Internet Bandaid   [RSS Feed]

Common Causes of Unmaintainable PHP Apps

without comments

I work as a contract web software developer and I also take on a lot of LAMP projects. I’ve inherited a lot of PHP projects that are extremely hard to maintain. When a client complains to me about security issues, stability issues, data integrity issues, or the substantial costs to maintain or upgrade the system, I find it’s commonly caused by one or several of the following issues:

1) There is no separation between model view and controller. Instead, presentation code, business logics etc… are all found in the same block.

2) Text for human eyes should only appear in the database, html/xml view files, or language files. It should not appear in controller code, javascript code, css, config files etc… Imagine how difficult it would be for a high school student with no software development training to translate a website if he has to search through PHP strings in massive loops just to replace some text.

3) Not clearing POST information after sending an HTTP Request that updates or creates records in the database. So that if someone accidentaly presses refresh on the browser, it would trigger an unintended update/create. This is so terrible, and is the cause of duplicate records. Please just use a header() to redirect to a success page, so that it drops your previous POST info.

4)Using mysql() instead of a safer data abstraction library like mysqli, PDO etc… Please start using parameter binds to reduce likelihood of SQL inject.

Written by John Lai

January 18th, 2014 at 5:42 pm

Posted in Uncategorized

Start Mission - Project management and invoicing

Leave a Reply