There are many things you will want to consider when testing your PHP scripts. Of course your main objective in testing a script is to make sure it works as expected. Also important, however, is security. There is a nothing worse for a website than a security problem. Any PHP scripts you write need to be tested thoroughly to make sure they are secure and that they will work under any condition the user can throw at them.

To make sure your scripts work, pretend you are the user. Think of what the user is going to do on this page. What will the user expect to happen when clicking one of the links or submitting a form? Also remember that you will sometimes have users with malicious intent. It helps to find a good forum (like webmasterworld) and read up on current security issues and methods that hackers are using to exploit web pages. Bulletproof your scripts keeping those things in mind. Are they going to submit bad form data? If so, your script needs to be able to deal with it.

Write out a test case where you list all of the things that the script should be able to do or handle and next to each of those items write the expected result. The next step is to go through the list and make sure each item functions as it should. Writing test cases is a good idea because if you ever make changes to the scripts functions or an included PHP file you can just go through your test case again and make sure everything is still working as it should.

Another aspect that you may want to test is speed. You can implement a timer that starts at the top of the script and ends at the bottom. See how long the page takes to generate. You can compare the script with others you have to see how fast it is compared to the others. If it takes longer to generate try optimizing SQL queries or try using different PHP functions to see if any of them perform better than others. If you have a script that takes a long time to generate then imagine what will happen if multiple users are requesting that page at the same time.

Another concept that might help you test some of your more complex scripts is called Unit Testing. To perform Unit Testing, break your script up into sections where each section performs a specific task. Copy that section to a new PHP file and test it on its own. I like to do Unit Testing on all the functions I write. I give the function the parameters that it expects and make sure it does what I expect. Then I give it parameters that it does not expect and see what it does. Make sure that no single function will stop the whole script if it encounters data that it can’t handle. Try to find a way to avoid errors that stop script execution because this looks bad to your visitors (partially rendered pages, error messages, etc.). If the function encounters bad data you should not stop with an error message but rather try to get the script back on track by prompting the user to enter something different or by using some default value instead.

Sometimes you will not catch errors in your testing. If you implement an error notification system that lets you know (by text message on your cell phone or by email) when these errors occur you will be able to track them down and fix them quickly. Otherwise, you will end up waiting until some nice visitor lets you know. If you don’t want to setup a notification system like this then you should at least try to check out your server’s error log frequently to see what types of errors are occurring and how frequently.

Hopefully these ideas will be found useful to you. I have had good success using these testing methods and thought I would share them with all the other PHP programmers out there. I am open to any feedback that you might have regarding these practices.