-=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- (c) WidthPadding Industries 1987 0|508|0 -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=-
SoCoder -> Article Home -> Web Design


 
HoboBen
Created : 10 February 2008
Edited : 10 February 2008
System : Linux
Language : FastBasic

PHP Tips and Tricks

Some you knew, some you didn't, and some that you can't quite imagine have any purpose whatsoever!

PHP Tricks and Tips


Some you knew, some you didn't, and some that you can't quite imagine have any purpose whatsoever!

PHP is a scripting language, which means that you can do a lot of cool things that you can't do with compiled languages (or at least not without slowing things down a lot by having a mini-interpreter inside your program, anyway), like "variable variables" and other neat stuff, as I will go on to explain.


Some Expressions are More Equal than Others...


Some people love this behaviour (like me!) but some loathe it.

PHP has several ways to do equality and assignment. Most are aware of the first two (you have to be!) but surprisingly few are aware of the third one, which is quite important.

= Assign
== Equivalent to
(opposite is != )
=== Equal to : Equivalent to and of the same type
(opposite is !== )


Assignment

$foo = "bar";

Makes the variable $foo have the string content of "bar" (without any quotes)

However, consider this:



This will always execute doSomething(), even though $foo is equal to "bar".

The reason is that $foo is being assigned the value of "blah", which is successful, and so returns TRUE to the if statement. It is not being compared to "blah". This is useful when sometimes an assignment can fail (e.g. reading the contents of a non-existent file)

Now consider:



This time, doSomething() is not executed, because $foo (which is "bar") is not equivalent to "blah".

Here's an example of equality (===)



This is very important if you have a function which can return NULL or FALSE on failure, but can also return zero or an empty string, and you need to check if the function was a success.





The Ternary Operator


The ternary operator is named because it's the only operator that takes three "operands" or parts to it: a condition, a result for true, and a result for false.

I'm sure you all know this one, even if you may not like using it. Consider:



This can be expressed with the Ternary Operator like this:



It saves a bit on verbosity, but may not be (at least in my opinion) quite as readable.


The Execution Operator


PHP uses a "backtick" (`) as an execution operator - this is below ESC on my UK keyboard, but anyone else might have to search a little.

These allow you to pass commands directly to the operating system (usually, but not always, Linux) for execution, and returns the result.



Alternatively, use the exec function:



If you are going to put data from a user into either of those (I really wouldn't!!!) you may want to use a function like escapeshellcmd


Variable Variables


This is a weird concept, but it is something unique to scripting languages. A bit hard to explain, too.

Consider:



We can now use $$foo to access the contents of $bar:



PHP looks up the contents of $foo ("bar"), so $$foo becomes $bar.

It's possible to do silly things with this:



Phew! You can apparently do useful things with this too, believe it or not.


Heredoc


A string literal can be specified in three different ways: single quoted (variables in the string are not evaluated, and neither are newlines, etc), double quoted, or in heredoc syntax:



You don't have to use EOT - it can be any text, but EOT for "End Of Text" is a standard convention.

The ending EOT text has to be on a new line, without any white space padding at all.


Security and Speed


Rather than use md5($password) and sha1($password), it can be much faster to use the hash function - especially for small strings. E.g. hash($password, 'md5');

It's also worth noting that md5 and to some extent even sha1 are both quite weak for encryption due to large hash tables that people have compiled to crack passwords quickly. Use the function hash_algos to see what other hashing methods are available on your server - e.g. sha256, sha512 and whirlpool.

You can use two methods for extra security (e.g. sha256 text and then whirlpool it). It typically takes less than 2 milliseconds for three sha256/512 hashes of strings 80 characters long on my server, at least, so you shouldn't have to worry about a performance loss if your server has the algorithms installed.

Additionally, you can add a "salt" before you hash the passwords - a string maybe 20 letters long, including symbols, numbers and letters from both cases. This will have to saved as a constant, because if it changes it will be impossible to authorise users. The advantage of a salt is that it makes hash tables too computationally expensive to use, in the event that anyone did manage to get hold of the encrypted passwords.


Debugging


PHP has a number of predefined constants like M_PI (PHP defines it as 3.14159265358979323846) which can save you some time, but there's also some good debugging "Magic Constants":

__FILE__ Name of the script that is running - applies to the current line of code, so therefore this may be an include.
__LINE__ The line number of the file that PHP is running - this may be the current line of an include
__FUNCTION__ The name of the function that PHP is currently inside
__CLASS__ The name of the class that PHP is currently inside
__METHOD__ The name of the class function that PHP is currently inside

 

Comments


Monday, 11 February 2008, 04:33
power mousey
@Hobo,

wow, Hobo seems you really do know your web design and web programming. After reading about 3/4ths thru I got completely dazed and confused.

I'm lost and don't know nothing about anything of Web design and programming. I'll go back and read more carefully thru the days of the week.

also whats the overall design and purpose for PHP anyway?
How is it used and implemented in designing for the web or web sites? I just have trouble making the connections.
Whats the advantages and disadvantages of using scripted languages versus compiled languages??

Can you suggest some sites or articles or even books on beginning Web design and programming. I just don't really understand fully whats going on. I understand a litle. But I get confused and I just don't know.

Thanks and cheers

|edit| sorry dude, I just can't make the connections. Also I have a blooming headache I read one chapter from my book. 50 pages long. 2 hours worth of reading and studying. |edit|
Monday, 11 February 2008, 09:51
shroom_monk
power mousey also whats the overall design and purpose for PHP anyway?
How is it used and implemented in designing for the web or web sites? I just have trouble making the connections.
Whats the advantages and disadvantages of using scripted languages versus compiled languages??


PHP is a web scripting language that allows HTML (the code that makes websites) to be generated dynamically. In other words, where with pure HTML the site content would always be the same, with PHP you can make code depending on the information a user gives, or something in an SQL database.

This gives the advantage of being able to make a fully interactive website, such as SoCoder, which uses PHP to generate everything automatically. When you post on a forum topic, or change your settings, PHP processes the data, stores in a database (MySQL), and then creates the HTML code based on what's been inputted.

The only disadvantage are the security considerations which you need to keep in mind, when programming an interactive website in any language. Since the PHP code takes what any user inputs, processes it, and outputs something, a malicious user could enter things that confuse the PHP script, such as bits of HTML, or SQL injections. So, when writing a site in PHP (or any other language), you have to make sure you take precautions to stop your site from being hacked.


Hope that helps, mousey!
Monday, 11 February 2008, 10:13
power mousey
wow, that helps me Shroom.

Thanks.
Shroom..you must be the Son of Socrates. With so much knowledge and intelligence. Serious and honest.
Saturday, 16 February 2008, 05:23
HoboBen
Nicely put shroom

To add though, you can use a compiled program to run dynamic websites - which has the advantage of being a lot faster, and I believe PHP 4 and later can be automatically pre-compiled to byte codes for speed by the Zend Optimiser and other optimisers do things like cache code results.

Here's a good website both for beginning tutorials and as a good reference to HTML, CSS and PHP: tizag.com
Sunday, 17 February 2008, 22:54
power mousey
Thank you, Hobo.