mirror of
https://github.com/e107inc/e107.git
synced 2025-08-07 15:16:30 +02:00
Updated Coding Standard (markdown)
CaMer0n
@@ -184,11 +184,26 @@ Don't use extract() on arrays (usually DB rows) - it causes confusion, and somet
|
||||
$text .= $field_name;
|
||||
}
|
||||
|
||||
9. As $_POST variables are checked/sanitized, create new variables to hold the checked values - makes it obvious what's safe and what's dodgy. (Note validator_class.php, especially where the same DB data can be input from several different places). Make sure $_POST variables are only processed if the user has the relevant permissions, and if the relevant options are enabled (its not enough to hide the button or field which initiates the post - security levels MUST be checked at the point of execution).
|
||||
### Explode() and List
|
||||
Consider using list() instead of explode() when the values will be given their own strings and the size of the array is known.
|
||||
|
||||
10. Validate generated HTML on each page you work on to Html5.
|
||||
**Okay:**
|
||||
|
||||
$tmp = explode("|",$array);
|
||||
$id = $tmp[0];
|
||||
$email = $tmp[1];
|
||||
|
||||
11. Code must not produce any PHP warnings or notices during normal use. (This primarily implies that all variables must be defined before being used. It also implies that a corrupted installation may produce errors, although as far as practicable the code should accommodate this.
|
||||
**Better:**
|
||||
|
||||
list($id,$email) = explode("|",$array);
|
||||
|
||||
|
||||
|
||||
As $_POST variables are checked/sanitized, create new variables to hold the checked values - makes it obvious what's safe and what's dodgy. (Note validator_class.php, especially where the same DB data can be input from several different places). Make sure $_POST variables are only processed if the user has the relevant permissions, and if the relevant options are enabled (its not enough to hide the button or field which initiates the post - security levels MUST be checked at the point of execution).
|
||||
|
||||
Validate generated HTML on each page you work on to Html5.
|
||||
|
||||
Code must not produce any PHP warnings or notices during normal use. (This primarily implies that all variables must be defined before being used. It also implies that a corrupted installation may produce errors, although as far as practicable the code should accommodate this.
|
||||
|
||||
12. Where a feature is upgraded or changed:
|
||||
|
||||
@@ -201,23 +216,33 @@ Note SITEURLBASE to prepend to absolute links to get a full URL. Note SERVERBASE
|
||||
|
||||
14. To check whether a particular plugin is installed, use function e107::isInstalled($plugname) - returns TRUE if plugin installed. Alternatively, look at $pref['plug_installed'][plug_path'] ('plug_path' is the subdirectory name - e.g. calendar_menu). The array element exists only if the plugin is installed (assuming proper install/uninstall process followed), and contains the version number of the plugin.
|
||||
|
||||
### Javascript, CSS and Meta
|
||||
Use the following functions to include js or css files
|
||||
|
||||
e107::js();
|
||||
e107::css();
|
||||
e107::meta();
|
||||
|
||||
|
||||
## SQL Details
|
||||
|
||||
1. Don't enclose integer values in quotes in WHERE clauses - slows up the query. (But make sure there's no way the value can be something other than an integer).
|
||||
|
||||
$sql->select('user','*',"user_id = '".$id."' LIMIT 1");
|
||||
Don't enclose integer values in quotes in WHERE clauses - slows up the query. (But make sure there's no way the value can be something other than an integer).
|
||||
|
||||
|
||||
$sql->select('user','*',"user_id = '".$id."' LIMIT 1");
|
||||
$id = 1;
|
||||
|
||||
//BAD - Slower and risk of failure.
|
||||
$sql->db_Select_gen("SELECT * FROM `#user` WHERE user_id = '".$id."' LIMIT 1");
|
||||
|
||||
//GOOD - Faster, 0 if no value
|
||||
$sql->db_Select_gen("SELECT * FROM `#user` WHERE user_id = ".intval($id)." LIMIT 1");
|
||||
|
||||
|
||||
//BAD - Slower and risk of failure.
|
||||
$sql->db_Select_gen("SELECT * FROM `#user` WHERE user_id = '".$id."' LIMIT 1");
|
||||
Where only one record is expected, use "LIMIT 1" in the query for better performance.
|
||||
|
||||
//GOOD - Faster, 0 if no value
|
||||
$sql->db_Select_gen("SELECT * FROM `#user` WHERE user_id = ".intval($id)." LIMIT 1");
|
||||
|
||||
|
||||
2. Where only one record is expected, use "LIMIT 1" in the query for better performance.
|
||||
|
||||
3. insert() and update() Associate field names and values (rather than using an ordered list of just values) - avoids problems with DB changes. Make sure values are specified for any field without a default - else fails in STRICT mode.
|
||||
### insert() and update()
|
||||
Associate field names and values (rather than using an ordered list of just values) - avoids problems with DB changes. Make sure values are specified for any field without a default - else fails in STRICT mode.
|
||||
|
||||
Insert Example:
|
||||
|
||||
@@ -245,34 +270,23 @@ Update Example (few fields):
|
||||
|
||||
Note the _FIELD_DEFS and _NOTNULL arrays for assisting with producing valid data. These are auto-generated for any db_Insert() or db_Update() that passes array data which does not include them. If the automatic generation produces the wrong conversions, there is a mechanism to override the default.
|
||||
|
||||
4. Use backticks around table names and field names. (eg.`#user`)
|
||||
Use backticks around table names and field names. (eg.`#user`)
|
||||
|
||||
$sql->gen("SELECT user_email FROM `#user` WHERE user_id = 1 LIMIT 1");
|
||||
|
||||
5. Only read the fields that are actually needed, especially on tables with a large record size.
|
||||
Only read the fields that are actually needed, especially on tables with a large record size.
|
||||
|
||||
6. From v2.0 onwards, where the minimum required mySQL is now 4.1, the following functions are available through gen():
|
||||
The following functions are available through gen():
|
||||
|
||||
SQL_CALC_FOUND_ROWS - returns total number of rows which would match the search criteria in the absence of a LIMIT phrase.
|
||||
If used, value is automatically retrieved and placed into $sql->total_results
|
||||
REPLACE - effectively if row exists, delete it, then insert (so unspecified fields become the default)
|
||||
INSERT ... ON DUPLICATE KEY UPDATE - on existing records, will only update specified fields
|
||||
|
||||
7. To avoid problems when 'STRICT' mode is set for MySQL, make sure any field which doesn't have a default value is defined (usually 'text' fields). (This is handled automatically if passing array data to insert() or update(). (db_Insert() or db_Update())
|
||||
To avoid problems when 'STRICT' mode is set for MySQL, make sure any field which doesn't have a default value is defined (usually 'text' fields). (This is handled automatically if passing array data to insert() or update(). (db_Insert() or db_Update())
|
||||
|
||||
8. If reading XML files (typically plugin.xml) use the filter capability to limit the amount of data retained in memory to that which is actually needed.
|
||||
If reading XML files (typically plugin.xml) use the filter capability to limit the amount of data retained in memory to that which is actually needed.
|
||||
|
||||
9. Consider using list() instead of explode() when the values will be given their own strings and the size of the array is known.
|
||||
|
||||
**Okay:**
|
||||
|
||||
$tmp = explode("|",$array);
|
||||
$id = $tmp[0];
|
||||
$email = $tmp[1];
|
||||
|
||||
**Better:**
|
||||
|
||||
list($id,$email) = explode("|",$array);
|
||||
|
||||
## Language Files and LANS
|
||||
|
||||
|
||||
Reference in New Issue
Block a user