Top 10 PHP Code Review Tips

Top 10 PHP Code Review Tips

This article represents top 10 areas to consider while you are taking up the task to do the code review of a PHP project. The other day, I had a discussion with one of the PHP senior developers who asked me about where to start on the task related with reviewing a PHP web application and, we brainstormed and came up with the list. Interestingly, apart from few, most of them can be pretty much applied to applications written with other programming languages as well. Please feel free to comment/suggest if I missed to mention one or more important points. Also, sorry for the typos.

Following are the key points described later in thisarticle:

    Business functionality

    Framework-related coding guidelines

    Object-oriented principles

    PHP-specific standards

    Programming-related best practices

    Design patterns

    Code coverage

    Security

    Exception-handling

    Integration patterns

Before moving into the details, I would have to mention that I considered following 8 parameters (ISO 25000 SQUARE standards) to come up with different code-review criteria to cover every aspect of code quality.

    Functional Suitability

    Maintainability

    Usability

    Security

    Efficiency

    Reliability

    Portability

    Compatibility

Adherence to Business Fnctionality

The first and foremost important thing is to try and see if you could validate and verify if the code delivered the required business functionality. This may need you to talk to business analyst and get yourself clear with business functionality. For legacy project, this is very difficult to catch hold of the business analyst. However, for ongoing project, it is simpler. Checking on business functionality actually applies to other programming languages as well apart from PHP.

Framework-related Coding Guidelines

There are several frameworks such as some of the following that could be used to create PHP-based web apps. You may want to review if the code written for a particular framework satisfies the coding guidelines and best practices specified as part of that framework.

    Zend

    YII

    CakePHP

    CodeIgnitor

    Laravel

Object-Oriented Principles

This is applied to other programming languages as well. You may want to review PHP code against object oriented principles such as some of the following and, point oout code smells and opportunities for code refactoring.

    SOLID

    DRY

    YAGNI

    Law of Demeter

PHP-specific Standards

You may want to keep handy PHP programming language standards and best practices and review code against the list.

Programming-related Best Practices

Then, there are areas such as usage of data structures, McCabe code complexities that you would want to consider while reviewing code against programming-related best practices. This is applied to other programming languages as well.

Usage of Design Patterns

There are several PHP design patterns that could be used to structure your code in a standard manner. You may want to review the code from that perspective and suggest appropriate design patterns that could be applied. I found this page as decent enough mentioning several design patterns applied to PHP.

Code Coverage

This is standard code review practise and one may want to check the code coverage of the underlying code and emphasize on important of the writing unit tests. This is applied to other programming languages as well.

Security

As of today, security is an important area that one need to consider while doing code review, given the importance security carries from business continuity and reputation perspective. You may want to emphasize the usage of PHP OWASP libraryfor applying application level security in PHP-based applications. You may also want to keep PHP security cheat sheet handy with you.

Exception-handling

This is very important aspect considering the reliability aspect of the application. It may be good idea to review the exception/error handling mechanism/practices used in the code and suggest appropriately. This is applied to other programming languages as well.

Integration Patterns/Protocols

You may want to determine integration standards/protocols used in the application and review the design/code for adherence to that standard. You may also want to review the readiness of the application to be exposed as API if there is a requirement for integrating application with other applications in the future. This is applied to other programming languages as well.