[pmwiki-devel] preg dot question...

Fri Dec 8 09:33:42 CST 2006

On 12/8/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Fri, Dec 08, 2006 at 03:20:34AM -0500, The Editor wrote:
> > On 12/7/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> > >BTW, I've noticed this throughout the ZAP code, where things that
> > >ought to be strings aren't placed in quotes.  That's generally not
> > >a good idea, because one never knows when a word will accidentally
> > >end up being a PHP function or having a meaning other than being
> > >a bareword string.
> >
> >
> > Ahhh, great Pm!  Thank you so much.  Makes sense now.  Could you be a
> > bit more specific about the kinds of places things ought to be in
> > quotes, and I'll plow my way through and try to make the corrections?
>
> Just browsing quickly through the zap.php code, the biggest item
> I see is the lack of quotes around string literal indexes in
> arrays.  For example, ZAP has:
>
>    if (!isset($_POST[nextpage])) $_POST[nextpage] = $pagename;
>
> which really should be
>
>    if (!isset($_POST['nextpage'])) $_POST['nextpage'] = $pagename;
>
> Why?  From [1]:
>
>    You should always use quotes around a string literal array index.
>    For example, use $foo['bar'] and not $foo[bar]. But why is
>    $foo[bar] wrong?  [...]  The reason is that this code has an
>    undefined constant (bar) rather than a string ('bar' - notice
>    the quotes), and PHP may in future define constants which,
>    unfortunately for your code, have the same name.  It "works"
>    because PHP automatically converts a bare string (an unquoted
>    string which does not correspond to any known symbol) into a
>    string which contains the bare string.
>
> ...but it works only as long as the symbol is unknown.  If the
> bare string ever does become defined (e.g., in a future version
> of PHP, another recipe, an external library, or by some other
> application such as PmWiki), then the index will no longer work.
>
> There are also a few places where there are unnecessary quotes:
>
>  $rr2 = array("$pn[1]","$pn[0]","$GLOBALS[Author]","$e","$ee","$t","Profiles");
>
> This should probably read:
>
>  $rr2 = array($pn[1], $pn[0], $GLOBALS['Author'], $e, $ee, $t, 'Profiles');
>
> There's generally little point in putting quotes around a single
> variable -- it just gives the PHP processor more work to do.
> (However, don't feel bad, lots of new programmers tend to do this.)
>
> One last item -- several places identify $_POST as a global variable:
>
>     global $m, $_POST;
>
> $_POST (and $_SERVER, $_GET, $_COOKIE, $_SESSION, etc.) are known
> as "superglobals", in that they're automatically global to every
> function without having to be explicitly declared as such.  I don't
> think it's necessarily wrong to declare $_POST as global, but
> some PHP programmers would look oddly at it.
>
> Hope this helps,
>
> Pm
>
> 1.  http://us2.php.net/manual/en/language.types.array.php#language.types.array.donts

Thanks so much Pm for looking at the code.  I really appreciate it.
I'll make the changes for the next release. I've enjoyed working with
PmWiki very much and have learned more than I ever imagined.

Feel free to point out any other suggestions. If people are going to
be using ZAP (and some are) I want to make sure it works as well as
possible, so there's no chance of any negative reflections on your
fine wiki system.

Cheers,
Caveman