

Show HN: PHP Best Practices, a short guide for common and confusing PHP tasks - acabal
http://phpbestpractices.org

======
acabal
Hi HN! I'm the author. I've spent a lot of time writing PHP, and one thing
that always struck me was that PHP often has many different ways of
approaching what should be simple tasks. Some ways are clearly flawed, but can
still be found in online tutorials. Database access for example: there's at
least 3 different libraries you can use to connect to a MySQL server. Which
one should a newbie pick, and which one is "best"?

I wanted to compile a guide containing what can be considered the best ways of
approaching such problems, with basic examples and links to follow-up reading.

If anyone has suggestions or corrections, please drop me a line! Contact info
is in the page.

~~~
koopajah
Love the idea and I think it's a great resource to centralize most common
solution like using phpass to hash/salt passwords to avoid people reinventing
the wheel all the time.

Could you elaborate on why you chose PDO over MySQLi to interact with MySQL?
Especially with all the "specific things to do for it to work properly" at the
end of the section?

The email address validation is also a great section, everyone tries to
rewrite its own and fails or forgets to handle cases (such as '+' in first
part). I think it would be great to show other filters examples instead of
providing a link to the documentation, like how to sanitize a username entry
for example?

Another interesting section would be how to handle errors properly, like the
use of trigger_error(), set_error_handler() or exceptions. Seems that a lot of
people are also doing their own logging/debugging/reporting system not knowing
where to start?

~~~
koopajah
Another point is the utf8_encode() and utf8_decode() functions whose names are
misleading as they only handle conversion to/from ISO-8859-1. A section on te
proper use of iconv() with examples could really be useful no?

------
Udo
<?= ?> is perfectly fine, and I believe Rasmus Lerdorf said several times it
would continue to be supported by default settings (whereas <? ?> is being
phased out, and rightly so).

That means there is no need to go and tell people to convert all their <?= ?>
into <?php print() ?>.

~~~
vhf
Yep, since PHP 5.4.0

Source here : <http://www.php.net/manual/en/ini.core.php#ini.short-open-tag>

------
jfaucett
hey good post :)

I got a few tidbits to add.

"if you ever plan on deploying your PHP to a server whose configuration you
can't control, then you should always use <?php ?>." I would change that to
"always use <?php ?>", if you do you're safe, otherwise you can run into
problems (as I have).

its a matter of opinion but I would recommend SwiftMailer over phpmailer.

And lastly, I would definately put namespacing and code organization in here
somewhere, like PSR [https://github.com/php-fig/fig-
standards/blob/master/accepte...](https://github.com/php-fig/fig-
standards/blob/master/accepted/PSR-0.md)

liked the article!

------
pytrin
There's a similar site that launched a while ago that is really good -
<http://www.phptherightway.com/>

