BytePane

PHP Cheatsheet

Quick reference guide for PHP — Web development, CMS, server-side scripting

Reviewed May 25, 2026. Privacy model: tool input is processed in your browser and is not uploaded to BytePane servers.

CategoryLanguages
ParadigmMulti-paradigm
TypingDynamic
Created1995 by Rasmus Lerdorf
File Extension.php
Sections10 topics

Quick answer

PHP developer reference

PHP is still a core production language for WordPress, Laravel, Symfony, ecommerce, CMS work, server-rendered apps, forms, APIs, and internal business tools. Focus first on arrays, strings, request input, PDO prepared statements, sessions, cookies, namespaces, Composer, and predictable error handling.

What to learn first

  • Use strict input validation and escaping at the boundary: HTTP request in, database query out, HTML response back.
  • Use PDO prepared statements for user-controlled values instead of concatenating SQL strings.
  • Keep sessions, cookies, and authentication code explicit; set secure, httponly, and samesite cookie options.

Common pitfalls

  • Using mysql_* examples, raw SQL concatenation, or unsanitized $_GET/$_POST data creates security problems quickly.
  • Loose comparisons can behave unexpectedly; prefer strict comparisons when checking IDs, tokens, booleans, and form values.
  • Echoing user input directly into HTML without escaping can create XSS vulnerabilities.

Table of Contents

1. Variables & Types2. Arrays & Array Functions3. String Functions4. Classes & OOP5. Namespaces6. Error Handling7. File Handling8. Database (PDO)9. Sessions & Cookies10. Regular Expressions

PHP variables are dynamically typed, but production code is easier to reason about when you cast request values deliberately, use strict comparisons, and declare function return types where possible.

<?php
declare(strict_types=1);
$name = trim($_POST["name"] ?? "");
$count = (int) ($_GET["count"] ?? 0);
$isValid = $name !== "" && $count > 0;
function total(float $price, int $qty): float { return $price * $qty; }

Key Concepts

  • Variables start with $ and can hold strings, integers, floats, booleans, arrays, objects, null, and resources.
  • Use declare(strict_types=1) and typed function signatures when a file controls business logic.
  • Prefer === and !== for comparisons involving user input, IDs, tokens, booleans, and null checks.

PHP arrays work as both ordered lists and associative maps. Most everyday PHP data work uses array_map, array_filter, array_reduce, array_column, in_array, and keyed lookup arrays.

$users = [["id" => 1, "name" => "Ada"], ["id" => 2, "name" => "Grace"]];
$names = array_column($users, "name");
$active = array_filter($users, fn($user) => $user["id"] > 1);
$byId = array_column($users, null, "id");
if (in_array("Ada", $names, true)) { echo "found"; }

Key Concepts

  • Use associative arrays for decoded JSON, form payloads, and configuration maps.
  • Pass true as the third argument to in_array when strict comparison matters.
  • array_column can build both lists and lookup maps, which keeps controller code smaller.

PHP string work often means trimming input, validating length, normalizing slugs, replacing unsafe characters, and escaping output before rendering HTML.

$title = trim($_POST["title"] ?? "");
$slug = strtolower($title);
$slug = preg_replace("/[^a-z0-9]+/", "-", $slug);
$slug = trim($slug, "-");
echo htmlspecialchars($title, ENT_QUOTES, "UTF-8");

Key Concepts

  • Use trim before validation so accidental whitespace does not break otherwise valid input.
  • Use htmlspecialchars when printing user-controlled strings into HTML.
  • For Unicode-heavy text, check mb_* string functions instead of byte-oriented length and substring calls.

Related Tools

Html Formatter

Related Cheatsheets

Laravel

Frameworks · MVC

About PHP

PHP is a multi-paradigm programming language created by Rasmus Lerdorf in 1995. It is primarily used for web development, cms, server-side scripting. PHP uses dynamic typing, which offers flexibility and rapid prototyping but requires careful attention to type-related bugs.

Why Use This PHP Cheatsheet?

  • Quick Reference — Find syntax and patterns instantly without searching through documentation.
  • Organized by Topic10 sections covering all major PHP concepts, from basics to advanced.
  • Source-Checked Notes — Highlights stable PHP patterns, official documentation links, and production caveats reviewed for 2026.
  • Searchable — Use the search bar to jump to exactly the concept you need.

Getting Started with PHP

Whether you're new to PHP or an experienced developer looking for a quick reference, this cheatsheet covers the essential concepts you need. Start with the fundamentals like variables & types and arrays & array functions, then progress to more advanced topics like sessions & cookies and regular expressions.

PHP has been widely adopted since its creation in 1995, with a strong community and ecosystem. Files typically use the .php extension. For the most comprehensive and up-to-date information, always refer to the official PHP documentation alongside this cheatsheet.

Methodology & Sources for PHP

How we compile PHP cheatsheet content: Each entry is checked against official PHP documentation, relevant specifications where available, and common production patterns. Examples are written to illustrate the concept clearly and should be verified against the exact version used in your project.

  1. Primary source: official PHP documentation and language specification.
  2. Examples: reviewed for syntax shape and practical developer workflows.
  3. Use cases: selected from common production, documentation, and debugging scenarios.
  4. Common pitfalls: based on recurring implementation mistakes, docs caveats, and developer support patterns.

Authoritative sources:

Disclaimer: Cheatsheet content reflects standard usage patterns. Always verify with official documentation for your specific version. Code examples may need adaptation for your environment, dependencies, or framework version.

Reviewed by Brazora Monk · Last updated 2026

Standards, Specs & Security References for PHP

For production code in PHP, always verify against canonical specifications and security guidance — not just tutorials. Common runtime / language-version compatibility issues are addressed by:

📜 Canonical Specs

Always cite the spec, not paraphrases:

🛡️ Security Standards

Avoid common vulnerabilities:

📦 Package Registries

Verify dependencies + audit:

🏗️ Build & Deploy

Modern toolchain references:

ReDoS warning: Regex patterns with nested quantifiers can cause catastrophic backtracking. Test patterns with regex101.com and check OWASP ReDoS guidance before deploying user-input regex.

Frequently Asked Questions

What is PHP used for?

PHP is primarily used for web development, cms, server-side scripting. It was created by Rasmus Lerdorf in 1995. It follows the multi-paradigm paradigm.

Is PHP hard to learn?

PHP has a moderate learning curve. Start with the basics covered in sections like Variables & Types and Arrays & Array Functions, then gradually work through more advanced topics. This cheatsheet helps by providing quick references for each concept.

How do I use this cheatsheet?

Use the search bar to find specific topics, click section headers to expand/collapse content, and use the table of contents for quick navigation. You can also expand or collapse all sections at once.