Home Home Page Registration of domain names by the hands. A part 1: it is a little theory. At last I shall result a pair of examples of possible{probable} We earn with the help of a computer. Services on NAROD.RU Inclusion of Java applet in document HTML. Not visual HTML-editors Attributes JavaScript hurries to the aid - 1 How to learn to program on PHP And who there at us now on a site... We study to write scripts correctly. Whether it is necessary to know HTML or it is possible to do without the designer of sites or CMS? The most widespread mistakes of web - optimization The latent text Optimization of a site - Promotion of a site Optimization of heading (title Optimization meta-tegov Optimization of a content Links
topic
 

We study to write scripts correctly.

Many beginning{starting} webs - programmers get acquainted with language on means of books. The book is indoubtedly very important and necessary, but in her examples (for beginning{starting}) which inherently are not correct from the point of view of stability and bearableness of a script are resulted. Stability is understood as an opportunity of occurrence of mistakes of a various kind, as bearableness - too most, but at carry of a script from the domestic local machine on the server of the khostng-provider.


Below I would like to show at once to beginning{starting} webs - developers as it is necessary to study at once to write scripts that then to not test superfluous problems and "not catch" not clear whence getting out mistakes.


At once I shall say, that I with it have collided{faced}, so all this has passed through my tortures....


I shall consider{examine} the following moments:


1. Adjustment PHP for the local machine and on the server.

2. Where it is buried?

3. register_globals = Off and in any way differently.

4. The basic aspects of syntax. A literal or notes a literal...




1. Adjustment PHP for the local machine and on the server.


Why I start with this chapter{head}. The matter is that many by the local machine at once disconnect show of all mistakes. It - is not correct. Instead of it is stupid{blunt} to look in the monitor and to search, where as appears, there is no semicolon, it is possible by mistake, given out PHP at once to understand, what's the matter.


But all over again I want to make small lyrical digression how to adjust PHP, as Apache modul or fast-CGI.

The most optimum variant - to adjust, as the module of the web - server. For this purpose in a configuration file httpd.conf Apache web - server we write the following lines:



LoadModule php4_module D:/bin/php/sapi/php4apache2.dll

AddType application/x-httpd-php .php .phtml .php4 .php


Difference from FastCGI - the following. The first. At FastCGI php.ini there will be podgruzhat`sja in memory of the web - server approximately each second time at start of a script, at installation as module Apache loading of configuration PHP will be carried out only at loading or restart a web - sevrera, by itself speed and loading on the server will be less. Besides it, at installation as fastCGI the certain functions are inaccessible. They will not be necessary for the beginning{starting} programmer., but by development of the large Internet - application you can face problems. And problems are better for preventing.


Now we shall pass to a configuration itself PHP. In a configuration file php.ini it is without fail established{installed} the following directives with below written values:



error_reporting = E_ALL

display_errors = On

display_startup_errors = On


To write or to not write mistakes to a broad gully files are already on your discretion.

On the server in the khostig-company, necessarily, switch off all these directives with a view of safety that the potential malefactor could not learn{find out} a way where your scripts lay. But on good when you already publish the script in a wide-area network, he should not give out any mistakes.

Besides it



short_open_tag = Off



That it was impossible to use <?, only <? php. It is done{made} for avoidance of mistakes, in a case if in the text comes across <?



max_execution_time = 10


By default max_execution_time directive matters 30, but for speed of job, it is better to put less. If at you something "has gone in cycles", it is quite enough to understand 10 seconds.



register_globals = Off

register_argc_argv = Off


In 3 chapter{head} I shall tell in more detail about it...



magic_quotes_gpc = Off


Very much often beginning{starting} webs - developers do not understand a difference between ' and ”, therefore we switch off the directive. In 4 chapter{head} the given moment will be shown on an example...



2. Where it is buried?


It, perhaps, the most basic mistake of beginning{starting} programmers - use. This symbol, before any operator suppresses a conclusion of a mistake and its{her} recording in a broad gully. He does not allow to trace a mistake at a stage of debugging, and you convulsively try to understand, what's the matter.


Vivid example. We shall assume, we have put a symbol before a line $f = fopen ("fle.txt", ” w + “);. If to take only the most widespread mistakes which can arise at the subsequent fwrite for example it: a) there are no access rights to a file, b) the file does not exist, v) fopen cannot be called in a safe mode. Represent, how much variants of mistakes can be? A great lot. And as you are going to to learn{find out}, what mistake has arisen at you, in fact you have suppressed their conclusion a symbol.


Therefore it is strict on strictly we forbid to you to use.


You ask and how then to make that the mistake was not deduced{removed}?

That the mistake of her{it} was not deduced{removed} is necessary or to prevent, as in a case with files, that is a) to check a file on existence, b) to check, and it is possible (there are rights) in him{it} something to write down is_writeable ();.


In other cases, for example at use mysql_connect (); it is necessary to check value which will be returned with function. As a rule, on it{him} it is possible to define{determine}, eat a mistake whether or not. Usually at a mistake value FALSE, NULL or an empty line comes back.


