Difference between revisions of "Best Practices"
(started a Best Practices list) |
(htmlspecialchars vs. htmlentities) |
||
Line 23: | Line 23: | ||
Also see: [http://project.geeklog.net/tracking/view.php?id=967 Bug #0000967: Get rid of the ereg functions] | Also see: [http://project.geeklog.net/tracking/view.php?id=967 Bug #0000967: Get rid of the ereg functions] | ||
+ | |||
+ | |||
+ | == Use htmlspecialchars instead of htmlentities == | ||
+ | |||
+ | When preparing content for display, you may want to ensure that certain special characters are displayed as-is instead of being interpreted (e.g. pointy brackets which may be mistaken for HTML tags). PHP provides several functions to do that. Usually, the function to use it <code>htmlspecialchars()</code>. Do not use <code>htmlentities()</code> for content, as this may inadvertently break special characters in some languages (e.g. Japanese). | ||
[[Category:Development]] | [[Category:Development]] |
Latest revision as of 20:15, 30 January 2010
Use E_ALL
During development, set the error reporting to E_ALL
, i.e. the highest warning level. This helps expose common errors like uninitialized variables.
Tip: In lib-common.php, add an extra error_reporting(E_ALL)
statement like so:
// Prevent PHP from reporting uninitialized variables error_reporting(E_ERROR | E_WARNING | E_PARSE | E_COMPILE_ERROR | E_USER_ERROR); error_reporting(E_ALL); /** * This is the common library for Geeklog. Through our code, you will see
Adding the error_reporting
in this otherwise empty line means that you only get an additional one-line difference when doing a hg diff (or similar). It's also easier to remove than when you edit the existing error_reporting
line.
Don't use the ereg family of functions
The ereg pattern matching functions (ereg_replace
, etc.) will be removed in PHP 6. They are already throwing "deprecated" warnings in PHP 5.3.
Use str_replace
(preferred) or preg_replace
and similar functions instead.
Also see: Bug #0000967: Get rid of the ereg functions
Use htmlspecialchars instead of htmlentities
When preparing content for display, you may want to ensure that certain special characters are displayed as-is instead of being interpreted (e.g. pointy brackets which may be mistaken for HTML tags). PHP provides several functions to do that. Usually, the function to use it htmlspecialchars()
. Do not use htmlentities()
for content, as this may inadvertently break special characters in some languages (e.g. Japanese).