--- name: PHP8-Development version: 1.0.0 Author: ChatGPT (GPT5.4 Thinking) (Quallity Control & corrections:justinsanjp) description: PHP8 Development skill train: false # mandatory --- # `php8-development-skill.md` ````md id="php8skill01" # PHP 8 Development Skill ## Goal Teach how to build real, maintainable, production-ready PHP 8 applications. This skill is focused on: - modern PHP 8+ - practical architecture - maintainable code - security - scalability - backend engineering - full application development The goal is not to teach “toy examples”. The goal is to teach how experienced developers build real systems. This includes: - APIs - web applications - authentication systems - admin panels - dashboards - SaaS platforms - automation systems - websocket integrations - queue systems - large backend architectures The explanations should remain understandable even when the concepts become advanced. --- # Core Philosophy Modern PHP is not “bad”. Bad PHP comes from outdated practices. This skill MUST use: - modern PHP 8 syntax - strict typing - Composer - PSR standards - namespaces - dependency injection - clean architecture principles - secure defaults Avoid outdated PHP practices. --- # Important Teaching Rules ## 1. Explain WHY Do not only explain: - what code does Also explain: - why it exists - why this approach is used - what problem it solves - what alternatives exist - what can go wrong Teaching the reasoning is more important than memorization. --- ## 2. Build Realistic Examples Examples should resemble real applications. Avoid: - fake school examples - meaningless demo variables - unrealistic systems Prefer: - user systems - authentication - APIs - invoices - uploads - admin systems - permissions - jobs - notifications - database workflows --- ## 3. Teach Incrementally Introduce complexity step by step. Start with: - fundamentals - small examples - isolated concepts Then gradually move toward: - multi-file applications - architecture - security - scalability - asynchronous systems - optimization --- # Modern PHP Standards Always prefer: - PHP 8.1+ - strict types - typed properties - constructor property promotion - enums - readonly where useful - attributes where appropriate - match expressions - union types - nullable types Use: ```php declare(strict_types=1); ```` in application files whenever possible. --- # Required Knowledge Areas # 1. PHP Fundamentals Teach: * variables * types * arrays * loops * conditions * functions * scope * references * error handling * includes/requires But explain them in modern ways. Avoid outdated habits. --- # 2. Modern OOP Deeply teach: * classes * objects * inheritance * interfaces * traits * abstract classes * encapsulation * polymorphism * composition * dependency injection Teach WHY composition is often better than inheritance. --- # 3. Namespaces & Autoloading Teach: * namespaces * PSR-4 * Composer autoloading * project structure Students should understand how large PHP applications are organized. --- # 4. Composer Composer is mandatory. Teach: * package installation * semantic versioning * autoloading * scripts * dependency management Do not teach manual library downloading unless historically relevant. --- # 5. HTTP & Web Fundamentals Teach: * HTTP methods * headers * cookies * sessions * request lifecycle * status codes * REST principles * forms * uploads A PHP developer must understand the web itself. --- # 6. Routing Systems Teach: * manual routing * route parameters * middleware * controllers * REST endpoints Explain how frameworks internally work. --- # 7. Databases Deeply teach: * SQL fundamentals * normalization * indexes * joins * transactions * constraints * migrations Teach both: * raw PDO * query builders * ORMs Students must understand SQL itself before relying on abstractions. --- # 8. PDO & Database Security Always use: * prepared statements * parameter binding Never teach: * unsafe query concatenation Explain: * SQL injection * escaping * transaction safety * connection handling --- # 9. Authentication Systems Teach complete auth systems: * registration * login * sessions * cookies * remember me * password hashing * password reset * MFA concepts * email verification Always use: * `password_hash()` * `password_verify()` Never teach insecure hashing. --- # 10. Authorization Teach: * roles * permissions * policies * ownership validation Explain why frontend-only permission checks are insecure. --- # 11. Validation Validate: * form inputs * query params * uploads * APIs * environment variables Teach: * sanitization * normalization * validation rules Never trust user input. --- # 12. File Uploads Teach: * upload validation * MIME checking * file size limits * secure storage * random filenames Explain: * upload vulnerabilities * executable upload attacks * directory traversal --- # 13. API Development Teach: * REST APIs * JSON responses * API authentication * rate limiting * versioning * error handling Use realistic API examples. --- # 14. Security Security is mandatory. Teach: * XSS * CSRF * SQL injection * SSRF * RCE * insecure deserialization * session hijacking * brute force attacks Explain: * prevention * mitigation * secure architecture Never normalize insecure shortcuts. --- # 15. Sessions & Cookies Teach: * secure cookies * SameSite * HttpOnly * Secure flags * session regeneration Explain: * fixation attacks * hijacking risks --- # 16. Architecture Teach application structure: * MVC * service layers * repositories * DTOs * middleware * events * queues Explain: * when abstraction helps * when abstraction hurts Avoid fake enterprise complexity. --- # 17. Error Handling Teach: * exceptions * custom exceptions * logging * graceful failures Avoid: * suppressing errors * empty catch blocks Production systems must fail predictably. --- # 18. Logging Teach: * structured logs * request logging * audit logs * error logs Never log: * passwords * secrets * tokens --- # 19. Environment Variables Teach: * `.env` * config separation * secret handling Never hardcode secrets. --- # 20. Queues & Background Jobs Teach: * queues * workers * retries * delayed jobs Examples: * email sending * report generation * notifications --- # 21. Real-Time Systems Teach: * websockets * broadcasting * event-driven architecture Examples: * chat systems * live dashboards * notifications --- # 22. Performance Teach: * caching * opcache * query optimization * pagination * lazy loading * eager loading Explain bottlenecks realistically. --- # 23. Testing Teach: * unit testing * integration testing * HTTP testing Use: * PHPUnit * Pest where appropriate Explain: * what should be tested * what should not --- # 24. Docker & Deployment Teach: * Docker basics * production environments * nginx * Apache * PHP-FPM * reverse proxies Students should understand deployment basics. --- # 25. Frameworks After fundamentals, teach frameworks: * Laravel * Symfony * Slim But students MUST understand: * what the framework abstracts * what happens underneath Do not create framework-dependent developers. --- # Laravel Teaching Rules Laravel should be taught as: * a productivity framework * not magic Explain internally: * service container * facades * middleware * Eloquent * queues * events Avoid: * “just trust the framework” --- # Project Structure Standards Teach realistic project organization: * `app/` * `config/` * `routes/` * `resources/` * `storage/` * `public/` * `tests/` Explain why structure matters. --- # Frontend Integration Teach: * Blade * templating * APIs * SPA backends * Inertia * frontend/backend separation PHP developers should understand full-stack workflows. --- # AI-Generated Code Avoidance Rules To avoid AI-looking PHP code: ## DO: * use meaningful domain naming * create realistic project structure * explain tradeoffs * handle edge cases * write intentional validation * structure services logically ## DON'T: * create giant God classes * overabstract everything * generate fake enterprise architecture * write endless helper functions * duplicate logic everywhere * hide everything behind magic Good PHP code feels intentional. --- # Teaching Style The teaching style should: * remain beginner-friendly * stay technically accurate * gradually increase depth * explain advanced topics clearly * avoid unnecessary jargon overload Advanced concepts should feel understandable. --- # Important Mindset Teach students to ask: * What can fail? * What should be validated? * What should be logged? * What can be abused? * What belongs in the database? * What belongs in services? * What should stay simple? --- # Final Rule A strong PHP developer: * understands the web * understands backend architecture * writes secure code * builds maintainable systems * understands databases * debugs effectively * can scale applications responsibly The goal is not to memorize syntax. The goal is to build real software professionally. ``` ```