All your PHP scripts will blow up one day! Seriously!
 

Every single PHP programmer alive makes the same mistake.
The mistake is posted all over the internet like it is correct but it's not.
The mistake shows a lack of understanding of variable types returned from functions
as well as what a boolean value is.

I'm not kidding.
One day the data your script is looking for to determine what to do will be in the first byte position of the data.

Then all your php will blow up.

You are getting away with it for now, or at least you think.
Do you know what data you missed?

So, here is the incorrect code used by every PHP programmer alive :

if (stripos($string,'hello')) { ....

See php script below for the correct code.

Now if someone really understands "if statements" and the stripos command then they should immediately know this is wrong.

Why?

Because "if statements" only do boolean test and stripos will return non-boolean values as well as boolean false.


It says that in the manual : http://us2.php.net/manual/en/function.stripos.php

Read boolean values conversion : http://us2.php.net/manual/en/language.types.boolean.php


0 evaluates as false in an if statement; 0 is the first position of a string however.
Meaning you get "false" when the string is there and starts in position 0.

Don't believe me?
Ok, then run this code :


<?
$string = "hello";

// wrong code
if (stripos($string,'hello')) {
echo "True";
}
else {
echo "false";
}


echo "<br><br>";


// correct code

if (stripos($string,'hello') !== false ) {
echo "True";
}
else {
echo "false";
}
?>



Notice the "!== false" and NOT "!=false"

Don't believe what I said about "if statements"?
Then run these :

<?

if ("1") {
echo "true";
}
else {
echo "false";
}

?>

<?

if ("-1") {
echo "true";
}
else {
echo "false";
}

?>

<?

if ("0") {
echo "true";
}
else {
echo "false";
}

?>



Happy PHP blow up day!

:1orglaugh

PHP is kinda lazy. For my lazy, I use .css and run block-script find/replace programs. That way, no exploits or FTP exploits on upload, etc...

:D

LOL!

You php will blow the fuck up.


:1orglaugh

That has nothing to do with this.
And it's not php, it's the programmer.

@blackmonsters

Sorry my friend but when you talk about the code I should paste some facts about design.

It looks like you got stuck with FrontPage, 1997 edition :)

http://www.jegsworks.com/lessons/web...sindexhtml.gif

No offense, but you should really let someone else do design :upsidedow

Post a design thread, tell us all about it.

:thumbsup

anyway strpos is supposed to return a number, i always check the result with a number

No, it can return boolean false which is not a number.

it CAN... yes it can

LOL -- you'd be surprised how many people don't actually know this. It's sad. I actually use it as an interview question to separate junior-level developers from people I would actually hire.

Good tip to help people learn!

Yeah and when you do a false test with a number, say "-1" then the if statement evals to true when false is returned from stripos.

<?
$string = "ello";

if (stripos($string,'hello') != -1 ) {
echo "True";
}
else {
echo "false";
}
?>

Like I said, the correct way to do it is !== false

Just be careful with this .. a lot of people here have a "sort of" understanding of PHP. If you use the exact match syntax with other variable types, PHP acts in unexpected ways. For example, even though PHP has a very forgiving manner of variable typing (string versus float, etc) when compared to C or Java, it acts strictly when using ===.

$variable = '5';
if ($variable === 5) will react differently than if ($variable == 5) or if ($variable === '5')

(false, true, true)

I see it all the time and I'm sure you do too.
But when you post about it people still don't listen.

Also note that the notation syntax doesn't affect the outcome:

$var = 7;
$result = ($var == 7) ? true : false;
$result = ($var === 7) ? true : false;
$result = ($var === '7') ? true : false;

Versus

if ($var == 7) {
return true;
} else {
return false;
}

In this industry? CONSTANTLY.

Are there good PHP programmers here? Yes. Are there many? Fuck no. There are guys using mysql() in major products here, not even mysqli() or PDO. It's sickening! No unit testing, no dependency injection, no discernible design patterns, no standardization (PSR, Zend, or otherwise!), no autoloading, no name spacing .. and people HIRE them! :Oh crap

Another weird thing in PHP that I run into sometimes:

$number = 012;
echo $number / 4;

What's that evaluate to? 2.5. Numbers preceded by 0 are treated as octal. 012 in octal is decimal 10. Someone who hasn't run into it would answer that it'd be 3, and they'd be wrong.

OP claims that "every single programmer alive" does that. How many in reality? 50/50?

There is no reason for a string position to be negative.

Correct, quoted 5 is not type integer; the variable type must match for exact match.
And that pretty much sums up what the thread is about.
Doing the correct test on the returned value, which this time requires type.

In PHP? 85%. Most PHP coders are not true programmers. Those who come from a C/Java background are unlikely to make the mistake, but it is VERY common for new developers (or someone who never really needed to learn how to program because they are just hacking around).

If you're still making this mistake, you don't have enough experience to be developing your own apps (which is 85% of PHP guys), if that gives you an idea.

Hyperbole for views.

