Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Certification - All Discussion
Author Message
technocrat
Life Cycles Becoming CPU Cycles



Joined: Jul 07, 2005
Posts: 511

PostPosted: Wed Mar 04, 2009 10:37 am Reply with quote

Perhaps its time to standardize some of the coding and using best practices as well. Using freeresults, counting and array before a for loop, using a while loop to fetch row data, are some examples. I am sure there are many more.

_________________
Nuke-Evolution
phpBB-Evolution / phpBB-Evolution Blog 
View user's profile Send private message
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17087

PostPosted: Sun Mar 08, 2009 11:43 am Reply with quote

I think we've been down this path a few times in the past. It always ends up the same. In principle - yes; in practice - that's where it dies <sigh>


Last edited by Raven on Sun Mar 08, 2009 12:18 pm; edited 1 time in total 
View user's profile Send private message
eldorado
Involved
Involved



Joined: Sep 10, 2008
Posts: 424
Location: France,Translator

PostPosted: Sun Mar 08, 2009 12:04 pm Reply with quote

Well the use of the $db standard made things easier for developper didn't it?

And me being a standard nuke user and a newbie developper coulnd't think of using the standard coding.

I think me among plenty of others is a good example of what "some" developper do.
Like fetch code on the net , see what it does and hooray it works with nuke and it doesn't break my other modules Razz


Just an idea for you Raven : WIKI.
 
View user's profile Send private message Visit poster's website MSN Messenger
technocrat







PostPosted: Tue Mar 10, 2009 9:28 am Reply with quote

We made a wiki for PE and once people learned to use it (the hardest part) they loved it and it help ALOT with standardizing things.

If this isn't working in practice then twist their arm. Don't certify them until they are brought up to snuff. Much like phpBB does with their mods. The cert process for them is a major pain.
 
Raven







PostPosted: Tue Mar 10, 2009 9:57 am Reply with quote

I am in agreement with Technocrat all the way with this one Wink
 
eldorado







PostPosted: Tue Mar 10, 2009 3:16 pm Reply with quote

On second thought the wiki would be a bad idea , the forums are better for this.
And I do agree with you technocrat , phpbb cert is such a pain you can't even pass stage 1 if you are not a pro dev. Razz (hate them)
 
testy1
Involved
Involved



Joined: Apr 06, 2008
Posts: 484

PostPosted: Tue Mar 10, 2009 5:09 pm Reply with quote

eldorado wrote:
On second thought the wiki would be a bad idea , the forums are better for this.
And I do agree with you technocrat , phpbb cert is such a pain you can't even pass stage 1 if you are not a pro dev. Razz (hate them)


But this is why nuke is such a mess Smile

I have always been a big fan of standardization, you could even build a script that people could put there code into and it would format it according to RN standards.Obviously this would rely on the dev team agreeing on a layout Smile, and we all know, we have our own ways of doing things.
 
View user's profile Send private message
technocrat







PostPosted: Tue Mar 10, 2009 5:36 pm Reply with quote

Doing things our own way is what has led to many of the problems
 
testy1







PostPosted: Tue Mar 10, 2009 6:28 pm Reply with quote

technocrat wrote:
Doing things our own way is what has led to many of the problems


Not really code layout is not as big an issue as the way the code is written.Most code that is poorly formated is because it has not been formated at all.for example I prefer

Code:



} else {



buy some people prefer

Code:



}
else
{



I also prefer to start the scripts 2 initial spaces (not tabs) and format it at 2 spaces also.

There are many different ways to format code, none of which are wrong.

But the way the code is written could be standardised.for example
[ Only registered users can see links on this board! Get registered or login! ]


We (we, like Im running shizzle around here Razz ) could have a document like above that helps new coders identify where things should be/shouldn't be and how to blah blah blah you get the point

It smoko so Im in a hurry Smile
 
technocrat







PostPosted: Wed Mar 11, 2009 9:25 am Reply with quote

Code layout isn't really what I am referring to as much. Layout doesn't have as many consequences as poor coding. Everything from speed to security can be affected.

What I am talking about is more like:
Code:
$foo = array_fill(0, 1000000, 'bar');

for ($i = 0; $i < count($foo); $i++) {
    echo $foo[$i];
}

Which is a bad way to do it vs:
Code:
$foo = array_fill(0, 1000000, 'bar');

$count = count($foo)
for ($i = 0; $i < $count; $i++) {
    echo $foo[$i];
}


Or how about:
Code:
$result = $db->sql_query("SELECT * FROM TABE");

$num_rows = $db->sql_numrows($result);
for ($i = 0; $i < $num_rows; $i++) {
    $row = $db->sql_fetchrow($result);
    ....
}

VS
Code:
$result = $db->sql_query("SELECT * FROM TABE");

for ($row = $db->sql_fetchrow($result);) {
    ....
}


How about not using $db->sql_freeresult($result); or using the mysql functions.

Or worse not initializing arrays or validating input.

I could go on and on and on with things people use (dont use) that are not standards. Which is mostly due to there hasn't been one.

But if you guys want to try and enforce formatting then that's your decision to make, but I think should be secondary.

Two spaces? I never understood the two spaces format. It isn't standard in any PHP format standard. Plus some IDE's can't change from tabs to spaces like that. So your going to tell them that they have to hit space twice all the time vs tab Confused Tab is always the standard and I would have a tough time understanding the reasoning of not using that as a standard.

But I will probably not be participating other than maybe giving some feedback and input. So what ever is decided is up to Raven and the community. I am just pointing out for the good of everyone that someone should step up and correct this oversight.
 
testy1







PostPosted: Wed Mar 11, 2009 4:02 pm Reply with quote

yes definately, code layout was just a secondary thought as a lot of code I see is beyond a mess Smile

Most good editors will alllow you to format code anyway you like.

But those improvement's above can make a big difference as I recenlty found out.

e.g.

Code:


$count = count($foo)
for ($i = 0; $i < $count; $i++) {


I was seeing gains of upto 90% speed increase doing it this way.
 
evaders99
Former Moderator in Good Standing



Joined: Apr 30, 2004
Posts: 3221

PostPosted: Wed Mar 11, 2009 6:45 pm Reply with quote

I'm kind of surprise the PHP compiler doesn't optimize that for us. Oh well

_________________
- Star Wars Rebellion Network -

Need help? Nuke Patched Core, Coding Services, Webmaster Services 
View user's profile Send private message Visit poster's website
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Thu Mar 12, 2009 6:47 am Reply with quote

I have read that even the following is better:

Code:


$count = count($foo)
for ($i = 0; $i < $count; ++$i) {


Pre-Increment/decrement is supposed to be faster (fewer op-codes) than post-increment/decrement.

_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... 
View user's profile Send private message Visit poster's website
technocrat







PostPosted: Thu Mar 12, 2009 7:07 am Reply with quote

It is, I just didn't think of it while making the example. Good reason for a wiki and lots of input. Wink
[ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ]
 
montego







PostPosted: Thu Mar 12, 2009 7:17 am Reply with quote

technocrat wrote:
Good reason for a wiki and lots of input. Wink


Absolutely!

BTW, we have one, but just not officially released yet.
 
eldorado







PostPosted: Thu Mar 12, 2009 4:07 pm Reply with quote

I would sure go on this one Wink I wanted to start one myself with the help of the platinum community but it's a waste of time now Very Happy
 
testy1







PostPosted: Thu Mar 12, 2009 6:07 pm Reply with quote

another interesting read
[ Only registered users can see links on this board! Get registered or login! ]
 
Raven







PostPosted: Thu Mar 12, 2009 8:40 pm Reply with quote

testy1 wrote:
another interesting read
[ Only registered users can see links on this board! Get registered or login! ]


Not according to the php development team Smile [ Only registered users can see links on this board! Get registered or login! ]

====================================================
Notes
Tip

Do not use preg_match() if you only want to check if one string is contained in another string. Use strpos() or strstr() instead as they will be faster.
====================================================
 
testy1







PostPosted: Fri Mar 13, 2009 12:18 am Reply with quote

to be honest I could spend all day testing functionoidals and objectorzoidals for speed Smile
 
testy1







PostPosted: Fri Mar 13, 2009 1:03 am Reply with quote

mmmmmm

realtime benchmarking
[ Only registered users can see links on this board! Get registered or login! ]
 
eldorado







PostPosted: Fri Mar 13, 2009 7:52 am Reply with quote

rofl....says it needs to be refreshed several time...Razz
 
fkelly
Former Moderator in Good Standing



Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Thu Apr 23, 2009 8:08 pm Reply with quote

Here's a few issues I've come across that are specific to standardization for Ravennuke:


    1. using language constants instead of "hardcoding"
    2. using $admin_file and $prefix and $user_prefix correctly
    3. not using mysql_error to dump out failed SQL to the screen and "die" the program
    4. generally using single quotes and string concatenation instead of double quotes wherever possible. There are probably some exceptions but you would never want to say include("footer.php") ... there is no reason to force the interpreter to have to figure that out nor would you want to say if ($a == "0").
    5. running all programs that produce screen output through the w3c validator before turning them loose on the world
    6. if you are using tables to lay out a form please use indentation and/or comments to make it clear where your trs and tds begin and end. The validator will catch you out if you don't close a tag properly but someone who is trying to maintain and/or extend your program later will appreciate it if the structure of your table is visually apparent in the code.
 
View user's profile Send private message Visit poster's website
eldorado







PostPosted: Sun Apr 26, 2009 3:55 am Reply with quote

Nice list fkelly.

7. use DB instead of DBI
8. stripslashes on every form to prevent sql injection.
9. Using css's style instead of hardcoding.Accessibility must be the main concern.

6 is probably the most important standard.Helps a lot for security audits. and simplify the approver's job.
 
evaders99







PostPosted: Sun Apr 26, 2009 4:21 am Reply with quote

Quote:
8. stripslashes on every form to prevent sql injection.


Actually no. addslashes is what you want to prevent sql injections. Better, use mysql_real_escape_string (only if using MySQL databases)
 
fkelly







PostPosted: Sun Apr 26, 2009 9:28 am Reply with quote

Re. forms, it is not a matter of stripslashes or addslashes or mysql_real_escape_string per se, though Evaders is correct. Every form field should be filtered by the receiving program. The filter should be as specific to the field as possible. In other words, if the field should be an integer then your filter should do a intval() on it. If you do an intval there is no need to do other "more expensive" filters like check_html. If the input should be an integer between 1 and 10 you should filter for that. If it should be a date you should check to see that it's a valid date. If it should be a floating point number you should check for that. If it should be text you should check that the input doesn't exceed the max length and if the text shouldn't have html, in a RN context you can use check_html() with the no html parameter. If it can have html you should still use check_html which will clean up any "bad" html and prevent most exploits (and NS will act as a "double" filter). If you have radio buttons and checkboxes they should be filtered to assure there is no numeric input or text in them.

This is where the form designer and the filter writer really need to work together and the form designer and programmer should specify his intent for each field. Some fields such as radio buttons are obvious but there are others where it would be helpful to know (and not necessarily intuitive to someone coming from outside) what the range of values a field can have.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Certification - All Discussion

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©