UltraMega Blog
10Nov/090

10 Common PHP Mistakes to Avoid

These are some very common mistakes that are made in PHP. Some of these can be tricky to catch and can lead to all sorts of strange behavior. So here are 10 common PHP coding mistakes to avoid.

1 '=' Vs. '=='

Using a single '=' in a comparison will cause an assignment and return true, so this mistake can have some pretty unexpected results. It can be hard to catch since it looks perfectly valid to the interpreter if you are comparing something with a variable.

An easy way to avoid this is to swap the subject and variable like this:

<?php
if(true = $something) { // Parse error!
   // do stuff
}
?>

The above will result in a parse error since you can't assign a literal to something, making it easy to catch and fix.

2 '==' Vs. '==='

There is a big difference between the '==' (equal) and '===' (identical) comparison operators. '==' will convert types to match before making the comparison, while '===' will compare directly without converting. So in situations where the difference between '0' and 'false' matters, you must use '==='. Here's some examples:

<?php
var_dump(false == 0); // true
var_dump(false === 0); // false
var_dump(false === false); // true
var_dump('0' == 0); // true
var_dump('0' === 0); // false
?>

3 Missing Quotes Around String Keys

When working with arrays with string keys, it is important to quote literal strings. Without quotes, PHP will look for a constant with that name, then convert to string when none is found. Usually this is just a minor performance hit, but it can lead to unexpected results if the constant does happen to exist.

<?php
define('foo', 'bar'); // constant foo is 'bar'
$array = Array('foo' => 'This is foo', 'bar' => 'This is bar');
 
// BAD
var_dump($array[foo]); // 'This is bar'
 
// GOOD
var_dump($array['foo']); // 'This is foo'
?>

4 Mismatched Quotes or Braces

A common mistake that leads to many syntax errors is mismatched quotes or braces. Some things to remember:

  • For every ' there's a '
  • For every " there's a "
  • For every ( there's a )
  • For every { there's a }
  • For every [ there's a ]

5 Missing ';'

PHP requires that each statement ends with a semicolon so that it knows where one instruction ends and the next begins. Omitting a ';' will cause PHP to treat everything up to the next ';' as one statement. This usually results in a syntax error (usually from the next line).

6 Misplaced ';'

An extra semicolon can be just as bad as omitting one. Control structures like if and while should not end with a semicolon. Doing so will effectively cause PHP to ignore the results and simply execute the code found in the block, treating it as an empty statement.

<?php
$foo = false;
 
if($foo == true); // BAD, do not end with ;
{
   echo 'something is wrong';
}
?>

The above outputs 'something is wrong' because the if statement is completely ignored.

7 Setting Headers After Output

You can't modify headers once you send them to the client. This means that as soon as any output is sent to the browser, you can't use header, session_start, setcookie, or any other functions that modify headers. You can use the headers_sent function to determine if headers have been sent.

In most cases, this mistake is made when rogue white-space exists at the end of an included file. An easy way to avoid this is to omit the closing "?>" tag in your includes.

8 Using Short Tags

You should always use "<?php" and "?>" around your PHP blocks for portability. Using the convenient short and alternative tags ("<?", "<?=", and "<%") is not supported by default and should be avoided.

9 Using 'ereg*' Functions

As of PHP 5.3, the POSIX (ereg*) family of regex functions have been deprecated, and will be removed in PHP 6. This isn't really a big deal right now, but you should move away from these to future-proof your code. You should instead use the PCRE (preg*) family of functions.

10 Not Using E_ALL During Development

The best way to avoid the majority of mistakes is to turn error reporting all the way up in development. This will tell you about all the little things that can potentially lead to problems. If you can write code that produces no errors under this condition, you are probably good to go!

Posted by Steve

Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

No trackbacks yet.