Professional PHP
It's important to remember what sets a professional PHP developer apart from the pack that floods your average help channel.
Too often I run into reviewing or helping a "professional" developer, and I can't help but mutter "you're doing it wrong..."
I feel the most important attribute that separates one developer from another is when they write for usability and maintainability.
So let's take a look at some extremely simple steps you can take to make your project's code more flexible.
1. For the love of all that there is, seperate your header and footer files. Yes, I'm still seeing this happen, often. All content that is above your generated page needs to go into a header file, and all the content below it into a footer file. So when you need to modify one line, you do it only once.
<?php require_once(dirname(__FILE__).'/includes/header.php'); ?> <div id='content'> <?php // script runs ?> </div> <?php require_once(dirname(__FILE__).'/includes/footer.php'); ?>
2. Create a function to generate your navigation. And when I say generate, I mean you give it some flexibility as well. This can be done even with the smallest of sites. Example:
<?php
$site_pages = array();
$site_pages[] = array('text' => 'home', 'link' => 'home.php');
$site_pages[] = array('text' => 'about', 'link' => 'about.php');
$site_pages[] = array('text' => 'partner', 'link' => 'http://www.example.domain.com/');
function buildNav($links)
{
$output = '';
foreach($links as $page)
{
$output .= "<a href=\"{$page['link']}\" title=\"{$page['text']}\">{$page['text']}</a>\n";
}
return $output;
}
?>
The example above could easily be modified to allow optional values to the array, like 'enabled' => false to turn off a link. Or you could define a link "template", and use str_replace() to substitute values.
This means if you, or the customer (with any know how) can quickly update the links at any time. For more advanced sites/projects this can obviously become more complicated, but it saves even more time.
3. If you're not going to use OOP, at least use functions. Any common task or specific sequence should be placed in it's own function. An example would be our navigation function from #2. Another example would be running a query for a specific item. If you ever need to modify your table structure you'll regret having to hunt down all of your inline queries.
4. When you create 'admin' features, take the 5 minutes to create a function that actually checks if the person accessing that "super hidden" directory filled with scripts that just accept anything.
I've seen this happen even on large global community sites.
Some developers will stuff their admin scripts in a folder such as /admin/, and just assume that if data is posted there then it's ok.
The least you should do is place a session check, and place it in a function.
<?php
function isAdmin()
{
if(!isset($_SESSION['user_name']) || !isset($_SESSION['user_id']))
{
return false;
}
else
{
$sql = "SELECT COUNT(*) as cnt FROM user_table WHERE user_id = ".intval($_SESSION['user_id']);
// do the query, check it, etc.
return true;
}
}
?>
Then when it comes time to run your script, simply:
<?php
if(isAdmin() === false)
{
die('Log back in');
}
?>
5. Create a wrapper for handling escape strings. If you're not using a database class (like PDO) to handle this, you'll need to do this.
Just assume that your client could have their PHP configuration change, or they change hosts, or any possible combination of changes take place.
Create a simple wrapper that will check of magic quotes, and escape for your database insert.
<?php
function cleanString($input)
{
if(get_magic_quotes_gpc())
{
$input = stripslashes($input);
}
$output = mysql_real_escape_string(trim($input));
return $output;
}
?>
6. Create a configuration file so you can update common yet critical variables. An example of this would be paths. Your system quickly gains adaptability if you just create a defines.php file, and place in there your simple variables.
The overall approach you should have to any project you take is that you should use an establish tool chain you have developed. It doesn't take much time or effort to create a simple set of classes that can handle just about any thing you need to create. If you wish to use functions, you can do the same. The idea is that you write once, and write it in such a manner that you can tweak it later on.
No comments yet.