Things that I hate about PHP

Ok so I've been back in the swing of development for a while now and I've reminded myself about the things that I hate about PHP. Overall I like it a lot but these are the things I hate.

magic_quotes

So the deal here is that when enabled, any posted information will have any quotes magically escaped, so if you were to post the text "Fish 'n' Chips" then your script would receive the text "Fish \'n\' Chips". This is useful because then you don't have to do anything to it to include it directly in a query for insertion into a table, but nowadays parameter binding and database abstraction layers take care of that. If you're starting from scratch, do yourself a favour and disable magic_quotes on your PHP installation. If you can't, use this to do it for you:

// If magic quotes are on, remove any slashes in the input.
// This allows us to operate on all inputs without having to addslashes().
if (!empty($_POST))
  if (get_magic_quotes_gpc())
    foreach ($_POST as $var=>$val)
      if (is_string($val))
        $_POST[$var] = stripslashes($val);  

This will ensure that the contents of the $_POST variable will always be as it was posted when you first get your hands on it. What you do with the content is then up to you.

addslashes, stripslashes

Ok, I don't hate these functions as much as I hate how they are abused. The problem is that people don't seem to understand when and why they should be used. It is not correct to always addslashes() your content before inserting it into a database and stripslashes() when getting it back. It is correct to addslashes() the content as you're inserting it ONLY if the string hasn't been addslashes()ed before - remember that magic_quotes does this too. The result is that if you have magic_quotes enabled and you addslashes then our string "Fish 'n' Chips" ends up becoming "Fish \\\'n\\\' Chips", then it is inserted. A "fix" (ahem) is to stripslashes() when you get it out of the database but this is not correct, it is very much a bandage on a problem.

Automatic Typecasting

It's useful to be able to have a string with the value "10" and add an integer value of 2 to it and have the result as an integer of 12, but you cannot disable the automatic typecasting. This lends itself to bad programming practice, and confusion when it comes to how your application will behave when it casts an array to an integer for example. The PHP website lists the exact behaviours but it is annoying when "0", "", 0.0 (float), 0, false, NULL, Array() and an empty object (PHP4 only) are all treated as FALSE, but "0.00" is treated as true. This is alleviated somewhat by using the type equality operator (===) where the result is only true if the type on both sides of the operator is the same but it does annoy me. Hungarian notation may be of use to help set the standard in a project.

Variable Scope

The scope of a variable is the current function, method or global in the case of neither. It would be nice to have the scope of a variable be the current block as in perl (forgive me, it's been a long time since I had to write perl) where the variable only exists for the scope of the current block, for example:
for (var $i=0; $i<10; $i++)
{
// do something with $i
}
// $i no longer exists here

Prefixing variables with $

I heard one of the PHP guys on a podcast (a TWiT one I think) saying the reason that variables had to be prefixed with $ was that it was easier to write a parser that just knew that $ had to be a variable, rather than determining whether it was an operator. Ok, I agree but let me see how many lines with $'s I can find in my current project: 37375 out of 55925. I'm just annoyed, oh and switching between PHP and Javascript where you don't use $ as variable name prefixes is annoying (as is the fact that + is the concatenation operator in Javascript and it's . in PHP)

I miss something like pascal's "with" operator

Especially when you're dealing with data deep in an object, for example $foo->bar->baz->quz[] (and I use this object level often) it would be nice to be able to go:

with ($foo->bar->baz)
{
  .quz['element1']
  .quz['element2']
  .quz['element3']
  // etc
}

Can't do it :( VB has a similar construct but I can't recall what it's called.

Different Quoting Behaviours

The difference between a "string" and a 'string' irks me. "string" is parsed for variables, e.g. with $name = 'Bob', "My name is $name" would return "My name is Bob", but 'My name is $name' would return 'My name is $name'. I opt for the latter please, and just let us work out what we want to do.

Other than that ...

.. it's all good! As I said above I like PHP a lot and the fact that it's got such a huge following and is used on some pretty major products (Facebook for one, Yahoo for another) is a testament to how well it can work when implemented properly.

Simple Content Manager Launches

If you care you may know that I've been working with Turboweb for a couple of months now. I've been mostly working on a system for creating websites. The gist is that if someone wants a website to complement their business or group or whatever but they don't know how to get started then we provide EVERYTHING that they need (hosting, email addresses, domain names, ecommerce, image gallery, news, events etc etc) for a single monthly cost. We call it the Simple Content Manager (SCM). It's pretty neat.

I've been furiously coding and testing for the last couple of months and to see the final product working - actually working - is almost unbelievable and kind of scary. You can get a website up and running in just a couple of minutes, and thanks to some great design skills the websites look pretty decent too. I'll be the first to admit that we're not firmly in the saddle as the horse is taking off but the best way to find out is to ride it.

I've heard that it's not uncommon for people to be charged a single design/build fee of several thousand dollars for a new website - which is kind of silly as the majority of people who want a new website want pretty much the same features that other websites have got. I know of two people who have recently paid over $5,000 for a basic website with ecommerce. That sucks. So, we're aiming at less than $20 per week with no long term commitment required. A big advantage here is that for small businesses who don't know how well they're going to do in the future they can just have their website as a regular monthly outgoing cost.

Anyway, the long and short of this blog post is that everyone on the planet (with internet access) can trial our SCM for 14 days to see if they like it. We're also on the hunt for resellers so drop me a line if you're curious.

You can sign up for a trial at http://www.scmdemo.com/signup/. Would be interested in your feedback.

Tweeting in Linux

Quickly tweet from your Linux environment with this script - all you need is the ability to launch a shell script, e.g. from a terminal, shortcut on your desktop or Gnome panel

Requires: curl, zenity.

Change the TWITTER_USERNAME and TWITTER_PASSWORD accordingly. Remember to make the script executable and since it contains your twitter username and password you most probably want u+rwx, go-rwx (or 0700).

#!/bin/bash
TWITTER_USERNAME=twitterusernamehere
TWITTER_PASSWORD=twitterpasswordhere

tweet=$( zenity --title "Tweet:" --entry )
if [ ! -z "$tweet" ]; then
  result=$( curl -s -u $TWITTER_USERNAME:$TWITTER_PASSWORD -d status="$tweet" http://twitter.com/statuses/update.xml | grep -i "could not authenticate" | wc -l )
  if [[ $result -eq "1" ]];
  then
    zenity --error --text="Error logging onto Twitter - please check your username and password or Twitter availability."
  else
    zenity --info --text="Tweeted!"
  fi
fi