Difference between revisions of "WebsiteCodingPractices"
(hOCssjmFmD) |
|||
(6 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
+ | {{Update}} |
||
− | Help me please , <a href=" http://www.zurloviaggi.it/vecchio_sito/Temp/28/knocked-out-and-fucked170.html ">Knocked Out And Fucked</a> , =-O , <a href=" http://www.gruppovergari.it/parcheggio_civitacastellana/images/256/clean-porn-restore140.html ">Clean Porn Restore</a> , =DD , <a href=" http://www.mecatechsrl.com/_themes/blitz/87/sarah-blake-big-cock269.html ">Sarah Blake Big Cock</a> , wcfvpl , <a href=" http://www.studiareinglese.it/prova/images/161/kb-gay264.html ">Kb Gay</a> , =-[[ , <a href=" http://www.paganini-to.it/Shooters/Images/201/iransex-girls-pictures284.html ">Iransex Girls Pictures</a> , =-DDD , <a href=" http://www.altavillarestauri.it/banneraltavilla/951/nude-body-painting300.html ">Nude Body Painting</a> , kxhcep , <a href=" http://www.asilobabyland.it/sorgente/983/mcnudes297.html ">Mcnudes</a> , gez , <a href=" http://www.topmynews.it/29/pool-sex-pictures13.html ">Pool Sex Pictures</a> , 56482 , <a href=" http://www.logistica-futura.it/450/decorating-teens-room148.html ">Decorating Teens Room</a> , 1429 , <a href=" http://www.incomingfvg.it/test/perl/744/free-underground-young-teen-clit70.html ">Free Underground Young Teen Clit</a> , 8800 , |
||
+ | |||
+ | ==Common standards on how to write php pages for the website== |
||
+ | |||
+ | This is up for discussion. If anyone would find it useful to see a particular standard implemented to make it easier for anyone to edit any page, please suggest it. |
||
+ | |||
+ | If anyone things that any of the standards suggested do not help, please comment. |
||
+ | |||
+ | ==Purpose== |
||
+ | * Make it easier for other people to edit your code |
||
+ | * Ensure that pages are written securely |
||
+ | * Encourage compatibility with future changes |
||
+ | * Derived from pear coding standard http://pear.php.net/manual/en/standards.php |
||
+ | |||
+ | ==Standard== |
||
+ | '''Header''' |
||
+ | * Optional $page_title |
||
+ | |||
+ | * All pages that require authentication start with<br> |
||
+ | wscauth_requirepriv(PRIV); or <br> |
||
+ | if(!wscauth_haspriv(PRIV)){return;} |
||
+ | |||
+ | * Optional includes |
||
+ | **Use include_once or require_once |
||
+ | **Any includes that are not used on every page should be included at the start of the page using them |
||
+ | |||
+ | *All pages that are passed variables should declare the variables after the authentication |
||
+ | **Newer versions of php disable register_globals, which means that this is required<br> |
||
+ | eg.<br> |
||
+ | $var=$_REQUEST['var']; for url, post and cookie or<br> |
||
+ | $var=$_GET['var']; for URL only<br> |
||
+ | $var=$_POST['var']; for POST only<br> |
||
+ | $var=$_COOKIE['var']; for cookie only |
||
+ | |||
+ | * Optional check vars passed to the page for expected string format |
||
+ | eg. |
||
+ | $pid=preg_match(/^[0-9]+/, $_GET['pid'],$match) ? $match[0] : false;<br> |
||
+ | This will assign $pid to the value of pid in the url if it is a number. |
||
+ | |||
+ | '''Block statments''' |
||
+ | |||
+ | *Use tabs to indent block code |
||
+ | |||
+ | * Avoid nested or long if statements |
||
+ | eg. |
||
+ | instead of if(COND){Do lots of code}<br> |
||
+ | use if(!COND){return;}Do lots of code |
||
+ | |||
+ | '''Functions''' |
||
+ | |||
+ | * Use functions to make the structure of a page clear |
||
+ | ** If the page performs lots of actions use a switch statment to call functions that perform the actions. Do not use lots of if statments throughout the page |
||
+ | ** If functions are used on more than one page, put them in an include |
||
+ | ** Where possible use existing functions even if it is slightly less efficient. This will make the website more reliable and have a negligable impact on performance. |
||
+ | |||
+ | '''Database''' |
||
+ | |||
+ | * All database queries are to be performed in functions specifically for that task |
||
+ | |||
+ | * Database queries should use PEAR or string formatting functions |
||
+ | eg. |
||
+ | $query=sprintf("SELECT * FROM table WHERE id='%d' AND string='%s'",<br> |
||
+ | mysql_real_escape_string($id),<br> |
||
+ | mysql_real_escape_string($string))<br> |
||
+ | |||
+ | '''Syntax''' |
||
+ | |||
+ | *Use <?php and ?> not <? and ?> which is not standards compliant |
||
+ | |||
+ | '''Comments''' |
||
+ | |||
+ | *All functions should be preceded with a comment block so that docmentation can be automatically built |
||
+ | |||
+ | The comment block should have to following format |
||
+ | /** |
||
+ | * A description of the function |
||
+ | * @param string $param A description of the parameter |
||
+ | * |
||
+ | */ |
||
+ | function example ($param) { ... |
||
+ | |||
+ | *Comments used within the code should have a dimilar format |
||
+ | |||
+ | *Documentation on comment syntax is available at http://www.phpdoc.org |
||
+ | |||
+ | ==Example php page== |
||
+ | <?php<br> |
||
+ | $page_title="Example php page";<br> |
||
+ | wscauth_requrepriv(PRIV_VIEW_EXAMPLE);<br> |
||
+ | include_once("include/members.inc");<br> |
||
