PHP programming has been around since 1995. Since then, it has become the most popular programming language for web applications.
In fact, professional web developers have to attain a working knowledge of of PHP, thanks to this popularity that the language continues to enjoy.
Here are 3 PHP Golden Rules that programmers should learn and use:
1: Always escape your output
Since HTML and XML are markup languages, the code that control the content is usually mixed with the content too. So, when you use PHP to produce HTML, you have to use a process called escaping. This is to make sure the content isn’t mistaken for commands. For this, it will be necessary to use the ‘<‘, ‘>’ and ‘&’ characters.
How you do this is by using prepared statements that are not only easy, convenient but secure too. In fact, it is considered better than escaping output. Speaking of which, this is where PHP’s built-in database layer PDO and the Doctrine DBAL that extends it. Of course, there are a number of other database layers such as Doctrine ORM and mysqli that support prepared statements too.
3: Always filter your input
Given that PHP is such as easy language to learn, there is a lot unsafe code that is available online. Among the many ways to mess up your code, failing to filter your input is one of the biggest issues. Not doing it can expose your data and server to attacks. The easiest way to deal with this is to install and use the HTTP Foundation component that uses PHP’s filter mechanism.