Wednesday, 4 September 2013

15+ PHP Best Practices That You Must Follow

The world of web development is becoming interesting and challenging with advanced technologies. With each passing day hundreds of web applications are being created and in this maddening race, a website needs to have a higher usability and more attractive UI and robust backend to stand out from the crowd. This is where a web programming language like PHP comes to your aid. Defined as a Hypertext Preprocessor, PHP is a dynamic language which explains the popularity that it enjoys among the developer's community around the world.


It is a server side scripting language which when combined with HTML and CSS forms a lethal combination delivering best robust websites. This server side characteristic allows you to easily design and develop dynamic webpages using PHP. Different genre of websites such as chatting platforms, ecommerce stores and CRM solutions can be developed using PHP. It is also used in all major social networking sites such as Facebook and Wikipedia. Even WordPress and Drupal have the PHP touch and are very much used worldwide for making customized websites. No wonder PHP web development is a promising sector and hundreds and thousands of talented programmers are working with this technology across the globe. 

A good programmer should follow the coding standards for programming in any technology. It is a vital factor for achieving a high code quality. A common customized style, naming conventions and other technical settings allow producing a homogeneous code which is easy to read and maintain. Equally important is the style in which certain problems are solved during programming - It shows the workmanship and experience of the individual developer which shines through and ultimately makes the difference between a technically ‘okay’ code and a well systematic, ‘mature’ code. 

Best Practices Followed in PHP
  • Befriend the PHP ManualFor aspirants in web development, the PHP manual is the best friend. Because it is thorough and gives helpful comments following each step to be followed in web development. Before figuring out errors or steps one should read the manual and save time for easy and quick solutions. 
  • Turn on Error Reporting : Error reporting in PHP is of great advantage. One can figure out the bugs in code earlier than before and can be aware of the working of an application. There are different levels of strictness in the reporting that one can use and  E_ALL command shows the most errors, be it critical and warnings alike. It is a feast to a programmer or a tester to detect errors and fix them.
  • Try an IDE : Integrated Development Environments are useful tools for any developer. They can help in many ways such as syntax highlighting, code completion, error warnings, refactoring (reworking) and many other ways. There are plenty of great IDEs out there that support PHP.
hire php developers

  • Try a PHP Framework: PHP Frameworks like CakePHP or CodeIgniter render PHP applications quickly, even if the developer is not an expert in PHP. It is a great way of increasing programming efficiency. The web world is full of several PHP frameworks which can be used as per the needs of the project. Hence PHP programmers have to decide which framework would suit and meet their best business requirement by evaluating the various unique features of the frameworks.
php development services

  • Learn the DRY Approach: DRY approach is nothing but Don’t Repeat Yourself and it’s a valuable programming concept which deals with not to write redundant code.
  • Indent Code and Use White Space for Readability: A developer needs to write a good readable code with proper indenting and makes use of white space. It ensures that a code is neatly organized and easy to search so that it can be referred to in future in case of change requests come up. IDEs and advanced text editors help in adding indentation automatically. Programmers use shortcuts unknowingly when declaring in PHP - For example, let’s take a look at the code snippet below. 
          <?

          echo"Hello world";
           ?>

          <?="Hello world";?>

          <% echo"Hello world"; %>

All of the above methods are depreciated and unofficial. Sticking with the standard <?php ?> as it will be guaranteed to be supported in all future versions. This simple malpractice can cause conflicts with XML parsers and can also make code incompatible with future versions of PHP. 
  • Use Meaningful, Consistent Naming Conventions : Naming conventions are very important in case of good programming practice. Help others by using names that make sense for classes and functions. One can easily understand what the code is about or for which database table the data is fetched; easy for the programmers who can deal with the code in future for maintenance and updates.
  • Comment, Comment, CommentA good programmer always gives comment for each line of code he or she writes. As they understand the importance of comments in the long run. White space and indentations have been used to separate the code; one also wants to use inline comments to annotate code. It is very useful to go back and find something in the code, or if what a certain function did. It’s very useful for every developer who needs to look over the code. Not sure how the code instead of keeping a comment on the code one must write the code formatting standards expressive with a good, because one can get confused with the semantic coding standards both in web design and PHP development.
  • Install MAMP/WAMP : MySQL is the most popular type of database to use with PHP. If you want to set up a local environment to develop and test your PHP applications on your computer, look into installing MAMP (Mac) or WAMP (Windows). Installing MySQL on computer can be a tedious process and can be installed in a clean and simple way.
php programmers

