git-hardening/.crosslink/rules/php.md at main - git-hardening - ```gitea

florian/git-hardening

Public Access

Files

Flo 078d55982b chore: Add agentic coding tooling

2026-03-30 13:39:40 +02:00

1.1 KiB

Raw Permalink Blame History

PHP Best Practices

Code Style

Follow PSR-12 coding standard
Use strict types: declare(strict_types=1);
Use type hints for parameters and return types
Use Composer for dependency management

<?php
declare(strict_types=1);

// GOOD: Typed, modern PHP
class UserService
{
    public function __construct(
        private readonly UserRepository $repository
    ) {}

    public function findUser(string $id): ?User
    {
        return $this->repository->find($id);
    }
}

Error Handling

Use exceptions for error handling
Create custom exception classes
Never suppress errors with @

Security

Use PDO with prepared statements (never string interpolation)
Use password_hash() and password_verify() for passwords
Validate and sanitize all user input
Use CSRF tokens for forms
Set secure cookie flags

// GOOD: Prepared statement
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = :id');
$stmt->execute(['id' => $id]);

// BAD: SQL injection vulnerability
$result = $pdo->query("SELECT * FROM users WHERE id = '$id'");