Get your FREE 30 page Developing SOLID Applications guide!

To The New PHP Programmers…

Out Of Date Warning

Languages change. Perspectives are different. Ideas move on. This article was published on October 9, 2009 which is more than two years ago. It may be out of date. You should verify that technical information in this article is still current before relying upon it for your own purposes.

Nearly five years ago I started writing PHP code for fun. I had a project that I was working on, and I needed some sort of a programming language that would do calculations for me, and hopefully make managing a website easier. So I wrote my first web application.

Boy, was it bad.

Looking back at it today, I have to laugh about the naive way I relied on things like register_globals and magic_quotes_gpc. Or about how I was frustrated by the fact that magic_quotes_gpc escaped things, and had to work my SQL queries so that they would work right. Or about how I used addslashes() to “escape” data.

Every day, new people join the PHP world, writing their first “hello world” script and moving on from there to connect to databases, build CRUDs, and otherwise explore the PHP language. If you’re one of them, you shouldn’t feel inadequate. No, learning PHP is a learning process. One of PHP’s strengths is that it is easy to learn, and that anyone can learn how to do it. Fewer can learn how to do it properly, but for those that do learn how to do it right, it can be a powerful language and a solid tool.

I’ve spent some time writing about beginner issues, and implementing The Beginner Pattern, because I think it’s important to help new developers to the community get better. But if you don’t understand everything, that’s ok. Ask for help, read the blogs and the manual, and keep writing code. A smart person once said that if you look at your code six months from now and think it’s ok, you’re doing something wrong.

In all of that, please also remember to be careful. PHP is a powerful language, with abilities that, if not checked with security concerns, can threaten an entire system. Learn all you can about security. Remember to Filter Input, Escape Output.

Those of us that have been doing PHP for a long time seem to have forgotten what it was like to be new at the language. For those that are new, please don’t become discouraged. PHP needs you, because the generation that comes next will replace the generation that is here now, and that’s how the project keeps moving forward.

Write better object oriented PHP today.

Object oriented programming always leaves you with a headache. What if you could master it instead?

Get the book now! »

Sandy (@SandyS1) wrote at 10/9/2009 1:47 am:

And remember, none of us are smart enough to use goto safely. ;)

neduma (@neduma) wrote at 10/9/2009 2:08 am:

Who is that smart person? I would like to quote him in @pquotes.

Terry wrote at 10/9/2009 8:43 am:

Lots of good points.

I find the quickest way to gain coding proficiency is to solve problems. Specifically, other people’s problems. Go to forums like SitePoint and the like, and try your hand at helping people out with their coding woes. It’s also good that there’s a healthy competition at forums as well. Your solution may not be the best, and certainly not the only one, but you get to post your code along with all the rest of contributors (whatever level of expertise). You learn quick this way too, as you take note of the good and the bad practices.

I went to school to learn how to program, and it helped that they started us out with C, C++, then Java and then onto scripting languages. But during the whole affair, I think I learned the most by going to the forums and solving “real world” problems as opposed to the ones the teacher gave us or those from the Deitel & Deitel books.

Jakefolio (@jakefolio) wrote at 10/9/2009 10:16 am:

Brandon great post as usual…..Keep them coming.

I decided it would be fun to look at my first web app, and here are the problems I’ve already seen:
1. Register Globals
2. SQL Injection
3. No Input Filtering or Output Escaping

The list could go on forever, but it’s humbling to go look back at the first web application. How about you other readers, what are those fun glaring issues you can look back on?

Brandon Savage (@brandonsavage) wrote at 10/9/2009 1:16 pm:

The “smart person” I referred to is Keith Casey (@caseysoftware). He’s said it before and though I don’t know if he’s the origional he was right.

michael kimsal (@jsmag) wrote at 10/14/2009 9:05 am:

That ‘six month’ concept – interesting quip, and certainly something to give people some measuring post for growth. I have to wonder if it really applies to people who’ve been coding for a long time. I remember some of my PHP code from 10 years ago and cringe and know how to do things much better today.

But looking back at stuff from six months ago, I think it’s OK. I might have done some things differently, but it wouldn’t have made it ‘better’. I’m defining better as ‘solving the business problem’ first, and being understandable and moderately easy to maintain when I need to go back.

My own test is that if I can still be relatively productive on touching code from a year ago, meaning code is clean, enough documentation to get me around, and I can change what I need to without needing to rewrite it (or even *feeling the need* to rewrite it), I’m content with it.

This might just be a certain complacency with PHP (I’ve been doing it since 1996). I can (and do) use that 6 month rule on Grails projects and find room for improvement, because I don’t know idiomatic Groovy as well as I could. I can express my needs in code, but I can often find more productive ways going back later, either because I’ve rethought the problem, or because I understand the syntax and tools better X months down the line.

Nick wrote at 10/29/2009 10:35 am:

I am currently that ‘New PHP Programmer’ and I would like to offer my view on what the PHP community is doing right and wrong, from a somewhat personal experience.

Teaching the basic syntax is all good and needs to be done. There are a million tutorials on how to echo hello world and create a if statement.. thats a good thing

documentation is excelent, yet again a good thing.. but then we get into the troubled waters of dumbing down to far for beginners and teaching poor methods from the start.

ill begin with touching this very article.. somebody who downloads and installs apache/php and starts learning php today is not going to be starting on PHP4, more likely it will be a 5.x, The latest release of WAMP is 5.3, LAMP routinely ships with 5.1/5.2, now I am only new here..(note: sarcasm) but what are register_globals? If I cant use them why mention them? same goes for magic quotes and the other sixteen million different dont do this its bad but ohh yer your new YOU will WANT to do that.. because back in the PHP4 days when all us teachers leart thats what we did.. Well no, I want to learn to write good code from the beginning not learn bad code and then be told six months latter its bad code.

Learning to connect to a database? find a beginners guide that uses a class even better find a my first database tutorial that uses PDO or PEAR::DB.. Teaching the best practices from the beginning is a hell of a lot better, saves time and teaches more in a shorter amount of time.

I was fortunate enough that I had been exposed to conversations regarding OO PHP prior to me learning it.. so that is what ‘I’ went looking for now my first “application” is 2% complete yet I have built 6 classes I can use again and luckily stumbled across somebody using PDO.

I don’t know the difference between MYSQL and MYSQLI but I can prepare a statement bind the parameters and execute it. now if somebody could explain to me why I would need a object interface that did not involve printing weather or building a car I would be greatly appreciative.

The second disaster I have stumbled into is learning good code from bad code, depending on whose coding standard you read you either end up with functionNamesLikeThis or function_names_like_this why is one better then the other? to tab it or space it? and then there are good examples of code. I learn the best by a similar way to what terry mentioned, but rather then solving somebody else’s problems I try to learn by reading other peoples applications, yet for the life of me I can not find one well written example. drupal? wheres the classes for all them functions? I wrote hello world 2 weeks ago, my code may be bad.. but have you seen wordpress? wooft DONT TRY LEARNING ANYTHING FROM THAT!

examples teaching one thing are great but being able to see deep inside a fully functioning program teach you more.. so alas I shall continue to download read and delete till I find that mythical example of “good clean code”.

// sorry about the rant

Brandon Savage (@brandonsavage) wrote at 11/1/2009 8:00 pm:

Nick, I’m sorry that you feel we have done a poor job highlighting the beginning PHP techniques.

I’ve done my best to address many of your concerns: I wrote about the basics and more advanced concepts of writing functions (, and how to use PDO to connect to a database (one of your points, I spent a good amount of time talking about INI settings ( and linked to documentation on register_globals, rather than defining it, feeling that the manual does a better job explaining than I ever could.

The reality is that I’m not sure you’ll ever be satisfied with an example of “good clean code” (even though I did a whole series on refactoring here: because you want something very specific, that no blog is ever going to provide. The best I can offer you is that you keep reading the manual and keep working towards writing great code, because those two things will make you a fantastic programmer more than reading any blog ever could.

Nick wrote at 11/4/2009 6:32 pm:

Thanks Brandon :)

I just want to clarify something, I don’t feel that you or the comunity have done a poor job.. like I said ,most things are done very well.. its just those annoyances that get to you when learning.

In particular I feel you and your blog are one of those little bursts of sunshine. Hence why I felt the need to comment, you seem to be one of those people who likewise gets that a beginner should learn the right way not the wrong way. The advantage is you have the skills talent and knowledge to teach it the right way. That is how I ended up here after all. (it was not this article I found first)

As for that last point, I am not after anything specific, I’ve come to the conclusion, I think, that good code is subjective and that good code fragments may exist.. ie: that function that has been refactored to death, but on the whole no code is good nor really clean. ;)