1. Use PHP Core
Functions and Classes
If you’re trying to do
something that seems fairly common, chances are, there’s already a PHP function
or class that you can take advantage of. Always check out thePHP manual before
creating your own functions. There’s no need to create a function to remove the
white space at the beginning and at the end of a string when you can just use
the trim() function. Why build an XML parser for RSS feeds when you can
take advantage of PHP’s XML Parser functions (such as xml_parse_into_struct)?
2. Create a
Configuration File
Instead of having your
database connection settings scattered everywhere, why not just create one
master file that contains its settings, and then include it in your PHP
scripts? If you need to change details later on, you can do it in one file
instead of several files. This is also very useful when you need to use other
constants and functions throughout multiple scripts.
Using a config file is a popular web application pattern that makes your code more
modular and easier to maintain.
3. Always Sanitize Data
That Will Go into Your Database
SQL injections are
more common that you may think, and unless you want a big headache later on,
sanitizing your database inputs is the only way to get rid of the problem. The
first thing you should do is learn about popular ways your app can be
compromised and get a good understanding of what SQL injections are; read about examples of SQL injection attacks and check out this SQL injection cheat sheet.
Luckily, there’s a PHP
function that can help make a big heap of the problem go away:mysql_real_escape_string. mysql_real_escape_string will
take a regular string (learn about data types through this PHP variables guide)
and sanitize it for you. If you use the function together with htmlspecialchars, which converts reserved
HTML characters (like <script> becomes <script>), not
only will your database be protected, but you’ll also safeguard your app
against cross-site scripting (XSS) attacks when rendering
user-submitted HTML (such as those posted in comments or forum threads).
4. Leave Error Reporting
Turned On in Development Stage
Looking at the PHP White Screen of Death is never helpful except for knowing something is definitely
wrong. When building your application, leave error_reportingand display_errors turned
on to see run-time errors that will help you quickly identify where errors are
coming from.
You can set up these
run-time configurations in your server’s php.ini file
or, if you don’t have access to override the directives in this file, set them
on top of your PHP scripts (using the ini_set() function to set display_errors to 1, but it has its limitations when done this
way).
The reason behind turning
on error reporting is quite simple — the sooner you know about your errors, the
faster you can fix them. You might not care about the warning messages that PHP
might give you, but even those usually signal towards a memory-related issue
that you can take care of. When you’re done building out your application, turn error_reporting and display_errors off or
set their values to a production-ready level.
5. Don’t Over-Comment
Your Code
Proper documentation of
your code through comments in your scripts is definitely a good practice, but
is it really necessary to comment every single line? Probably not. Comment the
complicated parts of your source code so that when you revisit it later you’ll
quickly remember what’s going, but don’t comment simple things such as your
MySQL connection code. Good code is self-explanatory most of the time.
Good Example of Commenting
<?php
/* CONNECT TO THE DATABASE */
$hostname = "localhost";
$username = "";
$password = "";
$dbname = "";
$connectionStatus = mysql_connect($hostname,
$username, $password) or die(mysql_error());
$selectionStatus = mysql_select_db($dbname) or
die(mysql_error());
/* END DATABASE CONNECTION */
?>
Bad Example of Commenting
<?php
/* DEFINE THE CONNECTION VARIABLES */
$hostname = "localhost"; // Hostname
$username = ""; // Username
$password = ""; // Password
$dbname = ""; // Database name
// Connect to the database or display an error
$connectionStatus = mysql_connect($hostname,
$username, $password) or die(mysql_error());
// Select our database here
$selectionStatus = mysql_select_db($dbname)
or die(mysql_error());
?>
6. Keep Favorite Code
Snippets Handy
You’ll be coding a lot of
the same things throughout your PHP development career, and keeping code
snippets always available will help you save a lot of time. There are several
apps that can keep and sync your code snippet collection for you, so no matter
where you are, you can always have your snippets available. Some apps you can
use to corral your code snippets are Snippet, snippely, Code Collector, and Snipplr(web-based).
Most integrated
development environments (IDEs) such as Eclipse (which can store code
templates) and Dreamweaver (via the Snippets Panel) may have built-in features
for storing code snippets.
Even a simple and
well-organized directory called snippets that
contain text files (or PHP scripts) — and possibly synced in the cloud using an
app like Dropbox if you
use multiple computers — can do the trick.
7. Use a Good Source
Editor to Save You Time
Your editor is where
you’ll spend the majority of your time, so you want to use something that helps
you save time. Syntax highlighting is a must and definitely something you
should be looking for as a software feature. Other bonuses include code
hinting, code navigation and built-in debugging tools. All of these features
can end up saving you massive amounts of time. An example of a source code
editor/IDE for PHP is phpDesigner.
Take the time to get
familiar with your source code editor’s features by reading the documentation
and reading tutorials online. A bit of time investment in this arena can really
streamline your coding workflow.
Check out this list of source code editors for
developers as well
as this list of free text editors for coders to discover popular code-editing applications.
8. Use a MySQL
Administration Tool (Like phpMyAdmin)
I know some crazy
hard-core developers who like working with MySQL (the popularDatabase Management System pairing for PHP) via command line, which, to me, is inefficient
and just, well, crazy. It’s a good thing to know how to administer your MySQL
database using mysqladmin, but
afterwards, you should use a graphical user interface like phpMyAdmin to speed up database development and administration.
phpMyAdmin, in
particular, is an excellent open source database viewer/manager that allows you
to view your MySQL databases graphically so that you don’t have to waste time
doing things via the command line. You can quickly build databases and their
tables, export your databases into SQL files, run SQL queries, optimize tables,
check for issues, create MySQL database users and set up their privileges
quickly, and much more. There is a good chance your web host already has
phpMyAdmin installed, and if not, it only takes minutes to install.
Check out this list of
the best MySQL database management
tools and
this list ofMySQL apps for alternatives to phpMyAdmin.
9. Use a PHP Framework
It took me a really long
time to accept the fact that using a web application development/rapid
application development framework would help me out. You have a small learning
curve in the beginning, and there will be a lot of reading to do to learn how the
API of the framework works, but you get amazing productivity and efficiency
benefits later. Using a framework forces you to use better web development
patterns that you might not be using right now.
Using a PHP framework
pays off big time when you have to share your code with others later on or when
you have to work together with someone; it gives you a standardized platform
for building web applications. I learned the importance of this the hard way
when I had to start hiring other developers.
10. Connect with Other
PHP Developers
You don’t know it all.
And even if you think you do, there are thousands of others out there that know
how to do something better than you do. Join a PHP community likePHPDeveloper and
interact with others. By connecting with other developers, you’ll learn better
ways of doing the things you’re currently doing.
