The study of php. Books for training. Use constants, not global variables

For the first few points I’ll try to write recommendations in free form.

The first and most important thing is that in order to study PHP programming well, you need to study programming well. This is a very important thing. Most people writing in PHP do not have the slightest idea about programming. Even about such basic things as code formatting, debugging, profiling, error handling, file operations. You may notice that I'm not talking about OOP. This is a completely separate topic, OOP must be taught specifically. Unfortunately, out of 100 people who say they know OOP, 90 are commonplace copy-paste men who have learned the syntax, but do not understand the meaning of objects. But to play chess, it is not enough to know how the pieces move.

It would be nice to answer the question - why do you want to learn PHP programming? The question is not at all idle. Many people mix in it a bunch of different concepts. For example, CMS was already mentioned here. and indeed, when it comes to making money, the customization of Gyumly and writing govnomoduli to her financially are much more profitable than the ability to write something from scratch. For freelance, anyway.

In general, PHP can be used in very different ways. And for each case it will be its own language.

• You can rivet a guest or business card site on the "naked" PHP - and there is nothing bad or shameful about it. On the contrary - this is a plus of the language, which is also suitable for such purposes, without dragging along a couple of million lines of code for the sake of a site of five hundred.
• You can write a professional portal, taking as a basis some of the existing frameworks, and engage in its development.
• You can write a custom highload project for which you will need to write your own framework again on bare PHP.
• You can, as already mentioned, rivet sites based on some kind of CMS.

A lot of options! so you need to decide first what you want.

There they talked about JS + CSS above - no need to listen, this is complete nonsense. Frontend programming is a completely separate thing, much more visual than abstract. And, thank God, more and more employers are beginning to understand this. Although, again - if you are a freelancer and a jack of all trades - then without this anywhere.

But if you work as a hardcore server programmer in a team, then you only need to have a general idea about HTML / JS / CSS (since texts in these languages \u200b\u200bare, in fact, almost the only result of PHP work).

But what you definitely need to know well from the related technologies is the HTTP protocol, the file system device, work with the command line in Linux.

Now for the rest

Mysql is still the cornerstone of web data storage. You need to know and understand joins, indexes

Frameworks are a must. Here, however, there is a problem of choice, but there is no fundamental difference between them. Yii is a good choice.

You don’t need a github; you don’t need to know it. You need to know git.
  But what is required for a web programmer is the ability to use Google. At least at the level of ability to copy an error message into the search form or write the question “What is git” ;-)

Because to work in a team you need to know some version control system, and git is the de facto standard. Understand the principle of work and basic commands - checkout, commit, push.

Good day, dear readers of my blog. Somewhere I heard that every person in his life must go through writing poetry. The situation is changing and now every second one thinks about writing code and creating his own site. Many merge at the moment, others can not decide on the engine. If you read this article and proceed to training according to my recommendations, I’m almost sure that you will succeed.

The topic is quite complicated. Today we’ll talk about how to write a php website from scratch. We’ll take a closer look at what these treasured three letters mean and you will learn about the best ways to not only learn, but really understand php.

What is PHP?

It’s a little strange to start the article with this question, because it is assumed that you already know everything and therefore are ready for difficulties. But, my blog is for beginners. Be lenient, let's repeat the information.

In simple and accessible words, php is a programming language specially designed to create a web application script that runs on a web server. This is a fairly popular programming language, as 85% of websites use it.

The peculiarity of this language is that it is universal, easy to learn and opens up your possibilities not only as a programmer, but also as a businessman. As a result, you can write and develop your projects yourself. Without any help.

Learning Effectively

Many began to learn this language, but few reach the end. For effective training, the first thing you need to find is a source of information, a book, a training course or video, but more on that later.

Then we need to download the compiler. This is a program that reads your script line by line and executes it.

The most common compiler is denver - a simple and free package of the necessary programs with which you can write scripts. If you ask my opinion, I would advise you to download Open Server. He is gaining momentum. It is a cut above Denver and it will be more convenient for you to work in it.

What do these packages do? They allow you to work on it as a server. Downloading anything right now is optional. You will hear more than once about the useful software from this series in any training course, and you will need it.

The essence of effective training is that after completing the lesson, you should try to put everything into practice. If theory is reinforced by practice, then in a few weeks you will be able to master the basic skill of the language.

Books for learning

I’ll say I’m not a fan of books. When it comes to Internet technology. It's like explaining to a Masai man what wi-fi is. No pictures will help to understand everything normally. Nevertheless, I want to provide you with a small list of php books for dummies that are quoted among professionals.

I would like you to really achieve your goal, and if you think that this training option will suit you better, I will gladly provide information.

PHP and MySQL. Web Application Development - A great book that is suitable for a beginner. First of all, the author will show how to configure Apache (HTTP server), PHP and MySQL (database), then he will tell you how to choose a code editor. The book discusses: the syntax of the language, the most useful functions, creating your own engine and a number of other functions.

In general, nothing surprising is it? Nevertheless, this is a real textbook with unique information that you will not find anywhere else. This is the fifth edition, that is, there will be no outdated information. The book was released in 2015. In order to begin to get acquainted with the code yourself - it is it.

HTML, JavaScript, PHP and MySQL. Gentleman Webmaster Set   - This is a more detailed php tutorial. It touches on several other useful ones, without which the full creation of web applications is impossible.

It is easy to read, suitable for independent study and training of students. The author covers such topics as: the basics of php, dynamic page formation using CSS (cascading style sheet), database administration, creating dynamic pages using JavaScript.

We create dynamic websites using PHP, MySQL, JavaScript, CSS and HTML5 - I would recommend this book to more advanced readers who already have basic HTML layout skills. If you have ever studied this, and still remember the basic principles, then this book is for you.

PHP and MySQL. From beginner to professional   - and concludes our review of the book by Kevin Jank, in which the author makes a strong bias towards creating web applications with a database.

The book is very light, perfect for self-study.

YouTube video

From my own experience I’ll say that learning php on YouTube videos is quite difficult. Although they seem simple. Unlike the Photoshop lessons I love, learning programming languages \u200b\u200bon YouTube is simply impossible. Even a video only 15 to 20 minutes long causes a lot of inconvenience.

Such videos may discourage you from typing the code yourself. Why, if the author has already done everything for you: typed, launched, shown on a concrete example how everything works? As a result, remembering something is almost impossible.

Training course

In my opinion this is an ideal learning option. It's great when a specialist deals with you.

Each lesson is accompanied by comments, you can ask questions to experts, calmly discuss and solve incomprehensible moments. You do not have to surf the Internet in search of information. All chew and put in your mouth, you just have to use.

You will be given a task and will monitor how correctly you complete it.

I can recommend you netology course . This training center is valued among professionals, and in just two months you can learn everything you need. Recruits to the group occur constantly.

Do not worry if you do not understand something. The course is designed for you to find out. This is a real step-by-step guide for beginners. Do not believe? Download the full course program from the official website and you will see this.

If you dream of learning how to create sites without, yourself and in php, then this is the best option for you.

  »Where to start learning PHP?

Website development is one of the most popular areas. The web development is carried out by most experienced programmers who use the programming language PHP to create dynamic sites.

Naturally, not only professional programmers, but also beginners want to develop Internet projects, while almost every beginning web developer has a question about where to start learning PHP?. It is worth noting that this programming language is quite easy to learn, but it will take some time and preliminary preparation to learn it.

Before starting to learn PHP programming, it is recommended that you study the HTML hypertext markup language and the principles of working with cascading CSS style sheets. This knowledge is necessary to control the appearance of web pages.

A database is also being developed to store the information used on the site, so the programmer must have the appropriate knowledge. Database management uses a structured SQL query language.

What do you need to work with PHP? Novice programmers who have a question about where to start learning PHP, you need to familiarize yourself with the set of programs needed to develop the site.

For programming in the PHP language, you will need to preinstall the software package. This package includes the Apache server, the PHP hypertext preprocessor itself, and one of the database management systems.

On local computers, special software packages are often used to install this software. One of the popular packages for web developers is Denver. This set of programs runs on the Windows operating system. There are software suites for Linux users as well.

The Denver package includes many useful utilities that are necessary for creating sites in PHP. Installing the package is quite simple and can be done even by an unprepared user.

After installing the Denver suite of programs, you can begin to develop an online project. To manage MySQL databases, the convenient phpMyAdmin toolkit is used. All database operations in phpMyAdmin are performed using an intuitive graphical interface and come down to choosing the right menu items.

Learning the syntax of the PHP programming language.

After installing all the necessary programs, you can. Like the ordinary languages \u200b\u200bof the world, in order to write programs in programming languages, it is necessary to study their rules. If at least one syntax error is made in the code, the program simply will not start and instead of the site content the user will see the corresponding message displayed by the browser.

To learn the syntax of the PHP programming language, you will need to read the relevant literature. You can use the book on our website. For those who have access to the global network, also provided a lot of information posted on thematic sites. There are a large number of forums and communities where, if necessary, you can get answers to questions raised during training.

In order to achieve the desired effect from the study of literature, all theoretical lessons must be worked out in practice, using your local computer for this.

The PHP programming language consists of many different operators and functions, therefore, after passing the training course, programmers use special reference books. These directories allow you to quickly see the syntax and meaning of the required function.

The final stage of training: At the final stage of training, when all questions about where to start learning PHP, the site is being transferred to the server. As a rule, the servers of hosting providers have already installed all the necessary software and made basic settings. The developer can only copy the files with the program code to the server.

Reg.ru: domains and hosting

The largest registrar and hosting provider in Russia.

Over 2 million domain names in service.

Promotion, domain mail, business solutions.

More than 700 thousand customers around the world have already made their choice.

* Mouse over to pause scrolling.

Back forward

20 Ways to Learn PHP and Save Kittens

There is an old adage dating back to the early 1700s. It reads: "Every time a PHP programmer doesn't follow the best coding practices, one kitten dies."

Okay, just for fun, but let’s be what we push from.

Getting started with PHP can be a difficult experience. With this in mind, 20 good tips will teach you how to follow best practices and save lives ... kittens' lives.

0. Write the code as often as you can.

Did you study a foreign language at school? Did you learn all parts of speech, verbs and how to conjugate them, while constantly listening to the teacher’s speech, built from simple phrases and constructions?

How much knowledge gained at that time do you really use?

"Frequent programming for a specific purpose will lead to a solid assimilation of knowledge."

If your answer is “no”, then I bet that this is due to the fact that you did not actually use the language — you only studied it. But if you are still able to conduct a conversation, then this is probably due to the fact that for some time you spoke this language outside of the learning context. Perhaps you spent some time abroad or worked where you need knowledge of this language?

Whatever the reason, you saved it only because you used it in real life situations, in a personal context, which makes it easy to recall key points in the future.

"PHP is an unfamiliar language, such Spanish or French. To feel at ease working with it, you need to practice it outside the classroom.".

Textbooks and sample projects - all this is great for learning the basics, but until you yourself begin to apply knowledge to implement your own projects, they will not settle down in your head quite firmly.

Therefore, don’t worry if you “don’t know everything you need” before starting the project. When you have decided on the project, you have a good reason to learn everything you need and put it into practice. Frequent programming for a specific purpose will lead to a solid assimilation of knowledge.

1. Check out the PHP documentation

Each list of useful tips for some reason contains this item. And certainly not in vain.

Learning to navigate the PHP documentation is the most useful thing you can do for yourself as a web programmer.

If you look at the history of sites in my browser, then the most frequently visited manual will be the PHP manual. And I suspect that the situation will not change as long as I program in PHP.

At first, the manual looks complicated, and navigation seems a little awkward, but this is a temporary phenomenon, and very soon you will be able to navigate it very easily.

Perhaps one of the useful knowledge of the manual is that most functions can be found using the template. http://php.net/function-name  in the address bar. For example, to search for a function strpos ()  use address http://php.net/strpos, and for array_key_exists () - http://php.net/array-key-exists. Note the absence of parentheses in the address and the change of underscore to a hyphen.

1a. Read the comments!

It is very easy to overlook comments, however do yourself a favor and study them. If as a result of the work of some function you get an unexpected result, then, quite possibly, someone noticed this and explained what was in the comments.

In addition, reading other people's comments, you can draw a lot of useful ideas from other developers.

2. Take advantage of the vast PHP community

In addition to the PHP tutorial, there are many more great developer communities around the internet. Among my favorites: Stackoverver.com  and forum W3Schools.com.

Plus, Twitter is surprisingly a great place to post questions about PHP. If you tag “PHP” for a tweet, then most likely someone in the community will notice this and give you a helping hand.

"It’s important to remember that as soon as you become better at PHP, pay back the good. In order for the community to live, you need as many active people as possible. Try to answer the questions of other beginners. Do not be deaf to other people's questions."

3. Do not put off good practices for later

During the training process, you will probably hear about good habits and coding standards, such as prepared expressions and standards from PEAR. Don't postpone studying these points “for later” simply because it seems complicated.

“If something is good practice, it’s not because we (other PHP programmers) got together and said,“ How can we make life difficult for beginners? ”

Good practices exist to make your scripts more flexible, safer and faster. Learn them as fast as you can. In fact, you should not even start training in the wrong way.

The time you spend studying mysql_query ()  comparable to study time PDO  or Mysql. Therefore, if you start immediately with the second option, you can be sure that you start with the fundamental principles of working with a database and, in the end, spend less effort and time on this.

4. Do not put off good practices for later!

I just wanted to make sure that you paid attention to it.

“Seriously, guys. Don’t put it down. Every time you break the best practices because they seem“ too complicated, ”BP drowns another fluffy kitten in crude oil.”

So if you do not do this for yourself, your projects, your colleagues, or for the community as a whole, then at least remember the kittens.

5. Make the code self-documenting

In the early stages, of course, it can be tempting to “play around” with the names of variables and functions. Maybe you read performance articles or saw a piece of code that does a ton of work in just two lines of code (but sooooooo long :)), or do you want to create your own "corporate style" of coding?

"If you want to survive all characters from variable names to reduce the overall script run time by 0.2 ms, then you are likely to run into big problems."

Whatever the temptation, one must resist at all costs.

Consider the following code snippet:

Do you immediately understand what is happening here?

Of course, you will understand how this works, but why force other people studying your code to spend an extra minute understanding what a variable with a “speaking” name “c” contains?

Let's take this code and make it self-documenting:

That's it. Much better. Now, just by looking at the code, you can get a general idea of \u200b\u200bwhat is going on. No rubbing his forehead and muttering curses and, most importantly, no difference.

Of course, you can win a few bytes using the short variable names. But, frankly, if you want to survive all characters from variable names to reduce the overall script run time by 0.2 ms, then you will most likely run into big problems.

6. Add comments to everything you had to think about.

Comments are not a hallmark of beginners. Rather, on the contrary, studying a large amount of other people's code, I come to the conclusion that comments are a sign of a competent web programmer.

If your code is self-documenting, then you won’t need a lot of comments. However, no matter how obvious and understandable the names of your functions and variables are, there will always be some “white spots” when the perfect action is completely obvious.

"Comments are a sign of a competent web programmer."

When this happens, comment on the code. “Future You” say “Present to You” many thanks when it comes time to modify the script.

"As a rule, if you think for a few seconds about what needs to be done in order for the script to work as it should, this is a sure sign that you should make a note."

Let's get a look:

   $ pieces \u003d explode (".", $ image_name); $ extension \u003d array_pop ($ pieces);

What's going on here? Did you have to stop and think about the code? You are still not sure what is in the variable $ extension?

Take a look at the snippet below again, with just one brief comment:

   // Get the image file extensions $ pieces \u003d explode (".", $ Image_name); $ extension \u003d array_pop ($ pieces);

Now, even if you don’t know exactly how some code works, you will at least know what is in the variable $ extension  is the image extension. If this helps Future for You, or saves a few seconds of time to another developer, it makes sense to spend 7 seconds to add a comment.

As always, the key is moderation.

Too few comments - and you run the risk of leaving the other developer (and “Your Future”) puzzled about certain pieces of code. This can even lead to accidental code breaking, as if there is no explanation, then the code may seem silly or redundant.

"Moderation is the key to everything."

Too many comments - and your code becomes difficult to “scan”, which also interferes with the work.

7. Explore Docblock and use it.

Docblock is a commenting standard (more).

I have several reasons for using this standard:

1. It makes us think about “what” and “why” for each file, function, method, etc.

2. It gives clear descriptions of expected parameters and return values \u200b\u200bfor functions / methods.

3. It gives a brief description of what a particular code does.

4. In combination with the development environment (IDE) that supports Dockblock, we have code hints (which allow us to see descriptions, expected parameters, and return values \u200b\u200bfor the functions and methods we use).

This point can be called a restriction for "high-level beginners," but I attribute it to the best practices that need to be mastered as soon as possible.

Feel free to skip this step, but remember kittens.

Docblock shows its versatility when used to document classes:

   / ** * A simple class for calculating the sum or difference of the $ _foo variable and some value * * @author Jason Lengstorf * @copyright 2011 Copter Labs * @license http://www.opensource.org/licenses/mit-license.html * / class CopterLabs_Test (/ ** * Value used for addition and subtraction * @var int * / private $ _foo \u003d 0; / ** * Adds a value to $ _foo and returns the sum * @param int $ add_me Value added to $ _foo * @return int Sum of $ _foo and $ add_me * / public function add_to_foo ($ add_me \u003d 0) ( return $ this -\u003e _ foo + \u003d $ add_me;) / ** * Subtract the value from $ _foo and return the difference * @param int $ subtract_me Value subtracted from $ _foo * @return int Difference $ _foo and $ subtract_me * / public function subtract_from_foo ($ subtract_me \u003d 0) (return $ this -\u003e _ foo - \u003d $ subtract_me;))

At first glance, this may seem depressing, but the advantages are very worth it to take the time to familiarize yourself with this syntax.

The above Docblock when used in Netbeans will give us such hints for the code:

8. Do not be so harsh an encoder to refuse an IDE

If you do not know yet, then there is such a belief: hard coders thinking like real programmers don't use an IDE.

Now look: if you want to impress people, then better learn to juggle.

Failure to use everything except Emacs on the command line for writing scripts will not lead to girls hanging up on you or you will immediately get the status of a cool hacker, however, this will be an occasion for your colleagues to put a warning on your forehead that you "Strange guy".

Do not be a "strange guy."

"There is nothing wrong with using software that provides syntax highlighting on the fly, error checking and code hints."

How powerful the IDE to use is entirely up to you. Personally, I really like Netbeans. I heard tons of praise for Coda for Mac (although it's not quite an IDE), but I myself used Eclipse (before moving to Netbeans).

No matter which IDE you use, you will see an increase in speed and a decrease in the number of minor errors. Later, when your code libraries replenish, you will have code hints for all your applications (because you use Docblock, right? Right ?!)

Do not think that the IDE is not cool - it doesn’t matter what the Strange Guy says to you.

9. Group repeating code into functions

When you just start writing an application, you can easily work by moving from top to bottom and add the necessary code in the right places.

However, when you do this, you will very soon notice that certain parts of the code appear again and again. This approach becomes a minefield when it comes to maintenance and changes. Indeed, in this case, you must look from and to each file in order to find all occurrences of the same pieces of code to change the functionality of the application.

If you see that the action is repeated, even at least twice, then you need to seriously be concerned with the issue of moving this code to a function.

Consider the following example:

   $ unclean1 \u003d "Click Me!"; $ detagged1 \u003d strip_tags ($ unclean1); $ deslashed1 \u003d stripslashes ($ detagged1); $ clean1 \u003d htmlentities ($ deslashed1, ENT_QUOTES, "UTF-8"); $ unclean2 \u003d "Let" s call Bjorn! "; $ detagged2 \u003d strip_tags ($ unclean2); $ deslashed2 \u003d stripslashes ($ detagged2); $ clean2 \u003d htmlentities ($ deslashed2, ENT_QUOTES," UTF-8 "); echo $ clean1 , "
", $ clean2;

As you can see, both lines need some processing before they can be considered safe. At the same time, you also see that the same functions are used both times for processing.

This is the case when using a function is much more desirable:

   $ unclean1 \u003d "Click Me!"; $ unclean2 \u003d "Let" s call Bjorn! "; $ clean1 \u003d sanitize_input ($ unclean1); $ clean2 \u003d sanitize_input ($ unclean2); echo $ clean1,"
", $ clean2; function sanitize_input ($ input) ($ detagged \u003d strip_tags ($ input); $ deslashed \u003d stripslashes ($ detagged); return htmlentities ($ deslashed, ENT_QUOTES," UTF-8 ");)

After introducing repeating code into the function, it’s much easier to navigate and edit the steps that you take to clear incoming data.

10. Group similar features into classes

Familiarity with OOP (object-oriented programming) is another point that can be attributed to the category of "learn as early as possible."

"If you have a number of functions that work with, say, a database, you can save a ton of time and effort by grouping them into classes."

Learning is definitely beyond the scope of this article, but I believe that it is very important to mention this as part of this list for beginners.

11. Use constants, not global variables.

When I was just starting to develop large projects, I noticed behind myself that I use global variables much more often than necessary. Recognizing this problem is the first step to solving it.

I kept invariable data (like the name of the site and the maximum width of the picture) as well as credentials for connecting to the database in variables, which led to the fact that I had to use an array $ GLOBALS  to access the information you need.

Then I realized that PHP allows you to define constants using a function define ().

Constant is a great way to store information that is unchanged throughout the application. An additional bonus is that the constants cannot be changed, so you will not be able to accidentally rewrite the password to access the database during the execution of the script.

If we talk about good practices, then the widespread use of global variables is not welcome in the initial stages of work, so it is always better to start using constants. Look at this code to evaluate everything yourself:

\\ n ". $ global;)?\u003e

12. Do not be afraid to use Includes

Almost always, when you create large projects, it makes sense to break them into smaller chunks using the included files.

A typical approach adopted by web developers is to place each completed code fragment used in many scripts into a separate include file (for example, data for connecting to the database, footer and header, which are usually identical for the whole site , various utility functions, such as the function of checking incoming data, etc.).

Thus, you can connect the necessary code in one place in the right places instead of copying and pasting the same code fragment.

For example, on a site with many pages, a typical template may look like:

13. Do not go crazy because of performance

This is a serious stumbling block for some developers, which is not good. There is a very fine line between writing effective code and a waste of time trying to reduce script execution time by 5 ms.

Definitely worth a look at a few good articles on the topic of performance and find out the main errors that you drag from application to application, but you should not spend a lot of time carefully refactoring the code to change double quotes to single because you learned that it will be a little faster.

"Turn on your head to avoid big problems and keep your ears open if you hear about techniques to speed up the application, but don’t make this race for performance."

No one will be able to notice the difference when loading a page in 25 or 40 ms. Make sure it is not 700 ms. and do more important things.

14. Do not “marry” HTML on your scripts.

This may require a lot of ingenuity, but try to avoid the widespread introduction of markup in PHP code. It is almost impossible to completely remove it from PHP files, but make sure that you have done everything possible to not include inconsequential HTML markup in the code.

Consider the following example:

Echo "

";

Is it really necessary to wrap a paragraph with a tag div? Is it possible to change the code so that it includes only paragraph tags for the content of the text? Let's look at an alternative:

Note: This example is greatly simplified. The basic idea is to resist the temptation to add much more markup to the PHP file than is necessary.

In most cases, you can separate HTML from PHP, which will make your scripts easier to read and maintain.

15. Try to use at least one unfamiliar concept in each new project.

You will never learn something new if you continue to do the same things. When developing each new project, use at least one new technology, one new technique that is unusual for you.

It's not about being overly ambitious - just intentionally force yourself to go beyond your comfort zone.

This will be a competition for you, which will not let you get bored of repeating the same actions and will contribute to your development as a web developer.

16. Do not be too proud to change

You will be wrong. And often. But this is not so bad.

When you grow up, you find new, better solutions to the problems that you have encountered before. Do not feel like a fool: you are constantly learning new things.

It is very important here not to get attached to the code that you wrote. Do not think that your code is better simply because you wrote it. If you stumble upon a cool solution to some problem, use it! Pay attention to how others have done it and what you can improve on yourself.

"Never allow yourself to think that an unprofessional decision is acceptable, because it is yours. It is arrogance (which, as a rule, does not lead to anything good)."

17. Validate

If you are a web programmer, then start learning about validating your input as early as possible.

Remember:  Validation is not at all the same as sanitization.

"Validation of incoming data is a check of the fact that this data matches a certain format, such as checking whether the entered value is a valid email address or whether the login field contains from 8 to 20 characters of the Latin alphabet or numbers."

This can be tedious and difficult, but if you make sure that only the correct format data is sent to the script for further processing, you will significantly improve the "quality of service" for your website visitors and you can avoid many errors in the operation of your scripts using this data.

18. What is not prohibited - allowed?

In many situations, you need to get rid of certain characters, text fragments, tags, etc.

A typical solution is to create a so-called “blacklist”: a selection of forbidden tags, characters, etc.

"If you do not constantly replenish and do not monitor your blacklist, then this is fraught with vulnerabilities."

This, however, creates additional difficulties. You need to be smarter than those who want to do something "illegal." For example, to disable JavaScript in comments, you could ban the use of OnClick events and the like, but what if you missed something? What if some new events are added to the specification in the future?

If you do not constantly replenish and do not monitor your blacklist, then this is fraught with vulnerabilities.

Therefore, to rid yourself of a headache in the future, if possible, use the white list. The white list is the opposite of blacklisting: a collection of toegs, characters, etc., allowed for use.

For example, in a function   strip_tags (), you can explicitly indicate which tags are allowed in the lines:

Strip_tags ($ string, " ");

Now your problem, most likely, will be that you did less than you wanted :) However, this approach is much safer and will provoke less unpleasant situations in the future.

Of course, it is impossible to use this approach everywhere, but by indicating what is allowed instead of what is forbidden, you gain more peace of mind and increase control over scripts.

Are you looking for a 20 way? Remember that in PHP almost always and everywhere the countdown comes from scratch, so this is the 20 way. You will notice that in almost all languages \u200b\u200bthis is the case, so do not let yourself be confused!

Summarizing

If you are a beginner, the tips discussed above will help you make significant progress towards applying good practices to your work.

Do not be alarmed if everything that is written here is a curiosity for you: just take one step at a time (see paragraph 15).