30symfonybestpractices 090904074841 Phpapp01

30 Symfony Best Practices
30 Symfony Best
Practices
SymfonyDay ’09, Cologne, Germany
September 4th, 2009
Nicolas Perriault
Best Practices?
A Best practice is a technique, method, process, activity, incentive or
reward that is believed to be more effective at delivering a particular
outcome than any other technique, method, process, etc.The idea is
that with proper processes, checks, and testing, a desired outcome
can be delivered with fewer problems and unforeseen
complications. Best practices can also be defined as the most
efficient (least amount of effort) and effective (best results) way of
accomplishing a task, based on repeatable procedures that have
proven themselves over time for large numbers of people.
-- Wikipedia, august 2009
Nicolas Perriault 2
Best Practices?
Making. Stuff. Efficient.
Nicolas Perriault 3
Best Practices?
• Moreover, best practices in software
development and symfony are all about:
• improving communication between

developers through standardization
• enhancing security, maintainability, portability

and interoperability by increasing code
quality
Nicolas Perriault 4
Disclaimer
• These best practices are not sorted by
importance, nor criticality
• All best practices listed here are debatable, at

least because they’re based on my own
experience
• There are always exceptions
• Some best practices are not symfony-specific ;

“Zake Igniter” developers, you can take some notes
too.
Nicolas Perriault 5
Let’s begin...
Nicolas Perriault
#0
• Always write “symfony” starting with a

small cap.
Nicolas Perriault 7
#0
• Always write “symfony” starting with a

small cap.
• Or maybe not (mostly depends on the result of rand(0, 1))
Nicolas Perriault 7
#1
• Manage the View within the View
• View is intended to be handled in templates
• Try to avoid the use of the view.yml file
• Try to avoid handling the view from the

controller (eeeek) or the model (you’re
fired)
• Slots can help (a lot)
Nicolas Perriault 8
#1
For example, handling <title> tag and assets:
Note: here the value of $defaultTitle could (should) be handled

in an app.yml configuration file
Nicolas Perriault 9
#1
• Remember this: if you’re a graphic designer/

integrator, you don’t want to deal with YAML or
complex PHP code to manage the presentation
Nicolas Perriault 10
#2
• Always enable output escaping and CSRF

protection
• starting with symfony 1.3, they’re enabled
by default
GOOD
#3
• Always call a redirect after posting data
• for security purpose
• for ergonomy
• to avoid duplicates in database
• don’t forget to add a flash message to the
end user after every transaction made
BAD
GOOD
#4
• No Propel Criteria or Doctrine_Query
instances, SQL queries and any ORM/RDBMS
specific calls should ever be found neither in
the templates nor in the actions.
• The more you couple your model to your
controllers and views, the more it’ll be hard
to change your persistence backend or
strategy.
BAD
Doctrine_Collection
BETTER
Array
GOOD
Array (ideally)
#5
• Symfony core files should never be
modified to add or change the features they
provide, but replaced through the
autoloading mechanism, or way better:
extended.
• Tweaking the factories.yml file and
catching native symfony events can help a lot
achieving this goal.
BAD
Unused
GOOD
#6
• The templates must contain PHP

alternative templating syntax, for
readability and ease of use.
BAD
GOOD
#7
• Verify cache settings, especially that the
cache is actually enabled in prod
environment. Don’t laugh, it happened quite
a lot.
• If you use cache, create a staging
environment to test the caching strategy if it
doesn't exist.
• Better: avoid using cache. No kidding.
GOOD
#8
• Use routes instead of raw module/action
couple in url_for(), link_to() and
redirect() calls.
• Also, default routes should be deactivated

by default (at least in apps which don’t run
admin-generator 1.0 modules)
#9
• All code comments, phpdoc, INSTALL,
CHANGELOG and README files, variables,
functions, classes and methods names and
more generally the developer
documentation, should be written in
English.
BAD
GOOD
#10
• Catch and log exception messages, display

human readable error messages to the end
user
BAD
GOOD
#11
• Only deploy production front controllers in

production
BAD
BAD
#12
• Ideally:
• A typical controller method should never
exceed ~30 lines.
• A typical controller class should never
have more than ~15 action methods.
x
BAD
Nicolas Perriault ~2000 lines on this actions class (the slidescreen size was to short to list them all). Unmaintenable. 39
#13
• Always apply consistent coding

standards.
• Always apply Symfony’s coding standards.
http://trac.symfony-project.org/wiki/HowToContributeToSymfony#CodingStandards
BAD
GOOD
#14
• Session persistence logic should

reside in sfUser derived class methods, and
only them.
BAD
GOOD
#15
• Never serialize objects in the session
BAD
GOOD
Note: of course, a setRecentlySeenProducts() method could have been implemented in the myUser class.
#16
• Always create customized 404 error and

