Difference between revisions of "Best Practices"

From GeeklogWiki
Jump to: navigation, search
(started a Best Practices list)
 
(htmlspecialchars vs. htmlentities)
 
Line 23: Line 23:
  
 
Also see: [http://project.geeklog.net/tracking/view.php?id=967 Bug #0000967: Get rid of the ereg functions]
 
Also see: [http://project.geeklog.net/tracking/view.php?id=967 Bug #0000967: Get rid of the ereg functions]
 +
 +
 +
== Use htmlspecialchars instead of htmlentities ==
 +
 +
When preparing content for display, you may want to ensure that certain special characters are displayed as-is instead of being interpreted (e.g. pointy brackets which may be mistaken for HTML tags). PHP provides several functions to do that. Usually, the function to use it <code>htmlspecialchars()</code>. Do not use <code>htmlentities()</code> for content, as this may inadvertently break special characters in some languages (e.g. Japanese).
  
  
 
[[Category:Development]]
 
[[Category:Development]]

Latest revision as of 20:15, 30 January 2010

Use E_ALL

During development, set the error reporting to E_ALL, i.e. the highest warning level. This helps expose common errors like uninitialized variables.

Tip: In lib-common.php, add an extra error_reporting(E_ALL) statement like so:

// Prevent PHP from reporting uninitialized variables
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_COMPILE_ERROR | E_USER_ERROR);
error_reporting(E_ALL);
/**
* This is the common library for Geeklog.  Through our code, you will see

Adding the error_reporting in this otherwise empty line means that you only get an additional one-line difference when doing a hg diff (or similar). It's also easier to remove than when you edit the existing error_reporting line.


Don't use the ereg family of functions

The ereg pattern matching functions (ereg_replace, etc.) will be removed in PHP 6. They are already throwing "deprecated" warnings in PHP 5.3.

Use str_replace (preferred) or preg_replace and similar functions instead.

Also see: Bug #0000967: Get rid of the ereg functions


Use htmlspecialchars instead of htmlentities

When preparing content for display, you may want to ensure that certain special characters are displayed as-is instead of being interpreted (e.g. pointy brackets which may be mistaken for HTML tags). PHP provides several functions to do that. Usually, the function to use it htmlspecialchars(). Do not use htmlentities() for content, as this may inadvertently break special characters in some languages (e.g. Japanese).