[pmwiki-devel] preg dot question...

Patrick R. Michaud pmichaud at pobox.com
Fri Dec 8 09:19:25 CST 2006 

On Fri, Dec 08, 2006 at 03:20:34AM -0500, The Editor wrote:
> On 12/7/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> >BTW, I've noticed this throughout the ZAP code, where things that
> >ought to be strings aren't placed in quotes.  That's generally not
> >a good idea, because one never knows when a word will accidentally
> >end up being a PHP function or having a meaning other than being
> >a bareword string.
> 
> 
> Ahhh, great Pm!  Thank you so much.  Makes sense now.  Could you be a
> bit more specific about the kinds of places things ought to be in
> quotes, and I'll plow my way through and try to make the corrections?

Just browsing quickly through the zap.php code, the biggest item
I see is the lack of quotes around string literal indexes in
arrays.  For example, ZAP has:

    if (!isset($_POST[nextpage])) $_POST[nextpage] = $pagename;

which really should be

    if (!isset($_POST['nextpage'])) $_POST['nextpage'] = $pagename;

Why?  From [1]:

    You should always use quotes around a string literal array index. 
    For example, use $foo['bar'] and not $foo[bar]. But why is 
    $foo[bar] wrong?  [...]  The reason is that this code has an 
    undefined constant (bar) rather than a string ('bar' - notice 
    the quotes), and PHP may in future define constants which, 
    unfortunately for your code, have the same name.  It "works"
    because PHP automatically converts a bare string (an unquoted 
    string which does not correspond to any known symbol) into a 
    string which contains the bare string.

...but it works only as long as the symbol is unknown.  If the
bare string ever does become defined (e.g., in a future version
of PHP, another recipe, an external library, or by some other
application such as PmWiki), then the index will no longer work.

There are also a few places where there are unnecessary quotes:

  $rr2 = array("$pn[1]","$pn[0]","$GLOBALS[Author]","$e","$ee","$t","Profiles");

This should probably read:

  $rr2 = array($pn[1], $pn[0], $GLOBALS['Author'], $e, $ee, $t, 'Profiles');

There's generally little point in putting quotes around a single
variable -- it just gives the PHP processor more work to do.
(However, don't feel bad, lots of new programmers tend to do this.)

One last item -- several places identify $_POST as a global variable:

     global $m, $_POST;

$_POST (and $_SERVER, $_GET, $_COOKIE, $_SESSION, etc.) are known
as "superglobals", in that they're automatically global to every
function without having to be explicitly declared as such.  I don't
think it's necessarily wrong to declare $_POST as global, but
some PHP programmers would look oddly at it.

Hope this helps,

Pm

1.  http://us2.php.net/manual/en/language.types.array.php#language.types.array.donts

More information about the pmwiki-devel mailing list