Top 5 PHP Code Review Checklist

For better PHP code follow this Top checklist for more lasting software; readability and cleanliness, efficiency, security, scalability, testing, etc.

Digital Delivery
6 min
Digital Delivery
Top 5 PHP Code Review Checklist

Code review is an essential component of any software development workflow. Once developers have finished writing a piece of code, it’s tremendously helpful to have other people look over and test the code, identifying any bugs or inefficiencies.

While the code review process is intensive and time-consuming by design, you can still make it faster and simpler with the right code review tools.

So what should PHP developers consider when getting a code review for their software?

PHP review checklist

Below, we’ll offer a complete PHP code review checklist so that you can cover all your bases.

1. Readability and Cleanliness

The first step is to make sure that your PHP code is clean and readable so that both you and other developers can easily understand it.

Make sure to consider the following issues:

  • Is the code formatting written in the same style as the rest of the project?
  • Is the code well-described with comments or other documentation?
  • Is it easy to discern the purpose of a given PHP function or class?
  • Does the code throw exceptions or display appropriate error messages when something goes wrong?
  • Are any variable, function, or file names unclear or inconsistent?
  • Are there still large blocks of code commented out that should be deleted?
  • Are there duplicate sections of code that can be removed or condensed?
  • Can large files be refactored or broken down into smaller components that are easier to comprehend?

For a better and clearer answer to readability and cleanliness, try to be honest when making these questions to yourself or your team. Otherwise trying to create a fictional picture of the situation won't contribute towards a sustainable and resilient code in place.

2. Efficiency

Once you’ve handled the issue of basic readability, the next step is to optimize the speed, efficiency, and performance of your PHP code.

First, what you need to do is to take a step back and consider whether you’re “reinventing the wheel” unnecessarily.

Are there any classes or functions you’ve defined that could be accomplished with native PHP libraries instead?

In particular, examine your use of PHP data structures. Arrays are the only built-in PHP data structure, but they come with a variety of functions for traversing and manipulating them.

However, the PHP extension Ds introduces many powerful alternative data structures, such as vectors, deques, maps, sets, and more.

Beyond your use of data structures, also investigate whether the algorithms that use these data structures are as efficient as they could be.

Are you consuming more time or memory than you need to by using an inefficient algorithm?

3. Security

Security is often overlooked during the development process since most programmers are primarily focused on building a working end product.

However, security is especially important for languages like PHP that are frequently used for web development, making them a high-profile target for attackers.

PHP code reviews should do a thorough check for common security vulnerabilities such as:

  • Cross-site scripting (XSS): In cross-site scripting, the attacker uses the client’s browser to run malicious JavaScript code. To prevent an XSS attack, your PHP code should sanitize user input to make sure that the browser interprets any malicious code as HTML instead.
  • SQL injection: SQL injections, like cross-site scripting, occur when a system wrongly interprets user input as code and executes it. In this case, the attacker’s input contains SQL code that attempts to access or modify the contents of an internal database. Also like XSS, SQL injections can be prevented by sanitizing user input and rendering it harmless.
  • Cross-site request forgery (CSRF): In a CSRF attack, the attacker takes advantage of users who are logged into your website, essentially “riding along” and using their credentials to issue a malicious request. To prevent CSRF attacks, you can issue CSRF tokens only to legitimate users, allowing you to distinguish real user requests from false ones.

The list of potential PHP vulnerabilities is too long to discuss here. Websites such as CVE Details and OWASP are invaluable resources for PHP security.

4. Scalability

Scalability is the ability of a website or application to perform well under unexpectedly high loads or levels of traffic.

Your website's scalability and uptime should be an essential concern for your business. For example, a 63-minute outage on Amazon's website during its "Prime Day" sale cost the company an estimated $99 million.

Although the stakes may not be as high for your company, scalability issues are important for organizations of all sizes and industries.

Consider how the code would behave under periods of very high usage when conducting PHP code reviews.

For example, what would happen to your homepage if it goes viral and is hit with dozens of requests per second?

5. Testing

During a PHP code review, your code should be thoroughly tested to ensure that it’s ready for deployment.

The types of software testing you might use include:

  • Functional testing: Functional testing ensures that an application fulfills the business requirements for which it has been created.
  • Unit testing: In unit testing, small individual parts of the codebase are tested to ensure that they work correctly.
  • Integration testing: Integration testing, which is the next step after unit testing, verifies that different parts of the application can be integrated and work together correctly.
  • Performance testing:Performance testing evaluates an application’s speed and performance under different testing conditions.


Code reviews can be time- and labor-intensive, but your thorough efforts will be rewarded with high-quality PHP code.

By following the PHP code review checklist above, your software will be more comprehensible, performant, and secure, which will pay dividends for your business.

From application development to software delivery, our team of skilled experienced IT professionals helps our clients achieve digital excellence.

To learn more about Adservio services and how we can help you, get in touch with us today and let us know your business needs and objectives.

Published on
December 1, 2021

Industry insights you won’t delete. Delivered to your inbox weekly.

Other posts