36 Tips to Improve PHP Code Quality
You will often see:
require_once('../../lib/some_class.php');
This method has many disadvantages:
It first looks for the specified php include path, then looks for the current directory.
Therefore too many paths will be checked.
If the script is included by a script in another directory, its base directory becomes the directory where the other script is located.
Another problem is that when a scheduled task runs this script, its parent directory may not be the working directory.
So the best option is to use an absolute path:
define('ROOT' , '/var/www/project/'); require_once(ROOT . '../../lib/some_class.php'); //rest of the code
We defined an absolute path and the value is hard-coded. We can also improve it. The path /var/www/project may also change, so do we have to change it every time? No, we can use __FILE__ Constants, such as:
//suppose your script is /var/www/project/index.php //Then __FILE__ will always have that full path. define('ROOT' , pathinfo(__FILE__, PATHINFO_DIRNAME)); require_once(ROOT . '../../lib/some_class.php'); //rest of the code
Now, no matter which directory you move to, such as moving to an external server, the code will run correctly without any changes.
directly You can introduce multiple files at the head of the script, such as class libraries, tool files and helper functions, such as:
require_once('lib/Database.php'); require_once('lib/Mail.php'); require_once('helpers/utitlity_functions.php');
This usage is quite primitive. It should be more flexible. A helper function include file should be written. For example:
function load_class($class_name) { //path to the class file $path = ROOT . '/lib/' . $class_name . '.php'); require_once( $path ); } load_class('Database'); load_class('Mail');
Is there anything different? The code is more readable.
You can extend this function as needed in the future, such as:
function load_class($class_name) { //path to the class file $path = ROOT . '/lib/' . $class_name . '.php'); if(file_exists($path)) { require_once( $path ); } }
You can do more:
Find multiple directories for the same file
The directory where class files are placed can be easily changed without having to modify the code one by one
Similar functions can be used to load files, such as html content.
In a development environment, we print database queries, dump problematic variable values, and once the problem is resolved, we comment or delete them. However, a better approach is to keep the debug code.
In a development environment, you can:
define('ENVIRONMENT' , 'development'); if(! $db->query( $query ) { if(ENVIRONMENT == 'development') { echo "$query failed"; } else { echo "Database error. Please contact administrator"; } }
In the server, you can:
define('ENVIRONMENT' , 'production'); if(! $db->query( $query ) { if(ENVIRONMENT == 'development') { echo "$query failed"; } else { echo "Database error. Please contact administrator"; } }
System, exec, passthru, shell_exec These 4 functions can be used to execute system commands. The behavior of each is slightly different. The problem is that when in shared hosting, certain functions may be selectively disabled. Most newbies tend to Each time first check which function is available before using it.
A better solution is to encapsulate the function into a cross-platform function.
/** Method to execute a command in the terminal Uses : 1. system 2. passthru 3. exec 4. shell_exec */ function terminal($command) { //system if(function_exists('system')) { ob_start(); system($command , $return_var); $output = ob_get_contents(); ob_end_clean(); } //passthru else if(function_exists('passthru')) { ob_start(); passthru($command , $return_var); $output = ob_get_contents(); ob_end_clean(); } //exec else if(function_exists('exec')) { exec($command , $output , $return_var); $output = implode("\n" , $output); } //shell_exec else if(function_exists('shell_exec')) { $output = shell_exec($command) ; } else { $output = 'Command execution not possible on this system'; $return_var = 1; } return array('output' => $output , 'status' => $return_var); } terminal('ls');
The above function will run the shell command as long as a system function is available, which keeps the code consistent.
function add_to_cart($item_id , $qty) { $_SESSION['cart']['item_id'] = $qty; } add_to_cart( 'IPHONE3' , 2 );
Use the function above to add a single item. When adding a list of items, do you have to create another function? No, as long as you pay a little attention to the different types of parameters, you will be more flexible. For example:
function add_to_cart($item_id , $qty) { if(!is_array($item_id)) { $_SESSION['cart']['item_id'] = $qty; } else { foreach($item_id as $i_id => $qty) { $_SESSION['cart']['i_id'] = $qty; } } } add_to_cart( 'IPHONE3' , 2 ); add_to_cart( array('IPHONE3' => 2 , 'IPAD' => 5) );
Now, the same function can handle different types of input parameters. You can refer to the above example to refactor your code to make it smarter.
I'd love to know why so many blog posts about php advice don't mention this.
