Skip to content

Recommended coding practices

Jump to bottom Edit New page
zenmiu edited this page Aug 5, 2011 · 2 revisions

Test addresses

Required:

For all test URL and e-mail addresses, use "example.com", "example.org" and "example.net".

Example:

HTTP_*_VARS

Required:

Using $HTTP_*_VARS is not allowed [REQ.PHP.3.13.1].

E_STRICT compatibility

Required:

PHP code must be E_STRICT compatible. That means that it must not report any system warnings (E_WARNING, E_USER_WARNING), notices (E_NOTICE, E_USER_NOTICE) or errors (E_STRICT), when the error reporting level in PHP is set to E_ALL | E_STRICT.

Strict typification of input data

Required:

All data coming to the input of the software and used as variables of a certain type must be explicitly cast to the desired type.

Entering data in browser

Required:

All data sent to browser must undergo the procedure of converting special characters to HTML code, which can be displayed in browser only.

Restricting write access to file using software

Required:

  1. All operations related to writing or deleting files must always be checked to prevent the modification of files outside the root directory of the software.
  2. Within the root directory of the software, writing and deleting files may be allowed only in the directories, used by the software for such purposes.
  3. Types of files being written or deleted must undergo a strict control to prevent editing the files, necessary for the proper operation of the software.

Naming constants

Constant names are recommended to begin with a noun that describes the constant. Parts of a name follow in a decreasing order of their informativeness. For example, instead of NEW_STATUS_OF_ORDER, it is recommended to use ORDER_STATUS_NEW or STATUS_NEW. If there is a group of constants with a similar purpose (e.g., order statuses), they all must have the same format and begin with the same word.

Example:

/**
* Order statuses
*/
const STATUS_NEW    = 'T';
const STATUS_QUEUED = 'Q';
const STATUS_FAILED = 'F';

Return values

If the purpose of a method is to find a certain object and return it, but that object is not found, the method must return null, and the code that receives the result from such method must properly handle that case.

If the purpose of a method is to find a multitude of objects and return them as an array, but none of the objects is found, the method must return an empty array, and the code that receives the result from such method must regard to that case.

Add a custom footer
Add a custom sidebar
Clone this wiki locally