10 Things You Can Do to Become a Better PHP DeveloperPHP is probably the most popular web development language right now. At least 20 million domains use PHP and it’s the language used on major sites such as Wikipedia and Facebook as well as in some of the world’s biggest open source projects like WordPress and Drupal.In this article, I’ll share with you ten things I wish I was told when I was just getting started with PHP development, and I’m hoping you’ll be able to learn a thing or two if you’re just taking your first steps into this awesome web development language.
1. USE PHP CORE FUNCTIONS AND CLASSESIf you’re trying to do something that seems fairly common, chances are, there’s already a PHP function or class that you can take advantage of. Always check out the PHP manual before creating your own functions. There’s no need to create a function to remove the white space at the beginning and at the end of a string when you can just use the
trim()function. Why build an XML parser for RSS feeds when you can take advantage of PHP’s XML Parser functions (such as
2. CREATE A CONFIGURATION FILEInstead of having your database connection settings scattered everywhere, why not just create one master file that contains its settings, and then include it in your PHP scripts? If you need to change details later on, you can do it in one file instead of several files. This is also very useful when you need to use other constants and functions throughout multiple scripts.Using a config file is a popular web application pattern that makes your code more modular and easier to maintain.
3. ALWAYS SANITIZE DATA THAT WILL GO INTO YOUR DATABASESQL injections are more common that you may think, and unless you want a big headache later on, sanitizing your database inputs is the only way to get rid of the problem. The first thing you should do is learn about popular ways your app can be compromised and get a good understanding of what SQL injections are; read about examples of SQL injection attacks and check out this SQL injection cheat sheet.Luckily, there’s a PHP function that can help make a big heap of the problem go away:
mysql_real_escape_stringwill take a regular string (learn about data types through this PHP variables guide) and sanitize it for you. If you use the function together with
htmlspecialchars, which converts reserved HTML characters (like
<script>), not only will your database be protected, but you’ll also safeguard your app against cross-site scripting (XSS) attacks when rendering user-submitted HTML (such as those posted in comments or forum threads).
4. LEAVE ERROR REPORTING TURNED ON IN DEVELOPMENT STAGELooking at the PHP White Screen of Death is never helpful except for knowing something is definitely wrong. When building your application, leave
display_errorsturned on to see run-time errors that will help you quickly identify where errors are coming from.You can set up these run-time configurations in your server’s php.ini file or, if you don’t have access to override the directives in this file, set them on top of your PHP scripts (using the
ini_set()function to set
display_errorsto 1, but it has its limitations when done this way).The reason behind turning on error reporting is quite simple — the sooner you know about your errors, the faster you can fix them. You might not care about the warning messages that PHP might give you, but even those usually signal towards a memory-related issue that you can take care of. When you’re done building out your application, turn
display_errorsoff or set their values to a production-ready level.
5. DON’T OVER-COMMENT YOUR CODEProper documentation of your code through comments in your scripts is definitely a good practice, but is it really necessary to comment every single line? Probably not. Comment the complicated parts of your source code so that when you revisit it later you’ll quickly remember what’s going, but don’t comment simple things such as your MySQL connection code. Good code is self-explanatory most of the time.
GOOD EXAMPLE OF COMMENTING
<?php /* CONNECT TO THE DATABASE */ $hostname = "localhost"; $username = ""; $password = ""; $dbname = ""; $connectionStatus = mysql_connect($hostname, $username, $password) or die(mysql_error()); $selectionStatus = mysql_select_db($dbname) or die(mysql_error()); /* END DATABASE CONNECTION */ ?>
BAD EXAMPLE OF COMMENTING
<?php /* DEFINE THE CONNECTION VARIABLES */ $hostname = "localhost"; // Hostname $username = ""; // Username $password = ""; // Password $dbname = ""; // Database name// Connect to the database or display an error $connectionStatus = mysql_connect($hostname, $username, $password) or die(mysql_error()); // Select our database here $selectionStatus = mysql_select_db($dbname) or die(mysql_error()); ?>