PHP Reference Book Blog » Clarifications

Control Structures Without Curly Braces

Mario Lurig — Fri, 02 Jan 2009 17:00:53 +0000

In the book I cover the standard syntax methods for if, elseif, else, while, do-while, switch, for, and foreach. Here is the if statement syntax:

if (expr) {
// If expr is TRUE,  do this, then exit the IF loop
}elseif (expr2) {
// If expr is FALSE, and expr2 is TRUE, do this, then exit the loop
}else{
// If all expr's are FALSE, do this, then exit
}

While accurate, there is a shorthand method that does not involve the curly bracket. If there is only a single evaluation, you can remove the curly braces completely. The following two examples are both completely valid syntax for control structures:

if ($a == 1) echo $a;
 
if ($a == 1) {echo $a; $a=2;}

Now, I still recommend using curly brackets, if only for clarity and consistency (excluding them for the second line above would make your life much harder than necessary, but I thought a clarification was in order. For more information on Control Structions, check out chapter 3, pages 25-32 of the free PHP book PDF.

Language constructs vs functions in Control Structures

Mario Lurig — Wed, 30 Apr 2008 05:30:56 +0000

require(), require_once(), include(), include_once()

(pgs. 31-32)

Throughout the noted pages and scattered in a few other places, the above four are referred to as functions, when technically they are considered language constructs. While minor, it should still be clarified. All the functionality and examples are accurate, just some terminology clarifications.

mysql_real_escape_string() vs addslashes()

Mario Lurig — Wed, 30 Apr 2008 05:24:08 +0000

(pgs. 124-125)

When describing the function mysql_real_escape_string(), the following note was included:

Note: Performs the same functionality as addslashes().

While they are practically identical in their behavior, this is an oversimplification of the extra strength of mysql_real_escape_string(). At this point, I will pass on the following blog post that provides some extra insight into the comparison of the two variables:addslashes() Versus mysql_real_escape_string() by Chris Shiflett. I was not previously aware of this difference and security loophole.

define() referenced in Global Variables

Mario Lurig — Wed, 30 Apr 2008 05:03:14 +0000

(pg. 33)

The opening sentence for the Global Variables chapter reads as follows:

While some global variables can be created through the use of
define(), some are reserved because of a special function, giving access to
different types of data.

Technically, the define() function creates a constant that is available globally, as is described properly as part of the function on page 11. Therefore, the sentence would be better phrased as follows:

While some constants can be made available globally through the use of
define(), some are reserved because of a special function, giving access to
different types of data.