(zz)Good and Bad PHP Code
来源:互联网 发布:chrome for mac下载 编辑:程序博客网 时间:2024/05/22 06:33
I don’t have a set notion of the perfect answer to the question, but I do know the kinds of things I’m hoping to hear. Just off the top of my head:
Good PHP code should be structured. Long chunks of code can be broken up into functions or methods that achieve sub-tasks with simple code, while non-obvious snippets should be commented to make their meaning plain. As much as possible, you should separate frontend HTML/CSS/JavaScript code from the server-side logic of your applications. PHP’s object oriented programming features give you some especially powerful tools to break up your applications into sensible units.
Good PHP code should be consistent. Whether that means setting rules for the names of variables and functions, adopting standard approaches to recurring tasks like database access and error handling, or simply making sure all of your code is indented the same way, consistency makes your code easier for others to read.
Good PHP code should be portable. PHP has a number of features, such as magic quotes and short tags, that can break fragile code when they are switched on or off. If you know what you’re doing, however, you can write code that works by adapting to its environment.
Good PHP code should be secure. While PHP offers excellent performance and flexibility out of the box, it leaves important issues like security entirely in the hands of the developer. A deep understanding of potential security holes like Cross-Site Scripting (XSS), Cross-Site Request Forgeries (CSRF), code injection vulnerabilities, and character encoding loopholes is essential for a professional PHP developer these days.
Once a candidate has answered this question, I usually have a pretty good idea of whether they’ll be hired or not. Of course, there’s always the possibility that an interviewee simply isn’t able to articulate these types of things, so we also have our candidates sit a PHP developer exam.
Many of the questions in this exam seem straightforward on the surface, but they give candidates plenty of opportunity to show how much they care about the little details.
The following “bad” code is a highly simplified example of the sort of thing we might put in our PHP developer exam. The question might be something like “How would you rewrite this code to make it better?”
- <?
- echo("<p>Search results for query: " .
- $_GET['query'] . ".</p>");
- ?>
The main problem in this code is that the user-submitted value ($_GET['query']
) is output directly to the page, resulting in a Cross Site Scripting (XSS) vulnerability. But there are plenty of other ways in which it can be improved.
So, what sort of answer are we hoping for?
Good:
- <?
- echo("<p>Search results for query: " .
- htmlspecialchars($_GET['query']) . ".</p>");
- ?>
This is the least we expect. The XSS vulnerability has been remedied using htmlspecialchars
to escape dangerous characters in the submitted value.
Better:
- <?php
- if (isset($_GET['query']))
- {
- echo '<p>Search results for query: ',
- htmlspecialchars($_GET['query'], ENT_QUOTES), '.</p>';
- }
- ?>
Now this looks like someone we might want to hire:
- The “short” opening PHP tag (
<?
) has been replaced with the more portable (and XML-friendly)<?php
form. - Before attempting to output the value of
$_GET['query']
,isset
is used to verify that it actually has a value. - The unnecessary brackets (
()
) around the value passed toecho
have been removed. - Strings are delimited by single quotes instead of double quotes to avoid the performance hit of PHP searching for variables to interpolate within the strings.
- Rather than using the string concatenation operator (
.
) to pass a single string to theecho
statement, the strings to be output byecho
are separated by commas for a tiny performance boost. - Passing the
ENT_QUOTES
argument tohtmlspecialchars
to ensure that single quotes ('
) are also escaped isn’t strictly necessary in this case, but it’s a good habit to get into.
Somewhat distressingly, the number of PHP developers looking for work that are able to give a fully satisfactory answer to this sort of question—at least here in Melbourne—are few and far between. We spent a good three months interviewing for this latest position before we found someone with whom we were happy!
So, how would you do when asked a question like this one? Are there any factors that make PHP code good or bad that you feel I’ve left out? And what else would you look for in a PHP developer?
- (zz)Good and Bad PHP Code
- Good and Bad PHP Code
- good and bad
- Good day and bad day
- Good News And Bad News
- Lua: Good, bad, and ugly parts
- Lua: Good, bad, and ugly parts
- Make bad code good (代码重构技巧)
- 10 Rules of Good and Bad Studying By Barbara Oakley
- SGX: the good, the bad and the downright ugly
- What Makes Good Code Good? [zz from MSDN Magazine July 2004]
- Good Bad Books
- good day !bad day !
- Good vs Bad Leader
- zz good books
- 关于意大利西部片之王Sergio Leone的《The Good,the Bad and the Ugly》
- 360. Praise makes good man better, and bad man worse. 好人越夸越好,坏人越夸越坏
- 360. Praise makes good men better, and bad men worse. 好人越夸越好,坏人越夸越坏
- C语言标准输入输出
- 关于svn服务器配置和环境搭建
- 『jobchanceleo』去年我们在哪儿?——09年SD2.0大会侧记(2)
- 正则表达式
- sql serve如何定期自动备份数据库?
- (zz)Good and Bad PHP Code
- 对common-lang包的学习(一)
- C语言数组
- SVN客户端用户使用手册(完整版)
- 『softstars』 [软件工程]SD2会中的简短体会
- 模型驱动开发(MDD)介绍
- 『jobchanceleo』海纳百川 有容乃大——09年SD2.0大会侧记(1)
- 技术类blog
- 内存分页与分段