php-best-practices_skill

This skill helps you write, review, and refactor PHP code by applying security, performance, and PSR-aligned best practices.
  • JavaScript

0

GitHub Stars

4

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill jcastillotx/vibe-skeleton-app --skill php-best-practices

  • metadata.json593 B
  • package.json520 B
  • README.md1.6 KB
  • SKILL.md2.8 KB

Overview

This skill codifies PHP coding standards and best practices for writing, reviewing, and refactoring PHP code. It prioritizes security, error handling, and performance while covering type safety, OOP patterns, PSR standards, testing, and modern PHP features. Use it as a checklist to raise code quality across applications, WordPress plugins, and Laravel projects.

How this skill works

The skill inspects PHP tasks and recommends targeted rules based on priority categories such as security (critical), error handling, and performance. It maps common issues to concise rules (prefixed for clarity) and suggests concrete fixes like input validation, password hashing, OPcache usage, and strict typing. Results include actionable guidance you can apply immediately during development or code review.

When to use it

  • Writing new PHP application code or modules
  • Reviewing or refactoring existing PHP codebases
  • Developing WordPress plugins, themes, or Laravel packages
  • Implementing security hardening or performance tuning
  • Preparing code for CI, testing, or deployment

Best practices

  • Treat security rules as highest priority: validate inputs, escape outputs, avoid eval, and use password_hash()
  • Use structured error handling: catch exceptions, define domain exceptions, and configure error reporting
  • Optimize performance: enable OPcache, leverage Composer autoloading, and use generators for large data
  • Enforce type safety: declare strict_types, explicit return types, and use nullable/union types where appropriate
  • Follow PSR standards: PSR-12 for style, PSR-4 for autoloading, and PSR-7 for HTTP messages
  • Prefer modern OOP: dependency injection, small interfaces, final classes, and constructor property promotion

Example use cases

  • Audit a Laravel controller to add input validation, typed return signatures, and PSR-compliant logging
  • Refactor a WordPress plugin to remove direct database queries, add prepared statements, and escape outputs
  • Convert legacy scripts to use Composer autoloading, enable OPcache, and introduce strict_types for safety
  • Add domain-specific exceptions and centralized error logging to improve observability
  • Apply generator-based streaming to memory-heavy imports to reduce peak memory usage

FAQ

Security rules are critical: validate and sanitize inputs, escape outputs by context, avoid eval, and use strong password hashing.

How do I adopt these guidelines incrementally?

Start by enforcing security and error-handling rules, then add type declarations and PSR compliance. Tackle performance and modern PHP changes in smaller refactor iterations.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational