A blog about software development best practices, how-tos, and tips from practitioners.

11 Common Mistakes for PHP Developers to Avoid

11 Common Mistakes for PHP Developers to Avoid

PHP is a server-side language widely used in static & dynamic web pages and web apps. It is very easy to create web pages in PHP; hence, it is trouble free to develop functional code in hours. However, its easiness becomes criticism of the language. No matter of the level of skill sets; there are myriads of mistakes that PHP developers make while coding. The errors in web development can do a lot of damage and push the visitors away.

It is important to take care of the small mistakes to make your web development more flexible, secure and reliable. Here are 10 most error-prone places in PHP code that deserves your attention:

  1. Use query inside the loop: Most of the time we use to add queries inside the loop. There is nothing wrong when we see the logic of the code. But suppose there are 200 records are there and we are calling query for each of them, then we are requesting 200 resources from MySQL. 

         This type of code will slow the execution of the code and lots of MySQL resources will be miss utilized.  We can create an array of the ids and pass at once in the query by using the "in" query option of MySQL to get the desired result.


                   $record= [];

                  if (count($ids)) {

                     $result = $link->query("SELECT * FROM `users` WHERE `id` IN (" . implode(',', $ids));

                             while ($row = $result->fetch_row()) {

                           $record[] = $row;



Here we added all ids in an array and passed to query by using implode that will convert the array of values to comma-separated values.

  1. Use of quotes:It is common to use double quotes when concatenating strings because it parses everything neatly without having to deal with escaping characters and using dot values. However, using single quotes has considerable performance gains, as it requires less processing.

Consider this string:

# $singlequo = 'everyone';

# $str1 = 'hello $singlequo';

# $str2 = "hello $singlequo";

$str2 outputs to "hello $singlequo" and $srt1 gives us "hello everyone". That's one less step that PHP has to process. It's a small change but can make significant gains in the performance of the code.

  1. Use of Semicolon: It's funny how one little character can create havoc in a program, without even being reported to the PHP error logs! Such as it is with semicolons and While statements. Codeutopia has an excellent example of this little error, showing these nasty errors don't even get reported (even to E_ALL!), as it quietly falls into a silent loop.


$i = 0;

while($i< 20); {

//some code here



Omit the; after the while statement and your code is in the clear way.

  1. Adding Time Limits on Scripts: When you execute PHP scripts, it is considered that the script execution will finish promptly. It is not good to code on predictions.

You can observe this type of issue by setting up a time limit on the script (set_time_limit). It will be always good to know the config setting for execution time.

  1. How to use Operators: A very small but very common mistake we all do while using the comparison operator. Sometimes we use “=” in place of comparison “==”. This mistake can change the value and logic of your code.
  2. 6. Rule to Rewrite URL’S: Rewriting of the URL is as important as all other security aspects of the project. You have to use URL creation using modern practice. Do not pass sensitive information as it is. Do not add many variables in the URL.
  3. Validation and Controllers: Many times,you can see the developers adding validation in the controller itself. That is not good practice. In the few latest versions of framework like Laravel 5.0, if you add validation in the controller, you will get a fatal error. There are older versions also where this restriction is not added, youshould take care of the code by not adding validations in the controller.
  4. PHP script in Views: Sometimes you used to add PHP code in the View file directly to complete some operations. That is not good practice. You should always follow the MVC architecture while writing the code.
  5. Make Large JS/CSS file: Most of the time developers keep adding JavaScript and CSS in the one file. This will create problems in terms of scalability. Bigger file size has a problem in downloading and applying the required action added to the file. Always create a small file with a suitable name.
  6. Configuration file: Most of the time developers start working even when you install any framework, it is mentioned that remove config development file after the installation is done or giving full access to folders without taking care of configuration file inside the folder. You do not have to do that. It is important to remove all configuration loopholes for hackers.
  7. Add Privileged access: Permitting users, groups and others are very important. You should not leak the super admin details to anyone outside. You should be very careful while adding permission to folders, files and database users.

As you all can see, it's very easy to take care of these small mistakes and make the web development more reliable and flexible. Take your time and ensure that your PHP code is clean, secure and running smoothly by avoiding these loopholes.

Check this blog to read more on How To Hire Best PHP Developers For Web Development



Like what you just read? Get Latest content delivered straight to your inbox.

Drop Your Comment


    A Complete Guide to IT Outsourcing 2020

    How can you expect a successful outsourcing implementation if you don’t have a clear idea? Read this guide to understand 5 important factors to capture the full potential of outsourcing. In light of this, you can identify the Right Approach, Optimized Costs and Quality Delivery...

    Download Now

    Readers of this article also read the following articles