:1orglaugh

Remember that it can also be cast:

$var = '5';

$result = ((int) $var === 5) ? true : false;

This will also result in a true evaluation, although it's not readily apparent to junior-level guys.

"Lose 85 lbs in a week with this one simple trick. Personal trainers hate him!"

Duh, yeah, that's why people try to use it as false.
PERL actually returns -1 for false for some functions so people think they can use it in php.

I'd prefer to use a more specific function to reduce the chance of mixups. For example, strstr() returns only two possible values - false, or a non empty string. No chance of an ambiguous return there.

This is not a good solution for business use. strstr() is more memory-intensive than strpos(), and thus slower and less scalable. Here's some benchmarking:

http://net-beta.net/ubench/index.php?t=strpos1

From the PHP manual: "If you only want to determine if a particular needle occurs within haystack, use the faster and less memory intensive function strpos() instead."

You may want to research functions you use more carefully, if you're creating anything but the smallest programs for personal use. I wouldn't accept this choice from a contractor, personally. :2 cents:

:thumbsup

Really the problem with adult industry it is that it uses PHP.
Check any mainstream startup launched in the past 3 years and they use all except PHP really.

I know this is GFY and all, but ... seriously? W3 reports that as of the end of May, 2014, PHP is used by 82.0% of all the websites it indexes. There's a reason for that. PHP is a very strong language for the web.

Facebook, Yahoo, Wikipedia, and MANY more rely on PHP. Is this because they're not very bright?

Yes, PHP programmers are usually ridiculously weak, but that doesn't make it a bad language to launch sites with.

Can you give an example of a problem in adult that you're solving in a different language because PHP couldn't get the job done?

My brain just blew up so i'm calling my programmer first thing in the morning...

I don't think this is as widespread as you might think - I haven't personally seen that happen very many times.

Nobody uses that code in PHP. The comparison "===" operator is mandatory in this case. Just sayin' :2 cents:

PHP is a fine language and all but I'm finding Java and Scala to be better for many reasons, type-safety and thread-safety among the biggest reasons. Scala is nice because the syntax is clean and it allows you to program in the functional paradigm which allows for highly reusable code among many other benefits. The JVM does exceptionally well with RESTful web apps. I find that I like programming for the JVM much better than PHP.

I think it's also important to add that perhaps the reason PHP is so widely used isn't because it's the best option. It's probably one of the easiest languages to learn as a beginner because it's so basic. The LAMP stack isn't bad, but it's rather slow unless you make some optimizations.

Another thing that someone failed to mention is that, Facebook had to create their own compiler to reduce PHP down into C++ byte code because it was so slow and scaled so poorly. This is called hPHP (the HipHop Virtual Machine) and they faced a lot of challenges and spent a lot of money to create it. The only reason they stuck with PHP was because they didn't want to introduce instability in switching languages. Most new big services aren't being written with PHP for good reasons.

I'm sorry, but that's a ridiculous comparison. Bring me a site doing the volume Facebook is, and we'll talk. Until then, you're over-engineering and making maintenance more of an issue than it needs to be. PHP is widely used and well represented in the development community. Getting another coder to extend or repair your code is very easy. By moving to another language, you unnecessarily narrow your potential candidates and/or raise their average price.

Don't "solve" non-problems; adult isn't that sophisticated, nor are its problems overly-complex to address. PHP scales very well for all but the largest applications, and I won't pretend it doesn't.

Nop he described it pretty accurate.The reason why facebook is in php it's because it's founder was php programmer so it was an obvious reason to use it.If i would build something new,i would always use PHP simply because i have expertise in it and while other languages are better and faster,those advantages are not big enough to justify learning and using them.

thats why i use code snippets from stackoverflow

Sorry, but I made this post after looking at your tube script.

This is your code :

admin/functions.general.php

function detectMobile() {
...
...
...


case (stripos($user_agent,'android'));
$isMobile = true;
break;
case (stripos($user_agent,'iphone')||stripos($user_agen t,'ipod'));
$isMobile = true;
break;
case (stripos($user_agent,'opera mini'));
$isMobile = true;
break;
case (stripos($user_agent,'blackberry'));
$isMobile = true;
break;
...
...
...
...
...
...
}
return $isMobile;
}


It works just fine but only because the string is never in the first byte.

Based on how this thread is going that code is probably in every thing you ever wrote.

:1orglaugh

That's where I find the bad code that everybody copied.

:1orglaugh

Disclaimer : Stackoverflow is rock solid but nothing is 100%

http://profiles.wordpress.org/cyberseo/#content-plugins ;)

Not bothering to click something with no explanation.

.

Yay I'm good, used !== FALSE even in some code from 2006 I checked. :thumbsup

Given the range of values functions can return it is always best to do proper checking.

One huge problem that isn't as common but that I still see from time to time, is failing to prevent code injection.

You can write anything with any language over any hardware. Even on a 1960's turing machine... there's another thread about old Apple and I posted a video of 3d effects running nice on commodore 64. But, for how long more it is worth to code on c64?

