Enclosing code in quotes.

[SpotOnTech]

While working on my newest client's site I noticed that most (almost all) of the code I saw in the files was formatted like this:

PHP Code:

if($_POST[attribute]
function();

if(!$_POST[attribute]
function(); 


No braces, no quotes. Although somewhat functional, there were more errors when I set the ini to display all errors than I care to mention. As I closed tags, removed print and changed it to echo I noted that all the errors cleared out. This is truly a sign of not only a beginning programmer, but a lazy one as well. Quotes are your friend, as are braces (and include files). 153 files in the root with no include files. Quite frustrating to say the least.

Secondary rant: indenting. Indent your code, people. It makes going back over your code at a later date and makes your (or the next programmer's) life much easier.

Yet another rant: comments. Comments are your friend.

Yep, one more: non-escaped $_GET and $_POST. $_GET is fine if you HAVE to make the URL show data (user profiles and search results are a good example), but $_POST is best. It's harder to hijack, looks nicer when the whole site isn't set with ?action and ?id tags on the end of the URL.

Source: 16 years as a programmer in Python, RoR, PHP/MySQL/MySQLi, ASSEMBLY, PERL, HTML/XHTML, CSS, Java, Javascript and BASIC (yes, BASIC).

[Avalanche]

I've only been programming for a little over four years. And I'll admit I'm self taught. But it was interesting to see the turning point where I felt as though I was no longer a newbie at programming. When I started fixing code that was terrible. I not only could recognize it, I could fix it. When I first realized that it was a big deal and I was so proud that I was better at someone else in programming.

Now, I wish all programmer's were perfect gods so I wouldn't have to fix all their dumbass mistakes. >.> Amazing how the times change.

[ThomasMosey]

I've been programming a little over 6 years now, and to all the people who code like the example given in the OP:



It just simply should not be done, especially if it's for commercial purposes.

[SpotOnTech]

Here's a snippet of code from the contact form that I haven't gone over yet. By the time you read this, it'll be fixed since it's open in Notepad++, but this is as it stands as of posting:

PHP Code:

<?php
$loggedin=notnecessary;
include "header.php";

if(isset($_GET['email'])){
$name=$_POST['name'];
$subject=$_POST['subject'];
$emailaddy=$_POST['emailaddy'];
$email=$_POST['email'];

$to="[REDACTED]";
$subject = "Contact Form";
$body = "From: $name\nSubject: $subject\nEmail Address: $emailaddy\n\n

$email";
$from_header="From: [REDACTED]";
mail($to,$subject,$body,$from_header);

print "Email successfully sent.";
include "footer.php";
exit;
}

print "<form method=post action=contact.php?email=yes>
Your Name: <input type=text name=name><br>
Your Email: <input type=text name=emailaddy><br>
Subject: <input type=text name=subject><br>
<textarea rows=20 cols=30 name=email>Email content here.</textarea><br>
<input type=submit name=submit value='Send Email'></form>";

include "footer.php";
?>

Oh, and no, it was not indented. Personally I enclose all my functions with parentheses to make it explicit. aka: echo("foo"); include("foo"); and I don't use print for anything.

[judda]

Not only will it throw warning, but it also executes a lot slower (approximately 4x).

Speed test ... http://lnked.me/x9idd

isset / empty should be used instead of forcing a hard read of the variable (i.e. isset($_POST['foo']) instead of $_POST['foo']). This is just wrong ...

~judda

[SpotOnTech]

Not only will it throw warning, but it also executes a lot slower (approximately 4x).

Speed test ... http://lnked.me/x9idd

isset / empty should be used instead of forcing a hard read of the variable (i.e. isset($_POST['foo']) instead of $_POST['foo']). This is just wrong ...

~judda

...and that's exactly what I'm running into with over 20k lines of code in this site. I should have charged my per/hr rate instead of a flat fee.

Edit: Also, since there are multiple arrays being passed, I usually cross-check it since say, if(isset($_GET['foo']) && $_GET['foo'] == "bar"). I'm not sure who the coders were of this site, but I'd like to hit them with my old Windows 3.11 manual.