WordPress First – Everything Else Second

I’ve decided to focus first on WordPress plugin development. I’d like to build a few plugins and explore the guts of WordPress before diving into themes and the latest developments in HTML, CSS and JavaScript.

Yes, I know the world seems to be shifting to a front-end-functionality-first mentality and I really need to build my skills there, but I feel like its best to start with the fundamentals. And what better place to start than building a WordPress plugin?

To start, I decided to read up on WordPress coding best-practices.

Coding Standards

I read the WP PHP Coding Standards today and I have to say I’m looking forward to going through the HTML, CSS, JavaScript and Accessibility standards. Seriously, and I love that WP has standards on accessibility!

The PHP standards were pretty simple, though the spacing standard around the array index puzzles me. Why no space around strings, but space around variables is expected? Wouldn’t it be simpler and more consistent to always have spaces around all array indexes, like just about everything else in PHP? Oh well, I’ll try, but I’m sure I’ll forget that one sometime in the near future!

Also, I feel like should have known about Yoda conditions, but I didn’t. I kinda like it. I mean, I get how it protects us from that common typed-only-one-equal-sign mistake, but it is annoying that it is only used for ==, !=, ===, and !== and not greater-than or less-than statements. Yet another exception to the rule to remember…

Data Validation

I also reviewed the Data Validation Codex and it goes without saying that this will prove incredibly helpful going forward, but I am now confused on what the preferred method for a database update is. Here’s what I mean…

In the WP PHP Coding Standards, the Formatting SQL Statements standard describes a properly formatted UPDATE statement as:

$var = "dangerous'"; // raw data that may or may not need to be escaped
$id = some_foo_number(); // data we expect to be an integer, but we're not certain

$wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_title = %s WHERE ID = %d", $var, $id ) );

and then goes on about always running prepare() at the last moment possible. I get that, but the example doesn’t seem to use the preferred method for database updates.

The Data Validation Codex doesn’t even mention query() and describes how insert() and update() will escape everything for me, no prepare() needed.

I write this not to complain (Thank you for your work volunteers!), but to remind myself to find the source of truth when it comes to preferred coding practices. For WordPress database functions, I assume that is the wpdb Codex and according to that document, update() is the way to go.

Final Thoughts

While looking for the Codex on wpdb, I found the WordPress Database Description page. I definitely need to spend some time getting to know that!

I think my next step will be to read up on Plugin development and find a few coding examples to play with.

I’m not sure how long this will take.

Follow me on Twitter: @amelungc