Best coding Practices – PHP

  1. Never put phpinfo() in the root directory
  2. Assignments in arrays may be aligned. When splitting array definitions onto several lines, the last value may also have a trailing comma.
  3. Never change extensions of the file on the server. So whenever you need to take a backup, make sure its extension remains .php like you can rename to index23-10-2014.php
  4. Use Salt encoding instead of simple md5.
  5. Never use too simple passwords like admin/admin123/password/123456
  6. Don’t place a zip file of your code on the root directory.
  7. Use Mysqli or PDO in general practice to prevent SQL injections.
  8. Use hidden codes in forms to prevent it from spamming or spoofing.
  9. Never left any extra files on FTP.
  10. Always add a random string in the uploaded image name.
  11. Don’t store any passwords or credentials on a server in the form of a text file.
  12. Always put mime type check on image uploads.
  13. Sanitize HTML input and output to prevent from XSS attack. Use htmlEntities() function for all get post data.
  14. Checking if a value is null or false. Use the === operator to check for null and boolean false values.
  15. Consider Memcache for caching in your projects
  16. Use phpmailer or any other mailing system instead of mail function.
  17. Do destructive testing to break the code as a part of the unit test.