I wish I had known these tips the day I started working with PHP.
Instead of learning them through painstaking process, I could have been on my
way to becoming a PHP programmer even sooner! This article is presented in two
parts and is intended for folks who are new to PHP.
Tip
1: MySQL Connection Class
The majority of web applications I've worked with
over the past year have used some variation of this connection class:
class DB {
function DB() {
$this->host = "localhost"; // your host
$this->db = "myDatabase"; // your database
$this->user = "root"; // your username
$this->pass = "mysql"; // your password
$this->link = mysql_connect($this->host, $this->user,
$this->pass);
mysql_select_db($this->db);
}
}
// calls it to action
$db = new $DB;
Simply edit the variables and include this in your
files. This doesn't require any knowledge or special understanding to use. Once
you've added it to your repertoire, you won't likely need to create a new
connection class any time soon. Now you can get to work and quickly connect to
your database without a lot of extra markup:
$result = mysql_query("SELECT * FROM table ORDER BY id ASC LIMIT 0,10");
Tip
2: Dealing with Magic Quotes
PHP "automagically" can apply slashes to
your $_POST data for security purposes. It's an important measure to prevent
SQL injections. However, slashes in your scripts can wreak havoc. This is an
easy method for dealing with them. The way to handle the slashes is to strip
them from our variables. However, what if the magic quotes directive is
not enabled?
function magicQuotes($post) {
if (get_magic_quotes_gpc()) {
if (is_array($post) {
return array_map('stripslashes',$post);
} else {
return stripslashes($post);
}
} else {
return; // magic quotes are not ON so we do nothing
}
}
The script above checks to see if magic quotes is
enabled. If they are, it will determine if your $_POST data is an array (which
it likely is) and then it will strip the slashes accordingly.
Understand that this is not true 'validation'. Be
sure to validate all your user-submitted data with regular expressions (which
is the most common way to do so).
Tip
3: Safely Query Database with mysql_real_escape_string
When you are ready to query your database you will
need to escape special characters (quotes for instance) for safety's sake by
adding slashes. We apply these before we insert variables into our database.
Once again, we need to determine which version of PHP you are running first:
function escapeString($post) {
if (phpversion() >= '4.3.0') {
return array_map('mysql_real_escape_string',$post);
} else {
return array_map('mysql_escape_string',$post);
}
}
Tip
4: Debugging
If you search the forum there are many good
threads with rules about debugging. The single most
important thing you can do is ask PHP to report errors and notices to you by
adding this line at the beginning of your scripts:
error_reporting(E_ALL);
This will keep you in line as you learn by
printing out errors to your screen. The most common error that E_ALL reports is
not actually an error, but a notice for an "Undefined index".
Typically, it means that you have not properly set your variable. It's easy to
fix and keeps you programming correctly.
Another convenient tool while working with queries
is print_r(). If your query is returning null or strange
results, simply place this after your query command and it will display all the
contents of the $result array.
print_r($result); exit;
The exit command stops your script from executing
any further so you can specifically review your query results.
Tip
5: Writing Functions (and Classes)
Initially I thought that tackling functions and
classes would be difficult--thankfully I was wrong. Writing a function is
something I urge all newbies to start doing immediately--it's really that
simple. You are instantly involved in understanding how to produce more
efficient code in smaller pieces. Where you might have a line of code that
reads like this:
if ($rs['prefix'] == 1) {
$prfx = 'Mrs. ';
} elseif ($rs['prefix'] == 2) {
$prfx = 'Ms. ';
} else {
$prfx = 'Mr. ';
}
echo $prfx.$rs['name'].' '.$rs['last_name'];
You could rewrite it like this in a function:
function makePrefix($prefix='')
{
if (!$prefix) return '';
if ($prefix == 1) return 'Mrs. ';
if ($prefix == 2) return 'Ms. ';
if ($prefix == 3) return 'Mr. ';
}
echo makePrefix($rs['prefix']) . $rs['name'] . ' ' . $rs['last_name'];
Now that you've written this function, you can use
it in many different projects!
An easy way to describe classes is to think
of it as a collection of functions that work together. Writing a good class
requires an understanding of PHP 5's new OOP structure, but by writing
functions you are well on your way to some of the greater powers of PHP.
Everything I've learned, more or less, came from the
manual, trial and error and great help from the many fine people here at
PHPBuilder. Good luck programming--and come back soon for Part 2 in this
series!
