Introduction
Have you ever downloaded a PHP script and tried to run it on your web server, only to receive a bunch of confusing error messages? The odds are that these errors occurred because your PHP initialization file wasn’t exactly the same as the initialization file on the machine where the script was created.
In this article we’re going to take a look at a few little things that you can do to help make your PHP scripts more portable, so that when other reactjs development company buy/download them, they will have more chance of working successfully the first time, without the need to perform any kind of system configuration modifications, etc.
If you’d like to use the tips described in this article to make your PHP code more portable, then you should have the latest version of PHP installed on either an Apache/IIS web server running under Linux, Unix, or Windows.
PHP Tags
When you’re creating blocks of PHP code, do you use <? or <% as your PHP opening tags? If you do, then stop it immediately! Always use the default, fully open tag: <?PHP. Both the short and ASP styles of code block tags can be turned off in the php.ini file, however the long method cannot.
Parsing Quotes
Just because you were testing your application on a dual AMD Athlon XP development server with over a gig of memory, it doesn’t mean that the computers of the people buying or downloading your script are also using these exact same system specifications. We all know that every little bit of performance increase helps, and the easiest thing that you can do to get more performance out of your web server is to use single quotes instead of double quotes throughout your PHP scripts. When PHP is parsing your files, it has to do a little extra work when dealing with double quotes instead of single quotes, thus decreasing system performance.
So, if we had this code:
$name = "Derek"; echo "My name is $name"; // outputs: My name is Derek |
… and we replaced it with this code:
$name = 'Derek'; echo 'My name is '.$name; // outputs: My name is Derek |
… then we would notice a slight performance increase. The performance increase may not be noticeable in small scripts, but if you have 10,000+ lines of PHP script, then you’ll notice a definite speed increase in the time that it takes PHP to parse and serve your scripts.
Magic Quotes
If magic_quotes_gpc is enabled in your php.ini file (which it is by default), then your GPC data will have backslashes prepended before characters that need to be escaped for database queries etc. These characters are the single quote ( ‘ ), the double quote ( ” ), the backslash ( \ ), and NULL (the NULL byte with character code zero). If you turn off magic_quotes_gpc in your php.ini file, then you will notice a slight performance gain.
Here’s a simple solution that you should use when building SQL queries that use GPC variables:
define("MAGIC_QUTOES_GPC", get_magic_quotes_gpc()); function slashes($str) { if (MAGIC_QUTOES_GPC == 1) { return $str; } else { return addslashes($str); } } |
So here’s what our SQL Query would look like:
$query = 'UPDATE mytable SET myfield=\'' . slashes($HTTP_POST_VARS['myfield']) . '\''; |
GPC Variables
As of PHP version 4.0.3, GPC variables can be found in the $HTTP_*_VARS arrays. Because register_globals can be turned off (in PHP4+), you should never treat GPC’s as if they’re normal global variables. For example, if you had a <form> tag with its method attribute set to post, and a text field named “foo”, then you shouldn’t use $foo to refer to the value of this form variable in your PHP scripts, but rather the $HTTP_POST_VARS[‘foo’] associative array value. Using global variables can cause some major security issues rather easily. Stay way from register_globals; they are the devil in disguise.
Error Reporting
By default, the error_reporting option in the php.ini file is set to “E_ALL & ~E_NOTICE”. This suppresses error messages that are generated for non-critical errors. For example, if you use a variable that hasn’t been initialized, then you won’t see an error. Is this a good thing? Well not really, since some people could have their error_reporting set to “E_ALL”, meaning that they would see an error if a variable is used and not initialized. The solution is to set the value of the “error_reporting” attribute in your php.ini file to “E_ALL” when developing.
Databases and tables
If you use PHP to manipulate a database, then never hard code the names of the databases or tables in a query. Provide the option for someone to change the name of a database or table in a configuration script. For example, if I download John Doe’s eCommerce script and the installation file said to create a table named ‘users’ in a MySQL database and I already had a table called users, then all I would have to do is call it customers, and then go back into the configuration file and change the necessary field.
Here’s an example of a configuration file:
// Database Table Names $conf['tbl']['users'] = 'customers'; $conf['tbl']['basket'] = 'shopping_basket'; |
So now when we’re querying a database, we can use the table names defined in our configuration file to work with and manipulate data:
$query = 'UPDATE '.$conf['tbl']['users'].' SET FOO=\'BAR\''; $query = 'UPDATE '.$conf['tbl']['basket'].' SET FOO=\'BAR\''; |
Version Specifics
Creating an application that works with both PHP versions three and four isn’t too difficult at all. Here are some tips to make code compatibility easier:
If you use a function that is only available in PHP4, than create a file and recreate/mimic each PHP4 function you use. Then, include that file when you notice that PHP3 is running.
When using the GPC $HTTP_*_VARS arrays, some elements don’t exists in PHP3. It might be a good idea to re-create these missing elements. (note that there are a lot more elements than those shown in the example below):
if (substr(phpversion(), 0, 1) == 3) { INCLUDE('my_php3_functions.php'); $HTTP_SERVER_VARS['PHP_SELF'] = $PHP_SELF; $HTTP_SERVER_VARS['QUERY_STRING'] = $QUERY_STRING; } |
PHP3 doesn’t support creating a property of an object that is actually an object itself. Here is an example that will compile in PHP4, but not in PHP3:
$obj->property->method(); // Wont work in PHP3 |
Conclusion
As with many other programming languages, PHP can be extensively configured for optimal performance, compatibility, and portability. In this article we have taken a look at several things that we can do to increase the portability of the PHP code that we as developers create. PHP is a great scripting language, and by following the tips in this article you will not only make your code more portable, but it will also give you some noticeable speed increases as well.
More to read: The Cross Site Scripting FAQ