PHP is a server-side scripting language designed for web development but also used as a general-purpose programming language.PHP code may be embedded into HTML code.

1. Code Code Code

If I could get one thing through to anyone reading this, this is it. You cannot become a good developer by reading. You cannot become a good developer by watching someone develop. The one and only tried and trusted method, is to actually write code. But – and here is the trick – build real things! Do not go and code something that you have no interest in, or will never use. Build what you like, and you will be excited and interested by it, and you will learn. Then, make it awesome, build upon it, and make it better.

2.Draw Before You Code

A good practice to get into is to wireframe your projects, even if you are just scribbling a few notes on a piece of paper. It is very important to actually give the mechanics of you application some thought before sitting down to start coding, because in the process of planning it you will actually iron out the difficulties in your head and avoid the major headache that comes with the facepalm when you realize that everything you just did is either wrong, not needed, or just silly.

3.Use POST Not GET

Ok, this isn’t always possible, but when its really not necessary, don’t use GET, use POST. The reason is simple – GET is simple to emulate, all I need to do is add something to my address bar and I can hack your project. Obviously GET is the easy way to do pagination and permalinks, but when using form submission especially, stay with POST, it’s safer.

4. Use Ternary Operators

Instead of using an if/else statement altogether, consider using a ternary operator. PHP Value gives an excellent example of what a ternary operator looks like.

//PHP COde Example usage for: Ternary Operator
$todo = (empty($_POST[’cms’])) ? ‘default’ : $_POST[’cms’];

// The above is identical to this if/else statement
if (empty($_POST[’cms’])) {
$action = ‘default’;
} else {
$action = $_POST[’cms’];
}
?>

The ternary operator frees up line space and makes your code less cluttered, making it easier to scan. Take care not to use more than one ternary operator in a single statement, as PHP doesn’t always know what to do in those situations.

5. Protect Your Database

The best and safest way is to use mysql_real_escape_string() for all database before it is added to the database. This function makes all strings safe in terms of quotes and other functions that can harm your database or contain malicious code, so use it to be sure you have taken the first step against protection of your data. Another thing you can do is validate all POST and GET strings, never use $_REQUEST, and make sure all form submitted data is of the right type and value before adding it to a database query.

6. Use an SQL Injection Cheat Sheet

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[1] SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server

SQL Injection Cheat Sheet

7.Stay Away from Anything Ending With _once()

We all know that include() simply gives us a warning if it fails, while require() kills the script with a fatal error when it fails. What we don’t forget is that include_once() and require_once() is extremely hard on server resources. There is nothing we can do about it, it’s how PHP is set up. Just remember that these things kill your server resources, specially on a huge framework, and if you plan your code properly you won’t even need it anyway.

8. Know the Difference Between Comparison Operators

Comparison operators are a huge part of PHP, and some programmers may not be as well-versed in their differences as they ought.

Comparison Operators

9. Develop With Error Reporting On

The very first thing you do when starting a new project is to turn error reporting to E_ALL, and you should only turn it off ten seconds before going to production mode. I do this with every project that I build and there is nothing better than running a project in full production mode and not even getting one error. Besides that, with error reporting on, you pick up any small errors that will eventually grow up to bite you in the… well, you get my point.

10. Memcached

Memcached is an excellent database caching system to use with PHP.
While there are tons of caching options out there, Memcached keeps topping the list as the most efficient for database caching. It’s not the easiest caching system to implement, but if you’re going to build a website in PHP that uses a database, Memcached can certainly speed it up. The caching structure for Memcached was first built for the PHP-based blogging website LiveJournal.
PHP.net has an excellent tutorial on installing and using memcached with your PHP projects.