a) Go OOP
If you have not yet entered the realm of Object Oriented Programming, then you are at a disadvantage, and you are falling behind fast.
OOP is essentially a method of programming with the use of classes, or Objects, which tie like things together, remove the need for repetition of code and perform the basic tasks of production very simply. Objects are essentially classes that collect a bunch of functions together and wrap them in a wrapper that can be reused over and over again without the need to rewrite functionality or procedures every time you need to do something.
Procedural Programming works by following a routine from the top to the bottom of each page as the server reads every file on your server. With OOP, there could be one or two objects being instantiated, which, in turn could instantiate a few, a hundred or a thousand other objects which could all perform certain tasks depending on variables passed into the objects. OOP is faster, simpler, easier to debug, uses less server resources, less code, is faster loading and more logical to work with once you figure out the basic principles. Go OOP – It changed my development style forever.
b) Stay Away from Anything Ending With _once()
We all know that include() simply gives us a warning if it fails, while require() kills the script with a fatal error when it fails. What we don’t forget is that include_once() and require_once() is extremely hard on server resources. There is nothing we can do about it, it’s how PHP is set up. Just remember that these things kill your server resources, specially on a huge framework, and if you plan your code properly you won’t even need it anyway.
c) Develop With Error Reporting On
The very first thing you do when starting a new project is to turn error reporting to E_ALL, and you should only turn it off ten seconds before going to production mode. I do this with every project that I build and there is nothing better than running a project in full production mode and not even getting one error. Besides that, with error reporting on, you pick up any small errors that will eventually grow up to bite you in the… well, you get my point.
d) Use A Framework If You Need One
Ok, so Rasmus Lerdorf says you shouldn’t use a framework because he could quite conclusively prove that a framework is much slower than normal PHP code when it came to printing a simple “Hello World” application. Two things to mention here though: you are not Rasmus Lerdorf and I bet you won’t be building a “Hello World” application every time you program something. Frameworks that help you do the tedious things can help, although you will have to learn how the frameworks function first in order to make things simple, but that’s the only real trade-off. Plus you stand less chance of writing bad code when someone else has written most of it for you, but let’s pretend I didn’t say that.
e) Use PHP’s Inbuilt Functions
Ok, you want to count the amount of keys in an array? You can loop through the array and simply increment a value for each iteration, right? Or you can just use the built in PHP function count(), which does just what it should. PHP has many built-in functions that can do what you need them to, so check out the manual to make sure you are doing it in the best way possible.
f) Protect Your Database
The best and safest way is to use mysql_real_escape_string() for all database before it is added to the database. This function makes all strings safe in terms of quotes and other functions that can harm your database or contain malicious code, so use it to be sure you have taken the first step against protection of your data. Another thing you can do is validate all POST and GET strings, never use $_REQUEST, and make sure all form submitted data is of the right type and value before adding it to a database query.
g) Use POST Not GET
Ok, this isn’t always possible, but when its really not necessary, don’t use GET, use POST. The reason is simple – GET is simple to emulate, all I need to do is add something to my address bar and I can hack your project. Obviously GET is the easy way to do pagination and permalinks, but when using form submission especially, stay with POST, it’s safer.
h) Draw Before You Code
A good practice to get into is to wireframe your projects, even if you are just scribbling a few notes on a piece of paper. It is very important to actually give the mechanics of you application some thought before sitting down to start coding,
– See more at: http://www.nextstepwebsolution.com/tips-for-php-developer