Did you know... part one

D-talk

Quicksearch

Show tagged entries

Categories



All categories

Tuesday, November 11. 2008

Posted by Mark van der Velden in PHP, PlanetPHP

Comments (0)
Trackbacks (0)
Defined tags for this entry: , , , , , , , , , , ,
Related entries by tags:
What do you get when you mix; MSSQL, PDO and uniqueidentifier?
Connecting from PHP on a non Microsoft OS to MSSQL with a domain account
Multiple PHP versions on one webserver
Multiple backend session storage handler
PHP Quiz part 3

Did you know... part one

In this blog post I'd like to talk a bit about some "Did you know's". With these "Did you know" blog posts I want to tell you a few things that I came across along the way and hopefully you know some I don't know yet! Some DYK's are directly code related, others are just here to give you insight and some are just to let you know of it's existence (Afteral you don't search for what you don't know about.)

So here they come in random/chaotic order:

Writable directories

Not so PHP specific, but often miss-used is checking for writable directories/paths. Directories don't have to be readable to be used for writing, but they do have to be writable and executable.

So a check like this, is simply incomplete:

$dir = '/tmp/cache/';
if (is_writable($dir)) {
  touch($dir . 'cache.txt');
}

And will simply fail if the directory is writable but has no execute attributes (mode 0666). This is especially trouble, and can keep you occupied for a long time when using the shutup (@) parameter...

Form name attribute character conversions

Two characters get replaced to a '_' Due to legacy PHP versions and to my understanding mostly due the register_globals feature, some HTML form name attribute characters are translated. The idea behind it makes sense, however it's applied in a strange way.

For example <input type="text" name="fu.bar" value="" > in a form with post method, get's translated (even in the current PHP 6 roadmap) into: $_POST['fu_bar']. This happens with the "." and " " characters. But not with '-'  which seems weird, because $fu-bar isn't a valid variable, but '-' is a valid HTML input name attribute character. You probably never need it, but I had situation recently where I was flabbergasted of why array key's where different from their HTML counterparts and I completely forgot about this behavior.

The function: empty()

Personally I love the empty() function it gives more information then isset does (which can also be prone to mistakes) but if you know what you are doing, it's simply brilliant. Another (less known) way you can use empty() is on arrays:

$array = range(0,10);
if (!empty($array) && is_array($array)) {
  // ...
}
 

Equals:

if (isset($array) && is_array($array) && count($array) !== 0) {
  // ...
}
 

Where this, does not equal:

if (isset($array) && count($array) !== 0) {
  // ...
}
 

For the simple fact, that:
if (count('a') !== 0) {
  // ...
}

/** or **/

if (count(1) !== 0) {
  // ...
}
Evaluate to true and are vulnerable to errors when you don't check properly.

The shutup parameter

As you can read in other blog posts I wrote (or twitter), I'm not a big fan of @ (short for "shutup parameter" or it's official "error control operator".) I think I've spent several hours debugging other people's code just because errors where suppressed by a @. Now I finally have a way to deal with those properly, thanks to Gopal Vijayaraghavan. He wrote SCREAM a brilliant PHP extension that simply removes the error suppressor. I've always been a big fan of his work on APC and inclued, but he released another brilliant development tool! Basically if you write PHP applications, you can't go without this one. Especially if you use libraries or frameworks that use @.

More fun with the HTTP extension

If you want more power and/or security when doing external requests in PHP, most people either use the native support or use cURL. However pecl_http aka extended http is worth looking into. Not only does it allow parallel http requests, throttling and powerful header manipulation, but it also offers a powerful OO (And procedural) interface for managing requests and handling caching headers. So if you deal with scraping, handling external requests or want to give your site some more performance, you can't go without this extension.

Webgrind profile tool

I like optimizing code, whenever I profile I use Webgrind to give me a quick view on bottlenecks in applications. Webgrind is a web-frontend for xdebug 'cachegrind.x' files, I'm not going to cover Xdebug because I'm assuming you already use it. Webgrind offers a nice clean overview and detailed information when you click on calls. It even supports viewing the file source which is a brilliant feature for quick reference. The desktop applications are: KCachegrind (Linux) MacCallGrind (mac) and WinCacheGrind (Windows. Outdated, but still working)

Working with date/time can be easy

Often when working with dates and times I always wanted to shoot myself (Not really of course), especially when you want to do it according to all the proper standards. Often because calculating with times can be a big pain in the butt. Obviously you know about the standard time/date functions like: strtotime, date and strftime. But there is also the DateTime class, now I admit that the documentation is somewhat poor and the real DateTime power won't be available until 5.3, but the information is out there (Official PHP.net documentation: http://php.net/date_create, Dutch site with 5.3 examples:http://www.scriptorama.nl/php/php-53-date-extensie-revisited). And Derick Rethans is working on a book about it, which will hopefully be done soon ( I want it for Christmas )

Apache and headers

Apache has a module called mod_headers, with that module have a powerful feature set for controlling headers. Headers can be responsible for significantly speeding up websites, if done properly. mod_headers allows you to sent headers based on file extensions, meaning you can easily control headers for e.g. static content. Perhaps you normally do this in PHP, this however causes an enormous overhead for static content. Which could easily be avoided. Typical use would be on images and css, or any other not-frequently changing content. If you use a different web server, let's say, Lighttpd you can use their headers control module called mod_expire. However if you use Lighttpd, or anything "non-default" I'm assuming you already know that ;-)

That's all I have for this time, If you have any additions feel free to comment those so I can add them to the next part


Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment

Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications
You can use [geshi lang=lang_name [,ln={y|n}]][/lang] tags to embed source code snippets
Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
 
Submitted comments will be subject to moderation before being displayed.
 

Frontpage - Top level

Calendar

Back September '10
Mon Tue Wed Thu Fri Sat Sun
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      

External links