<?php echo "Hello"; //Now dont close this tag
This will save you a lot of time. Let's give an example:
A super_class.php file
<?php class super_class { function super_function() { //super code } } ?> //super extra character after the closing tag
index.php
require_once('super_class.php'); //echo an image or pdf , or set the cookies or session data
In this way, you will get a Headers already send error. Why? Because the "super extra character" has already been output. Now you have to start debugging. This will take a lot of time to find the location of the super extra.
Therefore, make a habit of omitting the closing character:
<?php class super_class { function super_function() { //super code } } //No closing tag
This will be better.
This is called output buffering. Say you have output content in different functions:
function print_header() { echo "<p id='header'>Site Log and Login links</p>"; } function print_footer() { echo "<p id='footer'>Site was made by me</p>"; } print_header(); for($i = 0 ; $i < 100; $i++) { echo "I is : $i <br />'; } print_footer();
Alternatively, collect the output centrally somewhere. You can store it in a local variable of the function, or you can use ob_start and ob_end_clean. Like this:
function print_header() { $o = "<p id='header'>Site Log and Login links</p>"; return $o; } function print_footer() { $o = "<p id='footer'>Site was made by me</p>"; return $o; } echo print_header(); for($i = 0 ; $i < 100; $i++) { echo "I is : $i <br />'; } echo print_footer();
Why output buffering is needed:
>>You can change the output before sending to the browser. Such as str_replaces function or maybe preg_replaces or add some monitoring/debugging html content.
>>Outputting to the browser and doing PHP processing at the same time is very bad. You should have seen error messages appearing in the sidebar or in the middle of some sites. Do you know why it happens? Because the processing and output are mixed.
Output some xml.
$xml = '<?xml version="1.0" encoding="utf-8" standalone="yes"?>'; $xml = "<response> <code>0</code> </response>"; //Send xml data echo $xml;
Works well. But needs some improvements.
$xml = '<?xml version="1.0" encoding="utf-8" standalone="yes"?>'; $xml = "<response> <code>0</code> </response>"; //Send xml data header("content-type: text/xml"); echo $xml;
Pay attention to the header line. This line tells the browser that the content sent is xml type. So the browser can process it correctly. Many javascript libraries also rely on header information.
Similar ones include javascript, css, jpg image, png image:
JavaScript
header("content-type: application/x-javascript"); echo "var a = 10";
CSS
header("content-type: text/css"); echo "#p id { background:#000; }";
I once encountered that unicode/utf-8 encoding was set in the mysql table, and phpadmin could display it correctly, but when you get the content and output it on the page, garbled characters will appear. The problem here lies in the character encoding of the mysql connection.
//Attempt to connect to database $c = mysqli_connect($this->host , $this->username, $this->password); //Check connection validity if (!$c) { die ("Could not connect to the database host: <br />". mysqli_connect_error()); } //Set the character set of the connection if(!mysqli_set_charset ( $c , 'UTF8' )) { die('mysqli_set_charset() failed'); }
一旦连接数据库, 最好设置连接的 characterset. 你的应用如果要支持多语言, 这么做是必须的.
php5.4前, 字符的默认编码是ISO-8859-1, 不能直接输出如À â等.
$value = htmlentities($this->value , ENT_QUOTES , CHARSET);
php5.4以后, 默认编码为UTF-8, 这將解决很多问题. 但如果你的应用是多语言的, 仍然要留意编码问题,.
考虑过使用 ob_gzhandler 吗? 不要那样做. 毫无意义. php只应用来编写应用. 不应操心服务器和浏览器的数据传输优化问题.
使用apache的mod_gzip/mod_deflate 模块压缩内容.
时常会用php输出动态javascript内容:
$images = array( 'myself.png' , 'friends.png' , 'colleagues.png' ); $js_code = ''; foreach($images as $image) { $js_code .= "'$image' ,"; } $js_code = 'var images = [' . $js_code . ']; '; echo $js_code; //Output is var images = ['myself.png' ,'friends.png' ,'colleagues.png' ,];
更聪明的做法, 使用 json_encode:
$images = array( 'myself.png' , 'friends.png' , 'colleagues.png' ); $js_code = 'var images = ' . json_encode($images); echo $js_code; //Output is : var images = ["myself.png","friends.png","colleagues.png"]
优雅乎?
写或保存文件前, 确保目录是可写的, 假如不可写, 输出错误信息. 这会节约你很多调试时间. linux系统中, 需要处理权限, 目录权限不当会导致很多很多的问题, 文件也有可能无法读取等等.
确保你的应用足够智能, 输出某些重要信息.
$contents = "All the content"; $file_path = "/var/www/project/content.txt"; file_put_contents($file_path , $contents);
这大体上正确. 但有些间接的问题. file_put_contents 可能会由于几个原因失败:
>>父目录不存在
>>目录存在, 但不可写
>>文件被写锁住?
所以写文件前做明确的检查更好.
$contents = "All the content"; $dir = '/var/www/project'; $file_path = $dir . "/content.txt"; if(is_writable($dir)) { file_put_contents($file_path , $contents); } else { die("Directory $dir is not writable, or does not exist. Please check"); }
这么做后, 你会得到一个文件在何处写及为什么失败的明确信息.
在linux环境中, 权限问题可能会浪费你很多时间. 从今往后, 无论何时, 当你创建一些文件后, 确保使用chmod设置正确权限. 否则的话, 可能文件先是由"php"用户创建, 但你用其它的用户登录工作, 系统將会拒绝访问或打开文件, 你不得不奋力获取root权限, 更改文件的权限等等.
// Read and write for owner, read for everybody else chmod("/somedir/somefile", 0644); // Everything for owner, read and execute for others chmod("/somedir/somefile", 0755);
if($_POST['submit'] == 'Save') { //Save the things }
上面大多数情况正确, 除了应用是多语言的. 'Save' 可能代表其它含义. 你怎么区分它们呢. 因此, 不要依赖于submit按钮的值.
if( $_SERVER['REQUEST_METHOD'] == 'POST' and isset($_POST['submit']) ) { //Save the things }
现在你从submit按钮值中解脱出来了.
//Delay for some time function delay() { $sync_delay = get_option('sync_delay'); echo "<br />Delaying for $sync_delay seconds..."; sleep($sync_delay); echo "Done <br />"; }
用静态变量取代:
//Delay for some time function delay() { static $sync_delay = null; if($sync_delay == null) { $sync_delay = get_option('sync_delay'); } echo "<br />Delaying for $sync_delay seconds..."; sleep($sync_delay); echo "Done <br />"; }
某些简单例子:
$_SESSION['username'] = $username; $username = $_SESSION['username'];
这会导致某些问题. 如果在同个域名中运行了多个应用, session 变量可能会冲突. 两个不同的应用可能使用同一个session key. 例如, 一个前端门户, 和一个后台管理系统使用同一域名.
从现在开始, 使用应用相关的key和一个包装函数:
define('APP_ID' , 'abc_corp_ecommerce'); //Function to get a session variable function session_get($key) { $k = APP_ID . '.' . $key; if(isset($_SESSION[$k])) { return $_SESSION[$k]; } return false; } //Function set the session variable function session_set($key , $value) { $k = APP_ID . '.' . $key; $_SESSION[$k] = $value; return true; }
假如你在某文件中定义了很多工具函数:
function utility_a() { //This function does a utility thing like string processing } function utility_b() { //This function does nother utility thing like database processing } function utility_c() { //This function is ... }
这些函数的使用分散到应用各处. 你可能想將他们封装到某个类中:
class Utility { public static function utility_a() { } public static function utility_b() { } public static function utility_c() { } } //and call them as $a = Utility::utility_a(); $b = Utility::utility_b();
显而易见的好处是, 如果php内建有同名的函数, 这样可以避免冲突.
另一种看法是, 你可以在同个应用中为同个类维护多个版本, 而不导致冲突. 这是封装的基本好处, 无它.
>>使用echo取代print
>>使用str_replace取代preg_replace, 除非你绝对需要
>>不要使用 short tag
>>简单字符串用单引号取代双引号
>>head重定向后记得使用exit
>>不要在循环中调用函数
>>isset比strlen快
>>始中如一的格式化代码
>>不要删除循环或者if-else的括号
不要这样写代码:
if($a == true) $a_count++;
这绝对WASTE.
写成:
if($a == true) { $a_count++; }
不要尝试省略一些语法来缩短代码. 而是让你的逻辑简短.
>>使用有高亮语法显示的文本编辑器. 高亮语法能让你减少错误.
比如说你想 trim 数组中的所有元素. 新手可能会:
foreach($arr as $c => $v) { $arr[$c] = trim($v); }
但使用 array_map 更简单:
$arr = array_map('trim' , $arr);
这会为$arr数组的每个元素都申请调用trim. 另一个类似的函数是 array_walk. 请查阅文档学习更多技巧.
你肯定曾使用过正则表达式验证 email , ip地址等. 是的,每个人都这么使用. 现在, 我们想做不同的尝试, 称为filter.
php的filter扩展提供了简单的方式验证和检查输入.
$amount = intval( $_GET['amount'] ); $rate = (int) $_GET['rate'];
这是个好习惯.
如果你使用php开发大型的应用, php承担了很多运算量, 速度会是一个很重要的指标. 使用profile帮助优化代码. 可使用
xdebug和webgrid.
对于大的数组和字符串, 必须小心处理. 常见错误是发生数组拷贝导致内存溢出,抛出Fatal Error of Memory size 信息:
$db_records_in_array_format; //This is a big array holding 1000 rows from a table each having 20 columns , every row is atleast 100 bytes , so total 1000 * 20 * 100 = 2MB $cc = $db_records_in_array_format; //2MB more some_function($cc); //Another 2MB ?
当导入或导出csv文件时, 常常会这么做.
不要认为上面的代码会经常因内存限制导致脚本崩溃. 对于小的变量是没问题的, 但处理大数组的时候就必须避免.
确保通过引用传递, 或存储在类变量中:
$a = get_large_array(); pass_to_function(&$a);
这么做后, 向函数传递变量引用(而不是拷贝数组). 查看文档.
class A { function first() { $this->a = get_large_array(); $this->pass_to_function(); } function pass_to_function() { //process $this->a } }
尽快的 unset 它们, 让内存得以释放,减轻脚本负担.
确保你的脚本由始至终都使用单一的数据库连接. 在开始处正确的打开连接, 使用它直到结束, 最后关闭它. 不要像下面这样在函数中打开连接:
function add_to_cart() { $db = new Database(); $db->query("INSERT INTO cart ....."); } function empty_cart() { $db = new Database(); $db->query("DELETE FROM cart ....."); }
使用多个连接是个糟糕的, 它们会拖慢应用, 因为创建连接需要时间和占用内存.
特定情况使用单例模式, 如数据库连接.
不厌其烦的写了太多如下的语句:
$query = "INSERT INTO users(name , email , address , phone) VALUES('$name' , '$email' , '$address' , '$phone')"; $db->query($query); //call to mysqli_query()
这不是个建壮的方案. 它有些缺点:
>>每次都手动转义值
>>验证查询是否正确
>>查询的错误会花很长时间识别(除非每次都用if-else检查)
>>很难维护复杂的查询
因此使用函数封装:
function insert_record($table_name , $data) { foreach($data as $key => $value) { //mysqli_real_escape_string $data[$key] = $db->mres($value); } $fields = implode(',' , array_keys($data)); $values = "'" . implode("','" , array_values($data)) . "'"; //Final query $query = "INSERT INTO {$table}($fields) VALUES($values)"; return $db->query($query); } $data = array('name' => $name , 'email' => $email , 'address' => $address , 'phone' => $phone); insert_record('users' , $data);
看到了吗? 这样会更易读和扩展. record_data 函数小心的处理了转义.
最大的优点是数据被预处理为一个数组, 任何语法错误都会被捕获.
该函数应该定义在某个database类中, 你可以像 $db->insert_record这样调用.
查看本文, 看看怎样让你处理数据库更容易.
类似的也可以编写update,select,delete方法. 试试吧.
如果所有的内容都是从数据库获取的, 它们应该被缓存. 一旦生成了, 就將它们保存在临时文件中. 下次请求该页面时, 可直接从缓存中取, 不用再查数据库.
好处:
>>节约php处理页面的时间, 执行更快
>>更少的数据库查询意味着更少的mysql连接开销
基于文件的session策略会有很多限制. 使用基于文件的session不能扩展到集群中, 因为session保存在单个服务器中. 但数据库可被多个服务器访问, 这样就可以解决问题.
在数据库中保存session数据, 还有更多好处:
>>处理username重复登录问题. 同个username不能在两个地方同时登录.
>>能更准备的查询在线用户状态.
>>使用 defines/constants
>>使用函数获取值
>>使用类并通过$this访问
没听说过? 请看下面:
<head> <base href="http://www.domain.com/store/"> </head> <body> <img src="happy.jpg" /> </body> </html>
base 标签非常有用. 假设你的应用分成几个子目录, 它们都要包括相同的导航菜单.
www.domain.com/store/home.php
www.domain.com/store/products/ipad.php
在首页中, 可以写:
<a href="home.php">Home</a> <a href="products/ipad.php">Ipad</a>
但在你的ipad.php不得不写成:
<a href="../home.php">Home</a> <a href="ipad.php">Ipad</a>
因为目录不一样. 有这么多不同版本的导航菜单要维护, 很糟糕啊.
因此, 请使用base标签.
<a href="home.php">Home</a> <a href="products/ipad.php">Ipad</a>