All new code developed can using PHP 5.2+

All PHP files will use complete open tags and include an ending tag with no whitespace after it. (no shorthand PHP <?=)

All files, classes, class methods, class variables, functions and defines will be documented with DocBlocks

Assume all user input will be malicious - properly sanitize all form entries and $_GET, $_POST and $_COOKIE variables

Minimize the use of double quotes. Double quotes force the PHP parser to check the string for variables to evaluate, even if there aren't any variables to evaluate. It is better to use single quotes and concatenate variables like this:

$string = 'Some plain text and a ' .$variable;

than to use double quotes like this:

$string = "Some plain text and a $variable";

Do not use ternary operators. Instead of this:

$dynamic = ($language == 'php' ? true : false);

use this:

if($language == 'php') {
  $dynamic = true;
} else {
  $dynamic = false;
}

Do not use PHP short tags <?= ?>. Instead, use the full tag syntax: <?php ?>