http://oreilly.com/php/index.html perhaps? I dont know any free online best practice docs (other than the php.net function comments) that sum it all up nicely. But best practices are like coding standards; there are at least a few that are (near-)equals. Personally, the basis of my current coding style is as such: - hungarianCasingConventionWithAbbreviationsWTFlikeSo - almost always short names for variables in simple code < 40 lines - almost always longer and descriptive names for more complicated code. - usually short comments: explanations for noobs (to problem area) - the rest of the "commenting" is done by the code using descriptive var & function names (last 3 points makes for "self-documented code") - consolidate all logic in the script, so use specific sets (_POST/_GET) rather than generic sets (_REQUEST) - document it in script if behaviour is dependent on outside sources (like php.ini) - use of "config.php" in project rootdir to set DEFINE()s and any global variables. - use of adodb.sf.net for database abstraction. - use a standarized directory structure for all php projects; /project/.htaccess - RewriteRule -> php scripts /project/php - all php scripts /project/js - all javascript, including .js.php /project/lib/component-x.y.z/ - all 3rd party libraries, regardless of language, x.y.z=versionnum /project/sql - sql init / maintenance scripts (possibly) /project/theme/themeName/many.css(.php) (or:) /project/css/some.css(.php) (possibly:) /project/admin/ - use of an error handler that knows when to mail errors to developer, when to print errs in browser and when not to, etc. a "proper error handler". mine is still evolving. - use of a standard debug output lib, called by a function that checks config.php for a DEBUG_MODE define. prevents production machines from showing debug info. plug: my free http://mediabeez.ws/htmlMicroscope/ is kinda nice. - push all input into DB through functions that prevent SQL insertion (at least a filter through mysql_real_escape) and HTML/js/flash/etc insertions (harder). - an authentication scheme that can be called with simple functions, but which also does checks on whether or not the IP that started the session is the same as the IP making a request on a certain session. - calling of the authentication scheme by nearly all scripts - in any lenghty operation, design for continuation of the operation when a given item fails. example from OS file copiers: it stops when it needs to ask a question. i rather design to "keep going", log all items that require user interaction, and let the user deal with them when he/she has time. there's probably more that would make it into my best practices list, but i'm gonna leave it at this for now.. On Mon, Mar 1, 2010 at 9:48 PM, Hansen, Mike <Mike.Hansen@xxxxxxxxx> wrote: > Is there a PHP Best Practices Book, Document, or web site that has information similar to Perl Best Practices but for PHP? > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php