[pmwiki-devel] preg dot question...
Patrick R. Michaud
pmichaud at pobox.com
Fri Dec 8 09:19:25 CST 2006
On Fri, Dec 08, 2006 at 03:20:34AM -0500, The Editor wrote:
> On 12/7/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> >BTW, I've noticed this throughout the ZAP code, where things that
> >ought to be strings aren't placed in quotes. That's generally not
> >a good idea, because one never knows when a word will accidentally
> >end up being a PHP function or having a meaning other than being
> >a bareword string.
> Ahhh, great Pm! Thank you so much. Makes sense now. Could you be a
> bit more specific about the kinds of places things ought to be in
> quotes, and I'll plow my way through and try to make the corrections?
Just browsing quickly through the zap.php code, the biggest item
I see is the lack of quotes around string literal indexes in
arrays. For example, ZAP has:
if (!isset($_POST[nextpage])) $_POST[nextpage] = $pagename;
which really should be
if (!isset($_POST['nextpage'])) $_POST['nextpage'] = $pagename;
Why? From :
You should always use quotes around a string literal array index.
For example, use $foo['bar'] and not $foo[bar]. But why is
$foo[bar] wrong? [...] The reason is that this code has an
undefined constant (bar) rather than a string ('bar' - notice
the quotes), and PHP may in future define constants which,
unfortunately for your code, have the same name. It "works"
because PHP automatically converts a bare string (an unquoted
string which does not correspond to any known symbol) into a
string which contains the bare string.
...but it works only as long as the symbol is unknown. If the
bare string ever does become defined (e.g., in a future version
of PHP, another recipe, an external library, or by some other
application such as PmWiki), then the index will no longer work.
There are also a few places where there are unnecessary quotes:
$rr2 = array("$pn","$pn","$GLOBALS[Author]","$e","$ee","$t","Profiles");
This should probably read:
$rr2 = array($pn, $pn, $GLOBALS['Author'], $e, $ee, $t, 'Profiles');
There's generally little point in putting quotes around a single
variable -- it just gives the PHP processor more work to do.
(However, don't feel bad, lots of new programmers tend to do this.)
One last item -- several places identify $_POST as a global variable:
global $m, $_POST;
$_POST (and $_SERVER, $_GET, $_COOKIE, $_SESSION, etc.) are known
as "superglobals", in that they're automatically global to every
function without having to be explicitly declared as such. I don't
think it's necessarily wrong to declare $_POST as global, but
some PHP programmers would look oddly at it.
Hope this helps,
More information about the pmwiki-devel