  • Upgrade to the Latest Version of PHP One should be aware of the advantages and new versions of PHP. There are lots of performance increases between PHP 4 and PHP 5. Check a server to make sure one is up to date with the new version and an application is compatible with the upgrades.
  • Reduce the Number of Database QueriesA good developer knows very well that database queries take lot of time to load the applications. With the lesser number of database queries executed the better a PHP code can perform. There are many tools such as Process Explorer (Windows) and Stace (Unix) that allow redundant processes.
  • Know the Difference Between Single and Double Quotes: It is more efficient to use single quotes in strings as the parser doesn’t have to sift through the code to look for escaped characters and other things that double quotes allow. It is always better to use single quotes whenever possible.
  • Give Scripts Limits : Putting a time limit on PHP scripts is a very critical thing. It is a time when scripts fail and to avoid that the set_time_limit function is used for database connection timeouts and infinite loops. The set_time_limit puts a time limit on the maximum number of seconds a script will run. After that time it throws a fatal error.
  • Don’t Put phpinfo() in your WebrootPhpinfo (http://us2.php.net/phpinfo)is a beautiful thing. By simply creating a PHP file that has
          < ? php phpinfo(); ? >

And dropping it onto the server somewhere could be dangerous; one can instantly get to know all information about the server. It is not good to drop a file containing phpinfo() in the webroot of the server. This is a really insecure practice and could  potentially spell doom for server. Make sure phpinfo() is in a secure spot and could    be removed after use.

  • Never, Ever Trust your Users: If an application has places for user input, one should always be prepared that they’re going to try to input naughty code. A great way to keep any website hacker-free is to always initialize variables to safeguard a website from XSS attacks (http://ha.ckers.org/xss.html). Therefore PHP.net has an example of a properly secured form- http://talks.php.net/show/php-best-practices/19
  • Store Passwords with Encryption : Good way of saving passwords in encrypted format in the database. Many programming newcommers often plunk sensitive data like passwords into the database without applying any encryption which is a faulty approach. 
php developers

Code is the foundation of any website and a framework catalyzes how to write beautiful code with aesthetics. Websites having bad coding style can lead to a mess in the near future. Good code is the first start to any search engine optimization and it is very important for a website template builders or new beginners who build one of their first sites. It’s too big of an investment for things to get screwed up, coded poorly or any number of possibilities. Since good coding is the foundation of any website with a strong web presence, establishing a secure and a classy website with clean, flawless code which goes much further than one thinks.

We provide PHP development services at Mindfire Solutions. If you would like to speak to one of our PHP programmers or you would like to hire PHP developers from us, please do reach out to us. We will be glad to assist.

3 comments:

  1. There are a few wrong things (and a few dangerous things) in this article.

    is not deprecated. In fact, the <?= tag is now on by default and always available in PHP 5.4+

    "A good programmer always gives comment for each line of code he or she writes." - This is NOT a good programming practice. Code should be written so that it's easy to understand, and comment should only be written to clarify why the developer did something. Descriptive variable names, function/method names, and docblocks are much better than commenting every line of code. Commenting every line of code is not a best practice.

    "Upgrade to the Latest Version of PHP" - If you are still on PHP 4 you have larger issues. This stands true, but any time I see something recommending upgrading from PHP 4 to PHP 5 is just a writing smell for me.

    "Know the Difference Between Single and Double Quotes" - This is a micro optimization, and if you are worrying about this you are worrying about the wrong things.

    "Store Passwords with Encryption" - No. Do not encrypt your passwords. HASH your passwords using a reliable and strong hashing algorithm. PHPass or ircmaxell's password_compat library are the proper way to do this. Hashing is not Encryption.

    "They have to use MD5 (http://us3.php.net/md5) to encrypt passwords into the database, which is a good protective way to keep data secure." - NO. NO. NO. DO NOT USE MD5 FOR PASSWORDS. Use a password library from above. If you MD5 your passwords, you aren't really doing anything to secure your passwords.

    ReplyDelete
  2. Thank you for the detailed feedback. I have done the necessary changes. Thanks you so much and look forward to your reviews in future as well.

    ReplyDelete
  3. I agree with dragonmantank and you did not change anything ...

    Telling people to use MD5 to store passwords is not a good practice!
    Please remove this from your post. One should not post such things on the internet anymore.

    ReplyDelete