PHP Best Practices                      Conventions, Documentation, SecurityNikolay KostovTechnical Trainerhttp://nikolay....
Summary Writing conventions Type safe code Exceptions, being E_STRICT Documentation Security Performance Deployment
Writing conventions (2) Can you read and understand your old code? Can others read your code?  Dont invent standards and...
Writing conventions (2) Name variables   camelCased, with first letter lower case Constants names should be ALL_CAPS_WIT...
Type safe coding PHP is   loosely typed   May lead to unexpected results and errors   Be careful when using normal comp...
Short open tags <?, <?=   and <% are being deprecated  <? is XML opening tag  <?= is complete invalid XML  <% is ASP s...
Exceptions Handling exceptions and warnings     is cool but dangerous  If exceptions are misused may lead to more   prob...
Being E_STRICT A lot of functions are being deprecated In PHP       5 using certain functions will raise E_STRICT error ...
Source Documentation phpDocumentor tags are similar   to Javadoc  Standard for generating documentation  Describes func...
Source Documentation Example of phpDocumentor tags/*** MyClass description** @category MyClasses* @package MyBaseClasses*...
Source Documentation    /*    * Easily return the value 1    *    * Call this function with whatever    * parameters you w...
Source Documentation Example how Zend utilizes the tags at runtime
Source Documentation   Tools can    generate    sophisticated    documentation    based on the    tags
Security   Never use variables that may not be initialized    if (valid($_POST[user], $_POST[pass]))         $login = tru...
Security Always hide errors and any output that may contain system information  Knowledge about paths and extensions may...
Security Check file access rights   No writeable and executable files should be    kept in the web root   No writeable ...
Security Always check for and turn off magic quotes   Use add_slashes and other escaping    functions   Pay special att...
Performance PHP internalfunction are much faster than user functions   Because they are inbuilt and coded in C   Read t...
Performance Simple optimizations save a lot time   Use echo with multiple parameters instead of    multiple calls or con...
Performance Keep objects and classes in limit   PHP 5 adds cool OO features   Each object consumes a lot memory   Meth...
Performance Most content is static   content   Always check your site with tools like YSlow and    IBM Page Detailer   ...
Performance Use mod_gzip    when you can afford it  Consumes a lot CPU, because it compresses the   data on the fly  Sa...
Performance Think about every regular expression     – do you need it?   Takes a lot of time because of the back trackin...
Design Patters Always check what is out there   PEAR, Zend Framework and others are proven    Issues have been cleared ...
Deployment NEVER edit files on a production server, live site or system   Use source repositories with versions and    d...
Deployment Never override files on the server   Use symlinls, create a separate directory with    the new files, link to...
PHP Best Practices    курсове и уроци по програмиране, уеб дизайн – безплатно     BG Coder - онлайн състезателна система -...
Free Trainings @ Telerik Academy “PHP & MySQL Web Design" course    academy.telerik.com/.../php-school-    academy-meetin...
Upcoming SlideShare
Loading in...5
×

16. PHP Best Practices - PHP and MySQL Web Development

15,033

Published on

Best Practices in PHP
Telerik Software Academy: http://academy.telerik.com/school-academy/meetings/details/2011/10/11/php-school-academy-meeting
The website and all video materials are in Bulgarian.

This lecture discusses the following topics:

Writing conventions
Type safe code
Exceptions, being E_STRICT
Documentation
Security
Performance
Deployment

Published in: Education, Technology
3 Comments
2 Likes
Statistics
Notes
No Downloads
Views
Total Views
15,033
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
265
Comments
3
Likes
2
Embeds 0
No embeds

