There's php.ini-recommended in the distribution and it's well-commented.
Not using variable-variables, undeclared variables, globals, unsanitised variables in paths, SQL without prepared statements, etc. is common sense and applies to other languages too. PHP might just bite harder if you lack that common sense.
>Not using variable-variables, undeclared variables, globals, unsanitised variables in paths, SQL without prepared statements, etc. is common sense and applies to other languages too.
This is a subset of what you have to avoid in PHP. Further, things like globals can have uses. That's the difference with a really poorly designed language: there are things in there that have no good use case. Not things that are only used in rare cases, things that should never be used.
PHP will bite you, common sense or not. The language has serious misfeatures – platform-dependent integer sizes, or cgi.fix_pathinfo=1 by default allowing the interpreter to execute files without a .php extension, just off the top of my head – that require knowledge and action well above and beyond "common sense" to work around.
And all of these faults in the language, even the minor ones, just contribute to the unnecessary cognitive load of using the language. So the way I see it, if I'm starting a new project then why not just pick a sane language like Perl or Ruby or Python instead and save myself all the headaches? It's not 2004 any more, we're no longer constrained to languages that have good Apache modules, and with that constraint gone there are very few reasons to pick PHP over the competition.
There's php.ini-recommended in the distribution and it's well-commented.
Not using variable-variables, undeclared variables, globals, unsanitised variables in paths, SQL without prepared statements, etc. is common sense and applies to other languages too. PHP might just bite harder if you lack that common sense.