Defensive Programming (Nomad)

Defensive Programming (Nomad)

Defensive programming may sound like something your granddad did after the war, but it’s key to reducing the number of bugs and increasing maintainability. We’re going to look at what defensive programming is and some steps to doing it in PHP.

061e3bae4ce4234a2194d20a382e5d19?s=128

Christopher Pitt

January 23, 2015
Tweet

Transcript

  1. Defensive Programming

  2. Use a Framework

  3. Don't Trust Users

  4. Filter User Content

  5. filter_var( $input, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE );

  6. filter_var( $input, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE );

  7. filter_var( $input, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE );

  8. → FILTER_VALIDATE_EMAIL → FILTER_VALIDATE_IP → FILTER_VALIDATE_REGEXP → FILTER_VALIDATE_URL

  9. v::alnum() ->length(1,15) ->validate("PHP 6"); // true

  10. → https://php.net/manual/en/function.filter-var.php → https://php.net/manual/en/filter.filters.validate.php → https://github.com/respect/validation

  11. Use Database Abstractions

  12. → http://www.doctrine-project.org/projects/orm.html → https://github.com/auraphp/Aura.Sql

  13. Sanitise User Content

  14. → http://php.net/manual/en/function.strip-tags.php → http://php.net/manual/en/function.htmlentities.php

  15. Don't Trust Developers

  16. Write Tests

  17. → http://grumpy-learning.com

  18. Follow SOLID Principles

  19. Single Responsibility Principle

  20. Open-Closed Principle

  21. Liskov Substitution Principle

  22. Interface Segregation Principle

  23. Dependency Inversion Principle

  24. → https://cleancoders.com

  25. Type-hint

  26. function average(array $values = []) { return array_sum($values) / count($values);

    }
  27. function print_script($src) { assert( is_string($src), "src is not a string"

    ); print "<script src='{$src}'></script>"; }
  28. Thanks! → https://joind.in/13401 → https://twitter.com/assertchris