Posts

PHP Best Practices That You Must Follow

PHP is the most widely-used language for programming on the web. There are many beginners or even experienced PHP developers who don’t bother to follow the best practices of the language, either unintentionally or intentionally. And it’s really very difficult for anybody to get hold of the best practices overnight. So I am listing some of the best practices for php programmer below:

Follow the PHP Manual 

If you’re  a beginner PHP programmer, then you should get yourself acquainted with PHP manual. The PHP manual is incredibly thorough and has truly helpful comments following each article. To save your precious time you should directly go to PHP manual before trying to figure out an issue on your own. There are very high chances that the answer to your question is already nestled in a helpful article at the PHP.net site.

Document your Code

It is very important to maintain proper documentation of your code. It’s really very unfortunate seeing some beginners or even seasoned programmers not focusing on writing meaningful comments to their codes just because they are too lazy. Proper documentation help others to understand your code better, and remember what you have written when you review it in the future.

Maintain Proper Coding Standard

It is very important to maintain a proper coding standard. It can be a painful problem if more than one programmer is working on the same project, and they are using different coding standards. In such a case the source code can become completely unmanageable. To solve such situations you need to maintain a proper coding standard, then it would be easier for others to debug your code and your joint projects will tend to be much more productive.

Avoid Using PHP Short Tags

Many programmers try to take shortcuts when declaring PHP. Here are a few common ones:

All these methods have been officially depreciated  and they are never coming back. Moreover this malpractice can cause conflicts with XML parsers and can also make your code incompatible with future versions of PHP.

Variable and Function Names Must be Meaningful

Always use proper naming standard and avoid using generic and un-meaningful names everywhere. Using generic and un-meaningful names is not a good practice at all, and you must not follow it in any way. Your variable and function names must always by meaningful and grammatically sensible and try to make the good habit of separating every word with underscores. And also try to be consistent with the standard you are following so that other people can get to understand your convention quickly and easily.

If you just have a simple string to display, then always go for single quotes. But if you are going to have variables and special characters like “n”, “t” in your string, then you must use double quotes which will get your string parsed by the PHP interpreter and will take more execution time than single quoted strings. So, make sure you understand the difference in their working nature and use them appropriately.

Don’t Use Functions Inside Loops

There are many programmers who tend to make the mistake of using functions inside of loops. If you are one of theme and if you are doing this intentionally and are ready to compromise performance just for the sake of saving a line of code, then you certainly need to think once again.

Bad Practice:

Good Practice

If you store the value returned by the function in a separate variable before the loop, then you would be saving enough execution time as in the first case the function will be called and executed every time the loop runs which can increase the time complexity of the program for large loops.

Turning on Error Reporting for Development Purposes

PHP error reporting is a very useful function, error_reporting() which can be used to spot various problems or errors in your PHP application during development. You’ll find bugs in your code that you might not have spotted earlier, as not all bugs keep the application from working. There are different levels of strictness in the reporting that you can use, but E_ALL will show you the most errors, critical and warnings alike.

There are various levels of error reporting available in PHP, like E_NOTICE, E_WARNING, E_PARSE, etc. but you can use E_ALL to report all kinds of errors. But always remember to disable error reporting when you are done with the development process of your code, so that your visitors don’t get scared with various unintelligible messages.

Indent Code and Use White Space for Better Readability

A code which is not properly indented will be very difficult to read and understand. Ensure that your code is readable and easy to search because you’ll most definitely be making changes in the future. IDE’s and advanced text editors can add indentation automatically.

Avoid Deep Nesting

Always try to avoid deep nesting levels in your code. It will make things very difficult for you when you need to debug your code. Try to use conditions as logically as possible to avoid unnecessary deep nesting. It is not only a very poor programming practice, but also can make your code look ugly enough to your fellow developers.

Don’t Put phpinfo() in you Webroot

By creating an PHP file and placing it somewhere on you server you can instantly get all the information about you r server environment.

 

But a lot of developers make the mistake of placing this file in the root directory of their server. This is a really insecure practice, and if prying eyes gain access, it could potentially spell doom for your server. The best idea is to delete this file whenever you are done with it. 

Store Passwords with Encryption

Many PHP programmers often save sensitive data like passwords into the database without applying any encryption. Consider using MD5 to encrypt passwords before you put them into the database.

There are various ways of storing password safely, like MD5, SHA1, MD4, MD2, Whirlpool, Salsa20, etc.

Protect your Script From SQL Injection

Your code is vulnerable to SQL injection if you don’t escape characters user in SQL strings. To avoid this you can use mysql_real_escape_string or prepared statements.

Example of mysql_real_escape_string in action:

Example of prepared statements:

Use Database Visualization Design Tools

If you’re finding it difficult to plan and modify databases for your PHP applications, you might look into using a database visualization tool. MySQL users can work with DBDesigner and MySQL Workbench to visually design your databases.

Try a PHP Framework

If you have become a pro PHP programmer then you should always try some PHP frameworks. There are lots of PHP frameworks available out there. Most of the PHP frameworks are designed on the basis of Model-View Controller (MVC) software architecture. Frameworks like CakePHP, CodeIgniter, Zend, Symfony can help you create some awesome PHP applications with ease.

Upgrade PHP

Many developers are reluctant enough to upgrade their PHP software in time. There are various performance improvements and feature additions in the newer versions of PHP. So there is absolutely no reason for you to avoid upgrading your PHP. There are some bug fixes and security improvements with almost every new release too. Check your server to make sure you’re up to date.