30 Symfony Best Practices

Nicolas Perriault

SymfonyDay ’09, Cologne, GermanySeptember 4th, 2009

Nicolas Perriault

Best Practices?A Best practice is a technique, method, process, activity, incentive or

reward that is believed to be more effective at delivering a particular outcome than any other technique, method, process, etc. The idea is that with proper processes, checks, and testing, a desired outcome

can be delivered with fewer problems and unforeseen complications. Best practices can also be defined as the most

efficient (least amount of effort) and effective (best results) way of accomplishing a task, based on repeatable procedures that have

proven themselves over time for large numbers of people.

-- Wikipedia, august 2009

Nicolas Perriault

Best Practices?

Making. Stuff. Efficient.

Nicolas Perriault

Best Practices?

• Moreover, best practices in software development and symfony are all about:

• improving communication between developers through standardization

• enhancing security, maintainability, portability and interoperability by increasing code quality

Nicolas Perriault

Disclaimer• These best practices are not sorted by

importance, nor criticality

• All best practices listed here are debatable, at least because they’re based on my own experience

• There are always exceptions

• Some best practices are not symfony-specific ; “Zake Igniter” developers, you can take some notes too.

Nicolas Perriault

Let’s begin...

Nicolas Perriault

• Always write “symfony” starting with a small cap.

Nicolas Perriault

• Always write “symfony” starting with a small cap.

• Or maybe not (mostly depends on the result of rand(0, 1))

Nicolas Perriault

#1• Manage the View within the View

• View is intended to be handled in templates

• Try to avoid the use of the view.yml file

• Try to avoid handling the view from the controller (eeeek) or the model (you’re fired)

• Slots can help (a lot)

Nicolas Perriault

#1For example, handling <title> tag and assets:

Note: here the value of $defaultTitle could (should) be handled in an app.yml configuration file

Nicolas Perriault

• Remember this: if you’re a graphic designer/integrator, you don’t want to deal with YAML or complex PHP code to manage the presentation

Nicolas Perriault

• Always enable output escaping and CSRF protection

• starting with symfony 1.3, they’re enabled by default

Nicolas Perriault

GOOD30 Symfony Best Practices

Nicolas Perriault

#3• Always call a redirect after posting data

• for security purpose

• for ergonomy

• to avoid duplicates in database

• don’t forget to add a flash message to the end user after every transaction made

Nicolas Perriault

BAD30 Symfony Best Practices

Nicolas Perriault

#4• No Propel Criteria or Doctrine_Query

instances, SQL queries and any ORM/RDBMS specific calls should ever be found neither in the templates nor in the actions.

• The more you couple your model to your controllers and views, the more it’ll be hard to change your persistence backend or strategy.

Nicolas Perriault

Doctrine_Collection

Nicolas Perriault

BETTER30 Symfony Best Practices

Nicolas Perriault

Array (ideally)

Nicolas Perriault

#5• Symfony core files should never be

modified to add or change the features they provide, but replaced through the autoloading mechanism, or way better: extended.

• Tweaking the factories.yml file and catching native symfony events can help a lot achieving this goal.

Nicolas Perriault

Unused

Nicolas Perriault

• The templates must contain PHP alternative templating syntax, for readability and ease of use.

Nicolas Perriault

#7• Verify cache settings, especially that the

cache is actually enabled in prod environment. Don’t laugh, it happened quite a lot.

• If you use cache, create a staging environment to test the caching strategy if it doesn't exist.

• Better: avoid using cache. No kidding.

Nicolas Perriault

• Use routes instead of raw module/action couple in url_for(), link_to() and redirect() calls.

• Also, default routes should be deactivated by default (at least in apps which don’t run admin-generator 1.0 modules)

Nicolas Perriault

• All code comments, phpdoc, INSTALL, CHANGELOG and README files, variables, functions, classes and methods names and more generally the developer documentation, should be written in English.

Nicolas Perriault

• Catch and log exception messages, display human readable error messages to the end user

Nicolas Perriault

• Only deploy production front controllers in production

Nicolas Perriault

• Ideally:

• A typical controller method should never exceed ~30 lines.

• A typical controller class should never have more than ~15 action methods.

Nicolas Perriault

x~2000 lines on this actions class (the slidescreen size was to short to list them all). Unmaintenable. 39

Nicolas Perriault

• Always apply consistent coding standards.

• Always apply Symfony’s coding standards.http://trac.symfony-project.org/wiki/HowToContributeToSymfony#CodingStandards

Nicolas Perriault

• Session persistence logic should reside in sfUser derived class methods, and only them.

Nicolas Perriault

• Never serialize objects in the session

Nicolas Perriault

Note: of course, a setRecentlySeenProducts() method could have been implemented in the myUser class.

Nicolas Perriault

• Always create customized 404 error and 500 error pages

Nicolas Perriault

#17• There should never be any direct use of

sfContext inside the Model layer (eg. sfContext::getInstance())

• Because the sfContext instance you get can differ a lot regarding the used env (cli, test, dev, prod...)

• It would make your code quite untestable

• Yes, it’s hard.

Nicolas Perriault

• Avoid creating a big generic utility class with many static methods

• It's like reinventing procedural programming or using functions

• Write specialized classes

Nicolas Perriault

• Use sfLogger for debugging instead of echoing variable or debug messages

• FirePHP(1) or FireSymfony(2) custom loggers can be more than helpful to debug your app (webservices for example)

(1) http://firephp.org/(2) http://firesymfony.org/

Nicolas Perriault

The FireSymfony Firebug extension for Firefox in action

factories.yml

Nicolas Perriault

#20• If source code is managed through a SCM

tool, versioned files should NEVER contain passwords, local paths, etc.

