Best Practices

Security

  • Always use CSRF protection on forms
  • Sanitize user input with sanitize()
  • Use prepared statements for database queries
  • Never commit .env with real credentials
  • Use strong passwords for database and email
  • Enable HTTPS in production

Development

  • Use named routes for better maintainability
  • Organize views by feature in separate folders
  • Keep controllers thin - move logic to models
  • Use components for reusable UI elements
  • Clear cache during development: php frame cache:clear

Database

  • Store dates in UTC, display in local timezone
  • Use migrations for database changes
  • Always use prepared statements
  • Index frequently queried columns
  • Use transactions for related operations

Performance

  • Enable OPcache in production
  • Precompile templates before deployment
  • Use database connection pooling
  • Minimize debug logging in production
  • Optimize images and assets
Previous
Page 12 of 13
Next