Web Services programmers have been coding for the web since 1997.
We're glad to share some of the practical know-how we've accumulated over the years with aspiring web application developers like you.
Separate concerns. Just as its important to separate content, style, and behavior on the front-end, it is equally important to separate presentation, data access, and business logic in back-end code. One common way to achieve this in web applications is to adopt a model-view-controller architecture. While the MVC approach can be applied without a framework, there are many open-source frameworks for PHP that can make it easier.
Write code people can read. As programmers, our focus is often on coding some feature and getting it launched quickly--whatever it takes! But we have to be sure to write code that can be easily maintained, since "maintenance is by far the most expensive phase of any project." It has been said that code is more often read than it is written. Whether you work on your own or with a team, adopting a code style guide, such as PSR-2 for PHP, will help to reduce "cognitive friction" when scanning code files. There are many other techniques for writing self-documenting code to make your code more readable, such as using meaningful names rather than abbreviations.
Don't reinvent the wheel. We admit the phrase is overused and not always good advice. "Reinventing the wheel" can be a great way to learn a language or evolve its ecosystem. When working on projects, however, we find that reusing existing code whenever we can has two advantages: (1) it saves time because we're not wasting effort rewriting the same thing over and over; (2) our code is less error-prone, since it has been battle-tested in other projects. When appropriate, use open-source or third-party components with, if possible, a package manager. For PHP apps, that means becoming very familiar with Composer and Packagist.
"Security is not a feature... it's a state of mind," says Liz Smith and we couldn't agree more. Properly securing a web application isn't something that can be adequately addressed at the end of a project. It requires taking security issues into consideration at every step of the process, including the planning, programming, testing, deployment, monitoring, and maintenance. Here are some of the security practices we follow:
- Always filter or validate input and escape output.
- Always use parameterized queries. If that's not possible, escape all query data using the escaping routine for your database.
- Store as little personal information as possible, and try never to store identifying information (e.g., Social Security number).
- Review all code for security issues before deployment.
PHP: The Right Way is the best resource for writing modern, secure PHP. PHP sometimes gets a bad rap, partly because of the abundance of "outdated information on the Web that leads new PHP users astray, propagating bad practices and insecure code." PHP: The Right Way aims to correct this by collecting current best-practices from the PHP community.
The Open Web Application Security Project (OWASP) is an invaluable resource for security issues and best practices. A good place to start is their Top 10 list of security vulnerabilities. For PHP apps in particular, the online book, Survive The Deep End: PHP Security, carefully explains some of the most common attacks and how to defend against them.
Programming Services We Offer
We've got the skills to build web applications to satisfy a variety of needs, from administrative to research-related. Have a project you'd like to discuss? Complete our Getting Started form to get in touch.