I like to classify these mistakes into three broad groups: cock-ups (or screw-ups in American English), errors and oversights. A cock-up is when you stare blankly at the screen and whisper "Oops": things like deleting a database or website, or overwriting three-days worth of work, or accidentally emailing 20,000 people. Errors cover everything, from simple syntax errors like forgetting a } to fatal errors and computational errors.

Included in his list are things like:

• Leaving Debug Mode On
• Turning Debug Mode Off
• Wrong Variable Type
• 1p Errors

Examples of each are included with both code and descriptions as well as "lessons learned" to help you not make the same mistakes in your applications.

Here are 10 PHP mistakes that any programmer, regardless of skill level, might make at any given time. Some of the mistakes are very basic, but trip up even the best PHP programmer. Other mistakes are hard to spot (even with strict error reporting). But all of these mistakes have one thing in common: They're easy to avoid.

Here's the list (as Glen Stanberry sees it):

• Single quotes, double quotes
• Semicolon after a While
• NOT Using database caching
• Missing Semicolon After a Break or a Continue
• Not Using E_ALL Reporting
• Not Setting Time Limits On PHP Scripts
• Not Protecting Session ID's
• Not Validating Cookie Data
• Not Escaping Entities
• Using Wrong Comparison Operators

For those of you who are interested, you can download my slide from the tutorial I gave at ApacheCon this year. This is a very popular talk that I've been giving all year -- and this is by far the most extensive version of the talk yet.

The slides cover topics like system scalability, PHP scalability, database scalability, web server scalability, and using these tips to optimize your application.

He breaks the post up into phases (one through four) with the steps outlined along the way (including the "oh sh*t, it's getting urgent, we better fix the delivered code and make it work well enough for the client to start testing" phase). Phase four is the largest, being the bug finding and fixing stage, some of the more intensive (and sometimes numbing) times of development.

He also includes a good, long list of some of the codeing standards he's accumulated over time, including:

• Not creating PHP includes with functions in them!
• Never hard code email subjects etc. in code, use templates.
• Not using libraries that where not specified.. or using non-PEAR libraries when PEAR ones are available...
• Everything extends the base class, even code run via cron jobs.

He also talks about using print rather than echo, exiting on XMLHttpRequest calls, shortcuts in Javascript, and cloning dataobject arrays over creating simple structs.

These topics have been beaten to death, and will likely continue to be beaten well after their bones have turned to dust. However, I have never had the opportunity to explore some aspects of PHP that obviously are mistakes-not just to understand their origin, but to analyze their impact on PHP and the way they have been dealt with.

His list of mistakes is:

• Objects in PHP 4
• Function Naming Consistency
• Safe Mode and Magic Quotes
• Register Globals
• Lack of Unicode Support

Under each he explains them, noting why they are important enough to mention is the list. He does, however, end on a bit lighter note - the PHP, for all its problems and woes, is just like any other laugnage out there. It has its problems, but its learned from them and, as Marco puts it "has grown because of them".

In one of my previous articles, I mentioned the top 5 security mistakes made in PHP. This article is a follow-up, with some more common security mistakes.

For the three topics he describes the functionality PHP offers for them as well as a suggestion or two as to how you can prevent these issues from showing up in your scripts. ]]> Tue, 21 Mar 2006 06:56:49 -0600 http://www.phpdeveloper.org/news/4717 http://www.phpdeveloper.org/news/4717 this post on Michael Arrington's blog mentioned the Techcrunch article about the "death of Ning" (a PHP-based mashup creation tool). Well, this new post on David Sklar's blog is here to set things right.

So there was this inflammatory Techcrunch post about Ning. Diego has already done a good job of walking through the inaccuracies, so I won't repeat that.

He mentions three main points that were mistakes highlighted in the Techcrunch article:

• When it comes to developer relations, (just about) no question or comment should be dismissed.
• The alternative to constantly tooting one's own horn is not total horn silence.
• The old saw is true: "all publicity is good publicity."

For each, he gives a little background, mentioning the real motivation behind Ning's methods and differing ideas...]]> Tue, 24 Jan 2006 06:48:45 -0600