DZone
Web Dev Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > Web Dev Zone > PHP Quick Reference

PHP Quick Reference

Chris Shiflett user avatar by
Chris Shiflett
·
Apr. 04, 11 · Web Dev Zone · News
Like (0)
Save
Tweet
8.99K Views

Join the DZone community and get the full member experience.

Join For Free

While cleaning out my desk, I found an old copy of a PHP Quick Reference I helped make a few years ago. On the front page are a few performance and security tips that I thought I'd share. (Performance tips are from George Schlossnagle.)

Top 5 Performance Tips

  1. Use a Compiler Cache. Completely transparent to your application, a compiler cache is the closest you'll get to a fast = true ini setting.
  2. Profile Early; Profile Often. Big and small systems alike can behave in unexpected ways. Quantitative tools help you understand where your bottlenecks are. This is critical for targeting your tuning efforts.
  3. Cache Whenever Possible. The vast majority of performance optimizations involve caching data in one form or another. Whether caching content or just intermediate data during complex procedures, intelligent use of caching techniques can dramatically improve your performance.
  4. Be Mindful of Using External Data Sources. The top performance bottleneck in almost every application we analyze is making too many (or too complex) database queries. Always optimize your queries, and structure your most frequently accessed data to be efficiently fetched.
  5. Don't Over-Optimize. As Donald Knuth said, "Premature optimization is the root of all evil." Optimization is (at least after the initial stages) a matter of trading flexibility for performance. By over-optimizing your code, you can render it brittle to future functionality changes.

Top 5 Security Tips

  1. Trust Nothing. Most security vulnerabilities can be traced back to a misplaced trust in suspect data, primarily input provided by third parties. When in doubt, verify your assumptions to be sure.
  2. Filter Input. Inspect any data you receive from a third party to be sure it meets your expectations, rejecting anything that doesn't. Don't try to massage input in order to be accommodating, and err on the side of caution by allowing only what you know is safe rather than rejecting only what you know is not.
  3. Escape Output. When outputting data, be sure your data is represented in such a way that it is preserved in its new context. In PHP, we often mix data with HTML, SQL, and the like. Escaping helps preserve the distinction and prevent misinterpretation.
  4. Use Prepared Statements. By using prepared statements, you can preserve the distinction between an SQL query and the data to be bound to it. This offers strong protection against SQL injection.
  5. Reduce, Reuse, Recycle. Use mature, existing solutions. Not only are they likely to be more thorough than your own, but you can also simplify your code, making it easier to understand and less error-prone.

Got anything you'd add to these lists? Please share in the comments. :-)

PHP

Published at DZone with permission of Chris Shiflett, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Conducting Sprint Retrospective Meetings
  • How to Test JavaScript Code in a Browser
  • Augmented Analytics: The Future of Business Intelligence
  • AMI and Snapshot Management Using AWS Lambda

Comments

Web Dev Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo