Starting with version 126.96.36.199, the PrestaShop Core codebase has switched to the PSR-1 coding standard and PSR-2 coding style guide. See the reasons why on the announcement article on the Build PrestaShop devblog.
This page is kept up for reference's sake.
If you are developping new modules for PrestaShop 188.8.131.52+, or contributing to the PrestaShop project, you are not supposed to use these guidelines anymore. Please follow the current coding standards. Thank you.
Table of contents
- Installing the code validator (PHP CodeSniffer)
Just like class, method and function names, variable names should be written in English so as to be readable to as many people as possible.
Use lowercase letters, and separate words using underscores. Do not ever use CamelCase for variable names, only for method/function and object/class names.
- Corresponding to data from databases:
- Corresponding to algorithm:
- The visibility of a member variable does not affect its name:
- There should be a space between variable and operators:
=" and any combination of them (e.g. "
/=") need a space between their left and right members.
." does not have a space between its left and right members.
For performance reasons, please do not overuse concatenation.
.=" needs a space between its left and right members.
When testing a boolean variable, do not use a comparison operator, but directly use the value itself, or the value prefixed with an exclamation mark:
for: need a space between the
ifkeyword and the parentheses
When a combination of
elseis used and both can return a value, the
elsestatement has to be omitted.
We recommend you to use only one
returnstatement per method/function.
When a method/function returns a boolean and the current method/function's returned value depends on it, the
ifstatement has to be avoided.
Tests must be grouped by entity.
- The visibility must be defined every time, even when it is a public method.
The order of the method properties should be:
visibility static function functionName().
Method / Function names
Method and function names always use CamelCase: begin with a lowercase character and each following words must begin with an uppercase character.
Braces introducing method code have to be proceeded by a carriage return.
Method and function names must be explicit, so function names such as
ef()are completely forbidden.
The only exceptions are the translation function (called
l()) and the debug functions (named
Commas have to be followed (and not preceded) by a space.
Objects / Classes
Object name must be singular.
Class name must follow the CamelCase practice, except that the first letter is uppercase.
- Constant names must be written in uppercase, except for "true", "false" and "null" which must be lowercase:
Constant names have to be prefixed with "
PS_" inside the core and module.
- Constant names should only use alphabetical characters and "_".
All keywords have to be lowercase:
as, case, if, echo, null.
Configuration variables follow the same rules as defined above.
Strings have to be surrounded by simple quotes, never double ones.
- Inside functions and methods, only the "
//" comment tag is allowed.
After the "
//" comment marker, a space is required:
//" comment marker is tolerated at the end of a code line.
Outside of functions and methods, only the "
/*" and "
*/" comment markers are allowed.
A phpDoc comment block is required before the declaration of the method.
For more informations
For more information about the PHP Doc syntax: http://manual.phpdoc.org/HTMLSmartyConverter/HandS/phpDocumentor/tutorial_tags.pkg.html.
returnstatement does not need brackets, except when it deals with a composed expression.
returnstatement can be used to break out of a function.
Performing a function call preceded by a "
@" is forbidden, but beware of function/method call with login/password or path arguments.
There must be an empty line after the PHP opening tag.
- The PHP closing tag is forbidden at the end of a file.
- The tabulation character ("
\t") is the only indentation character allowed.
Each indentation level must be represented by a single tabulation character.
arraykeyword must not be followed by a space.
When too much data is inside an array, the indentation has to be as follows:
Braces are prohibited when they only define one instruction or a combination of statements.
All users' data (data entered by users) has to be cast.
getValue()does not protect your code from hacking attempts (SQL injections, XSS flaws and CRSF breaches). You still have to secure your data yourself.
One PrestaShop-specific securization method is
pSQL($value): it helps protect your database against SQL injections.
All method/function's parameters must be typed (when
Object) when received.
For all other parameters, they have to be cast each time they are used, except when they are sent to other methods/functions.
- Source code lines are limited to 150 characters wide.
- Functions and methods lines are limited to 80 characters. Functions must have a good reason to have an overly long name: keep it to the essential!
- It is forbidden to use a ternary into another ternary, such as
echo ((true ? 'true' : false) ? 't' : 'f');.
- We recommend the use of
||into your conditions instead of
echo ('X' == 0 && 'X' == true).
Please refrain from using reference parameters, such as:
Table names must begin with the PrestaShop "
- Table names must have the same name as the object they reflect: "
- Table names have to stay singular: "
- Language data have to be stored in a table named exactly like the object's table, and with the "
_lang" suffix: "
Keywords must be written in uppercase.
Back quotes ("
`") must be used around SQL field names and table names.
Table aliases have to be named by taking the first letter of each word, and must be lowercase.
When conflicts between table aliases occur, the second character has to be also used in the name.
A new line has to be created for each clause.
- It is forbidden to make a
Installing the code validator (PHP CodeSniffer)
This is a brief tutorial on how to install a code validator on your PC and use it to validate your files. The code validator uses PHP CodeSniffer, which is a PEAR package (http://pear.php.net/package/PHP_CodeSniffer/). The PrestaShop code standard was created specifically for CodeSniffer, using many rules taken from existing standards, with added customized rules in order to better fit our project.
You can download the PrestaShop code standard using Git: https://github.com/PrestaShop/PrestaShop-norm-validator (you must perform this step before going any further with this tutorial).
If you use PhpStorm (http://www.jetbrains.com/phpstorm/), follow these steps:
- Go to Settings -> Inspection -> PHP -> PHP Code Sniffer.
- Set the path to the
- Set the coding standard as "PrestaShop" (which is only available if you did put in CodeSniffer's
Integration to vim
Several plugins are available online. For instance, you can use this one: https://github.com/bpearson/vim-phpcs/blob/master/plugin/phpcs.vim
Put in your
You can add two shortcuts (for instance, F9 to display everything and Ctrl+F9 to hide warnings) in your
.vimrc file in normal and insert mode:
Command line (Linux)
You do not have to use PhpStorm to use PHP CodeSniffer, you can also install it so that it can be called from the command line.
- Install PEAR: http://pear.php.net/
$> apt-get install php-pear
- Install PHP CodeSniffer in PEAR: http://pear.php.net/package/PHP_CodeSniffer
$> pear install PHP_CodeSniffer
- Add the PrestaShop standard that you downloaded from SVN earlier, and place it in PHP CodeSniffer's "Standards" folder.
$> git clone https://github.com/PrestaShop/PrestaShop-norm-validator
- Set the Prestashop standard as the default one
$> phpcs --config-set default_standard Prestashop
The various options for this command are well explained in its documentation. For now, here is the easy way to launch it:
In order to only display errors, not warnings:
If you have already manually installed PHP CodeSniffer, the program should be in PEAR's
Windows users: although the
phpcs.bat file should be in that
/scripts folder, you might have to edit it in order for it to work properly (replace the paths with yours):