It will allow you, to give out to the user not empty page, if, for example, he has tried to address to the information (? n=14), and the information is stored{kept} at you in files, and the file 14 does not exist, and the text the message: « the Information is not found ».


"Catching" of mistakes is also very much a prominent aspect of safety at job of a script.



3. register_globals = Off and in any way differently.


If in first two chapters{heads} I emphasized on those moments which the beginning{starting} programmer will collide{face} already at once in this chapter{head} I shall tell about such moment which will be shown already later... Frequently with it{him} everyone collide{face} at carry of a script (available) on the server a hosting of the provider. Personally I for a long time got used to register_globals = Off, therefore the comrades, beginning{starting} programmers, at once put this directive switched off. Besides it, the given moment is VERY IMPORTANT in a safety of a script.


So. In what all zagvostka. First we shall consider a case, when at us register_globals = On. As you already, probably, know, the data in a script can be passed by three ways, has said roughly, actually their two. The first it GET, i.e. the data are passed through an address bar of a browser after a symbol "?", the second - POST, at his{its} use the data are betraid in an implicit kind for the user. Method POST is used, as a rule, for sending the data of the form. Well and the third are the Cooks transferred{handed} from the user to a script.


Let's consider such case. We have form which is to the address index.php? form. In the form some text fields of fields. Let it will be family, name, phone. The form is sent on the same index.php but method POST. Having checked up all data, we have written down to the user two Cooks with names family and form, in the second we have written down time of access to the form, for example.


Let's present, that at us the part of a file index.php will consist of the following code, i.e. in a case if the user has already entered the data on the form, they are shown him, if no - the form is deduced. And all this to the address index.php? form.



<? php


if (isset ($form))

{

if (isset ($family) ** isset ($form))

{

print " your surname: ". $family. "<br>";

print " you were here: ". $form. "<br>";

}

else

{

// We show our form.

}

}


?>


And now reflect.. That will be in $form, in fact we pass a variable, as GET in parameter, and through Cooks.. You will be convulsively farther to search for a mistake that, why $form at you empty or on the contrary.


I.e. actually all is reduced to that there is an opportunity of substitution of all variables. As a matter of fact it is an essential minus in safety as the probability of is very great that the malefactor can see what or the important files on the server.


Now how it to realize under register_globals = Off


In PHP there are some global files. $ _GET, $ _POST, $ _COOKIE, $ _REQUEST (association of first three, it is not recommended with a view of safety), $ _FILES (for aploda files), $ _SESSIONS (session), $ _SERVER (server variables), $ _ENV (variable environments), $GLOBALS (unites all).


What does it mean. Below I shall simply copy a script, given by me earlier for register_globals = Off..



<? php


if (isset ($ _GET ['form']) ** isset ($ _COOKIE ['family']) ** isset ($ _COOKIE ['form']))

{

print " your surname: ". $ _COOKIE ['family.'] "<br>";

print " you were here: ". $ _COOKIE ['form.'] "<br>";

}

else

{

// We show our form.

}


?>


Now any problems will not arise.

Just in case I shall specify, that in $ _ **** ['name'] instead of name it is necessary to write a name of a text field or Cooks or the parameter transferred{handed} from an address bar.


In same chapter{head} I want to consider the following small example. Besides all over again we shall consider an example with switched on register_globals.



<? php


function my ()

{

$a = 7;

}


$a = 2;

my ();

print $a;


?>


The script will deduce{remove} value $a equal 7. I.e. as a matter of fact, we have, that variables accessible as inside, and outside of function. With it to not eat well as at the big script of such variables $a there can be a great lot and as consequence{investigation} in any function value peremenno can be changed and the result of performance of a script will be unpredictable.

Now, if the same code to execute at register_globals = Off, it will be deduced{removed} 2. As changes of a variable $a inside function do not mention a variable $a in the basic body of a script. Here it is necessary to read a manual about area of visibility of variables.

If we should receive this seven it is necessary to return from function value local $a and saving this value in global $a.



<? php


function my ()

{

$a = 7;

return $a;

}


$a = 2;

$a = my ();

print $a;


?>


4. The basic aspects of syntax. A literal or but a literal...


1. Besides many beginning{starting} programmers do not understand a difference between recording: $ _POST ['pole'] and $ _POST [pole]. The first variant - sintaksicheski is correct, and the second no. PHP will try to find not an element pole, and an element with a name which is stored{kept} in a constant pole which at you - no.


Inverted commas frame literals, i.e. lines. If at you a file - index in him it is not necessary to write $ _POST ['1'], and it is necessary $ _POST [1].


Differences between ” and ' no.


2. A conclusion of variables often carry out thus:



print ” My name is $name. I $age years old. “;


Such line "understands" the interpreter much more should, than



<? php

print " My name is ". $name. ". I ". $age. " years old. ";

// Or

print " My name is {$name}. I {$age} years old. ";

?>


The first variant is most preferable, and from the point of view of editing a program code - it is easier to understand, where at you a variable, and where at you the text.