500 error pages
BAD
GOOD
#17
• There should never be any direct use of
sfContext inside the Model layer (eg.
sfContext::getInstance())
• Because the sfContext instance you get can

differ a lot regarding the used env (cli, test,
dev, prod...)
• It would make your code quite untestable
• Yes, it’s hard.
BAD
BAD
GOOD
GOOD
#18
• Avoid creating a big generic utility class
with many static methods
• It's like reinventing procedural
programming or using functions
• Write specialized classes
#19
• Use sfLogger for debugging instead of

echoing variable or debug messages
• FirePHP(1) or FireSymfony(2) custom loggers
can be more than helpful to debug your app
(webservices for example)
(1) http://firephp.org/
(2) http://firesymfony.org/
GOOD
factories.yml
The FireSymfony Firebug extension for Firefox in action
#20
• If source code is managed through a SCM
tool, versioned files should NEVER contain
passwords, local paths, etc.
• Files containing them should be added to the

ignore directive
• Typical example: the databases.yml file
• Distribute platform-dependent configuration

files
BAD
GOOD
#21
• Write unit and functional tests:
• Unit test your business logic (please
don’t test symfony or Doctrine again, it’s
already done)
• Functionally test the user interface

when it’s important (eg.
404/403/401 HTTP codes, security and user
authentication, transactions and forms, etc.)
#21
Hint: you can write your own functional browser/
tester to avoid duplicate test code
#22
• Never use absolute paths in code, or at
least put them in YAML configuration files.
• Make your symfony project portable: use

dirname(__FILE__) to point at the symfony
libs in the project configuration class.
• You can put symfony lib in a lib/vendor dir.
BAD
GOOD
#23
• Data objects should always be represented
by a slug in urls, not a primary key
• For security: numeric PKs are easily

guessable, whereas slugs are not
• For URL usability and SEO:
/article/symfony-rulez.html is sexier
than /article/123.html
#24
• Every application or project specific
configuration variable should be
stored in its app.yml file
• You can share project-wide (cross-

applications) settings by putting an app.yml
file within the root config/ folder of the
project
BAD
GOOD
Default value
#25
• Avoid versioning any generated Base* class
file, especially if you want to write
reusable plugins or redistribute your
work.
• Maybe people will want to extend or add
behaviors to your model classes.
#26
• Use symfony tasks system for CLI batch
scripts
• Tasks have access to all the symfony
facilities
• Tasks are designed for the CLI
• Text output
• Pretty printing
#26
#27
• Alter request and response
programmatically by using filters.
• You can use the request.filter_parameters

and response.filter_content events too.
• Filters are easy to setup and to debug,

whereas events are more clean and
powerful. Matter of taste.
GOOD
GOOD
#28
• Always write a README, an INSTALL and a
CHANGELOG file at the root of the project
(or the plugin). If open sourced, a LICENSE
file is appreciated too.
• And please don’t release plugins under the
terms of the GPL license.
Symfony Plugin != Operating System
#29
• Share features and modules across

applications by writing plugins
• If it’s really cool, release it publicly
#30
• Study other frameworks code!
• They might have good, even better ideas
to solve the problem you have
• Even frameworks written in other
languages than PHP (Django, Rails,
Spring...)
Questions?
Nicolas Perriault
nperriault@gmail.com
+33 660 920 867
prendreuncafe.com | symfonians.net | symfony-project.org
Nicolas Perriault

30symfonybestpractices 090904074841 Phpapp01

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

30symfonybestpractices 090904074841 Phpapp01

Uploaded by

Copyright:

Available Formats

30 Symfony Best Practices

Making. Stuff. Efficient.

• improving communication between

• enhancing security, maintainability, portability

• All best practices listed here are debatable, at

• There are always exceptions

• Some best practices are not symfony-specific ;

• Always write “symfony” starting with a

• Always write “symfony” starting with a

• View is intended to be handled in templates

• Try to avoid the use of the view.yml file

• Try to avoid handling the view from the

• Slots can help (a lot)

Note: here the value of $defaultTitle could (should) be handled

• Remember this: if you’re a graphic designer/

• Always enable output escaping and CSRF

• The templates must contain PHP

• Also, default routes should be deactivated

• Catch and log exception messages, display

• Only deploy production front controllers in

• Always apply consistent coding

• Session persistence logic should

• Never serialize objects in the session

• Always create customized 404 error and

• Because the sfContext instance you get can

• It would make your code quite untestable

• Yes, it’s hard.

• Use sfLogger for debugging instead of

The FireSymfony Firebug extension for Firefox in action

• Files containing them should be added to the

• Typical example: the databases.yml file

• Distribute platform-dependent configuration

• Functionally test the user interface

• Make your symfony project portable: use

• For security: numeric PKs are easily

• You can share project-wide (cross-

• You can use the request.filter_parameters

• Filters are easy to setup and to debug,

• Share features and modules across

• If it’s really cool, release it publicly

prendreuncafe.com | symfonians.net | symfony-project.org

You might also like