Tag Archives: coding standards

Maintaining Standards with PHP Code

In this article I want to talk a bit about standards. Not necessarily standards like you’d find with W3C, and not code formatting standards, but coming up with a consistent plan as you code and sticking with it. Staying close to the PHP manual and following developments with PHP so you don’t get bit in the butt later. I’ve been working with PHP for some years and have seen it go from version 2 through the current version and there have been many changes along the way.

In particular, I was thinking of two specific situations from my past which can bring down a site unexpectedly.

Shared Hosting

This is hard, but for most sites it is how they get online. You find a host, pay a monthly fee, and they take care of the rest. You just code and upload. This is fine, but the lack of control can be frustrating at times. Not only that, you never know who the person is playing SysAdmin on the other end of the wire.

In early 2000 I built a site for a company and it ran for nearly a year when I made a major international move. We were getting ready for another modification after I got settled. Amazingly enough, I was moving to one of the cities where this company had an office. When I got to my destination in early 2001 I had a horrible time getting an Internet connection. I think they were still in the dark ages.

Unfortunately, during my 6 weeks without an Internet connection (known now as my ‘blackout’ period), the shared host decided that PHP 4 was mature enough to upgrade. They sent out plenty of warnings that major changes were coming….but I didn’t get them without e-mail! One day they finally changed over and I had to go borrow a computer to find out why the site didn’t work. It turned out that PHP changed the format for notation for Apache directives. Very simple, very minute, probably not even necessary from my point of view. We got it fixed and we were back on the road and in a couple months we were working toward another redesign.

They say that waking up is hard to do

Have you experienced this? One day your site is down. You clear your schedule, visit the mailing lists and forums and spend your day (or two) finding out what went wrong. Waking up from this nightmare may leave you in a cold sweat. Keeping up with PHP or any software can be difficult. PHP isn’t bad, but you will notice some inconsistencies in the interface and over time things like that will be fixed, eventually breaking old code. What’s even worse is keeping up with shared hosts. Let’s take a look at scenario #2 from the hosting company’s point of view.

I worked for a typical Internet hosting company. We had many web sites on our machines, all with access to PHP. Although I can’t go into details, I would say their implementation of PHP was unusual. It was certainly not stable or secure.

It wasn’t unusual for the SysAdmin to come to work in the morning, read his e-mail, find out there was an upgrade for PHP released overnight and install it. That’s fine for your development server, but would you do that for the machines hosting many thousands of web sites?

Well, they did, they still do and so do many shared hosts. Not the good ones of course. The good ones I’ve been with test very thoroughly before making upgrades. Then they notify the clientele in advance of a change so they can monitor their site.

The problem is, you probably don’t know who is on the other end of your web site. What is their level of ability? Their work ethic? You probably don’t know.

The Standard

The ‘standard’ in this case simply reads “Keep up to date.” Read the PHP manual. Subscribe to the mailing lists. Get the RSS feed. Know what they are doing.

Scan through the manual frequently so you know what is going on. When you see that something is being phased out, like the HTTP_*_VARS, don’t keep developing with it!! Change immediately and start modifying your old code. That day will creep up when it’s gone and you won’t know when. Your site will go down even though you didn’t change anything. You’ll be on the phone with tech support blaming them. I’ve seen it. Worse yet, while you are on the phone with tech support, your former clients will be calling telling you their site is down.

If something is labelled as experimental in the PHP manual, be ready for changes. If you use it, don’t expect it to always work as it is now. You can even help the PHP team by submitting feedback if you use experimental features.

The Reward

The bonus reward for staying up to date is you are unlikely to be surprised. Not ever of course, things happen beyond our control. We can’t know everything, and we certainly can’t know the future. By knowing what’s coming as it is released by the PHP team you can at least get a head start, minimize the impact, and minimize the site outages, which could otherwise mean lost revenue.

