Moblin
JMSL Numerical Library

IBM® developerWorks
Sun Developer Network
Weekly Newsletter
Developer Updates
Free Website Content

Articles

Forums

All Feeds

Write For Us Get Paid

Request Media Kit

Site Map

Privacy Policy
Support

USERNAME

PASSWORD

>>> SIGN UP!

Lost Password?

PHP

RSS

Tips For Making Your PHP Code More Portable

By: Derek Comartin	Search For More Articles! Disclaimer Author Terms
Rating: / 7
2002-02-02

Table of Contents:

Tips For Making Your PHP Code More Portable

PHP Tags

Databases and tables

Conclusion

	ADD THIS ARTICLE TO:
	Del.ici.ous	Digg
	Blink	Simpy
	Google	Spurl
	Y! MyWeb	Furl

Email Me Similar Content When Posted

Add Developer Shed Article Feed To Your Site

Email Article To Friend

Print Version Of Article

PDF Version Of Article

Tips For Making Your PHP Code More Portable - PHP Tags

(Page 2 of 4 )

When you're creating blocks of PHP code, do you use <? or <% as your PHP opening tags? If you do, then stop it immediately! Always use the default, fully open tag: <?PHP. Both the short and ASP styles of code block tags can be turned off in the php.ini file, however the long method cannot.

GPC Variables

As of PHP version 4.0.3, GPC variables can be found in the $HTTP_*_VARS arrays. Because register_globals can be turned off (in PHP4+), you should never treat GPC's as if they're normal global variables. For example, if you had a <form> tag with its method attribute set to post, and a text field named "foo", then you shouldn't use $foo to refer to the value of this form variable in your PHP scripts, but rather the $HTTP_POST_VARS['foo'] associative array value. Using global variables can cause some major security issues rather easily. Stay way from register_globals too; they are the devil in disguise.

magic_quotes_gpc

If magic_quotes_gpc is enabled in your php.ini file (which it is by default), then your GPC data will have backslashes prepended before characters that need to be escaped for database queries etc. These characters are the single quote ( ' ), the double quote ( " ), the backslash ( \ ), and NULL (the NULL byte with character code zero). If you turn off magic_quotes_gpd in your php.ini file, then you will notice a slight performance gain.

Here's a simple solution that you should use when building SQL queries that use GPC variables:

define("MAGIC_QUTOES_GPC", get_magic_quotes_gpc());

function slashes($str)

{

if (MAGIC_QUTOES_GPC == 1) {

return $str;

} else {

return addslashes($str);

}

}

So here's what our SQL Query would look like:

$query = 'UPDATE mytable SET myfield=\'' . slashes($HTTP_POST_VARS['myfield']) . '\'';

Error Reporting

By default, the error_reporting option in the php.ini file is set to "E_ALL & ~E_NOTICE". This suppresses error messages that are generated for non-critical errors. For example, if you use a variable that hasn't been initialized, then you won't see an error. Is this a good thing? Well not really, since some people could have their error_reporting set to "E_ALL", meaning that they would see an error if a variable is used and not initialized. The solution is to set the value of the "error_reporting" attribute in your php.ini file to "E_ALL" when developing.

Next: Databases and tables >>

More PHP Articles
More By Derek Comartin

Comments On: Tips For Making Your PHP Code More Portable

>>> Be the FIRST to comment on this article!

PHP ARTICLES

- Making Usage Statistics in PHP
- Installing PHP under Windows: Further Config...
- File Version Management in PHP
- Statistical View of Data in a Clustered Bar ...
- Creating a Multi-File Upload Script in PHP
- Executing Microsoft SQL Server Stored Proced...
- Code 10x More Efficiently Using Data Access ...
- A Few Tips for Speeding Up PHP Code
- The Modular Web Page
- Quick E-Commerce with PHP and PayPal
- Regression Testing With JMeter
- Building an Iterator with PHP
- PHP Frontend to ImageMagick
- Using PEAR's mimeDecode Module
- Incoming Mail and PHP
Find More PHP Articles