I dont know any free online best practice docs (other than the
function comments) that sum it all up nicely.

But best practices are like coding standards; there are at least a few
that are (near-)equals.

Personally, the basis of my current coding style is as such:

- hungarianCasingConventionWithAbbreviationsWTFlikeSo

- almost always short names for variables in simple code < 40 lines

- almost always longer and descriptive names for more complicated code.

- usually short comments: explanations for noobs (to problem area)
- the rest of the "commenting" is done by the code using descriptive
var & function names
(last 3 points makes for "self-documented code")

- consolidate all logic in the script, so use specific sets
(_POST/_GET) rather than generic sets (_REQUEST)

- document it in script if behaviour is dependent on outside sources
(like php.ini)

- use of "config.php" in project rootdir to set DEFINE()s and any
global variables.

- use of for database abstraction.

- use a standarized directory structure for all php projects;
/project/.htaccess - RewriteRule -> php scripts
 /project/php - all php scripts
 /project/js - all javascript, including .js.php
 /project/lib/component-x.y.z/ - all 3rd party libraries, regardless
of language, x.y.z=versionnum
 /project/sql - sql init / maintenance scripts
(possibly) /project/theme/themeName/many.css(.php)
 (or:) /project/css/some.css(.php)
(possibly:) /project/admin/

- use of an error handler that knows when to mail errors to developer,
when to print errs in browser and when not to, etc.
a "proper error handler". mine is still evolving.

- use of a standard debug output lib, called by a function that checks
config.php for a DEBUG_MODE define. prevents production machines from
showing debug info.
plug: my free is kinda nice.

- push all input into DB through functions that prevent SQL insertion
(at least a filter through mysql_real_escape) and HTML/js/flash/etc
insertions (harder).

- an authentication scheme that can be called with simple functions,
but which also does checks on whether or not the IP that started the
session is the same as the IP making a request on a certain session.
- calling of the authentication scheme by nearly all scripts

- in any lenghty operation, design for continuation of the operation
when a given item fails.
example from OS file copiers: it stops when it needs to ask a
question. i rather design to "keep going", log all items that require
user interaction, and let the user deal with them when he/she has

there's probably more that would make it into my best practices list,
but i'm gonna leave it at this for now..

On Mon, Mar 1, 2010 at 9:48 PM, Hansen, Mike <> wrote:
> Is there a PHP Best Practices Book, Document, or web site that has 
> information similar to Perl Best Practices but for PHP?
> --
> PHP General Mailing List (
> To unsubscribe, visit:

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to