Jump to content

Recommended Posts

Hi

 

I am looking to develop a public facing website and would like some good practice info on php, what you should and shouldnt do and which way to do things, e.g. for security and efficiency, etc.

 

I have read through the PHP security guide from the PHP Security Consortium and was really good, does any one have any more info like this regarding PHP and general good practice

 

Thank you

Link to comment
https://forums.phpfreaks.com/topic/234846-php-coding-good-practice-info/
Share on other sites

Utilize comments throughout your code.

Comments can be very helpful when editing the code down the road. I don't know how many time I've come across code and thought "OK, what was I doing here?" Comments also make it easier for others to understand your code if the website gets turned over to someone else.

 

 

Take care with naming your variables, database tables, filenames, etc.

Let's say you wanted to name something class. If you every need to search for all mentions of "class", you'll likely get a lot of bad matches. Especially since the class attribute is commonly utilized if you're using CSS.

 

 

Don't be afraid to ask for help.

PHP Freaks is an excellent resource if you have any questions.

Hi

 

I am looking to develop a public facing website and would like some good practice info on php, what you should and shouldnt do and which way to do things, e.g. for security and efficiency, etc.

 

I have read through the PHP security guide from the PHP Security Consortium and was really good, does any one have any more info like this regarding PHP and general good practice

 

Thank you

 

Do you have any specific questions?  Or anything you're lacking confidence in?

 

Good rule to follow: never use the 'global' keyword.

Do you have any specific questions?  Or anything you're lacking confidence in?

 

Good rule to follow: never use the 'global' keyword.

 

 

Was just looking for generic should know stuff.

 

Had a question around mysql queries, one of the things I have to implement is to log all access attemps to an audit table within the database.

 

So from the login page the php will run 2 queries, one checking (selecting) the details against the ones in the database and also at the same time logging them details (username, attempt time, ip address and authentication result).

 

The only way I can see to do this is to have multiple mysql_query()'s happening.

 

Is this ok to do or is there a better way of doing this?

 

Thanks you for all the replies! Will all come in handy

there are probably ways to combine the queries...but i would use two as to not confuse one from the other

 

Ok thanks.

 

Also what about mysql_connect(), should i open a connection at the top of each page or open and close in each function?

 

I have read that once the page has loaded any way that the connection ends?

What about sessions?

 

My idea is that when someone logs in it keeps there details in a session, which will be used for queries.

 

e.g.

 

username so when I select i can use the username from the session in the where clause.

 

What about storing passwords (Salted and md5 hash) in a session, should I be doing this?

 

And is it ok to pass user details like the above into my custom functions e.g.

 

function getDetails($username, $password)
{
       .............................
}

I can really recommend a little booklet by Chriss Shiflett.

http://www.amazon.com/Essential-PHP-Security-ebook/dp/B0026OR358/ref=sr_1_6?ie=UTF8&qid=1303986860&sr=8-6

 

It's a book abut php and security. worth the read!

I can really recommend a little booklet by Chriss Shiflett.

http://www.amazon.com/Essential-PHP-Security-ebook/dp/B0026OR358/ref=sr_1_6?ie=UTF8&qid=1303986860&sr=8-6

 

It's a book abut php and security. worth the read!

 

Thanks!

 

Have ordered it, will give it a read :)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.