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.