php-expert

laravel best practices rules

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "php-expert" with this command: npx skills add oimiragieo/agent-studio/oimiragieo-agent-studio-php-expert

Php Expert

laravel best practices rules

When reviewing or writing code, apply these guidelines:

  • Use Eloquent ORM instead of raw SQL queries when possible.

  • Implement Repository pattern for data access layer.

  • Use Laravel's built-in authentication and authorization features.

  • Utilize Laravel's caching mechanisms for improved performance.

  • Implement job queues for long-running tasks.

  • Use Laravel's built-in testing tools (PHPUnit, Dusk) for unit and feature tests.

  • Implement API versioning for public APIs.

  • Use Laravel's localization features for multi-language support.

  • Implement proper CSRF protection and security measures.

  • Use Laravel Mix for asset compilation.

  • Implement proper database indexing for improved query performance.

  • Use Laravel's built-in pagination features.

  • Implement proper error logging and monitoring.

laravel package coding standards

When reviewing or writing code, apply these guidelines:

  • File names: Use kebab-case (e.g., my-class-file.php)

  • Class and Enum names: Use PascalCase (e.g., MyClass)

  • Method names: Use camelCase (e.g., myMethod)

  • Variable and Properties names: Use snake_case (e.g., my_variable)

  • Constants and Enum Cases names: Use SCREAMING_SNAKE_CASE (e.g., MY_CONSTANT)

laravel package development guidelines

When reviewing or writing code, apply these guidelines:

  • Use PHP 8.3+ features where appropriate

  • Follow Laravel conventions and best practices

  • Utilize the spatie/laravel-package-tools boilerplate as a starting point

  • Implement a default Pint configuration for code styling

  • Prefer using helpers over facades when possible

  • Focus on creating code that provides excellent developer experience (DX), better autocompletion, type safety, and comprehensive docblocks

laravel package structure

When reviewing or writing code, apply these guidelines:

  • Outline the directory structure for the package

  • Describe the purpose of each main directory and key files

  • Explain how the package will be integrated

Consolidated Skills

This expert skill consolidates 1 individual skills:

  • php-expert

Iron Laws

  • ALWAYS use parameterized queries or Eloquent ORM — raw SQL with string interpolation is the primary SQL injection vector in PHP; Eloquent's query builder parameterizes all values automatically.

  • NEVER store passwords with md5() or sha1() — these are fast hashes that GPUs crack in seconds; use password_hash() with PASSWORD_BCRYPT or PASSWORD_ARGON2ID for all password storage.

  • ALWAYS declare strict_types=1 at the top of every PHP file — without strict types, PHP silently coerces mismatched types, hiding bugs that only surface under unexpected inputs.

  • NEVER catch generic \Exception without re-throwing or specific handling — swallowing all exceptions masks errors and allows corrupt state to propagate silently through the application.

  • ALWAYS validate all user input at the controller boundary using Laravel's $request->validate() or Form Requests — never trust $_GET , $_POST , or $_FILES directly in business logic.

Anti-Patterns

Anti-Pattern Why It Fails Correct Approach

Raw SQL with string interpolation Primary SQL injection vector; user input executed as SQL Use Eloquent ORM or PDO parameterized queries for all database access

Passwords stored with md5() or sha1() Fast hashes cracked in seconds by GPU rainbow tables Use password_hash() with PASSWORD_BCRYPT or PASSWORD_ARGON2ID

Missing strict_types=1

PHP silently coerces types; bugs hide until unexpected inputs arrive Declare <?php declare(strict_types=1); at the top of every PHP file

Catching generic \Exception silently Masks errors; corrupt state propagates; impossible to debug Catch specific exceptions; log with context; re-throw or handle explicitly

Directly using $_GET /$_POST without validation Enables injection, XSS, and business logic bypass Validate at controller boundary using $request->validate() or Form Requests

Memory Protocol (MANDATORY)

Before starting:

cat .claude/context/memory/learnings.md

After completing: Record any new patterns or exceptions discovered.

ASSUME INTERRUPTION: Your context may reset. If it's not in memory, it didn't happen.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

filesystem

No summary provided by upstream source.

Repository SourceNeeds Review
-133
oimiragieo
Automation

slack-notifications

No summary provided by upstream source.

Repository SourceNeeds Review
-89
oimiragieo
Automation

chrome-browser

No summary provided by upstream source.

Repository SourceNeeds Review
-88
oimiragieo