PHP Code Review Guidelines

Does the code fulfill the specified requirements?

The code is easy to get.

Follows coding conventions.

Names are simple and if possible short.

Are functions/methods appropriately named and scoped.

Names of function, variable and class are spelt correctly.

Is there any duplicated code that can be refactored into reusable functions or methods.

No hard coded constants that could possibly change in the future.

Data validation must be done on the server side.

Ensure error messages do not leak any information.

All variables are in the smallest scope possible.

There is no commented out code.

Ensure username and password are not available in logs.

There is no dead code (inaccessible at Runtime).

Variables are not accidentally used with null values.

Complex code must be properly commented on to increase readability.

Ensure the logging mechanism is implemented for critical functionality.

Are naming conventions consistent and descriptive.

No complex/long boolean expressions.

Are user inputs properly sanitized to prevent SQL injection, XSS, CSRF, etc.

No empty blocks of code.

Ideal data structures are used.

Ensure sensitive information is transmitted in encrypted form.

Blocks of code inside loops are as small as possible.

null is not returned from any method.

Are caching mechanisms implemented where appropriate.

Are database queries optimized, avoiding unnecessary calls or redundant operations.

Are resources efficiently managed, such as closing database connections after use.

Are indentation and formatting consistent.

Are unit tests written to cover critical parts of the codebase.

Loops have a set length and correct termination conditions.

No object exists longer than necessary.

All data inputs are checked (for the correct type, length/size, format, and range).

Is the code compatible with prod versions of PHP?

Are dependencies pinned to specific versions to ensure consistency across environments?