PHP language is very powerful, can help us solve many problems. However, in practice, it is not without flaws. We are here to tell you in detail about issues related to PHP applications solutions.

• depth PHP mysql_fetch_array () function
• PHP variable argument list function of the specific implementation description
• PHP single element of design theory and application of analytical models
• PHP intval function security application skills
• detailed interpretation of the PHP comparison operators

prudent use==comparison, because PHP is no type, but the underlying C implementation is a type of engine. Ultimately have the type of conversion, such as 0==”abc” The result is true, this may not be what we want

in a specific type of semantics is to be used where a clear change if the correlation function : intval. . .
place in a unified definition of the PHP file include path, so that all parts of the project do not include the time to bring the file path, as long as the file name on the line, easy file transfer

PHP application problems There is not a direct function, class method to use PHP’s global variables, but should provide a separate agency to access the global variables, which can be objects, or just a simple function, if it is in class access to global variables , modify the global variable to use a proxy object, so between the two objects have a clear dependence, do not directly use the global variable inside a function or global variable outside a function, function parameters should be used only to pass the incoming data. Try not to use their global variables and then around the global, repeated attention to the form submission. This token can be used.

decision system is a single entry or multiple entry

Note encoding: encoding files are stored, the page code, database coding, the user’s operating system code (user input directly on the contents of the address FF , Opera will encode the contents of the operating system urlencode encoding, and IE6 AS)

Do not expose the file path

after the user submits a request to switch off browser, or click your browser’s stop broken or other reason after the network is to continue processing, or PHP to stop processing, PHP How do I know the above: connection-handling (ignore_user_abort, register_shutdown_function, connection_status …)

time zone, if the application is distributed, then

explode applied to a null value will generate a content that contains an array: array (“”), but the latter is not is false. That is: null is false, but explode (‘,’, null) is true after, so be careful if (explode (‘,’,$ var)) this condition

$ var=null; isset ($ var) is false.

PHP applications in the security issues

validate input, do not believe the data from the user (GET, POST, COOKIE), for a PHP application, these data should be unified filtering, such as coding html tags to prevent XSS, to prevent sql injection.

also need to verify for the content, PHP to verify the time, a variety of authentication because the client can easily skip the (pseudo-form, disable js and html firebug these tools can be easily modified) .

to pay attention to the size of the data submitted by the user. Such as post data, or get too much data may be a buffer overflow problem

carefully server non-PHP files. If the application can upload or download files, to avoid reading the file directly through the file name and file name is user provided, may provide some users should not see their own files, but the PHP program is read out. Also, do not appear in the returned html file path, the path to save the file should not allow users to see, the user may guess the other based on these paths should not see their own files

if the session is stored in file, and there are other unknown web server user (such as letting the web host), should modify the session file is saved, or the session through the PHP session handler written to the database, because the session is saved in the default temporary directory , other people can have access to, to save the password if the session sort of information very dangerous.

over issues related to the PHP application solution.