diff --git a/_posts/03-03-01-Exceptions.md b/_posts/03-03-01-Exceptions.md new file mode 100644 index 0000000..cc5487a --- /dev/null +++ b/_posts/03-03-01-Exceptions.md @@ -0,0 +1,64 @@ +--- +isChild: true +--- + +## Exceptions + +Exceptions are a standard part of most popular programming languages, but they are often overlooked by PHP programmers. +Languages like Ruby are extremely Exception heavy, so whenever something goes wrong such as a HTTP request failing, or +a DB query goes wrong, or even if an image asset could not be found, Ruby (or the gems being used) will throw an +exception to the screen meaning you instantly know there is a mistake. + +PHP itself is fairly lax with this, and a call to `file_get_contents()` will usually just get you a `FALSE` and a warning. +Many older PHP frameworks like CodeIgniter will just return a false, log a message to their proprietary logs and maybe +let you use a method like `$this->upload->get_error()` to see what went wrong. The problem here is that you have to go +looking for a mistake and check the docs to see what the error method is for this class, instead of having it made extremely +obvious. + +Another problem is when classes automatically throw an error to the screen and exit the process. When you do this you +stop another developer from being able to dynamically handle that error. Exceptions should be throw to make a developer aware +of an error, then they can choose how to handle this. E.g: + +{% highlight php %} +subject('My Subject'); +$email->body('How the heck are you?'); +$email->to('guy@example.com', 'Some Guy'); + +try +{ + $email->send(); +} +catch(Fuel\Email\ValidationFailedException $e) +{ + // The validation failed +} +catch(Fuel\Email\SendingFailedException $e) +{ + // The driver could not send the email +} +{% endhighlight %} + +### SPL Exceptions + +An Exception by default has no meaning and the most common to give it meaning is by setting its name: + +{% highlight php %} +lot of custom Exceptions, some of which could have been avoided using the SPL Exceptions +provided in the [SPL extension][splext]. + +If for example you use the `__call()` Magic Method and an invalid method is requested then instead of throwing a standard +Exception which is vague, or creating a custom Exception just for that, you could just `throw new BadFunctionCallException;`. + +* [Read about Exceptions][exceptions] +* [Read about SPL Exceptions][splexe] + +[exceptions]: http://php.net/manual/en/language.exceptions.php +[splexe]: http://php.net/manual/en/spl.exceptions.php +[splext]: /#standard_php_library diff --git a/_posts/03-03-01-Namespaces.md b/_posts/03-04-01-Namespaces.md similarity index 100% rename from _posts/03-03-01-Namespaces.md rename to _posts/03-04-01-Namespaces.md diff --git a/_posts/03-04-01-Standard-PHP-Library.md b/_posts/03-05-01-Standard-PHP-Library.md similarity index 100% rename from _posts/03-04-01-Standard-PHP-Library.md rename to _posts/03-05-01-Standard-PHP-Library.md diff --git a/_posts/03-05-01-Command-Line-Interface.md b/_posts/03-06-01-Command-Line-Interface.md similarity index 88% rename from _posts/03-05-01-Command-Line-Interface.md rename to _posts/03-06-01-Command-Line-Interface.md index 775941d..ba0063d 100644 --- a/_posts/03-05-01-Command-Line-Interface.md +++ b/_posts/03-06-01-Command-Line-Interface.md @@ -11,7 +11,7 @@ CLI PHP programs are powerful because you can use your app's code directly witho Try running PHP from your command line: {% highlight bash %} - > php -i +php -i {% endhighlight %} The `-i` option will print your PHP configuration just like the [`phpinfo`][phpinfo] function. There are a number of other useful [command line options][cli-options], too. @@ -19,12 +19,12 @@ The `-i` option will print your PHP configuration just like the [`phpinfo`][phpi Let's write a simple "Hello, $name" CLI program. To try it out, create a file named `hello.php`, as below. {% highlight php %} - php hello.php - Usage: php hello.php [name] - > php hello.php world - Hello, world +php hello.php +Usage: php hello.php [name] +php hello.php world +Hello, world {% endhighlight %} diff --git a/_posts/05-01-01-Databases-and-PDO.md b/_posts/05-01-01-Databases-and-PDO.md index 619ec34..5791fb6 100644 --- a/_posts/05-01-01-Databases-and-PDO.md +++ b/_posts/05-01-01-Databases-and-PDO.md @@ -7,19 +7,19 @@ More importantly, `PDO` allows you to safely inject foreign input (e.g. IDs) int Let's assume a PHP script receives a numeric ID as a query parameter. This ID should be used to fetch a user record from a database. This is the `wrong` way to do this: {% highlight php %} - query("SELECT name FROM users WHERE id = " . $_GET['id']); // <-- NO! +query("SELECT name FROM users WHERE id = " . $_GET['id']); // <-- NO! {% endhighlight %} This is terrible code. You are inserting a raw query parameter into a SQL query. This will get you hacked in a heartbeat. Instead, you should sanitize the ID input using PDO bound parameters. {% highlight php %} - prepare('SELECT name FROM users WHERE id = :id'); - $stmt->bindParam(':id', filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT), PDO::PARAM_INT); - $stmt->execute(); +prepare('SELECT name FROM users WHERE id = :id'); +$stmt->bindParam(':id', filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT), PDO::PARAM_INT); +$stmt->execute(); {% endhighlight %} This is correct code. It uses a bound parameter on a PDO statement. This escapes the foreign input ID before it is introduced to the database preventing potential SQL injection attacks.