Comments on: Common PHP Programming Mistakes

By: admin

admin — Sun, 03 Jan 2010 20:41:00 +0000

Thanks, it’s fixed now

By: shyzwbtk

shyzwbtk — Tue, 27 Oct 2009 05:28:08 +0000

shyzwbtk…

shyzwbtk…

By: ??????? » [Web] ????

??????? » [Web] ???? — Wed, 07 Oct 2009 11:36:39 +0000

[...] Common PHP Programming Mistakes [...]

By: Julius Beckmann

Julius Beckmann — Sat, 03 Oct 2009 17:02:50 +0000

1. Performance is not relevant here. Sometimes its just stupid to use ” instead of ‘ and the other way round.
BTW: WordPress fucked up your quotes

2. That is a real pitfall, only using (int) casting or using intval() saves the day!

3. Good to know, thanks.

4. In first place, if foreach gets at least 1 iteration, everything will be ok. Otherwise the array will be NULL which can lead to serious problems.

5. $_GET, $_POST and $_REQUEST are dangerous. Everybody should be trained to use them correctly!

6. mysql_real_escape_string is only necesary if you have strings, numbers and floats can be “validated” by simply casting them (int)$number;

7. A pitfall for beginners. Every devolper should use error_reporting(E_ALL); while developing.

8. strpos is the functions beginners need to learn that == is not ===.

Thanks for this list, hope much people will read and use it!

By: Common PHP Programming Mistakes | My Web Development Bookmarks

Common PHP Programming Mistakes | My Web Development Bookmarks — Sat, 03 Oct 2009 08:14:31 +0000

[...] See the article here: Common PHP Programming Mistakes [...]

By: Tweets that mention Common PHP Programming Mistakes :Dev-The-Web's Blog -- Topsy.com

Sat, 03 Oct 2009 07:39:47 +0000

[...] This post was mentioned on Twitter by Rich and Abdelrahman Omran. Abdelrahman Omran said: Common PHP Programming Mistakes http://bit.ly/3XIBjw [...]

By: Posts about Programming from google blogs as of October 1, 2009 « tryfly.com

Fri, 02 Oct 2009 00:03:56 +0000

[...] [...]

By: Keith Casey

Keith Casey — Thu, 01 Oct 2009 20:14:52 +0000

Good God, can #1 die yet? Even in benchmarking, you’re talking about microseconds of improvement… so if you’re rendering *thousands* of pages every given second, you *might* see it reach into the millisecond range.

I’m not sure I see the problem with #4…

The nasty thing with #5 is not filtering input. Never trust the user. Nope, never.

By: mario

mario — Thu, 01 Oct 2009 18:32:08 +0000

#1 is an idiotic recommendation and has been refuted many times. Double quoted strings are actually faster for common cases and with all recent PHP versions. Btw, the strings are decoded by the tokenizer, not by the parser.

#6 sounds as if it were written by a WordPress user. String escaping is only used by amateur programmers. If you feel the need for it, you are doing something wrong.
Go google for “parameterized SQL”. Learn it. Use it.

By: Chris

Chris — Thu, 01 Oct 2009 18:21:19 +0000

The single quotes argument really only holds up when you’re benchmarking, and at that comparing 0.021 seconds versus 0.024 seconds [made that up but you get my point]…

I have an entire site which is echoed from “” strings, and that includes *all* html, and it runs super fast. Although, I almost always use single-quote strings for regexs. [I'm rather tired of seeing this posted as a way to improve php performance, which is almost always hindered by mysql or other services [remote or local]].

Also, great point about #4… if anyone dares to turn on the strict warnings, php will not be a happy camper if you start push()ing an a null var. Plus, if that happens to be in a loop, it resets the var for you