Sorting Results Use this To Sort On Multiple Values ORDER BY With $wpdb->prepare ORDER BY and %s does not work with $wpdb->prepare, in our tests the following order by gets ignored: Whereas this works as expected. So it seems that $wpdb->prepare() adding single quotes around the inserted name field causes it to break. Date Order […]
All posts by
Using Strings-Verifying Strings
Is String Numeric Is String A Date Time Is String Within An Array Of Strings Check Entered Web Address This isn’t right – the first test rejects doamins with a hyphen in them Verify Email Address A thorough version from this article here
Differences To C and C++
=== and !=== PHP is a loosly typed language. For instance this is true because PHP converts to the requried types before the compare: if (1000 == “+1000”) To perform an exact comparison you can use this instead, which is false if (1000 === “+1000”) For does not equal you can also use !== Break […]
Convert Strings
Converting to HTML, from form POST, etc See here Converting String To Variable You don’t need to, but if you want to force to a particular type you can: Converting Variables To String No need, PHP automatically converts a varaible to the type needed for the context being used Convert copy and pasted text Remove […]
Sanitising & encoding strings
Sanitising for HTML Convert special HTML entities back to characters Sanitising for HTML from a form POST See page here. filter_var() function Returns the input string filtered, or FALSE if it was unable to perform the sanitization (e.g. due to an illegal character) See here for all the available filter options See here for examples […]
Built In Superglobal Variables
Warning When Using Superglobal Variables Hackers often use these to try and inject code etc. When accessing superglobal variables ensure you sanitise them. E.g. $CameFromPage = htmlentities($_SERVER[‘HTTP_REFERER’]); //htmlentities() converts things like < > ” \ etc into HTML strings like < so they become harmless. Superglobal Variables Always available in all scopes $GLOBALS References all […]
.Functions General
Function Examples Functions with optional arguments With a default array
? True False Test
Examples $MyVariable ? print “True” : print “False”;
Print vs Echo
Print is a PHP function called with an argument. Echo is a PHP language construct. Echo is therefore faster, but when you need an actual function call you can use print. For example this only wotks using print: $MyVariable ? print “True” : print “False”;
Useful Debugging Examples
Echo echo “Line: ” . __LINE__ . ” of file: ” . __FILE__; Var Dump var_dump(