If you get the opportunity to be your own SysAdmin, try it, at least on your development machines. PHP isn’t that hard to maintain, and you can see performance boosts by compiling only what you need. It is a big job to maintain a machine though, so if you aren’t up for it then make sure you know you’re hosting company well. Don’t just pick one. Peruse the online comments but don’t assume you are always getting a fair shake because hosting companies offer outrageous affiliate fees making people work hard to get referrals. Talk to friends, use tools at your disposal and make sure that the company you deal with only hires professionals in their field. If you made a bad mistake choosing a company don’t be afraid to move. You shouldn’t reward them for a bad job.

Taking these steps will make sure you are ready to go at each turn in the road. Neither rain, nor sleet, now snow can take down your site!

Now, are you ready for a slashdotting???

Bad PHP Code – Blogs and CMS

Lately people have been blaming PHP for being insecure. While most of them seem to blame little tiny issues that, when used incorrectly by the programmer, make their scripts insecure. Does that make sense? The programmer uses it insecurely, but the problem is in the language. Absurd. Guess what, you can do that with any language. You can make your house insecure too by failing to fasten the door locks. But more to the point, after examining some of the Blog and CMS software for PHP I’ve come to this conclusion – if that kind of programming is general across the board for these packages then we have a bigger problem.

Blame the Messenger

The first thing we need to know is that we are not all knowing.

Often times we get people learning programming from PHP because it is so easy. That’s what I did back in the days of PHP 2. PERL was just a little too hard for me, and in 1995 I had a real hard time scouring information on the web to figure out what CGI was. But I went from getting my feet wet in PHP to learning C to going to college, then going into full-time work. I was lucky.

When I think back to my early days of PHP I can see how we can be dangerous. We typically focus on getting something done, not really how to do it or the best way or even the most secure way. I was so proud when I built the unthinkable using PHP the first time.

The problem when we are that young in a skill is that we think, “OK, I’ve learned this skill, let’s move on.” What we are forgetting is that we know a language but we don’t know how to use it. We’ve figured out where to put the pieces to form sentences – that is, how to write code to not get errors. The problem is, we still don’t know how to have a conversation.

What I’m getting at here is that sometimes we forget that we need to consider why we write code. We need to understand security. We need to know how the web works. We need to know how a browser renders HTML or CSS or XML or whatever you are working with. We need to know the consequences of using a database system, the overhead caused by connects. We need to know how to bug track, profile and optimize for best efficiency. There is much more work to do once you your code “just works.”

Extending the Problem

That is what happens when we are young. Then we explore, then we work, then we forget. That’s me 🙂

As we move along and take on big projects we need to keep on moving upward. From what I’ve experienced, it is common for people to get interested in one area and focus on that. We know programmers who don’t know a thing about hardware. They don’t know what a stack or register is even. On the other side, we have the hardware pros who think they can program because they know the basics of a language. They don’t know what a stack or register is even 🙂

CMS and Blogs

How does this apply to Blog software? I really don’t know. I can’t tell what those individuals and development teams were thinking when they spec’ed out their project. IF they did that. I don’t know what they were thinking when they decided to put PURE PHP code inside template files made for HTML coders, graphics designers and common citizens. Seeing “DON’T EDIT THIS CODE” inside a template file is not acceptable in a project. I especially don’t know what they were thinking when they decided to make “index.php” a 10,000 line piece of code that did everything except the admin.

Obviously there are several CMS and Blog packages for PHP out there that are less than ideal. Some are very big and popular. I’ve seen absolutely useless database connects and queries inside a page that slow it down to a crawl. Major packages with 15+ queries on a blank template page that only returns navigation. You don’t want to install this kind of stuff on a shared host, and if you even get the kind of traffic your blog deserves you’ll be looking for a new package at a really inopportune time….and then figuring out how to migrate your data.

The End

I’m hoping soon we see the end of this kind of thing. The trouble is that PHP is such an easy thing to learn that we won’t. What we need is a crop of fantastic programmers to step up and build something we can be proud of. I have a feeling that won’t happen though. Most of those programmers are employed customizing the blog software that already exists out there for people who found the limitations 🙂