_PS_CONFIG_DIR_ . '/config.inc.php'
CREATE TABLE
SQL statements must be followed by IF NOT EXISTS
to avoid SQL errorsDROP TABLE
SQL statements must be followed by IF EXISTS
to avoid SQL errorsdirname(__FILE__).'/../../config/config.inc.php'
Prefix what belongs to you:
Consider deleting your configurations, tables, admin tabs, and all other entities unique to your product during the uninstallation of your modules.
You shouldn’t use HTML code in your PHP code. Here are alternatives to separate the view into your code:
We recommend you to make your module interface matches the PrestaShop’s UI kit.
For modules compatible before the 1.7 PrestaShop version, the minimal compatibility has to be PHP 5.3. You will be then able to use, for example, namespaces.
If your module allows the upload of a file, check the type of the file to make sure you avoid security issues. Here are more information for the function mime_content_type().
When your module has forms, you should:
Consider carefully casting your variables and use pSQL/bqSQL in the SQL requests to avoid any injections (read Best Practices of the Db Class). Make sure your files are properly protected (especially if your module uses a cron for example) to avoid anyone being able to execute them. As a result, you are required to use a token!
The use of overrides is permitted, however if we decide that too many (2 / 3 max) have been used and/or the modifications are too dangerous, we will refuse your module. If you’re unsure, don’t hesitate to get in touch.
If you need to load a .js or .tpl (containing JavaScript) to the backoffice, put restrictions in place on your hooks (hookbackofficeheader/top/footer)! Specific examples: if your JS only applies to your module’s configuration page, use:
<?php
if (Tools::getValue('configure') === $this->name) {
// code
}
A merchant is likely to have a shop running on a different shop than yours. In case a module is using PHP extensions not installed by default by PHP,
add a preliminary check before using them (I.e with extension_loaded
). This prevents fatal errors to be thrown on shops on which these extensions aren’t enabled.
If you need to store static files: we recommend putting temporary or cache files in prestashop’s /var/cache/<env>/modules/YOUR_MODULE/
directory, and static or shared files in prestashop’s /var/modules/YOUR_MODULE/
directory. Writing in the /modules
directory is not recommended, because doing so will make it harder to use your module in distributed environments. In addition, by storing files outside your module’s directory, they are kept even if the module is uninstalled.
A few recommendations for your email templates