4. Use a Version Control System to Maintain Project files, Except Configuration files
5. Track PHP Errors with Assertion Condition Tests
6. Do Not Display PHP Errors on your Web pages
4. Use a Version Control System to Maintain Project files, Except Configuration files
You should always use a version control system (VCS) to maintain your application source code, but keep in mind that the configuration/local.php script should never be committed to the VCS repository. The reason for this is that it is not a static file in your project. It is different depending on whether you are in the development, staging or production environment.
The default values for the options in the configuration class should be the ones to be used in the production environment, except for sensitive values that are related with the application security, like for instance the database access host name, user and password.
The reason for this is that only your staff that has access to the production server should be able to know those sensitive values. It would be dangerous if for some reason you need to fire a developer that knows how to access the databases in your production server. He could destroy your application database as revenge for getting fired.
5. Track PHP Errors with Assertion Condition Tests
Once you deploy to the production server, some bugs may still creep in. This is bad, but the reality is that it happens regularly. Do not blame yourself for not having done enough testing on the development and staging environments. You may be a good developer, but nobody is perfect. We are human, therefore our software will always have bugs.
Assuming that we will never be able to write 100% bug free software, the next thing you should do is to try to detect the symptoms of bugs to minimize the eventual damages caused by the bugs. You can do that by inserting some assertion code, I mean code that tests conditions that should never be true at run time.
Take a look at this example. It checks a condition that should never happen and makes the script exit before crashing, passing a meaningful error message to the configuration class above, so it can fail gracefully.
if($y == 0)
{
$options->error = ‘$y is 0 near line ‘.__LINE__.’ of ‘.__FILE__;
$options->Fail();
}
$x = 1 / $y;
6. Do Not Display PHP Errors on your Web pages
This is fine but in real projects that you do not know where you have your bugs, it is hard to anticipate where you should place your assertion condition checks.
If the assertion code above is not present, the PHP code runs code that triggers a PHP warning.
These warnings are useful but for security reasons you should never show PHP runtime error messages to your users. Otherwise people with malicious intentions could use the information disclosed by the PHP error messages to abuse from your site somehow.
You can prevent that PHP displays errors on the your Web page output by having the following line in your php.ini configuration file:
display_errors = Off
Source From: http://www.phpclasses.org