converting script to no longer use globals
Does anyone know of a simple script to help fix up scripts that use globals? I've been beavering away on a PHP/MySQL site using Kevin's book which taught how to do everything using globals (not his fault...the deprecation of globals is new since he published). This leaves me with a large number of scripts which use both GET and POST globals from links and forms. Is there a script I can use to debug my scripts. Something that will list all of the globals accessed in the script and the "type" of global...ie: post or get? Can I use $GLOBALS? How?
Would this work?:
echo "$key = $val \n\n";
Also, (here's a newbie question) do I simply convert my variables for use in my scripts like this?:
TIA for any hints...
$var = $_GET['var'];
or do I use
$var = $_GET['$var'];
PHP: Hackers Paradise Revisited
Stumbled upon this article today, from April 4th, 2001 (but it's still very applicable to the latest versions).
Full of healthy goodness like;
It seems strange to think of a web programmer as lazy. Last year most of us were working 100 hours a week to join the gold rush, now we are doing it at reduced pay just to stay afloat. In fact, we need to be lazy because we are so busy.
There are two key ways to be lazy. Firstly always use existing code when it is available, just integrate it into your standards and project. The second technique is to develop a library of helpful functions that let you be lazy in the future
The hardest thing for me to learn as a web programmer was to change the way I wrote code. Coming from a product development and university background the emphasis is on doing it the right way. Products have to be as close to perfect as possible before release. School assignments need to be perfect.
The web is different. Here it is more important to finish a project as soon as possible than it is to get it perfect first time. Web sites are evolutionary, there is no freeze date after which it is difficult to make changes.
I like to think of my web sites as prototypes. Everyday they get a little closer to being finished. I can throw together 3 pages in the time it would take to do one perfectly. It's usually better on the web to release all three and then decide where your priorities lie. Speed is all important.
So, everything you do as a programmer should be focused on the speed at which you are producing code (pages).
Checking equality and existence
A few tips from an overworked coder.
Don't use if($foo == "bar") if $foo happens to be a string...it's better to use if(strcmp($foo, 'bar')) instead.
if($foo) is a bad idea as well, especially if you have your error reporting turned to E_ALL(which you should) - instead try using if(isset($foo)) or if(!empty($foo)) or both if you need to check whether it's set AND empty
for coders who work with designers, or just for an easy system to change the design of a site with a single variable, check out http://smarty.php.net smarty is a FAST and EASY template system that uses two(optionally three) classes, just drop and go
the BEST way to comment code is to use the phpdoc format - check Pear (The Php Extension and Application Repository at http://pear.php.net/) for more info on coding standards and commenting standards
Finally, you can eek a bit more speed out of your code, especially if you have LOTS of strings, by using single quotes and concanetating variables in (I can't spell today...sigh)
$string = 'this is a string with '.$foo.' in it';
it's marginally faster than
$string = "this is a string with $foo in it";
the reason is php has to search through the string to find the variable...if you've been coding for a while and are used to the double it's not a big deal, but for those who are newbies (this is a newbie tips place, right?) it's good to learn to code right the first time instead of having to retrain or *gasp* learning bad habits.
let's see......mysql tips as well? mysql 4.0 kicks the pants off of the old mysql, upgrade if at all possible (foreign keys are coming!)
I know this has been said before, but to reiterate
REGISTER GLOBALS IS EVIL!!
single biggest cause of problems is right there....always use the HTTP_POST_VARS or better yet the $_POST, $_GET, etc. (server, session, etc, you get the drift)
ALWAYS clean user input - here's a snippet I happen to use for all my forms
OOPS, I fixed it...
I really need to add something to take out $ as well, but I'm too lazy today...
$text = strip_tags($text);
$text = htmlentities($text, ENT_QUOTES);
$text = str_replace("\n", " ", $text);
$text = eregi_replace(" +", " ", $text);
//these are optional and strip extra spaces
$text = str_replace(". ", ". ", $text);
$text = str_replace("? ", "? ", $text);
$text = str_replace("! ", "! ", $text);
$text = trim($text);
somewhere is some cracker who wants to crash your site for fun...
OK, I think that's enough for today...