PHP Best Practices


  1. Do friendship with the PHP manual.

    • If you are new to php its time to get thorough with the php manual.
    • The manual is incredible very well documented.It has very helpful comments following each article.
    • Before Googling up the problem just head straight into the manual.
  2. Turn on Error Reporting.

    • When you are developing an application it is recommended you turn on error reporting.
    • With error reporting enabled you will see errors that might not be visible otherwise.
    • However during production turn it off back as you might not wish to make your visitors look on those stupid errors.
  3. Try an IDE

    • IDE are very helpful tools for developing an app.
    • They saves a lot of time and make your development easier.
    • Some of the features provided by an IDE are
      • Code Completion. (IDE has intelligence.Understands what you want to write)
      • Syntax Highlightning.(Displays warnings & errors in your code)
      • Code Formatting.(Makes indentation of code possible).
  4. Follow DRY approach

    • DRY stands for “Don’t Repeat Yourself”.
    • Very clear by the name it means don’t have redundant code.
  5. Improve Readability by indenting your code and using white spaces.

    • If you don’t follow this principle your code might end up looking like a garbage.
    • Use it properly so that your code becomes more readable and easy to search.
  6. Don’t use PHP short tags (<?=?>)

    • Often programmers use short tags when accessing variables.
    • However it saves some space but is deprecated.
    • Better use full tags (<?php ?>).
  7. Use proper naming conventions for variables & functions.

    • Use proper , meaningful names while declaring variables,functions and classes.This will help you and a fellow co-worker to understand your code.
  8. Keep Commenting the code.

    • Aside from using white space and indentations to separate the code, you’ll also want to use inline comments to annotate your code. You’ll thank yourself later when you’re needing to go back and find something in the code, or if you just can’t remember what a certain function did. It’s also useful for anyone else who needs to look over your code.
  9. Try a PHP framework.

    • A framework will definitely teach you valuable programming concepts(separating logic from design etc).
    • PHP framework like CodeIgniter or CakePHP allows you to quickly create an application.
    • You can learn a lot about PHP using PHP frameworks.
  10. Install LAMP or WAMP or MAMP.

    • MySQL is the most popular database when developing PHP application.
    • Installing MySQL will be a tedious job.
    • However installing LAMP(Linux) or WAMP(Windows) or MAMP (Mac) will save your time as that will install all required things to develop a PHP application.
    • Here the first character stands for their respective OS followed by AMP which stands for Apache,MySQL and PHP.
  11. Use OOPS.

    • OOPS reduces code repetition.
    • Also helps in easily modifying code in future.Just change at one place and will be applied at all required places.
  12. Understand difference between single and double quotes.

    • Often Developers use double quotes as they are more adapted to it.
    • However it is recommended use single quotes wherever possible.
    • It is more efficient to use single quotes in strings as the parser doesn’t have to sift through the code to look for escaped characters and other things that double quotes allow.
  13. Don’t put phpinfo() in webroot.

    • phpinfo() is a wonderful thing.Just by entering this simple function it displays all details of your server environment.
    • However a lot of beginners put the file with phpinfo() on webroot.
    • This is damn insecure as if accessed by an hacker can possibly result into your sever getting down.
    • Make sure phpinfo() is at a secured place.As an extra measure delete the file when you are done with it.
  14. Never trust your users.

    • If your application has places for user input, you should always assume that they’re going to try to input naughty code.
    • We’re not implying that your users are bad people. It’s just a good mindset.
    • A great way to keep your site hacker-free is to always initialize your variables to safeguard your site from XSS attacks.
  15. Only store encrypted passwords into databases.

    • Many programmers directly inserts sensitive information like passwords into databases.
    • Consider using md5 before storing sensitive information.
  16. Protect your script from SQL Injection.

    • If you don’t escape your characters used in SQL strings, your code is vulnerable to SQL injections. You can avoid this by either using the mysql_real_escape_string, or by using prepared statements.
    • Here’s an example of mysql_real_escape_string in action:
      $username = mysql_real_escape_string( $GET[‘username’] );or prepared statement$id = $_GET[‘id’];
      $statement = $connection->prepare( “SELECT * FROM tbl_members WHERE id = ?” );
      $statement->bind_param( “i”, $id );

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s