Errors novice PHP developers

A selection of bugs novice PHP developers ...

1. The book on PHP for 2002 as a source of knowledge is already history, I advise "PHP 5. Professional programming" - E. Gutmans, S. Bakken - ISBN: 5-93286-083-9, or even newer ...
2. Using an all-inclusive web server (Denwer and the hedgehog with it) - learn how to setup yourself, then you will have time to switch to semi-finished products
3. We use a simple editor with syntax highlighting - it's time to grow up and switch to IDE - development speed increases with IDE, especially in large projects with more than a dozen classes.
4. The register_globals parameter is enabled in php.ini - we disable this EVIL, it is disabled by default, but you need it for some reason
5. An implementation of “index.php” containing approximately the following code: <? Php require_once $ _GET ['mod']; ?> Is a vulnerability, called PHP injection - always check the input data.
6. The implementation of authorization, when the query string to the database contains something like: "SELECT * FROM users WHERE login =". $ _ GET ['login']. "AND password =". $ _ GET ['password'] - read what SQL is injection (this applies to all input data and SQL queries)
7. Do you trust POST variables more than GET? - Be sure to fake it as easily, so check
8. AJAX is good, leaky AJAX is bad - do not forget to check access rights for functions called in AJAX
9. We do not check the files uploaded by users - now we know what PHP Backdoor is
10. Assignment in the condition: <? Php if ($ auth = DEFINE_NAME) {...}?> You will search for such an error for a long time - try to avoid similar constructions (use the design <? Php if (DEFINE_NAME == $ auth) {...}?> - if you miss one “equal” character - the interpreter will generate an error)
11. “Cannot send session cookies - headers already sent by ...” - we are trying to set cookies, when the header has already been sent to the browser - have you left out a blank line or a space before the first tag <?
12. Rewriting PHP functions - use manual search
13. The expression <? Php if (array_search ('needle', $ array)! = FALSE) {...}?> - will not work if the required element is available by the key 0 or "" - read the manual for each function more attentively
14. We work under windows, hosting on linux and the site does not rise - the file name is index.php, Index.php, INDEX.php, etc. these are all different files for linux systems, and we forgot about it
15. Disabling error output - the code must be clean - so error_reporting (E_ALL) to help you, even Notic follow
16. Gulf project on hosting - disable error output on the screen - log them to a file - you will not blush later
17. PHP files have a non-standard extension (for example .inc instead of .php) - if you don’t protect such files, you can be very ashamed
18. In the calculation of short_tags, we were too lazy to write completely <? Php ...?> - now we rewrite templates on the new hosting
19. Hoped for magic_quotes, now our application is secure as Swiss ... cheese
20. Follow coding standards and write code comments - your followers will say thank you
21. Do not write mats in error messages and comments - the customer can view and then it will take a long time to make excuses
22. Read the article http://php.spb.ru/php/speed.html and think that the only way you can / need to optimize the code is “flea” optimization related to PHP3
23. Implementing database functionality with PHP tools - array_search instead of WHERE, and other wonders of not knowing SQL
24. We are knocking to the database in recursion - we try to bypass such implementations
25. No need to hammer nails with pasatizhs - “I need to implement a guest book — I’ll take my favorite set of 6 megabyte libraries”
26. We recognized Smarty, and now we are sure that we have learned how to separate logic and display.
27. We check ALL input data, we do not need XSS vulnerabilities

If you have something to add - write in the comments ...

PS Initially, 25 errors were listed, from the image and the picture ...