Contact us

Guideline PHP

Guideline PHP

Setup your server

To be sure to know what’s going on with your application you need to be sure to see all the errors.
For example if you try to echo a variable and this variable doesn’t exist, you should get a warning.
Do not disable the error reporting to fix your problems 😉
Always work in development with the following settings inside your php.ini:
Make sure error_reporting = -1 (which is E_ALL or E_ALL | E_STRICT regarding your PHP version)
And also make sure that display_errors = On

Organize your codes

We always work with MVC frameworks. Which are for now CodeIgniter and Zend.
Please always respect the the MVC architecture.
Your controllers are here to “control” the data calling the models and send a result to the views.

Get the data
Always use the appropriated method to access POST or GET values
Don’t directly use $_POST, always use the appropriated method to access POST or GET values
NEVER use $_REQUEST which is unreliable!

Format the data
Use arrays as much as possible. It would be easier to extends the functionalities later
But avoid multi index levels like : $data[$i][$u][$v] Nobody likes headache… There is always a better/easier way.
Use a comma for the last record in case you add a new one after.

Use your model
Try to use your models as much as possible. Remove all the database manipulation and business logic from the controller.

Return a result
Do not use html inside your controller!
HTML is for the view so take the time to create your view and put the html inside.

function addUser()
{
    // Get the data from the view
    $name = $this->_getParam('user-name');

    // Format your data
    $params = array(
        'name'      =>  $name,
    'create_date'   =>  time(),
    );

    // Send to the model
    $id = $this->User->insert($params);

    // Return a result
    $this->view->user = $this->User->find($id);
}

The controllers

(CodeIgniter only) Be aware when you add a method. It can be used manually do not forget method are URLs, use protected or private methods.
Be aware about fat controllers! We always have the same issue at some point: our controllers get fat…
Why’s that? Because we didn’t use our models and our helpers carefully.
They both are here to help us to structure and make the code reusable.

Foreign inputs

Always use your Framework model’s methods to generate the SQL.
It will protect your query by escaping the input data.
If for a reasons you can’t use it, do not forget to sanitize your data by using (regarding the need):
filter_var, filter_input, …

Password

MD5 is not longer secure since a while now. We should never use it when we store the user’s passwords.
We use Bcrypt and we have a custom library that you need to implement in order to hash your passwords.

Read More

Please take the time to read the following documentations:
PHP The Right Way
Optimizing PHP