Humans write in the language they know better, it is a fact that lots of 30+ years old adult site developers know PHP best, so they will use PHP, either good or bad way, depends by the human. MtGox was a PHP masterpiece :)

If you ask me, I know C, C++, Java, Python and even Assembly better than PHP, in fact when I have to edit Konrad's PHP's (I will not comment lol), I need google and stackoverflow access "to be sure", or ping him in ICQ. If I have to do a web scraper, chat bot or mass mailer, I use Python - just because in PHP I would be slow and include bugs. I know also C, but it would be overkill, I wrote sites in C cgi's in 1990s just because I was lazy to learn Perl as I knew C from before: Perl guy in the company joked on my 10 pages of C code to make a web form, but for me it was easier than write 3 lines of Perl at the time. Arabic people find easier to write in Arabic than English, it depends by humans.

If you ask most of the people in this thread, they'll use PHP for doing the same stuff I do in Python (and before I done in C). So who knows more Ruby will use Ruby and so on, my point it was on the future, long term, adult kept achored to PHP legacy code and developers. Do we have so many new young developers joining new adult business, except a few PHP guys hired to maintain old PHP code of old adult companies?

The statement about 80% of sites use PHP it may be true, but of these, 1% are really custom new sites and 99% are very old sites or Joomla, WordPress, Drupal installs. My adult sites are in PHP, because based on older PHP cam scripts or tubes, but most of mine (and friend's) mainstream stuff is not PHP.

My point it was: taking in consideration only the 100% custom new sites done from scratch, no simple CMS installs... ask a younger geek, wanting to do his cool stuff for free, or being funded some million dollar by venture capital guys, he (and his banker) may wish to use Ruby on rails, Node.js and fancy Scala, perhaps Python, all other than PHP.

We talk of web development. If you take the TIOBE index: http://www.tiobe.com/index.php/content/paperinfo/tpci/ that is in general, include apps, in fact Objective C and C++ is high, that's not web sites - not good data source. A more web-oriented stat, also more young-oriented, it is github:

https://github.com/search?q=NOT+bigboobs

545,532 JavaScript (that's lots of node.js on server)
444,109 Ruby
392,490 Java
275,635 Python
271,465 PHP
(there C# is low for political reasons, but C# is actually cool and used in web).

This is the mainstream ranking; PHP is the least used web language. Compare with adult (99% PHP, 1% C like CJ's and trafficholders), something is wrong. We all agree trained humans can write good PHP code (even if PHP it calls for bugs as it is conceinved), still in mainstream there is a real discussion "what language we use", while in adult there isn't.

PS: A someone may have noted, I hate editing PHP myself. If you are a PHP guy making no bugs and available for hourly remote work, I may have some task to give. Anyone interested please write to info [at] tubecamgirl or info [at] chatgf . Understanding one or more of: wowza , node.js , Flash actionscript it is a plus. I don't pay in bitcoins.

It's not about being BETTER, it's about maintainability, extensibility, and using the right tool for the job. Code in whatever you're comfortable with, but I code with a team, and the problems we're solving in adult just don't have the SCALE necessary for Python or other languages. As a former Python team member, don't you think I'd use it if it was more appropriate? :winkwink:


That's very cool. I remember the C64/C128 demo scene, and was active in ACiD and iCE for some time myself. I was a young buck, but I loved it. I had quite a C64 setup back in the day.


Great point: when the only tool you have is a hammer, every problem looks like a nail.


You're absolutely right, and this is a great point; I hadn't considered that.


You're right about this. However, I always am thinking about testable, maintainable code. I don't want to maintain my own code forever, I want to hand it off to more junior developers. I use what everyone knows, and I make very effective products with PHP. When I'm coding SOLELY for personal use, yes, I use Node.js and Python -- it just makes more sense in those cases.

so answers with most votes are usually correct.

ref : https://www.google.com/#q=find+string+in+variable+php

1st result: http://stackoverflow.com/a/10920750/1642018

2nd result: http://stackoverflow.com/a/4366748/1642018

Yes, answers with the most votes are usually correct.

Correct is related to the questions asked though.
If you use the code for something different than the question then you have to consider what may be different.

You sound like you're an expert coder - why did you use off the shelf cam scripts rather than doing it yourself?

Weird, I know many mainstream startups in the past 3 years who use PHP. MailChimp for one. Not to mention my own startups.

blog.mailchimp.com/ewww-you-use-php

No, Facebook isn't in PHP because Zuck was a PHP programmer. Zuck was also a perl programmer, but Facebook isn't in perl now is it? Despite all that, after the original PHP code was leaked, they completely rewrote the system from the ground up back in the earlier days, before their current scale... They had some and still do of the best programmers in the world working for them, if they wanted to switch to something else they could have.

In fact, they're so dead set on using PHP that they're creating some of the best stuff to come out for PHP, HipHop VM, which is amazing, and more recently better type hinting and that in Hack, their PHP language.

Interesting; thanks for that article. It definitely gives some food for thought. It's always nice to hear from the "been there, done that" crowd about what decisions they made, and why.