# Are You Making These 10 PHP Mistakes?

One of the best things about PHP is that it's a great language to just "dive into", thanks to its wide-ranging popularity. Anyone with the ability to hit "Search" on Google can quickly create a program. However, this also lends to a major criticism of PHP: it's almost too easy to find and reproduce bad code.

Here are 10 PHP mistakes that any programmer, regardless of skill level, might make at any given time. Some of the mistakes are very basic, but trip up even the best PHP programmer. Other mistakes are hard to spot (even with strict error reporting). But all of these mistakes have one thing in common: They're easy to avoid.

Take the time and make sure that your PHP is secure, clean and running smoothly by checking your site for these common PHP blunders.

### 1. Single quotes, double quotes

It's easy to just use double quotes when concatenating strings because it parses everything neatly without having to deal with escaping characters and using dot values. However, using single quotes has considerable performance gains, as it requires less processing.

Consider this string:

### 8. Not Validating Cookie Data

How much trust do you put into cookies? Most people don't think twice about the seemingly-harmless bit of data that's passed by a cookie. The name "cookie" itself is associated Milk, nap time and Santa, for crying out loud! How could a cookie possibly harmless?

If you're not validating cookie data, you're opening your code to potential harmful data. You should use htmlspecialchars() or mysql_real_escape_string() to validate the cookie before storing it in a database.

### 9. Not Escaping Entities

Many times PHP programmers are too trusting with data, especially data generated by user. It's imperative to sanitize data before it goes into any sort of storage, like a database.

Source Rally shows us how to correctly escape entities in things like forms. Instead of using this:

You can validate the data by using htmlspecialchars() (or htmlentities()) like so:

### 10. Using Wrong Comparison Operators

While comparison operators are an extremely basic part PHP programming, mixing these up in your code is certain to bork your program. As the German proverb states, the Devil is in the details.

Being familiar with the often-misused operators like =, ==, != , are absolutely critical to PHP programming. Taking the time to really understand the differences will greatly speed up your programming and yield less bugs to debug.

Photo by Foxtongue.