Top 10 PHP Code Review Tips
This article represents top 10 areas to consider while you
are taking up the task to do the code review of a PHP project. The other day, I
had a discussion with one of the PHP senior developers who asked me about where
to start on the task related with reviewing a PHP web application and, we
brainstormed and came up with the list. Interestingly, apart from few, most of
them can be pretty much applied to applications written with other programming
languages as well. Please feel free to comment/suggest if I missed to mention
one or more important points. Also, sorry for the typos.
Following are the key points described later in thisarticle:
Business
functionality
Framework-related
coding guidelines
Object-oriented
principles
PHP-specific
standards
Programming-related best practices
Design patterns
Code coverage
Security
Exception-handling
Integration
patterns
Before moving into the details, I would have to mention that
I considered following 8 parameters (ISO 25000 SQUARE standards) to come up
with different code-review criteria to cover every aspect of code quality.
Functional
Suitability
Maintainability
Usability
Security
Efficiency
Reliability
Portability
Compatibility
Adherence to Business Fnctionality
The first and foremost important thing is to try and see if
you could validate and verify if the code delivered the required business
functionality. This may need you to talk to business analyst and get yourself
clear with business functionality. For legacy project, this is very difficult
to catch hold of the business analyst. However, for ongoing project, it is
simpler. Checking on business functionality actually applies to other programming
languages as well apart from PHP.
Framework-related Coding Guidelines
There are several frameworks such as some of the following
that could be used to create PHP-based web apps. You may want to review if the
code written for a particular framework satisfies the coding guidelines and
best practices specified as part of that framework.
Zend
YII
CakePHP
CodeIgnitor
Laravel
Object-Oriented Principles
This is applied to other programming languages as well. You
may want to review PHP code against object oriented principles such as some of
the following and, point oout code smells and opportunities for code
refactoring.
SOLID
DRY
YAGNI
Law of Demeter
PHP-specific Standards
You may want to keep handy PHP programming language
standards and best practices and review code against the list.
Programming-related Best Practices
Then, there are areas such as usage of data structures,
McCabe code complexities that you would want to consider while reviewing code
against programming-related best practices. This is applied to other
programming languages as well.
Usage of Design Patterns
There are several PHP design patterns that could be used to
structure your code in a standard manner. You may want to review the code from
that perspective and suggest appropriate design patterns that could be applied.
I found this page as decent enough mentioning several design patterns applied
to PHP.
Code Coverage
This is standard code review practise and one may want to
check the code coverage of the underlying code and emphasize on important of
the writing unit tests. This is applied to other programming languages as well.
Security
As of today, security is an important area that one need to
consider while doing code review, given the importance security carries from
business continuity and reputation perspective. You may want to emphasize the
usage of PHP OWASP libraryfor applying application level security in PHP-based
applications. You may also want to keep PHP security cheat sheet handy with
you.
Exception-handling
This is very important aspect considering the reliability
aspect of the application. It may be good idea to review the exception/error
handling mechanism/practices used in the code and suggest appropriately. This
is applied to other programming languages as well.
Integration Patterns/Protocols
You may want to determine integration standards/protocols
used in the application and review the design/code for adherence to that
standard. You may also want to review the readiness of the application to be
exposed as API if there is a requirement for integrating application with other
applications in the future. This is applied to other programming languages as
well.