Defensive Programming (Nomad)

Transcript

1. Defensive Programming

2. Use a Framework

3. Don't Trust Users

4. Filter User Content

5. filter_var( $input, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE );

6. filter_var( $input, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE );

7. filter_var( $input, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE );

8. → FILTER_VALIDATE_EMAIL → FILTER_VALIDATE_IP → FILTER_VALIDATE_REGEXP → FILTER_VALIDATE_URL

9. v::alnum() ->length(1,15) ->validate("PHP 6"); // true

10. → https://php.net/manual/en/function.filter-var.php → https://php.net/manual/en/filter.filters.validate.php → https://github.com/respect/validation

11. Use Database Abstractions

12. → http://www.doctrine-project.org/projects/orm.html → https://github.com/auraphp/Aura.Sql

13. Sanitise User Content

14. → http://php.net/manual/en/function.strip-tags.php → http://php.net/manual/en/function.htmlentities.php

15. Don't Trust Developers

16. Write Tests

17. → http://grumpy-learning.com

18. Follow SOLID Principles

19. Single Responsibility Principle

20. Open-Closed Principle

21. Liskov Substitution Principle

22. Interface Segregation Principle

23. Dependency Inversion Principle

24. → https://cleancoders.com

25. Type-hint

26. function average(array $values = []) { return array_sum($values) / count($values);

    }

27. function print_script($src) { assert( is_string($src), "src is not a string"

    ); print "<script src='{$src}'></script>"; }

28. Thanks! → https://joind.in/13401 → https://twitter.com/assertchris