Skip to main content

PHP Code Review Guidelines

General
  •  The code works
  •  The code is easy to understand
  •  Follows coding conventions
  •  Names are simple and if possible short
  •  Names are spelt correctly
  •  Names contain units where applicable
  •  There are no usages of magic numbers
  •  No hard coded constants that could possibly change in the future
  •  All variables are in the smallest scope possible
  •  There is no commented out code
  •  There is no dead code (inaccessible at Runtime)
  •  No code that can be replaced with library functions
  •  Variables are not accidentally used with null values
  •  Variables are immutable where possible
  •  Code is not repeated or duplicated
  •  There is an else block for every if clause even if it is empty
  •  No complex/long boolean expressions
  •  No negatively named boolean variables
  •  No empty blocks of code
  •  Ideal data structures are used
  •  Constructors do not accept null/none values
  •  Catch clauses are fine grained and catch specific exceptions
  •  Exceptions are not eaten if caught, unless explicitly documented otherwise
  •  Files/Sockets and other resources are properly closed even when an exception occurs in using them
  •  null is not returned from any method
  •  == operator and === (and its inverse !==) are not mixed up
  •  Floating point numbers are not compared for equality
  •  Loops have a set length and correct termination conditions
  •  Blocks of code inside loops are as small as possible
  •  No methods with boolean parameters
  •  No object exists longer than necessary
  •  No memory leaks
  •  Code is unit testable
  •  Test cases are written wherever possible
  •  Methods return early without compromising code readability
  •  Performance is considered
  •  Loop iteration and off by one are taken care of

Architecture

  •  Design patterns if used are correctly applied
  •  Law of Demeter is not violated
  •  A class should have only a single responsibility (i.e. only one potential change in the software's specification should be able to affect the specification of the class)
  •  Classes, modules, functions, etc. should be open for extension, but closed for modification
  •  Objects in a program should be replaceable with instances of their subtypes without altering the correctness of that program
  •  Many client-specific interfaces are better than one general-purpose interface.
  •  Depend upon Abstractions. Do not depend upon concretions.

API

  •  APIs and other public contracts check input values and fail fast
  •  API checks for correct oauth scope / user permissions
  •  Any API change should be reflected in the API documentation
  •  APIs return correct status codes in responses

Logging

  •  Logging should be easily discoverable
  •  Required logs are present
  •  Frivolous logs are absent
  •  Debugging code is absent
  •  No print_rvar_dump or similar calls exist
  •  No stack traces are printed

Documentation

  •  Comments should indicate WHY rather that WHAT the code is doing
  •  All methods are commented in clear language.
  •  Comments exist and describe rationale or reasons for decisions in code
  •  All public methods/interfaces/contracts are commented describing usage
  •  All edge cases are described in comments
  •  All unusual behavior or edge case handling is commented
  •  Data structures and units of measurement are explained

Security

  •  All data inputs are checked (for the correct type, length/size, format, and range)
  •  Invalid parameter values handled such that exceptions are not thrown
  •  No sensitive information is logged or visible in a stacktrace
Labels:

Comments

Post a Comment

Want to tell something about this post. Please feel free to write...

Popular posts from this blog

Multiple Checkboxes Validation

This is a regular problem and solution is hardly available on google. When we use multiple checkboxes of same group (same name with square brackets) and you've to read the values from server side, then below solution will help you. Here I'm using jQuery (https://jquery.com/) and jQuery Validate plugin (https://jqueryvalidation.org/) For an example, I've to ask a user which of the listed book they are interested to know about <form id="BooksForm" method="post" name="BooksForm"> <p>Books you are interested in </p> <input class="Books" id="Book1" name="Books[]" type="checkbox" value="1" /> The Inner Game of Tennis <br /> <input class="Books" id="Book2" name="Books[]" type="checkbox" value="1" /> Monk who sold his ferrari <br /> <input class="Books" id="Book3" name=...
Post a Comment
Find more....

PHP script to upload file securely

How to Write a Secure PHP Script for File Uploads File uploads are a common feature in web applications, but they can introduce significant security risks if not handled properly. In this article, we'll walk through the steps to securely upload files to a server using PHP. We'll cover key security measures such as file validation, limiting file types, setting file size limits, and managing file storage. We will also create reusable functions to handle the upload process. 1. Create the HTML Form First, we need an HTML form that allows users to select and upload a file. Ensure that the form uses the POST method and includes the enctype="multipart/form-data" attribute. <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Secure File Upload</title> </head> <body> <form action="upload.php" method="post" enctype="multipart/...
Post a Comment
Find more....