You're Doing it Wrong - WordCamp Atlanta

Chris Scott - @chrisscott - slideshare.net/iamzedphoto from http://www.richardpettinger.com/funny/funny_road_signs/funny_road_signs

YOU’RE DOING IT WRONG

Thanks• Dion Hulse’s (DD32) two part series on doing it

wrong:• http://dd32.id.au/2009/11/01/youre-doing-it-wrong-1/• http://dd32.id.au/2009/11/01/youre-doing-it-wrong-2/• http://dd32.id.au/2009/11/24/how-to-do-it-right-part-0/

• Michael Pretty for ideas and telling me what I’m doing wrong• Sean O’Shaughnessy for ideas and graphics

New Features in a Year:2.7 - 2.9.1

• Post thumbnails• Sticky posts• Comment threading and paging• Widgets API• Load scripts minified by default• Load scripts in the footer• esc_* functions• security fixes• and much more...

Wrong and Right

photo from Current Configuration

Not Upgrading

WRONG

Upgrading

RIGHT

• Upgrade manually:http://codex.wordpress.org/Upgrading_WordPress

• Upgrade with SVN:http://codex.wordpress.org/Installing/Updating_WordPress_with_Subversion

• CTFB:

Resources

Calling Functions That Don’t Exist

<div id="sidebar" role="complementary"> <ul> <li><?php wp_ozh_wsa('mybanner') ?></li>

... rest of sidebar ...

</ul></div>

WRONG

Check for Functions Before Calling

<div id="sidebar" role="complementary"> <ul> <?php if (function_exists('wp_ozh_wsa')) : ?> <li><?php wp_ozh_wsa('mybanner') ?></li> <?php endif; ?> ... rest of sidebar ...

</ul></div>

RIGHT

Hard-Coding WordPress Paths

$cb_path = get_bloginfo('wpurl')."/wp-content/plugins/wp-codebox"; //URL to the plugin directory

WRONG

Use Constants or Helper Functions

$cb_path = plugins_url('', __FILE__); //URL to the plugin directory

RIGHT

• Moving wp-content/wp-plugins:http://codex.wordpress.org/Editing_wp-config.php#Moving_wp-content

• Stylesheet paths:http://codex.wordpress.org/Function_Reference/get_stylesheet_directoryhttp://codex.wordpress.org/Function_Reference/get_stylesheet_directory_uri

• Theme paths:http://codex.wordpress.org/Function_Reference/get_template_directoryhttp://codex.wordpress.org/Function_Reference/get_template_directory_uri

Resources

Echoing Scripts/CSS in Header/Footer

function codebox_header() { $hHead .= "<script language=\"javascript\" type=\"text/javascript\" src=\"".get_bloginfo('wpurl')."/wp-includes/js/jquery/jquery.js\"></script>\n"; $hHead .= "<script language=\"javascript\" type=\"text/javascript\" src=\"{$cb_path}/js/codebox.js\" ></script>\n"; print($hHead);}add_action('wp_head', 'codebox_header');

WRONG

Enqueue Scripts and Styles

function codebox_header() { wp_enqueue_script( 'codebox', plugins_url('js/ codebox.js', __FILE__), array('jquery') );}add_action('template_redirect', 'codebox_header');

RIGHT

Resources• wp_enqueue_script:

http://codex.wordpress.org/Function_Reference/wp_enqueue_script

• wp_enqueue_style:http://codex.wordpress.org/Function_Reference/wp_enqueue_style

• Enqueueing styles with conditionals:http://iamzed.com/using-wordpress-wp_enqueue_style-with-conditionals/

• Plugin API/Action Reference:http://codex.wordpress.org/Plugin_API/Action_Reference

Not Checking Indices or Object Properties

if ($_GET['wp125action'] == "deactivate") { ...}

WRONG

Checking Indices/Properties

if (isset($_GET['wp125action']) && $_GET['wp125action'] == "deactivate") { ...}

RIGHT

Resources• isset():

http://php.net/isset

• empty():http://php.net/emtpy

Not Using WP_DEBUG

WRONG

Define WP_DEBUG in wp-config.php

RIGHT

define('WP_DEBUG', true);

Resources• WP_DEBUG:

http://codex.wordpress.org/Editing_wp-config.php#Debug

• Use dev versions of WP scripts:define('SCRIPT_DEBUG', true);

• Disable admin js concatenation:define('CONCATENATE_SCRIPTS', false);

Using Globals Instead of Template Tags

global $post;

$title =$post->post_title;

WRONG

Use Template Tags

$title = get_the_title();

RIGHT

Resources• Template Tags:

http://codex.wordpress.org/Template_Tags

Writing SQL

global $wpdb;

$wpdb->query("update ".$articles." set review = ". $rating." where post_id = ".$post_id);

WRONG

Use $wpdb Methods

global $wpdb;

$wpdb->update( $articles, array('review' => $rating), compact('post_id'));

RIGHT

Resources• wpdb Class:

http://codex.wordpress.org/Function_Reference/wpdb_Class

• wpdb->prepare():http://codex.wordpress.org/Function_Reference/wpdb_Class#Protect_Queries_Against_SQL_Injection_Attacks

Not Validating/Escaping User Input

<label for="title"><?php echo get_option('my_plugin_option_title'); ?></label>

<input type="text" id="value" name="value" value="<?php echo get_option('my_plugin_option_value')); ?>">

WRONG

Validate and Escape User Input

<label for="title"><?php echo esc_html(get_option('my_plugin_option_title')); ?></label>

<input type="text" id="value" name="value" value="<?php echo esc_attr(get_option('my_plugin_option_value')); ?>">

RIGHT

Resources• Data validation:

http://codex.wordpress.org/Data_Validation

• wpdb->prepare():http://codex.wordpress.org/Function_Reference/wpdb_Class#Protect_Queries_Against_SQL_Injection_Attacks

Not Using Caching

$response = wp_remote_get($url);if (!is_wp_error($response) && $response['response']['code'] == '200') { $data = $response['body'];}... do something with data ...

WRONG

Use Caching

if (!$data = wp_cache_get('my_external_data')) { $response = wp_remote_get($url); if (!is_wp_error($response) && $response['response']['code'] == '200') { $data = $response['body']; wp_cache_set('my_external_data', $data); }}... do something with data ...

RIGHT

Resources• WP_Cache:

http://codex.wordpress.org/Function_Reference/WP_Cache

Not Contributing

WRONG

photo by TaranRampersad http://www.flickr.com/photos/knowprose/2294744043/

Contributing

RIGHT

http://codex.wordpress.org/Contributing_to_WordPress

• Edit the Codex• Answer Forum Support Questions• Participate in Development• Planning, Testing, Bug Reporting and Fixing• Say “Thanks”