No notes for slide

16. PHP Best Practices - PHP and MySQL Web Development

  1. 1. PHP Best Practices Conventions, Documentation, SecurityNikolay KostovTechnical Trainerhttp://nikolay.itTelerik Software Academyacademy.telerik.com
  2. 2. Summary Writing conventions Type safe code Exceptions, being E_STRICT Documentation Security Performance Deployment
  3. 3. Writing conventions (2) Can you read and understand your old code? Can others read your code?  Dont invent standards and conventions  Use established styles  Use naming conventions  Example: use PascalCaseClassNames  Consider converting underscores to slashes when packaging classes: Spreadsheets_Excel_Writer.php becomes Spreadsheets/Excel/Writer.php
  4. 4. Writing conventions (2) Name variables camelCased, with first letter lower case Constants names should be ALL_CAPS_WITH_UNDER_SCOPES Prefix private methods and properties of classes with an _underscope Use four spaces instead of tabs to indent the code  Keeps viewing consistent across viewers
  5. 5. Type safe coding PHP is loosely typed  May lead to unexpected results and errors  Be careful when using normal comparison operators  Replace with type-safe where needed  Use type casting and explicit type conversions
  6. 6. Short open tags <?, <?= and <% are being deprecated  <? is XML opening tag  <?= is complete invalid XML  <% is ASP style tag  If there is code in more than one language in one file, short open tags may lead to confusion of parsers  Use <?php instead
  7. 7. Exceptions Handling exceptions and warnings is cool but dangerous  If exceptions are misused may lead to more problems that solve  Use only when really needed  Exceptions may leak memory for ($i = 10000; $i > 0; $i –-) throw new Exception (I Leak Memory!);  The memory, allocated for the for-loop does not get freed
  8. 8. Being E_STRICT A lot of functions are being deprecated In PHP 5 using certain functions will raise E_STRICT error  In PHP 6 those will become E_FATAL Example:  Function is_a is deprecatedif (is_a($obj, FooClass)) $obj->foo();  Use instanceof insteadif ($obj instanceof FooClass)) $obj->foo();
  9. 9. Source Documentation phpDocumentor tags are similar to Javadoc  Standard for generating documentation  Describes functions and classes, parameters and return values  Tools use them to generate code-completion, technical documentation and others
  10. 10. Source Documentation Example of phpDocumentor tags/*** MyClass description** @category MyClasses* @package MyBaseClasses* @copyright Copyright © 2008 LockSoft* @license GPL**/class MyClass extends BaseClass { Follow to next page
  11. 11. Source Documentation /* * Easily return the value 1 * * Call this function with whatever * parameters you want – it will * always return 1 * * @param string $name The name parameter * @return int The return value ** / protected foo ($name) { return 1; }}
  12. 12. Source Documentation Example how Zend utilizes the tags at runtime
  13. 13. Source Documentation Tools can generate sophisticated documentation based on the tags
  14. 14. Security Never use variables that may not be initialized if (valid($_POST[user], $_POST[pass])) $login = true; if ($login) … Never trust the user input <form action="<?=$_GET[page]"> … require $_GET[action]..php;  Always be careful about the content of $_POST, $_GET, $_COOKIE  Use white list of possible values
  15. 15. Security Always hide errors and any output that may contain system information  Knowledge about paths and extensions may make it easier to exploit the system  Never leave phpinfo() calls  Turn off display_errors on deployment server  Turn off expose_php
  16. 16. Security Check file access rights  No writeable and executable files should be kept in the web root  No writeable PHP files  Disallow access to files that contain configuration on a file system level  Never give permission to OS accounts that do not need access
  17. 17. Security Always check for and turn off magic quotes  Use add_slashes and other escaping functions  Pay special attention to user input that goes into SQL statements  Consider using prepared statements Always check for and turn off register_globals
  18. 18. Performance PHP internalfunction are much faster than user functions  Because they are inbuilt and coded in C  Read the manual and check if you reinvent the wheel  If you have slow functions, consider writing them in C and adding them as extensions to PHP
  19. 19. Performance Simple optimizations save a lot time  Use echo with multiple parameters instead of multiple calls or concatenation echo Hello, $world;  Optimize loops for ($i = 0; $i < count($arr); $i++) for ($i = 0, $n = count($arr); $i<$n; ++$i)
  20. 20. Performance Keep objects and classes in limit  PHP 5 adds cool OO features  Each object consumes a lot memory  Method call and property access take twice more time than calling function and accessing variable  Do not implement classes for everything, consider using arrays  Dont split the methods too much
  21. 21. Performance Most content is static content  Always check your site with tools like YSlow and IBM Page Detailer  Apply caching for all the static content  Use Last-Modified for database content with the date of the record last update Consider using PHP optimizers  Compiles the code and uses it instead, until source file changes
  22. 22. Performance Use mod_gzip when you can afford it  Consumes a lot CPU, because it compresses the data on the fly  Saves up to 80% data transfer  Be careful – some browsers may have issues if some file formats are delivered with gzip compression  Example: Internet Explorer 6 and PDF
  23. 23. Performance Think about every regular expression – do you need it?  Takes a lot of time because of the back tracking  Use only when necessary  Check if it can be optimized with possessive operators and non-capturing groups  If the expression is simple, use ereg, instead of preg
  24. 24. Design Patters Always check what is out there  PEAR, Zend Framework and others are proven  Issues have been cleared  Object Oriented, slower Use standard architectures like MVC  Strip the database abstraction layer and object from the core logic and the view (the HTML files)
  25. 25. Deployment NEVER edit files on a production server, live site or system  Use source repositories with versions and deployment tags  When developing, use development server  Must match the production one  Even better – get a staging server that mimics the deployment environment  Deploy there for testers
  26. 26. Deployment Never override files on the server  Use symlinls, create a separate directory with the new files, link to it Never manually interact with the server  Write a script that deploys the files without human interaction Always run a second test on the deployed project
  27. 27. PHP Best Practices курсове и уроци по програмиране, уеб дизайн – безплатно BG Coder - онлайн състезателна система - online judge курсове и уроци по програмиране – Телерик академия форум програмиране, форум уеб дизайн уроци по програмиране и уеб дизайн за ученици ASP.NET курс - уеб програмиране, бази данни, C#, .NET, ASP.NET http://academy.telerik.com програмиране за деца – безплатни курсове и уроци ASP.NET MVC курс – HTML, SQL, C#, .NET, ASP.NET MVC безплатен SEO курс - оптимизация за търсачки алго академия – състезателно програмиране, състезаниякурсове и уроци по програмиране, книги – безплатно от Наков курс мобилни приложения с iPhone, Android, WP7, PhoneGap уроци по уеб дизайн, HTML, CSS, JavaScript, Photoshop Дончо Минков - сайт за програмиране free C# book, безплатна книга C#, книга Java, книга C# Николай Костов - блог за програмиране безплатен курс "Качествен програмен код" безплатен курс "Разработка на софтуер в cloud среда" C# курс, програмиране, безплатно
  28. 28. Free Trainings @ Telerik Academy “PHP & MySQL Web Design" course academy.telerik.com/.../php-school- academy-meeting Telerik Software Academy  academy.telerik.com Telerik Academy @ Facebook  facebook.com/TelerikAcademy Telerik Software Academy Forums  forums.academy.telerik.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×