Top Ten Tips for Getting Started with PHP

Here are ten tips that will help you avoid some of the most common pitfalls when coding Web applications in PHP.

There is little doubt that PHP is one of the easiest languages to use to start generating dynamic Web content. PHP, in combination with Linux, Apache and MySQL is so popular, it has spawned the expression LAMP (Linux, Apache, MySQL and PHP). Many pages go on-line without any need for their authors to set up or program anything themselves. They simply find some pre-cooked piece of code with a search engine, paste it as is into an HTML template, upload everything to their Web server, and they are done.

Or so they believe. Even previous programming experience may not help much, because coding for a desktop or for the Web are two very different paradigms. Therefore, pretty often, when people cut and paste PHP code, nothing happens (nothing good, at least). The pages load very slowly or worse, the programmer's choice of PHP code opens a new security hole.

The tips below are written especially for users who already know the basics of programming, but who have never touched PHP before. They might be roughly divided in three categories: how to start correctly, how not to hurt yourself and, finally, how to make their code more efficient. Due to space constraints and the fact that there already is plenty of good on-line and paper documentation for PHP, most tips explain only what to look for and why.

1. Check Whether Everything Was Installed and Configured Correctly

One common source of confusion for PHP beginners is to upload their first Web page on some server and see only the PHP/HTML source code in the browser instead of the expected content. This happens because the Web server doesn't recognize the file as something that should be passed to the PHP interpreter. The reason for this is that the system administrator forgot to associate the PHP file with the PHP interpreter. You can do this in the Apache configuration file or in a local .htaccess file. Here is a sample configuration line:


AddType application/x-httpd-php .php3 .php

As a matter of fact, it is possible to know how things stand simply by uploading this really short page to your Web space:


<HTML>
<HEAD>
<TITLE>PHP Configuration Check</TITLE>
</HEAD>
<BODY><? php phpinfo() ?>
</BODY>
</HTML>

With any luck, the result will be similar to what is shown in Figure 1. The phpinfo() function prints out how PHP was compiled and the value of all configuration variables. This function gives you a lot of useful information. Its output probably will be the very first thing you'll be asked for whenever you seek support on an on-line PHP forum.

Figure 1. Sample PHP Information Generated by the phpinfo() Function

2. Let PHP and the Script Tell You about Your Errors

In order to speed up debugging, you can tell both PHP and the Apache Web server which errors must be reported and when. The error_reporting variable in the php.ini configuration file can be seen as a series of (bit) flags. Each of them can be set individually to detect (or not) a specific category of errors. This instruction, for example:


error_reporting = E_ALL

sends anything from simple warnings to serious bugs to the browser, but only if the other variable display_errors is turned on. General PHP settings in the php.ini file can be overridden at the Web server level. When using Apache, the instruction equivalent to the one above would be (in httpd.conf):


php_flag  display_errors      on
php_value error_reporting	2047

Should you have no access to the PHP/Web server configuration, as often happens, the same result can be accomplished by adding this command to your scripts:


error_reporting(E_ALL);

Speaking of Web servers, remember also to check their error logs to know exactly which line of code caused a script to crash.

If a script still fails after all these tricks have ceased to find any error, almost surely the bug is in the script logic itself. Somewhere, some variable is assigned a value that you thought not possible for it, and this confuses the rest of the code. This also applies when the variable is actually some SQL statement built on the fly and passed to a database server.

The solution is to display that variable on your browser. You can do this easily with the print() instruction normally used to send HTML code to the browser. The die() statement does the same thing as print(), but it also stops the script immediately afterward.

______________________

Articles about Digital Rights and more at http://stop.zona-m.net CV, talks and bio at http://mfioretti.com

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix