www.webdeveloper.com
Page 1 of 2 12 LastLast
Results 1 to 15 of 18

Thread: Defensive Coding

  1. #1
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,227

    Defensive Coding

    I've put together a first draft on a little article about defensive coding in PHP. I'd appreciate any feedback on the content: does it make sense, are the examples clear, any glaring omissions, etc.? I'm not worried about things like spelling and grammar at this point, I'll clean that up later.

    Thanks

    And here's the article: http://www.charles-reace.com/article.html
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  2. #2
    Join Date
    Aug 2004
    Location
    Boston
    Posts
    322
    Very well written ND. I think I may take up your idea of turning all error emssages on while scripting. Thanks!
    :: The Recipe Tavern ::
    veni vidi biberi

  3. #3
    Join Date
    Jan 2005
    Location
    Lithia Springs, GA USA
    Posts
    886
    My absolute favorite line... I am still laughing over this...
    Quote Originally Posted by NogDog
    We want to output a "nice" error message that looks professional, implying that everything is under control and we're sure it will be better in the morning.

  4. #4
    Join Date
    Aug 2004
    Location
    San Antonio, TX
    Posts
    564
    I think you are going to help save alot of computers from being thrown out the window with this article. Ok, maybe only mine - but it's a start!

    Answers to all your questions can be found at: PHP Manual

  5. #5
    Join Date
    Dec 2002
    Location
    Seattle, WA
    Posts
    1,843
    One of the common mistakes I see many novice PHP developers make is to assume that everything should work as coded.
    awsome openning sentance, great minds think alike lol, great job nogdog

  6. #6
    Join Date
    Jul 2003
    Location
    The City of Roses
    Posts
    2,503
    ...and wherever you currently have die("some message") just change it to error("some message"[, TRUE|FALSE])
    I'm not up on my PHP, but are you able to override the functionality of core functions? For instance, instead of changing every single die to error, could you instead define die to do something different?
    for(split(//,'))*))91:+9.*4:1A1+9,1))2*:..)))2*:31.-1)4131)1))2*:3)"'))
    {for(ord){$i+=$_&7;grep(vec($s,$i++,1)=1,1..($_>>3)-4);}}print"$s\n";

  7. #7
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,227
    Quote Originally Posted by Jeff Mott
    I'm not up on my PHP, but are you able to override the functionality of core functions? For instance, instead of changing every single die to error, could you instead define die to do something different?
    I seem to recall that PHP does not allow this, but I'll have to look into it to be sure, as that's a good idea.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  8. #8
    Join Date
    Mar 2004
    Posts
    3,056
    Well written. Clean and clear. I like.

    I know you're probably already on it, but I think a section on SQL injection and promotion of mysql_real_escape_string() over magic quotes GPC or addslashes (assuming MySQL is the database in question of course) would definitely be a good thing.

    Actually, I think making a sticky with links to well written and clear articles like this, on some of the important basics of PHP would be a good thing.

  9. #9
    Join Date
    Feb 2005
    Location
    Tauranga
    Posts
    2,062
    I like the article Nog Dog, iI like the easy way you have written it so that even a novice (Much of myself) can understand what you are on about. i like how you say to include some of the variables in the error message.

    Nice work!

    Sheldon

  10. #10
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,739
    Instead of using die() at the coding stage and changing later you could use error() but have:
    PHP Code:
    function error($error)
    {
    die(
    $error);

    This would save changing die() to error() after debugging has finished. All that would be needed is changing the above function to your function.

    Does this make any sense?

  11. #11
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,227
    Quote Originally Posted by bokeh
    Instead of using die() at the coding stage and changing later you could use error() but have:
    PHP Code:
    function error($error)
    {
    die(
    $error);

    This would save changing die() to error() after debugging has finished. All that would be needed is changing the above function to your function.

    Does this make any sense?
    Yes. And I've confirmed by experimentation that you can not redefine a function.

    Maybe a follow-up article in the works with some of the ideas here? I think I want to avoid introducing too much in one article.

    Thanks to all for the feedback.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  12. #12
    Join Date
    Feb 2005
    Location
    Tauranga
    Posts
    2,062
    Yes that does make sence, saves going throught and making changes to everything.

    But one question? would that mean that the same error message would come up with everything?


    Sheldon

  13. #13
    Join Date
    Oct 2003
    Posts
    379
    good job nogdog, much like everyone else said, you did great on it.

    Last edited by Genixdeae; 08-14-2005 at 12:49 AM.
    Only Those Who Listen Prosper
    ~GD~

  14. #14
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,227
    Quote Originally Posted by bokeh
    Instead of using die() at the coding stage and changing later you could use error() but have:
    PHP Code:
    function error($error)
    {
    die(
    $error);

    This would save changing die() to error() after debugging has finished. All that would be needed is changing the above function to your function.

    Does this make any sense?
    This inspired me to come up with the following function:
    PHP Code:
    function error($text$fatal FALSE)
    {
      if(!
    defined('DEBUG') or DEBUG == FALSE# not in debug mode
      
    {
        
    # ouput error text to log file:
        
    $path "C:\\";   # specify where log files will be saved
        
    $this array_pop(explode("/"$_SERVER['PHP_SELF']));
        
    $file "$path$this.log";
        
    error_log(date("Y/m/d-h:m:s") . " --> $text\n"3$file);
        if(
    $fatal)
        {
          
    $msg = <<<EOD
    <p class="error">We're sorry, but an unrecoverable error occurred processing
    your request. If this problem persists, please contact the
    <a href="mailto:
    {$_SERVER['SERVER_ADMIN']}">webmaster</a>.</p>
    EOD;
          die(
    $msg);
        } 
      }
      else  
    # in debug mode
      
    {
        if(
    $fatal)
        {
          die(
    "<pre>ERROR: $text</pre>");
        }
        else  
    # not fatal, so just output error text
        
    {
          echo(
    "<pre>ERROR: $text</pre>");
        }
      }

    Now all I need to do is incude() it into any script, and if I want to run in debug mode (have any errors reported directly to the normal output) just define a constant DEBUG as TRUE; otherwise it will run in non-debug mode, outputting all error text to the log file:
    PHP Code:
    include "include.php";  # file that includes error() function
    define('DEBUG'TRUE);  # run this script in debug mode
    # ... rest of script follows
    # sample error situation:
    mysql_query($query) or error("Query failed: " mysql_error(), TRUE); 
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  15. #15
    Join Date
    Jul 2003
    Location
    The City of Roses
    Posts
    2,503
    Just another suggestion (going back to my Perl roots): using a boolean for fatal or not is not going to be very readable in the main body of code.
    Code:
    ... or error("don't work", FALSE);
    ... or error("also don't work", TRUE);
    Perhaps instead you could write two different functions for the simple purpose of readability.
    Code:
    ... or Error("don't work");
    ... or FatalError("also don't work");
    In Perl this would be synonymous with the operations die and warn.
    for(split(//,'))*))91:+9.*4:1A1+9,1))2*:..)))2*:31.-1)4131)1))2*:3)"'))
    {for(ord){$i+=$_&7;grep(vec($s,$i++,1)=1,1..($_>>3)-4);}}print"$s\n";

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles