echo "using echo sucks!";

Submitted by phrax on Mon, 2004-11-22 15:25. Wonky Code

Nicely formatted, easy to read, but oh so wrong. The switch is bad enough but using all those echo makes me so angry. I pity all pour souls that have to work with code like this.

<?php
if(@$_POST['vote'] == TRUE)
{
   switch (@$_POST['bewertung'])
       {
           case "1":
             $punkt = 1;
             break;
           case "2":
             $punkt = 2;
             break;
           case "3":
             $punkt = 3;
             break;
           case "4":
             $punkt = 4;
             break;
           case "5":
             $punkt = 5;
             break;
            case "6":
             $punkt = 6;
             break;
            case "7":
             $punkt = 7;
             break;
           case "8":
             $punkt = 8;
             break;
             case "9":
             $punkt = 9;
             break;
             case "10":
             $punkt = 10;
             break;
         }
mysql_query("INSERT INTO bewertung(repID,punkte) VALUES ('$repID','$punkt')");
}

/* hier kommt nur die Ausgabe der Puntkte nich relevant*/

echo "<table border=0 width=80 cellspacinng=0 cellpadding=0>";
echo "  <tr>";
echo "   <td>";
echo "     <form method=\"post\" type=\"text/css\" action=\"http://www.example.com/index.php?section=Replays\">";
echo "        <select name=\"bewertung\" size=\"1\">";
             for ($bew = 1 ; $bew &lt;= 10 ; $bew++)
                     {
                       echo "<option>".$bew."</option>";
                     }
echo "   </td>";
echo "   <td>";
echo "              <input type=\"submit\" value=\"Vote\" name=\"vote\">";
echo "            </form>";
echo "   </td>";
echo "  </tr>";
echo "</table>";
?>

Submitted by James Nobis (not verified) on Mon, 2004-11-22 17:28.

lol how about replacing that switch with:
$punkt = intval($_POST['bewertung']);

» reply

Submitted by kylector (not verified) on Mon, 2004-11-22 17:33.

Ok, so we all know echo is slow compared to just ending the PHP and dumping straight html. But just HOW slow is echo?

» reply

Submitted by ryan (not verified) on Mon, 2004-11-22 17:48.

kylector-
I don't know how much slower it is, but I don't think that's the biggest problem with this use of echo.

The problem is that this is considerably less readable, especially if the text editor being used doesn't highlight HTML within php strings.

» reply

Submitted by Ole Hansen (not verified) on Mon, 2004-11-22 17:49.

At least the user input is validated and thoroughly cleaned before it is used. That fact alone makes it quite a lot better than many other pieces of code, that might use more elegant methods.

» reply

Submitted by bbalint (not verified) on Mon, 2004-11-22 22:32.

echo ... print ... embedded HTML, once upon a time, an article showed that the slower print is slower than echo (when print('string'.$variable.'string') vs. echo 'string', $variable, 'string') but the fastest output method is embedding HTML. i work for a small company, and the previous developer did/does the same thing: he outputs HTML tags indented with tab

» reply

Submitted by bbalint (not verified) on Mon, 2004-11-22 22:34.

... and outputs the code with echo

also note, i think he never used a simple text editor to write PHP code, (it seems) he always used Macromedia Dreamweaver ...

ps: sorry for the 2-part post, somethings wrong with my copy/cut/paste keys ... :-/

» reply

Submitted by freedimension (not verified) on Tue, 2004-11-23 00:26.

@Ole Hansen: You call that clean? What if the Value of $_POST['bewertung'] doesn't meet any of the criterias? Where is the default Value for $punkt? This way you can too easily inject harmful SQL-Code if the server permits it. Now with the newer versions of MySQL doing nasty things is no problem as subselects are allowed.

» reply

Submitted by Ole Hansen (not verified) on Tue, 2004-11-23 02:53.

OK, you're right, I missed those parts - some of it might be outside the code shown here, but nevermind. Allow me to rephrase to "At least the coder tried to validate his input..."

» reply

Submitted by elias (not verified) on Tue, 2004-11-23 03:10.

sure this code is a step beyond the most bad code, but its still
stupid. like freedimension said there is no default value. also, the author uses @ to supress php errors instead of checking the input
correct. that makes clear the author isn't familar with php nor
security. the bunch of echo's emphasize that.

heres my suggestion:

$vote = $_POST['vote'] == '1' ? true : false;
$punkt = (int) $_POST['bewertung'];

if ($vote === true && $bewertung > 0 && $bewertung < 11)
{
mysql_query("INSERT INTO bewertung(repID,punkte) VALUES ('$repID','$punkt')");
}

» reply

Are you all talking about jus

Submitted by jake (not verified) on Sun, 2004-11-28 17:53.

Are you all talking about just simple pages? In complex applications I've always crammed the html into a variable i can pass back and output where i see fit to build up standards compliant and reusable code. using echo like that is obviously a WTF and he's not doing anything super complex here, but i feel like everyone is ignoring other scenarios.

And I've always used Dreamweaver cause that's what I'm given at work. And I enjoy the check in check out features, etc. What editor highlights PHP in a string? And it'd have to be Windows and OS X or two separate programs that have similar features for each respective platform.

» reply

Navigation

Categories

Browse archives

Feeds

User login

echo "using echo sucks!";

Comment viewing options

Are you all talking about jus

Post new comment

$ Google $

Use Firefox!