PHP Best Practices


In this section we will list some of the best PHP practices you should consider adopting. PHP offers a lot of options and styles of writing your code. However, as your application grows and becomes more complex, following some good practices is a must if you want to have a maintainable and modern PHP coding or simply want to be a good PHP developer.

PHP setup

PHP version

Use the latest stable PHP version. In the time of this writing i.e PHP 7.1. You will be able to use great new features and have better performance. Using old versions can lead to security issues.

PHP extensions

For performance and security reasons a good practice is to disable extensions you will not need in your production environment.

Coding style

Coding standards

Use PSR-1 and PSR-2 coding standards.


Use short syntax for defining arrays:

$array = [
    "foo" => "bar",
    "bar" => "foo",

Ternary operator

In cases where you need to make a quick conditional check, there’s a ternary operator that can make your code cleaner and more readable.

Let’s assume you want to set the $discount based on the value of the $amount. If the $amount is less than 100, than the discount is 10%, otherwise it is 20%.

Say you want to check if the $amount variable equals to 10, and if $amount equals to 10 you want to set the $total to 1000 and if the $amount is not equal to 10 you want to set $total to 200.

You could use the if else statement:


if ($amount < 100) {
    $discount = 10;
} else {
    $discount = 20;

By using ternary operator, you can write this in one line:


$discount = ($amount < 100) ? 10 : 20;

Note that in cases where you need to append a query if a certain condition is met, the if statement would be a better choice.


In modern PHP we should write less code and since many problems have already been solved, use existing solutions and libraries. Composer is a tool for managing your dependencies in a PHP project. By using a terminal you can add, update or remove dependent packages from or other repositories. Composer is using a composer.json file located in your project for managing dependent packages.


Always test your code. If you’re not familiar with concept of testing, start with PHPUnit.


For sending emails there are multiple options in PHP. From using default PHP’s mail() function to external 3rd party libraries such as Swift Mailer and PHPMailer. Try to avoid the default mail function and instead use Swift Mailer or PHPMailer. Building modern contact forms, customizing headers, sending HTML emails, SMTP sending, different setups for sending emails in development environments, testing emails and other advanced functionalities are sort of a must these days, and the mail() function is too basic for that.


Storing passwords must be done with PHP’s built-in password hashing API.


For databases using PDO or simply just an ORM is very convenient and can greatly help you handle advanced database manipulation tasks.

// PDO and MySQL example
$pdo = new PDO('mysql:host=localhost;dbname=database', 'user', 'password');
$statement = $pdo->query("SELECT id FROM friend");
$row = $statement->fetch(PDO::FETCH_ASSOC);
echo htmlentities($row['id']);


Secured configuration files

Storing configuration files MUST be encapsulated.

return [
    # Database Configuration
    'database' => [
        'hostname' => 'localhost',
        'port' => 3306,
        'username' => 'someone',
        'password' => 'v3RyS3c|_|re'

$config = require __DIR__.'/relative/path/to/the/config.php';

Storing configurations along json or yaml files should be always encapsulated within .htaccess access restriction:

#Apache 2.4+
Require local

#Before Apache 2.4
Order deny, allow
Deny from all


location /foo/bar/config.yml {
   deny all;

The best protection of configuration files is to store them outside of the publicly available document root.


Always maintain documentation of your code. It adds extra time to your work, but in the future it helps others (and also you) understand what you’ve written. We forget what certain functions, methods or parts of code do, so please always take extra time to do that.

For inline PHP documentation use phpDocumentor:


 * Foo file description.

 * I belong to a class
class Foo

Development environment

Don’t pick a premade *AMP (MAMP/LAMP/WAMP/XAMPP) stack. Instead, use a virtualization software like Vagrant or Docker. Vagrant helps you create and configure lightweight, reproducible, and portable development environments. When using virtualization, make sure to create a virtual machine that resembles the production server (the machine where you deploy). This will help you catch deployment issues during the development stage. These articles can help you get started with Vagrant and Docker in PHP development:

Since the information provided on the article page may be outdated, you should also refer to the official documentation of vagrant and docker provided by the application vendor.

GitHub OctocatFound a typo? Something wrong with this content? Just fork and edit it.

Content of this work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license. Code snippets in examples are published under the CC0 1.0 Universal (CC0 1.0). Thanks to all the contributors.