47 lines
1.1 KiB
Markdown
47 lines
1.1 KiB
Markdown
### PHP Best Practices
|
|
|
|
#### Code Style
|
|
- Follow PSR-12 coding standard
|
|
- Use strict types: `declare(strict_types=1);`
|
|
- Use type hints for parameters and return types
|
|
- Use Composer for dependency management
|
|
|
|
```php
|
|
<?php
|
|
declare(strict_types=1);
|
|
|
|
// GOOD: Typed, modern PHP
|
|
class UserService
|
|
{
|
|
public function __construct(
|
|
private readonly UserRepository $repository
|
|
) {}
|
|
|
|
public function findUser(string $id): ?User
|
|
{
|
|
return $this->repository->find($id);
|
|
}
|
|
}
|
|
```
|
|
|
|
#### Error Handling
|
|
- Use exceptions for error handling
|
|
- Create custom exception classes
|
|
- Never suppress errors with `@`
|
|
|
|
#### Security
|
|
- Use PDO with prepared statements (never string interpolation)
|
|
- Use `password_hash()` and `password_verify()` for passwords
|
|
- Validate and sanitize all user input
|
|
- Use CSRF tokens for forms
|
|
- Set secure cookie flags
|
|
|
|
```php
|
|
// GOOD: Prepared statement
|
|
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = :id');
|
|
$stmt->execute(['id' => $id]);
|
|
|
|
// BAD: SQL injection vulnerability
|
|
$result = $pdo->query("SELECT * FROM users WHERE id = '$id'");
|
|
```
|