- Always backup your database at least once a month.
- Have autoincrement id for all entity tables.
- Before big destructive action on table, backup that table.
- Always log rare destructive (like delete 1 row) actions. Create table deleted stuff and make json dump of that row. Simply insert and forget.
- Always use prepared statements binding. SQL injection is not a joke (only when you need to run
where in with thousands of values, and you are 100% sure data is secure, for example array of int id you can run it).
- Try to make a lot of helper functions. But don't make mess out of it. Group them by meaning. If there is specific type it is about, make class for that type and place there helper functions.
- Be carefull. PHP has a lot of awkardness. For example, intval on string that starts with number will return you that int number.
- Have max execution time 5 seconds for public PHP scripts or/and set PHP curl timeout for those pages.