Adrian adrian-enspired

Here's a very common pattern. People recommend it everywhere. Put your config into a separate file, and require it in your script. Awesome, right!?

Halfway. Yes, doing it is better than not. BUT now you have a bunch of invisible variables in your script! This makes for code that is hard to read and debug, and is fragile because code that directly affects your script is far away from it.

Imagine you got a warning like "undefined index 'foo' …" one day. It seems obvious now — the config file is messed up. But what if there were a ton of other stuff going on around this? What if this happens six months later (when you've completely forgotten about where $config comes from)? Even worse, what if a second config file gets included somewhere in the same scope and these invisible variables start colliding!?

BAD.config.php

<?php
$config["foo"] = "Hello, World!";

PHP First

Generally speaking, your PHP code can be sorted into two categories:

code which does work (processing input, controller logic, database access, error handling, etc.), and
code which produces output (echo, <?= $var ?>, plain <html>, etc.).

work goes FIRST. output goes LAST.

	<?php

	// let's make a query.
	// only sql. NO DATA! put a named parameter where the data would normally go.
	// parameters start with a ":", contain letters, numbers, and underscores only, and are not quoted.
	const SQL_SELECT = 'SELECT foo, bar, baz FROM myTable WHERE quxx = :quxx';
	// that's the parameter marker ---^

	// prepare the statement.
	$selectStmt = $pdo->prepare(SQL_SELECT);

	<?php

	$host = "db hostname";
	$dbname = "db name";
	$user = "db username";
	$pass = "db password";
	$charset = "UTF8MB4"; // if your db does not use CHARSET=UTF8MB4, you should probably be fixing that

	$dsn = "mysql:host={$host};dbname={$dbname};charset={$charset}";

	<?php

	$a = [
	"true",
	true,
	1,
	"1",
	"false",
	false,
	0,

	<?php

	// basic concept:

	$whitelist = [
	'foo',
	'bar'
	];

	if (in_array($unknown_value, $whitelist, true)) {

	<?php

	// I first saw this on freenode/##php, from Viper-7.

	// first, make an array with ALL of the field names you expect, and default values for each.
	// keys are field names; values are field defaults.
	$defaults = [
	"field1" => "default value",
	"field2" => "", // ← default is empty string
	"field3" => null // ← no default value

	<?php

	/**
	* performs validation on a variable, returning the variable's value on success.
	*
	* @author Adrian <[email protected]>
	* @copyright 2013
	* @since 2014-08-21 allows a validator callback
	* @license MIT <http://opensource.org/licenses/MIT>
	*

	<?php

	/*
	You don't need ReflectionClass at all - just make an interface for your classes to follow.
	Define all the methods that you require of your classes for this situation.
	*/

	interface iA{
	// (modified init signature to include args you pass in your example)
	public function init( $request,$response );