Don't Trust User Input

[mouakter13]

Okay, this is more of a MySQL problem, but we tend to write our SQL code in PHP, so I say it's fair game. In any case, don't use wildcards in SQL queries if you can avoid them, especially if you have a database with a lot of columns.

Specify the exact columns you need and only retrieve those. This helps minimize your resource usage, protect your data, and make things as clear as possible.

While you are on the subject of SQL, get to know its available functions and test the speed as much as possible. When calculating averages, sums or similar numbers, SQL functions are used instead of PHP functions. If you are unsure of the speed of a query, test it and try other variations – use the best one.

It is unwise to rely on user input. Always filter, sanitize, escape, review, and use security measures. There are three problems with user data: developers do not consider all possibilities, it is often incorrect, and austria phone number data it can be intentionally malicious.

A well thought out system can protect against all of this. Be sure to use built-in functions such as filter_var()checking that values ​​are correct and escaping functions and other functions when working with databases.

WordPress has a ton of features to help you out. Check out the Validating, Escaping, and Sanitizing User Data article for more information.

8. Don't Try to be Smart
Your goal should be to write elegant code that expresses your intentions in the clearest possible way. You might be able to shave an extra 0.01 seconds off each page load by shortening everything to single-letter variables, using multi-level ternary logic, and other clever tricks, but this really is nothing compared to the headaches you'll cause yourself and everyone else around you.

Name your variables appropriately, document your code, choose clarity over brevity. Better yet, use standardized object-oriented code that more or less documents itself without the need for lots of inline comments.