Nimblechapps Blog

This is the section where we get a chance to rant about latest happenings in the tech world. Keen to know our thoughts? Refer our blogs

9 Common Mistakes that PHP Developers Make

PHP is an open script language capable of building highly interactive apps and websites. One of the most common languages, it is quite similar to Java and C. It was first released in 1995 and over the years has become sophisticated with many frameworks.

PHP stood for Personal Home Pages earlier and now stands for Hypertext Preprocessor. PHP development is trouble free for many new developers who can write functional code within hours. However, it’s the building of a solid and dependable database that demands time and expertise.

Are you guilty of one of these common PHP mistakes?

1. Not using Database Caching

If you are using a database in your PHP application, it’s important to use some form of database caching. It helps improve the performance of the application and enhances the user experience. Memcached, Redis, query cache and Varnish reduce database load and speed up the dynamic web app.

2. Not securing SQL code

Unauthorized SQL code injections are one of the top cyber attacks on the web. In this type of attack, a hacker inserts a SQL code without the prior knowledge of the developer which compromises the data. It gets altered, leaked or permanently deleted from the database.

There are ways to minimize the risk of SQL injection attacks. Developers will create inline SQL statements when writing new plugins and extensions for WordPress sites. These SQL statements are built from the front-end and then are sent back to the database. If the statements are distorted then a site runs the risk of SQL injection.

It could be avoided by:

Using prepared statements
Using Parameterized queries

3. Suppressing Errors

Errors can be manually suppressed in the code only when they don’t pose a threat. For example, a warning message regarding the PHP version can be suppressed. Suppressing errors more often than not lets the app run with potential bugs. By using a php.ini file, it is recommended to redirect them to an error log.

Instead of popping on a screen, PHP add-on such as Papertrail sends the errors to the back-end so that they can be searched, grouped and fixed later.

It is better to handle errors rather than to suppress them.

4. Not removing Development Configurations

To house the live code, it’s crucial to have a development environment that mimics the production environment. In some scenarios, a developer forgets to remove the variables and configurations from the development environment which gets accidentally uploaded in the production one. This action can compromise the live app. Whereas many new PHP developers in order to save time skip the staging environment so that they can go straight from development to production. This is a big mistake since staging helps identify problems. It is important to have a staging environment even for small changes and QA testers to test the code before it gets moved to production.

5. Configuration Loopholes

A carelessly left development system configuration or sensitive data can be exposed to unnecessary hacking. To have a more secure environment available for the app, it’s important to keep the local PHP settings specific to the hosting account of the developer.

6. Indexing too much or not enough

Indexes can significantly improve performance when it comes to querying large tables with huge data. SELECT query statements are accelerated with the help of Database indexes.

Indexes are applied to a column which is named in the WHERE clause of the SELECT query and MySQL locates the data with a fast search algorithm. It could be tempting to add indexes to every column, but it’s important to remember that they are regenerated after every INSERT and UPDATE query. How much of indexing depends on data usage and app. A developer needs to review slow query logs and usage pattern thereby maintaining balance for best results.

7. Using the wrong data types

With MySQL, you get a range of numeric, string and time data types. If you are using an INTEGER or STRING instead of DATA or DATETIME field to store data, then it can make SQL queries complicated. It’s quite tempting to create one’s own data formats but could lead to many problems later.

8. Using PHP over SQL

This is a mistake many new developers are prone to. They are inclined to solve problems with PHP rather than MySQL which sometimes lead to slow code transactions. For example, when it comes to calculating the average values, many go for the PHP loop instead of using simple AVG() function supported by MySQL. Utilizing the strength of the database for efficient performance should be prioritized over such coding methods.

Wrapping UP!

It’s important to backup regularly should you lose your data in the event of hacking, drive failure, server issues, etc. Its the most valuable asset that one can’t risk to lose. To write reliable and stable code along with building a robust database takes expertise which comes from experience, regular practice and learning from mistakes.