Keep them coming.

When I interview a LAMP candidate I’m usually looking first at what kind of OOP experience they have. Do they know the difference between an object and a class? Do they understand inheritance, extending classes? Have they ever used any common design patterns? Singletons? Factory methods? Do they know what $this is? If you have an kind of enterprise codebase, it’s essential to understand the big picture if you are going to make meaningful contributions.

I would be extremely happy in your above example if a developer simply said to me: “User input should never be trusted, the $_GET argument should be run through a sanitation method then placed in an appropriately named array, i.e. $clean['query']“.

Passing the ENT_QUOTES argument to htmlspecialchars to ensure that single quotes (’) are also escaped isn’t strictly necessary in this case, but it’s a good habit to get into.

Um, why do this if it “isn’t strictly necessary”? As far as I can tell, this practice is of no use whatsoever in this or any other case. If you’re escaping <, >, &, and perhaps ", that’s all you need.

“Passing the ENT_QUOTES argument to htmlspecialchars to ensure that single quotes (’) are also escaped isn’t strictly necessary in this case, but it’s a good habit to get into.”
Very dependent on the context, fx can be a very bad habbit when used i generateed javascript. Also a place where I prefer a wrapper function.

And the little issues about () around echo, I would read the company’s code standard, before I removed it.

And one thing IHMO that makes good PHP code, is the planning before You opens the editor.

Sessions, security and even Cookies, all have the same areas that compound with a vast amount of opinions, too many ways of producing the same code (OOP or simplified functions) that do the same thing and way too many controversies on how to produce the most secure code with no real answer.

You can simply confuse yourself to the point of mental breakdown just looking for a correct way of handling security issues pertaining to sessions.

And no, that is not a good thing. Having too many options to produce code is why PHP is constantly under the microscope and controversy of “secure applications” and why most employers dont take PHP seriously. After all, the general misconception is that most of us that develop PHP applications are simply people that stumbled onto a easy format to program with and as a result, think we are developers. The same thought process exudes highly in most college campuses that rely stringently on Flash, Java and .NET curriculum. When you walk into a college and see a Microsoft plaque of recognition and sponsorship hanging on the wall, you can pretty much forget programming in PHP.

So, what does that have to do with anything? Where do you go to school to get a Bachelors degree in PHP programming? Where do you go to get a Masters degree in PHP programming? Nowhere really. At least around here. There is no such thing. But, if you want to be a .NET, Java or Flash developer, I can show you 30 jobs that I received in just the last 4 days.

Employers want to see that Degree hanging on your wall and use that degree to base their pay rates upon, whether or not the technology you use is actually better than what they are using.

Just think of it like this, to make it real short and sweet. Why do most employers use M$ servers and not Linux servers?

It is true that anyone with a little smarts can create a decent (and sometimes pretty sophisticated) php website. And that, I think, is what most employers see.

However, the real difficulty is that getting from the decent to the elegant and from the pretty safe to the really secure is a hard road. There are few available classes and very little training exists. Learning from books and the school of hard knocks is difficult, especially when there are many ways of doing just about everything in PHP.

I’ve gotten to the point where I do get paid for my work as a contractor building database-driven websites. Maybe not a LOT, but enough so that I feel decent about the resultant hourly wage.

Most of the “how-to” materials for advanced php programming assumes an understanding of some other language. Available information is often contradictory and incomplete. The php manual is excellent, but only if you know what you’re looking for to start with.

PHP programmers will probably become more standardly paid when there is a clearly defined path charting the beginner, novice, amateur, advanced, professional and master. It will also be easier for php programmers (and scripters) to get better at their skills.

Once there are more truly professional and master php programmers, then we’ll see more advanced enterprise websites built and running with php. And THAT is what will get higher pay for all of us.

I have worked on PHP/ JSP/ .NET but have a feeling that.. compared to ASP.net and Java, PHP don’t have a proper IDE. I am aware that lot of IDE’s from zend, eclipse, Nusphere etc are there in the market. But personally I don’t find any of them useful and handy like Visual studio or Net beans.

I will appreciate your comments on this. And will like to know how you are managing it?