A cheat sheet, listing some guidelines for good coding practices.

Indenting
- Use tabs for indenting.
- Set tab to 4 spaces.
- Keep lines <80 chars long, for better readability.

Spacing and Linefeeds

- No trailing whitespace at the end of the lines.
- Use Unix style formatting.
* Lines must end only with a line feed (LF).
* All text files should end in a single newline (\n) after the closing PHP tag (?>).
- If you are using Windows platform for development, please set your editor to save files in Unix format.

Naming Conventions

- Use the following naming conventions.
* filenames-in-general
* javascriptFunctions
* javascriptVariables
* mysql_columns
* mysql_tables
* _php_global_vars
* php_functions
* php_variables
* CONSTANT_NAMES
* phpClassMethods
* phpClassNames
* README.txt

Arrays

- Arrays should be formatted with a space separating each element (after the comma)

$array_number_one = array('this', 'is', 'foo' => 'bar');

- If the line declaring an array spans longer than 80 characters, each element should be broken into its own line with proper indentation.
$form['title']=array(
'#type'=>'textfield',
'#title'=>'Post Title',
'#maxlength' => 32,
'#required' => TRUE,
'#size' => 15,
);

Function Arguments

- Function arguments should be separated by spaces, both in the definitions and in function calls. There should not be any spaces between the arguments and the opening and closing brackets, or between the function name and the opening bracket.

Eg: function this_is_a_test($argument1, $argument2)

- Arguments with default values should always go at the end of the argument list.
Eg: function this_is_a_test($argument1, $argument2, $argument3 = 'abc')

PHP Code Layout

- Do NOT combine multiple lines of code into a single line, even if they are comments or debug statements.

Eg:

$variable = $something + $something; $another_variable = $something_else; echo "test"; //WRONG

Correct way:

$variable = $something + $something;

$another_variable = $something_else;

echo "test";

- Braces should ALWAYS be included when writing code using if, for, while etc. blocks. No exceptions here, even if the braces could be omitted. Leaving out braces makes code harder to maintain in the future and can also cause bugs that are very difficult to track down.

Eg:
Wrong practices:
if ($condition1) echo "some code";
if ($condition1)
echo "some code";
else
echo "some code";

Correct way:
if ((condition1) || (condition2)) {
//action1
} elseif ((condition3) && (condition4)) {
//action2
} else {
//default action
}

- Control statements should have one space between the control keyword and opening parenthesis.

- Split lengthy IF statements into several lines.
if (($condition1
&& $condition2)
|| $condition3
|| $condition4
) {
//do something
}

SQL Code Layout

- Do NOT hard code db_prefix in table names. (Specific to Drupal).
- Always capitialise all SQL keywords (SELECT, FROM, VALUES, AS etc.) and leave everything else in the relevant case.
- If you are using WHERE clauses to return data corresponding to a set of conditions, enclose those conditions in brackets in the same way you would for PHP if blocks.

Eg: SELECT * FROM {node} WHERE ( (rid = 5) AND ((type = 'recording') OR (blah = 'somevalue')) )

- Split lengthy SQL statements into several lines.

Quoted Strings

- Strings in PHP can either be quoted with single quotes (”) or double quotes (”"). The difference between the two is that the parser will use variable-interpolation in double-quoted strings, but not with single-quoted strings. So if your string contains no variables, use single quotes, otherwise, use double quotes.

SQL Injection

- Make sure your SQL code does not expose SQL Injection vulnerability.

Eg: This code is prone to SQL Injection.
db_query("INSERT into {node} (nid, vid, type, uid, created, changed) VALUES($nid, $vid, '" . $type . "', $user->uid, $created, $changed)");

Instead, use:
db_query("INSERT into {node} (nid, vid, type, uid, created, changed) VALUES(%d, %d, '%s', %d, %d, %d)",$nid, $vid, $type , $user->uid, $created, $changed);