PHP WEBSITE TIPS

As this is my first sensible (according to me) post, let me write about thing which others say I do the best “WEBSITE”. Not that I am best with other persons developing website. But it is the only thing I can somehow manage.
I am in touch with PHP for last two years. In this duration I developed few basic php websites. While developing these sites, I came across certain experiences which may be wrong. I want to share those as I think these may be useful for some of you.

Following things could be thought before developing the website

1. In HTML website we copy and paste banner, footer, code in each page. Even I did the same thing with my first or even second website. Later I came across better option to include the files. I mean create separate files for each (banner, footer) and include the file in each page. In this way if you want to add new link you will have to change only single file and all other pages will display updated menu.


2. Similarly have separate file for database connection code. You may change server time to time. This may even be from your localhost to main server. If you do not have single file for connection code, you will have to change many files. So better include the connection file.


3. Stop file listing of the website. If the user knows you have files in download folder, he will type yourwebsite.com/download/ and all the files will be listed. To stop this either use your server’s control panel or place a blank index.php file in all such folders.


4. If you have registration form. Validate all inputs. Using JavaScript validation is fast but that could be bypassed by disabling JavaScript of browser. To be safe always have php validate. JavaScript could be used but only along php validation.


5. Start session at the start of page, even a space should not come in the page before session start code.


6. For the pages which are open to only logged in user, again check session variable at the start of page. In this case again include file could be used. Just include check validity code file in secure pages.


7. Try to minimize use of GET parameter. As far as possible use POST method to send your data from html forms to php page.


8. Do not allow users to upload php files on your site. This will allow them to execute their script on your server. If you are required to upload php files from users, change the file name on server so that Uploader can not type the file path in address bar URL) and execute the file. There is another method, change the file extension to .html. This will just display the php code without execution along with other information on the page. In case user wants to download the file, again change the file name for download (forceful download).


9. Change the file name at the time of uploading any file. Two files could be uploaded with name. In this case older file will be over-written. You can use date-time, any counter, etc for unique name of files.


10. Do not write (or output) anything on the page before redirecting page through php code.


11. If new image or CSS is not reflected, refresh the page. Sometimes browser cache in images and CSS file.

I must have forgotten something which I will add as and when I remember them or someone asks doubt about it.