What is the specification that php development follows?

First of all, PHP-related naming conventions

1, method naming

Method refers to a function defined in a class. The method is named after the hump method, and the initial letter is lowercase or underlined "_", for example, getUserName ().

_parseType (), usually the method at the beginning of underscore belongs to private method;

2, function naming

Functions are functions that are not defined in classes, such as functions in public files. Functions are named with lowercase letters and underscores, such as get _ client _ IP ();

3, variable naming

Variables, also known as attributes. The naming of attributes adopts the hump method, and the initial letter is lowercase or underlined "_", such as tableName and _instance, which are usually genera starting with underscore.

Sex is private property;

4, constant naming

Constants are named with uppercase letters and underscores, such as HAS_ONE and many _ to _ many.

5. Configuration parameter command

Configuration parameters are named with uppercase letters and underscores, such as html _ cache _ on =1;

Second, the coding style specification

1. Multiple lines of spaces are prohibited.

If it is not necessary, multiple lines of spaces are prohibited in the code file.

Step 2 score

Appropriate indentation is needed in the code, otherwise it will increase the difficulty of maintenance.

3. Directory structure

General frameworks have a default directory structure, and it is not allowed to modify the directory structure unless there are special circumstances. For example, thinkphp defaults to the directory structure of MVC architecture to avoid changing the directory structure.

Maintenance difficulties caused by structure. Controller files are placed in the controller directory, model files are placed in the model directory, and view files are placed in the view directory. Don't change it at will.

The location and name of the directory.

Third, safety.

1, input box

Please set the maximum length of all input boxes and impose mandatory restrictions on required items. For example, account CHN0000000 1 can only be entered with 1 1 digits, so the maximum input length can only be 1 1, and add.

Add the required="required "attribute.

2. Text editor

Try not to use the rich text editor in the foreground page, because the rich text editor can input code, which has great security risks. If you want to use, you must filter the submitted content, such as

For example, using htmlspecialchars () for filtering.

3. Background receiving parameters

PHP must determine the field type to get parameters from the url obtained by the form. For example, the parameter of the received number cannot contain other characters, only numbers, so it is suggested to write a public * * * check reception.

Post and get parameter functions verify each parameter value to prevent malicious code from being injected.

When receiving long content variables (such as message content), special characters must be filtered. Such as strip_tags (), htmlspecialchars (), htmlentities () and so on.

Function can prevent users from injecting malicious code for cross-site scripting attacks.

4. Access control

Any page that can only be accessed after logging in must be checked before loading the page, and those who log in overtime must log in again. Pages and functions that require access must be properly managed.

Limit control and detection.

Four, concurrency and large traffic processing

1, repeated submission

In order to prevent users from submitting the form repeatedly, the form must be set with submission verification. For example, when a mall submits an order, it must prevent users from submitting it repeatedly. Tables provided in Thinkphp framework

The function of single token can prevent repeated submission, and native php can also generate a token before opening the page and save it in the session, and then pass it to the form field of the page and display it in the table.

Submit the token together when submitting a single document, verify the token when receiving it in the background, and destroy the saved session token after verification.

2. Conversation

One-time authentication sessions must be destroyed after use, such as SMS authentication and form authentication. To prevent a one-time session from being reused, for example, if the user does not destroy the short message when registering.

In the verification code session, users can use the same SMS verification code to register multiple accounts.

3. Concurrent

Concurrent processing will often be encountered, such as the mall spike function. If concurrent processing is not done well, the same product will be purchased by multiple users.

For the concurrent processing scheme, the following schemes can be considered:

(1) table lock operation, the disadvantage is that the system will get stuck when the number of concurrency is relatively large.

(2) Queuing

(3) Load balancing

(4) separation of database reading and writing

(5) Use Nginx as the http server.

4. Hidden objects

For the database data that needs to be accessed frequently, cache can be used to improve the access speed, and it is much faster to read the cached file data and query the database. The main caching technologies are:

(1)Thinkphp's own s () method.

(2) File reading and writing, which ensures the security of data encryption.

(3) Memory cache

Recommended tutorial: PHP video tutorial