The PHP Language has a good 20 years history of being evolved significantly in the field of web development. It has successfully ensured that software you produce is more scalable, robust and maintainable. But, it is quite possible for the developers, like any other human, to make mistakes and have flaws while developing. Following are listed the common made blunders which, if avoided, gives a secure, clean and smooth running of PHP.
- Using PHP’s MySQL functions – MySQLi extension or PDO is highly recommended over the series of MySQL versions. It’s main advantages include support of object oriented interface, multiple statements and transaction support. MySQL can cause some issues if queries are not written properly. Majority of PHP performance problems are caused by database and a single bad SQL query can play havoc with your web application.
- Forgetting or negligence to validate input – While coding in PHP, it is a common mistake to have cross site scripting, injection flaws or buffer overflows. Not depending on the Java script, it is required to validate every string using server-side PHP. It is correctly said, ‘Never trust user input’.
- Non optimal indexing – This means under or over indexing. Indexing enhances the engine’s performance to quickly find records that match by directly accessing them. Indexes must be added only where it seems to be necessary. They are regenerated during every table INSERT or UPDATE. As in general, indexes should be applied to any column named in WHERE clause of a SELECT query.
- Don’t display errors – Turning off error reporting can prove to be beneficial. Many errors generated and displayed can turn out to be useful for hackers to hack your site as it consists of essential information. All error and warning reports must be kept hidden and mailed only to oneself.
- Effective use of semi colon – It is practically undeniable that a small character can create a havoc in a program without being reported to PHP error logs. A misused semi colon can create grave problems while silently slipping off into shadows, making it a tedious task to track down the error. While using semi colon after a ‘break’ or ‘continue’ in your code, it will lead the code to output a ‘0’ and exit. This can be avoided by using braces with PHP control structures.
- Ignoring E_ALL reporting – Error reporting is an important and a handy feature in PHP and thus must be used widely. It takes much of the guesswork out of debugging code and speeds up your overall development time.
- Inefficient consideration of coding standards – Although not directly leading to bugs and failures, ignoring the coding standards can cause numerous problems on a project. Its results, on one hand, can be inconsistency of the code, and on the other, difficulty in navigating the code, thereby making it extremely difficult to debug, enhance and maintain. This means that the team’s productivity is reduced which includes lots of wasted efforts.
- Redirect after Form Actions – The easiest ways for somebody to harm a site is, after submitting the form, keeping pressed the F5+ENTER repeatedly. It is not feasible to log in the database and delete numerous comments time and again that some random person entered in your blog. To avoid this, it is essential to have redirected somewhere with the header function. Easiest is to redirect the same page, or back to the previous page and display a success message.
To sum it up, we can say that, considering certain aspects and factors while developing, a developer can successfully navigate and explore the language and thus enhance its development. This language, if exploited considerably, has a lot of potential and thus can gain it’s true value.