PHP is probably the most popular web development language right now. At least 20 million domains use PHP and it’s the language used on major sites such as Wikipedia and Facebook as well as in some of the world’s biggest open source projects like WordPress and Drupal.
In this article, I’ll share with you ten things I wish I was told when I was just getting started with PHP development, and I’m hoping you’ll be able to learn a thing or two if you’re just taking your first steps into this awesome web development language.
If you’re trying to do something that seems fairly common, chances are, there’s already a PHP function or class that you can take advantage of. Always check out the PHP manual before creating your own functions. There’s no need to create a function to remove the white space at the beginning and at the end of a string when you can just use the
trim() function. Why build an XML parser for RSS feeds when you can take advantage of PHP’s XML Parser functions (such as
Instead of having your database connection settings scattered everywhere, why not just create one master file that contains its settings, and then include it in your PHP scripts? If you need to change details later on, you can do it in one file instead of several files. This is also very useful when you need to use other constants and functions throughout multiple scripts.
Using a config file is a popular web application pattern that makes your code more modular and easier to maintain.
SQL injections are more common that you may think, and unless you want a big headache later on, sanitizing your database inputs is the only way to get rid of the problem. The first thing you should do is learn about popular ways your app can be compromised and get a good understanding of what SQL injections are; read about examples of SQL injection attacks and check out this SQL injection cheat sheet.
Luckily, there’s a PHP function that can help make a big heap of the problem go away:
mysql_real_escape_string will take a regular string (learn about data types through this PHP variables guide) and sanitize it for you. If you use the function together with
htmlspecialchars, which converts reserved HTML characters (like
<script>), not only will your database be protected, but you’ll also safeguard your app against cross-site scripting (XSS) attacks when rendering user-submitted HTML (such as those posted in comments or forum threads).
Looking at the PHP White Screen of Death is never helpful except for knowing something is definitely wrong. When building your application, leave
display_errors turned on to see run-time errors that will help you quickly identify where errors are coming from.
You can set up these run-time configurations in your server’s php.ini file or, if you don’t have access to override the directives in this file, set them on top of your PHP scripts (using the
ini_set() function to set
display_errors to 1, but it has its limitations when done this way).
The reason behind turning on error reporting is quite simple — the sooner you know about your errors, the faster you can fix them. You might not care about the warning messages that PHP might give you, but even those usually signal towards a memory-related issue that you can take care of. When you’re done building out your application, turn
display_errors off or set their values to a production-ready level.
Proper documentation of your code through comments in your scripts is definitely a good practice, but is it really necessary to comment every single line? Probably not. Comment the complicated parts of your source code so that when you revisit it later you’ll quickly remember what’s going, but don’t comment simple things such as your MySQL connection code. Good code is self-explanatory most of the time.
<?php /* CONNECT TO THE DATABASE */ $hostname = "localhost"; $username = ""; $password = ""; $dbname = ""; $connectionStatus = mysql_connect($hostname, $username, $password) or die(mysql_error()); $selectionStatus = mysql_select_db($dbname) or die(mysql_error()); /* END DATABASE CONNECTION */ ?>
<?php /* DEFINE THE CONNECTION VARIABLES */ $hostname = "localhost"; // Hostname $username = ""; // Username $password = ""; // Password $dbname = ""; // Database name // Connect to the database or display an error $connectionStatus = mysql_connect($hostname, $username, $password) or die(mysql_error()); // Select our database here $selectionStatus = mysql_select_db($dbname) or die(mysql_error()); ?>
You’ll be coding a lot of the same things throughout your PHP development career, and keeping code snippets always available will help you save a lot of time. There are several apps that can keep and sync your code snippet collection for you, so no matter where you are, you can always have your snippets available. Some apps you can use to corral your code snippets are Snippet, snippely, Code Collector, and Snipplr (web-based).
Most integrated development environments (IDEs) such as Eclipse (which can store code templates) and Dreamweaver (via the Snippets Panel) may have built-in features for storing code snippets.
Even a simple and well-organized directory called snippets that contain text files (or PHP scripts) — and possibly synced in the cloud using an app like Dropbox if you use multiple computers — can do the trick.
Your editor is where you’ll spend the majority of your time, so you want to use something that helps you save time. Syntax highlighting is a must and definitely something you should be looking for as a software feature. Other bonuses include code hinting, code navigation and built-in debugging tools. All of these features can end up saving you massive amounts of time. An example of a source code editor/IDE for PHP is phpDesigner.
Take the time to get familiar with your source code editor’s features by reading the documentation and reading tutorials online. A bit of time investment in this arena can really streamline your coding workflow.
I know some crazy hard-core developers who like working with MySQL (the popular Database Management System pairing for PHP) via command line, which, to me, is inefficient and just, well, crazy. It’s a good thing to know how to administer your MySQL database using mysqladmin, but afterwards, you should use a graphical user interface like phpMyAdmin to speed up database development and administration.
phpMyAdmin, in particular, is an excellent open source database viewer/manager that allows you to view your MySQL databases graphically so that you don’t have to waste time doing things via the command line. You can quickly build databases and their tables, export your databases into SQL files, run SQL queries, optimize tables, check for issues, create MySQL database users and set up their privileges quickly, and much more. There is a good chance your web host already has phpMyAdmin installed, and if not, it only takes minutes to install.
It took me a really long time to accept the fact that using a web application development/rapid application development framework would help me out. You have a small learning curve in the beginning, and there will be a lot of reading to do to learn how the API of the framework works, but you get amazing productivity and efficiency benefits later. Using a framework forces you to use better web development patterns that you might not be using right now.
Using a PHP framework pays off big time when you have to share your code with others later on or when you have to work together with someone; it gives you a standardized platform for building web applications. I learned the importance of this the hard way when I had to start hiring other developers.
You don’t know it all. And even if you think you do, there are thousands of others out there that know how to do something better than you do. Join a PHP community like PHPDeveloper and interact with others. By connecting with other developers, you’ll learn better ways of doing the things you’re currently doing.