Tips & Tricks in PHP

[Perfection]

Web Server Configuration & .htaccess File


Some web servers may ignore .htaccess files unless otherwise configured. Make sure that your web server is configured to read the .htaccess file in your public directory.

[Perfection]

Best Practices and Closing Tags

File Name : phpinfo.php
Purpose : To display the PHP environment variable values

Code :

<?php phpinfo() ;

We didn't forget the closing (?>) PHP tag! We intentionally omit it to avoid unintentional output of whitespace in the response in certain cases.

[Perfection]

PHP is a famous open source language, which decrease application performance considerbly.

Turn On Error Reporting Immediately during development stage by

Code:

error_reporting(E_ALL);

Single Quotes and Double Quotes are Very Different

echo "Today is the $day of $month";

Instead use the following code :

Code:

echo 'Today is the ' . $date[‘day’] . ' of ' . $date['month'];

Use /*…*/ commenting system to document your code.

It will help in the development of the code or during debugging.

[Perfection]

Set display_errors value in php.ini set to "0". Otherwise, any errors that are encountered in your code, such as database connection errors, will be output to the end user's browser. A malicious user can learn about the lopphole in the security and can hack the system.

Instead of displaying errors, set the error_log ini variable to "1" and check your PHP error log frequently for caught errors. Alternatively, you can develop your own error handling functions that are automatically invoked when PHP encounters an error, and can email you or execute other PHP code of your choice.

Learn more about the set_error_handler() function from PHP manual.

[Perfection]

Code tested in Firefox browser as random.php

Code:

<?php

$r = rand(128,255);
$g = rand(128,255);
$b = rand(128,255);

$tablebg = dechex($r) . dechex($g) . dechex($b);

?>
<html>
 <head>
  <title> Refresh and see </title>
 </head>
 <body bgcolor='<?php echo "#"."$tablebg"; ?>'>

 This is my Home page with random background color. <br>
 Refresh and see.

 </body>
</html>

Light colors are selected using $r = rand();. If you change the $r = rand(128,255); to $r = rand(0,255); deep color will be set as background color, which will cause difficulty in reading the text in the web page.

[Perfection]

The phpinfo() function will list your php.ini variables and scan them for insecure settings. Keep this page in a restricted place and do not allow public access to it. The output of phpinfo() contains information that a potential hacker might find extremely useful.

Code:

<?php phpinfo() ;

Some settings to consider when configuring PHP for security include:

1. register_globals: It has to be changed to "off". It exports all user input as global variables.
2. safe_mode: The safe mode setting can be very useful to prevent unauthorized access.
3. disable_functions: This setting can only be set in your php.ini file, not at runtime. It can be set to a list of functions that you would like disabled in your PHP installation. It can help prevent the possible execution of harmful PHP code. Some functions that are useful to disable if you do not use them are system and exec, which allow the execution of external programs.

[Perfection]

* By default the index.php file is included in the URL, but it can be removed using a simple .htaccess file.

* Programmers love to code and hate to write documentation. Well documented program is easy to rebuild and debug.

* The only way to really judge an application is to try it and get to know the code.