Slides from my WordCamp Atlanta 2010 presentation "You're Doing it Wrong"

1. YOU’RE DOING IT WRONG
Chris Scott - @chrisscott - slideshare.net/iamzed
photo from http://www.richardpettinger.com/funny/funny_road_signs/funny_road_signs

2. Thanks
• Dion Hulse’s (DD32) two part series on doing it
wrong:
• http://dd32.id.au/2009/11/01/youre-doing-it-wrong-1/
• http://dd32.id.au/2009/11/01/youre-doing-it-wrong-2/
• http://dd32.id.au/2009/11/24/how-to-do-it-right-part-0/
• Michael Pretty for ideas and telling me what I’m doing
wrong
• Sean O’Shaughnessy for ideas and graphics

3. New Features in a Year:
2.7 - 2.9.1
• Post thumbnails
• Sticky posts
• Comment threading and paging
• Widgets API
• Load scripts minified by default
• Load scripts in the footer
• esc_* functions
• security fixes
• and much more...

4. Wrong and Right
photo from Current Configuration

5. Not Upgrading
WRONG

6. Upgrading
RIGHT

7. Resources
• CTFB:
• Upgrade manually:
http://codex.wordpress.org/Upgrading_WordPress
• Upgrade with SVN:
http://codex.wordpress.org/Installing/Updating_WordPress_with_Subversion

8. Calling Functions That
Don’t Exist
<div id="sidebar" role="complementary">
<ul>
<li><?php wp_ozh_wsa('mybanner') ?></li>
... rest of sidebar ...
</ul>
</div>
WRONG

9. Check for Functions Before
Calling
<div id="sidebar" role="complementary">
<ul>
<?php if (function_exists('wp_ozh_wsa')) : ?>
<li><?php wp_ozh_wsa('mybanner') ?></li>
<?php endif; ?>
... rest of sidebar ...
</ul>
</div>
RIGHT

10. Hard-Coding WordPress
Paths
$cb_path = get_bloginfo('wpurl')."/wp-content/
plugins/wp-codebox"; //URL to the plugin directory
WRONG

11. Use Constants or Helper
Functions
$cb_path = plugins_url('', __FILE__); //URL to the
plugin directory
RIGHT

12. Resources
• Moving wp-content/wp-plugins:
http://codex.wordpress.org/Editing_wp-config.php#Moving_wp-content
• Stylesheet paths:
http://codex.wordpress.org/Function_Reference/get_stylesheet_directory
http://codex.wordpress.org/Function_Reference/get_stylesheet_directory_uri
• Theme paths:
http://codex.wordpress.org/Function_Reference/get_template_directory
http://codex.wordpress.org/Function_Reference/get_template_directory_uri

13. Echoing Scripts/CSS in
Header/Footer
function codebox_header() {
$hHead .= "<script language="javascript" type=
"text/javascript" src="".get_bloginfo('wpurl')."/
wp-includes/js/jquery/jquery.js"></script>n";
$hHead .= "<script language="javascript" type=
"text/javascript" src="{$cb_path}/js/codebox.js"
></script>n";
print($hHead);
}
add_action('wp_head', 'codebox_header');
WRONG

14. Enqueue Scripts and Styles
function codebox_header() {
wp_enqueue_script(
'codebox',
plugins_url('js/ codebox.js', __FILE__),
array('jquery')
);
}
add_action('template_redirect', 'codebox_header');
RIGHT

15. Resources
• wp_enqueue_script:
http://codex.wordpress.org/Function_Reference/wp_enqueue_script
• wp_enqueue_style:
http://codex.wordpress.org/Function_Reference/wp_enqueue_style
• Enqueueing styles with conditionals:
http://iamzed.com/using-wordpress-wp_enqueue_style-with-conditionals/
• Plugin API/Action Reference:
http://codex.wordpress.org/Plugin_API/Action_Reference

16. Not Checking Indices or
Object Properties
if ($_GET['wp125action'] == "deactivate") {
...
}
WRONG

17. Checking Indices/Properties
if (isset($_GET['wp125action']) && $_GET
['wp125action'] == "deactivate") {
...
}
RIGHT

18. Resources
• isset():
http://php.net/isset
• empty():
http://php.net/emtpy

19. Not Using WP_DEBUG
WRONG

20. Define WP_DEBUG in
wp-config.php
define('WP_DEBUG', true);
RIGHT

21. Resources
• WP_DEBUG:
http://codex.wordpress.org/Editing_wp-config.php#Debug
• Use dev versions of WP scripts:
define('SCRIPT_DEBUG', true);
• Disable admin js concatenation:
define('CONCATENATE_SCRIPTS', false);

22. Using Globals Instead of
Template Tags
global $post;
$title =$post->post_title;
WRONG

23. Use Template Tags
$title = get_the_title();
RIGHT

24. Resources
• Template Tags:
http://codex.wordpress.org/Template_Tags

25. Writing SQL
global $wpdb;
$wpdb->query("update ".$articles." set review = ".
$rating." where post_id = ".$post_id);
WRONG

26. Use $wpdb Methods
global $wpdb;
$wpdb->update(
$articles,
array('review' => $rating),
compact('post_id')
);
RIGHT

27. Resources
• wpdb Class:
http://codex.wordpress.org/Function_Reference/wpdb_Class
• wpdb->prepare():
http://codex.wordpress.org/Function_Reference/
wpdb_Class#Protect_Queries_Against_SQL_Injection_Attacks

28. Not Validating/Escaping
User Input
<label for="title"><?php echo get_option
('my_plugin_option_title'); ?></label>
<input type="text" id="value" name="value" value="<?
php echo get_option('my_plugin_option_value')); ?>">
WRONG

29. Validate and Escape User
Input
<label for="title"><?php echo esc_html(get_option
('my_plugin_option_title')); ?></label>
<input type="text" id="value" name="value" value="<?
php echo esc_attr(get_option
('my_plugin_option_value')); ?>">
RIGHT

30. Resources
• Data validation:
http://codex.wordpress.org/Data_Validation
• wpdb->prepare():
http://codex.wordpress.org/Function_Reference/
wpdb_Class#Protect_Queries_Against_SQL_Injection_Attacks

31. Not Using Caching
$response = wp_remote_get($url);
if (!is_wp_error($response)
&& $response['response']['code'] == '200')
{
$data = $response['body'];
}
... do something with data ...
WRONG

32. Use Caching
if (!$data = wp_cache_get('my_external_data')) {
$response = wp_remote_get($url);
if (!is_wp_error($response) &&
$response['response']['code'] == '200')
{
$data = $response['body'];
wp_cache_set('my_external_data', $data);
}
}
... do something with data ...
RIGHT

33. Resources
• WP_Cache:
http://codex.wordpress.org/Function_Reference/WP_Cache

34. Not Contributing
photo by TaranRampersad http://www.flickr.com/photos/knowprose/2294744043/
WRONG

35. Contributing
http://codex.wordpress.org/
Contributing_to_WordPress
• Edit the Codex
• Answer Forum Support Questions
• Participate in Development
• Planning, Testing, Bug Reporting and Fixing
• Say “Thanks”
RIGHT