+ | include_once("include/strings.inc");<br> |
||
+ | <br> |
||
+ | $pid=preg_match(/^[0-9]+/, $_REQUEST['pid'],$match) ? $match[0] : false;<br> |
||
+ | <br> |
||
+ | //This if statement may not actually be required as person_by_id does a similar thing.<br> |
||
+ | //Consider what the effect of not passing $pid would be and only use a statment like this if the page would break.<br> |
||
+ | if(!$pid){<br> |
||
+ | print "Person not found";<br> |
||
+ | include_once("another_page.php");<br> |
||
+ | return;<br> |
||
+ | }<br> |
||
+ | $person=person_by_id($pid);<br> |
||
+ | print "Name ".$person['fullname'];<br> |
||
+ | <br> |
||
+ | //Only put a function in this page, if it cannot be used in other pages.<br> |
||
+ | function exampleFunction($var1, $var2, $var3="default"){<br> |
||
+ | //Only do database queries in this page, if this will be the only page where the database table is used.<br> |
||
+ | $query=sprintf("SELECT * FROM example_table WHERE<br> |
||
+ | pid='%d' AND expired="<br> |
||
+ | .stringNull($date).<br> |
||
+ | ")",<br> |
||
+ | mysql_real_escape_string($pid));<br> |
||
+ | <br> |
||
+ | return wscdb_fetchresults($query,0,0);<br> |
||
+ | }<br> |
||
+ | ?> |
||
+ | |||
+ | [[Category:Website]] |
Latest revision as of 23:25, 9 February 2019
This article needs to be updated. |
Contents
Common standards on how to write php pages for the website
This is up for discussion. If anyone would find it useful to see a particular standard implemented to make it easier for anyone to edit any page, please suggest it.
If anyone things that any of the standards suggested do not help, please comment.
Purpose
- Make it easier for other people to edit your code
- Ensure that pages are written securely
- Encourage compatibility with future changes
- Derived from pear coding standard http://pear.php.net/manual/en/standards.php
Standard
Header
- Optional $page_title
- All pages that require authentication start with
wscauth_requirepriv(PRIV); or
if(!wscauth_haspriv(PRIV)){return;}
- Optional includes
- Use include_once or require_once
- Any includes that are not used on every page should be included at the start of the page using them
- All pages that are passed variables should declare the variables after the authentication
- Newer versions of php disable register_globals, which means that this is required
- Newer versions of php disable register_globals, which means that this is required
eg.
$var=$_REQUEST['var']; for url, post and cookie or
$var=$_GET['var']; for URL only
$var=$_POST['var']; for POST only
$var=$_COOKIE['var']; for cookie only
- Optional check vars passed to the page for expected string format
eg.
$pid=preg_match(/^[0-9]+/, $_GET['pid'],$match) ? $match[0] : false;
This will assign $pid to the value of pid in the url if it is a number.
Block statments
- Use tabs to indent block code
- Avoid nested or long if statements
eg.
instead of if(COND){Do lots of code}
use if(!COND){return;}Do lots of code
Functions
- Use functions to make the structure of a page clear
- If the page performs lots of actions use a switch statment to call functions that perform the actions. Do not use lots of if statments throughout the page
- If functions are used on more than one page, put them in an include
- Where possible use existing functions even if it is slightly less efficient. This will make the website more reliable and have a negligable impact on performance.
Database
- All database queries are to be performed in functions specifically for that task
- Database queries should use PEAR or string formatting functions
eg.
$query=sprintf("SELECT * FROM table WHERE id='%d' AND string='%s'",
mysql_real_escape_string($id),
mysql_real_escape_string($string))
Syntax
- Use <?php and ?> not <? and ?> which is not standards compliant
Comments
- All functions should be preceded with a comment block so that docmentation can be automatically built
The comment block should have to following format
/** * A description of the function * @param string $param A description of the parameter * */ function example ($param) { ...
- Comments used within the code should have a dimilar format
- Documentation on comment syntax is available at http://www.phpdoc.org
Example php page
<?php
$page_title="Example php page";
wscauth_requrepriv(PRIV_VIEW_EXAMPLE);
include_once("include/members.inc");
include_once("include/strings.inc");
$pid=preg_match(/^[0-9]+/, $_REQUEST['pid'],$match) ? $match[0] : false;
//This if statement may not actually be required as person_by_id does a similar thing.
//Consider what the effect of not passing $pid would be and only use a statment like this if the page would break.
if(!$pid){
print "Person not found";
include_once("another_page.php");
return;
}
$person=person_by_id($pid);
print "Name ".$person['fullname'];
//Only put a function in this page, if it cannot be used in other pages.
function exampleFunction($var1, $var2, $var3="default"){
//Only do database queries in this page, if this will be the only page where the database table is used.
$query=sprintf("SELECT * FROM example_table WHERE
pid='%d' AND expired="
.stringNull($date).
")",
mysql_real_escape_string($pid));
return wscdb_fetchresults($query,0,0);
}
?>