• Files containing them should be added to the ignore directive

• Typical example: the databases.yml file

• Distribute platform-dependent configuration files

Nicolas Perriault

#21• Write unit and functional tests:

• Unit test your business logic (please don’t test symfony or Doctrine again, it’s already done)

• Functionally test the user interface when it’s important (eg. 404/403/401 HTTP codes, security and user authentication, transactions and forms, etc.)

Nicolas Perriault

#21Hint: you can write your own functional browser/

tester to avoid duplicate test code

Nicolas Perriault

• Never use absolute paths in code, or at least put them in YAML configuration files.

• Make your symfony project portable: use dirname(__FILE__) to point at the symfony libs in the project configuration class.

• You can put symfony lib in a lib/vendor dir.

Nicolas Perriault

#23• Data objects should always be represented

by a slug in urls, not a primary key

• For security: numeric PKs are easily guessable, whereas slugs are not

• For URL usability and SEO: /article/symfony-rulez.html is sexier than /article/123.html

Nicolas Perriault

#24• Every application or project specific

configuration variable should be stored in its app.yml file

• You can share project-wide (cross-applications) settings by putting an app.yml file within the root config/ folder of the project

Nicolas Perriault

Default value

Nicolas Perriault

• Avoid versioning any generated Base* class file, especially if you want to write reusable plugins or redistribute your work.

• Maybe people will want to extend or add behaviors to your model classes.

Nicolas Perriault

#26• Use symfony tasks system for CLI batch

scripts

• Tasks have access to all the symfony facilities

• Tasks are designed for the CLI

• Text output

• Pretty printing

Nicolas Perriault

#27• Alter request and response

programmatically by using filters.

• You can use the request.filter_parameters and response.filter_content events too.

• Filters are easy to setup and to debug, whereas events are more clean and powerful. Matter of taste.

Nicolas Perriault

• Always write a README, an INSTALL and a CHANGELOG file at the root of the project (or the plugin). If open sourced, a LICENSE file is appreciated too.

• And please don’t release plugins under the terms of the GPL license. Symfony Plugin != Operating System

Nicolas Perriault

• Share features and modules across applications by writing plugins

• If it’s really cool, release it publicly

Nicolas Perriault

• Study other frameworks code!

• They might have good, even better ideas to solve the problem you have

• Even frameworks written in other languages than PHP (Django, Rails, Spring...)

Nicolas Perriault

Questions?

Nicolas Perriaultnperriault@gmail.com+33 660 920 867

prendreuncafe.com | symfonians.net | symfony-project.org

30 Symfony Best Practices

Technology

BEST PRACTICES 2019-2020 7.2 Best Practices Best Practice

deSymfony 2017: Symfony 4, Symfony Flex y el futuro de Symfony

Best Practices Guide: Vyatta Firewall - Brocade...Best Practices Guide

Apache NiFi Configuration Best Practices · Apache NiFi Configuration Best Practices Configuration Best Practices If you are running on Linux, consider these best practices. Typical

Sustainable Minerals Development: Best Practices in ASEAN · Best Practices in Minerals Mining Best Practices in Minerals Processing Best Practices in Minerals Distribution The 1

TAB Best Practices. Peer Board Top Best Practices

Best Practices for Integrating Art into Capital Projects€¦ · Best Practices for Integrating Art into ... These Best Practices provide guidance to transit agencies ... Best Practices

O Busines s Best Practices OF FINANCIAL MANAGEMENTfiles.optometrybusiness.com/Best Practices of... · 2015 Best Practices in Financial Management 1 Welcome to Best Practices of Financial

2015 Fat Loss Best Practices...2015 Fat Loss Best Practices 2015 Fat Loss Best Practices 2015 Fat Loss Best Practices Sprint Intervals

Best Practices of RUSA Funded Institutions of Karnatakarusa.nic.in/download/385/best-practices/5522/best-practices-of... · Best Practices of RUSA Funded Institutions of Karnataka

Best Practices Best Practices for Reducing Your Attack Surfacelp.skyboxsecurity.com/rs/...Best-Practices-Reduce-Attack-Surface-W… · Best Practices for Reducing Your Attack Surface

Java Best Practices for Developing and - · PDF fileJava Best Practices for developing and deploying • Best Practices for Performance • Best Practices for Security • Best Practices

BEST PRACTICES GUIDE Nimble Storage Best Practices … · BEST PRACTICES GUIDE . Nimble Storage Best Practices for CommVault Simpana*. Efficient Nimble Storage snapshots managed by

The Best Practices Book - Symfony, High Performance PHP ... · The Best Practices Book ... like discussions about Dependency Injection or front ... Composer1 is the package manager

Best Practices for PowerPoint! Welcome! Best Practices for Presentations

Official Symfony Best Practices

Best Management Practices Best Management Practices

The Best Practices Book - Programmer Books · The Symfony Framework Best Practices The Symfony Framework is well-known for being really flexible and is used to build micro-sites,

Best Practices PaPer Best Practices ON cONFiscatiON Practices on Confiscation... · Best Practices PaPer Best Practices ON cONFiscatiON (RECOMMENDATIONS 4 AND 38) AND A FRAMEWORK

SYMFONY Consulting - womentalkbusiness.info · SYMFONY Consulting Dr. Sabine M. Fischer 1 +43 676 840 321 871 -7 SYMFONY Consulting SYMFONY Consulting SYMFONY Consulting