What are the specifications for PHP development to follow?

##1. PHP related naming conventions

1. Method naming

method , refers to the function defined in the class. The method is named using camel case, and the first letter is lowercase or uses an underscore "_", for example: getUserName(), _parseType(). Usually methods starting with an underscore are private methods;

2. Function naming

Function refers to a function that is not defined in a class, such as a function in a public file. Functions are named using lowercase letters and underscores, such as get_client_ip();

3. Variable naming

Variables are also called attributes. Attributes are named using camel case, and the first letter is lowercase or the underscore "_" is used, such as tableName, _instance. Usually attributes starting with an underscore are private attributes;

4. Constant naming

Constants are named with uppercase letters and underscores, such as HAS_ONE and MANY_TO_MANY;

5. Configuration parameter command

Configuration parameters are named with uppercase letters and underscores, for example HTML_CACHE_ON = 1;

2. Coding style specifications

1. Multi-line spaces are prohibited

If there is no special need, multiple lines of spaces are prohibited in the code file.

2. Indentation

Appropriate indentation is required in the code, otherwise it will increase the difficulty of maintenance.

3. Directory structure

General frameworks have a default directory structure. Modification of the directory structure is not allowed except in special circumstances. For example, thinkphp defaults to MVC. The directory structure of the architecture avoids maintenance difficulties caused by changing the directory structure. The Controller file is placed in the Controller directory, the Model file is placed in the Model directory, and the View file is placed in the View directory. Do not change the location and name of the directory at will.

3. Security

1. Input box

Please set the maximum value for all input boxes Length, please make required restrictions for required fields. For example, the account number CHN00000001 can only enter 11 digits, so the maximum input length can only be 11, and the required="required" attribute is added.

2. Text editor

Try not to use a rich text editor on the front page, because the rich text editor can enter codes, which poses a great security risk. If you want to use it, the submitted content must be filtered, for example, using htmlspecialchars().

3. Receiving parameters in the background

PHP must judge the field type when obtaining parameters from the form acquisition URL. For example, parameters that receive numbers cannot contain other characters, only numbers. It is recommended to write a public function to check the received post and get parameters, and verify each parameter value to prevent the injection of malicious code. When receiving variables with long content, such as message content, special character filtering must be performed. For example, functions such as strip_tags(), htmlspecialchars(), and htmlentities() can work to prevent users from injecting malicious code for cross-site scripting attacks.

4. Permission control

Any page that requires login before it can be accessed must be logged in before loading. If the login times out, you must log in again. Pages and functions that require permission to access must have permission control and detection.

4. Concurrency and large traffic processing

1. Repeated submission

In order to prevent users from repeating submissions when submitting forms , the form must be set to submit verification. For example, when a mall submits an order, it must prevent users from submitting orders repeatedly. The form token function provided in the Thinkphp framework can prevent repeated submissions. Native PHP can also generate a token before opening the page, save it in the session, and then pass the token to the page form field. When the form is submitted, the token will be submitted together in the background. Verify the token when receiving, and destroy the saved token of the session after verification.

2. Session

The one-time verification session must be destroyed after use, such as SMS verification, form verification, etc., to prevent the one-time session from being reused, such as when the user If the SMS verification code session is not destroyed during registration, users can register multiple accounts with the same SMS verification code.

3. Concurrency

Concurrent processing is often encountered, such as the flash sale function of the mall. If concurrent processing is not done well, the same product will be purchased by multiple users. .

Concurrency processing solutions can consider the following solutions:

(1) Lock table operation, the disadvantage is that when the number of concurrency is relatively large, it will cause system lag.

(2) Queue

(3) Load balancing

(4) Database read and write separation

(5)Use Nginx as http server

4. Cache

#For database data that needs to be accessed frequently, you can use caching to improve access speed and read cache files from the data currency database. Query is much faster. The main caching technologies are:

(1) Thinkphp’s own S() method

(2) File reading and writing. This method encrypts data to ensure security.

(3) Memcached

Recommended tutorial: PHP video tutorial

The above is the detailed content of What are the specifications for PHP development to follow?. For more information, please follow other related articles on the PHP Chinese website!