This article represents top 10 areas to consider while you are taking up the task to do the code review of a PHP project. The other day, I had a discussion with one of the PHP senior developers who asked me about where to start on the task related with reviewing a PHP web application and, we brainstormed and came up with the list. Interestingly, apart from few, most of them can be pretty much applied to applications written with other programming languages as well. Please feel free to comment/suggest if I missed to mention one or more important points. Also, sorry for the typos.
Following are the key points described later in this article:
- Business functionality
- Framework-related coding guidelines
- Object-oriented principles
- PHP-specific standards
- Programming-related best practices
- Design patterns
- Code coverage
- Security
- Exception-handling
- Integration patterns
Before moving into the details, I would have to mention that I considered following 8 parameters (ISO 25000 SQUARE standards) to come up with different code-review criteria to cover every aspect of code quality.
- Functional Suitability
- Maintainability
- Usability
- Security
- Efficiency
- Reliability
- Portability
- Compatibility
Adherence to Business Fnctionality
The first and foremost important thing is to try and see if you could validate and verify if the code delivered the required business functionality. This may need you to talk to business analyst and get yourself clear with business functionality. For legacy project, this is very difficult to catch hold of the business analyst. However, for ongoing project, it is simpler. Checking on business functionality actually applies to other programming languages as well apart from PHP.
Framework-related Coding Guidelines
There are several frameworks such as some of the following that could be used to create PHP-based web apps. You may want to review if the code written for a particular framework satisfies the coding guidelines and best practices specified as part of that framework.
- Zend
- YII
- CakePHP
- CodeIgnitor
- Laravel
Object-Oriented Principles
This is applied to other programming languages as well. You may want to review PHP code against object oriented principles such as some of the following and, point oout code smells and opportunities for code refactoring.
- SOLID
- DRY
- YAGNI
- Law of Demeter
PHP-specific Standards
You may want to keep handy PHP programming language standards and best practices and review code against the list.
Programming-related Best Practices
Then, there are areas such as usage of data structures, McCabe code complexities that you would want to consider while reviewing code against programming-related best practices. This is applied to other programming languages as well.
Usage of Design Patterns
There are several PHP design patterns that could be used to structure your code in a standard manner. You may want to review the code from that perspective and suggest appropriate design patterns that could be applied. I found this page as decent enough mentioning several design patterns applied to PHP.
Code Coverage
This is standard code review practise and one may want to check the code coverage of the underlying code and emphasize on important of the writing unit tests. This is applied to other programming languages as well.
Security
As of today, security is an important area that one need to consider while doing code review, given the importance security carries from business continuity and reputation perspective. You may want to emphasize the usage of PHP OWASP libraryfor applying application level security in PHP-based applications. You may also want to keep PHP security cheat sheet handy with you.
Exception-handling
This is very important aspect considering the reliability aspect of the application. It may be good idea to review the exception/error handling mechanism/practices used in the code and suggest appropriately. This is applied to other programming languages as well.
Integration Patterns/Protocols
You may want to determine integration standards/protocols used in the application and review the design/code for adherence to that standard. You may also want to review the readiness of the application to be exposed as API if there is a requirement for integrating application with other applications in the future. This is applied to other programming languages as well.
[adsenseyu1]
- List of Agentic AI Resources, Papers, Courses - January 5, 2025
- Understanding FAR, FRR, and EER in Auth Systems - January 3, 2025
- Top 10 Gartner Technology Trends for 2025 - January 1, 2025
I found it very helpful. However the differences are not too understandable for me