The fame of PHP is clearly known. By the market demand, this server-side scripting that is utilized as a part of web improvement is the most wanted programming Language. It is evaluated that PHP was introduced on 39% of the websites. This demonstrates the point that PHP is the most preferred Language among the web development group. This article highlights ten of the most Common PHP Programming Mistakes that developers need to be careful with.
1. Check the $_SESSION in every secured page
If you have a secured page in your site, similar to a CMS, Commenting System, Forum, and so on, you probably utilize sessions to store signed in users. Check the session on each page that is ensured. Easiest approach to do this is to include a document in the starting line of each page, that checks the session for a user to have the proper right to see the page.
2. Staying on the same page after the form was processed
If the form contains errors, you will most likely show similar page again and highlight the errors. But if the form was Successful and processed, for example, making a database record or charging a credit card, you have to redirect the user. Otherwise Every time you refresh the page you’ll charge the Credit Card. So, Redirecting the user gives you a chance to anticipate “replaying” the activity.
Redirect like this: header("Location: http://example.com/make-payment/success");
3. Never Execute UNESCAPED Queries
To Prevent MySQL injection, always escape all variables in any query.
Ex: Someone enters this as his or her name in a contact form
madhu'; DELETE FROM users WHERE username = '
The embed query will resemble this when you don’t escape the user input:
INSERT INTO contact SET name='madhu'; DELETE FROM users WHERE username = ''
Which embeds a record , additionally erase all records from the users table. To Prevent this, use the mysql_escape_string() function to escape user input.
$query = " INSERT INTO users SET name= ' ". mysql_escape_string($name) ." ' " ;
4. Disabling error reporting
Turn off error reporting. Many errors produced and showed by the server contain information [Table names, file locations, etc can be used in MySQL injections] that is helpful for hackers to hack your site.
5. Single quotes and double quotes in PHP Programming
$greetings = ‘good morning’; $foo = ‘hello $greetings’; $bar = “hello $greetings”;
$foo outputs to “hello $greetings” and $bar gives us “hello good morning”. That is one small step that PHP needs to handle. It is a little change that can add significant gains to code execution.
6. Not Utilizing Wrong Comparison Operators to avoid PHP programming Mistakes
Comparison operators are an extremely basic part of PHP programming, mixing these up in your code is sure to break your program.
Being familiar with the often-misused operators like =, ==, != , are absolutely critical to PHP coding.
7. Forgetting to cache
Websites can be slow due to a variety of reasons. Including a Cache layer enhances the user’s experience, as well as reduces the load on your servers. There are several approaches to cache and you can consolidate different cache types : query cache, Redis, Varnish, etc.
8. Not Setting Time Limits On PHP Scripts
At the point when PHP scripts run, it is assumed that they will eventually finish in a timely manner. But, a good programmer realizes that nothing ought to be accepted in a bit of code. Nothing makes a program crankier than a lethargic script.
You can get around this issue by just setting a period constrain on the script (set_time_limit).
9. Misunderstanding isset() behavior in PHP Programming
isset() not just returns false if an item does not exist, but rather likewise returns false for null values. This behaviour is more risky than it may show up at first and is a typical wellspring of issues. Consider the following:
$data = fetchRecord ($storage, $identifier);
if (!isset($data['key']) {
// do something here if 'key' is not set
}
The author of this code apparently needed to check if key was set in $data. But, as examined, isset($data[‘key’]) will likewise return false if $data[‘key’] was set, however was set to null. So the above logic is flawed.
10. Performing queries in a loop
$models = [];
foreach ($inputValues as $inputValue) {
$models[] = $valueStored->findByValue($inputValue);
}
While there might be literally nothing incorrect here, however in the event that you follow the logic in the code, you may find that the innocent looking call above to $valueStored -> findByValue() ultimately results in a query of some sort, Such as :
$result = $connection->query(" SELECT `a`, `b` FROM `values` WHERE `value` = " . $inputValue);
Therefore, every iteration of the above loop would result in a separate query to the database. So if, for instance, you provided a variety of 1,000 values to the loop, it would create 1,000 separate queries to the asset! On the off chance that such a script is called in multiple threads, it could possibly convey the system to a granulating end.
It’s therefore crucial to recognize when queries are being made by your code and, whenever possible, gather the values and then run one query to fetch all the results.
Submit your PHP Errors, issues or problems and get it fixed by an expert PHP programmer.
