Top 10 PHP Code Review Tips


This article represents top 10 areas to consider while you are taking up the task to do the code review of a PHP project. The other day, I had a discussion with one of the PHP senior developers who asked me about where to start on the task related with reviewing a PHP web application and, we brainstormed and came up with the list. Interestingly, apart from few, most of them can be pretty much applied to applications written with other programming languages as well. Please feel free to comment/suggest if I missed to mention one or more important points. Also, sorry for the typos.

Following are the key points described later in this article:

  1. Business functionality
  2. Framework-related coding guidelines
  3. Object-oriented principles
  4. PHP-specific standards
  5. Programming-related best practices
  6. Design patterns
  7. Code coverage
  8. Security
  9. Exception-handling
  10. Integration patterns

Before moving into the details, I would have to mention that I considered following 8 parameters (ISO 25000 SQUARE standards) to come up with different code-review criteria to cover every aspect of code quality.

  • Functional Suitability
  • Maintainability
  • Usability
  • Security
  • Efficiency
  • Reliability
  • Portability
  • Compatibility
Adherence to Business Fnctionality

The first and foremost important thing is to try and see if you could validate and verify if the code delivered the required business functionality. This may need you to talk to business analyst and get yourself clear with business functionality. For legacy project, this is very difficult to catch hold of the business analyst. However, for ongoing project, it is simpler. Checking on business functionality actually applies to other programming languages as well apart from PHP.

Framework-related Coding Guidelines

There are several frameworks such as some of the following that could be used to create PHP-based web apps. You may want to review if the code written for a particular framework satisfies the coding guidelines and best practices specified as part of that framework.

  • Zend
  • YII
  • CakePHP
  • CodeIgnitor
  • Laravel
Object-Oriented Principles

This is applied to other programming languages as well. You may want to review PHP code against object oriented principles such as some of the following and, point oout code smells and opportunities for code refactoring.

  • DRY
  • Law of Demeter
PHP-specific Standards

You may want to keep handy PHP programming language standards and best practices and review code against the list.

Programming-related Best Practices

Then, there are areas such as usage of data structures, McCabe code complexities that you would want to consider while reviewing code against programming-related best practices. This is applied to other programming languages as well.

Usage of Design Patterns

There are several PHP design patterns that could be used to structure your code in a standard manner. You may want to review the code from that perspective and suggest appropriate design patterns that could be applied. I found this page as decent enough mentioning several design patterns applied to PHP.

Code Coverage

This is standard code review practise and one may want to check the code coverage of the underlying code and emphasize on important of the writing unit tests. This is applied to other programming languages as well.


As of today, security is an important area that one need to consider while doing code review, given the importance security carries from business continuity and reputation perspective. You may want to emphasize the usage of PHP OWASP libraryfor applying application level security in PHP-based applications. You may also want to keep PHP security cheat sheet handy with you.


This is very important aspect considering the reliability aspect of the application. It may be good idea to review the exception/error handling mechanism/practices used in the code and suggest appropriately. This is applied to other programming languages as well.

Integration Patterns/Protocols

You may want to determine integration standards/protocols used in the application and review the design/code for adherence to that standard. You may also want to review the readiness of the application to be exposed as API if there is a requirement for integrating application with other applications in the future. This is applied to other programming languages as well.


Ajitesh Kumar

Ajitesh Kumar

Ajitesh is passionate about various different technologies including programming languages such as Java/JEE, Javascript, PHP, C/C++, mobile programming languages etc, and, computing fundamentals related with cloud-native technologies, application security, cloud computing platforms, mobile apps, big data etc.

He has also authored the book, Building Web Apps with Spring 5 and Angular.
Ajitesh Kumar


  1. Pingback: PHP 代码评审的 10 个提示 – wllog - Linux Apache MySql PHP

  2. Pingback: PHP 代码评审的 10 个提示 | 大分享网

Leave A Reply

Time limit is exhausted. Please reload the CAPTCHA.