Write Clean and Secure PHP Code
I’m reading Clean Code, a technical book which is trying to explain to us what is the difference between Good and Bad code. Any code when written in a clean, easy to understand and formatted way is readily accepted and acclaimed by one and all. It is essential that the codes we write should be able to be understood by all.
1. Avoid Unwanted Html Tags In The PHP Code:
For Example:
<?php
echo "<table>";
echo “<tr>”;
echo “<td>”;
echo “Hai welcome to php”;
echo “</td>”;
echo </tr>”;
echo “</table>”;
?>
Use this:
<html>
<body>
<table>
<tr>
<td><?php echo "Hai welcome to php"; ?></td>
</tr>
</body>
</html>
2. Avoid Unwanted if condition:
For Example :
if (condition) {
code to be executed if this condition is true;
} elseif (condition) {
code to be executed if first condition is false and this condition is true;
} elseif (condition) {
code to be executed if first condition is false and this condition is true;
} elseif (condition) {
code to be executed if first condition is false and this condition is true;
} else {
code to be executed if all conditions are false;
}
Use Switch:
switch (n) {
case label1:
code to be executed if n=label1;
break;
case label2:
code to be executed if n=label2;
break;
case label3:
code to be executed if n=label3;
break;
...
default:
code to be executed if n is different from all labels;
}
3. Clear Code With In Assigning Values To Mysql Arguments:
For Example :
$sql="select first_name,last_name,email_address from tbl_user where user_id=".$user_id." and member_type='".$member_type."'";
mysql_query($sql);
Use This :
$sql="select first_name,last_name,email_address from tbl_user where user_id="%d" and member_type='"%s"'";
mysql_query(sprintf($sql,$user_id,$member_type));
4. Avoid using many foreach loop:
For Example:
$users = Select * FROM 'users';
$id = [];
foreach($users as $user){
$id[] = $user->id;
}
$data = [];
foreach($id as $s_id){
$data[] = select * FROM 'bookings' where 'user_id' = $id;
}
Use This:
$users = Select * FROM 'users' pluck 'id';
$data[] = select * FROM 'bookings' wherein 'user_id' = $users;
5. Avoid using For loop use While loop:
for (statement 1; statement 2; statement 3) {
// code block to be executed
}
while (condition) {
// code block to be executed
}