Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Usability problems of mysqli compared to PDO
Jun 27, 2016 @ 09:49:44

On the PHPDelusions.com site there's a post that compares the functionality of mysqli to PDO and looks at the differences in their overall usability.

By no means I am going to say that mysqli is worse than PDO. Mysqli is an excellent extension, with many specific features. But it's just not intended to be used directly. To make it usable, one have to always wrap it into a helper library, to reduce the enormous amount of code that otherwise have to be written by hand.

[...] But for the average PHP/MySQL user, standard APIs are the only known methods for database interaction. Thus they tend to use both extensions right in the application code, without any intermediate wrapper around. For such a use PDO is an indisputable winner, and I'll show you why.

The post then breaks it down into sections comparing the functionality between the two database access methods:

  • Named placeholders
  • General inconvenience in binding
  • Getting single column value
  • Getting multiple rows
  • Binding unknown number of parameters
  • Compatibility
Of course, all the inconveniences above could be overcame by a good wrapper. This is why if you choose mysqli, you definitely have to use one.
tagged: pdo mysqli comparison usability database access categories

Link: https://phpdelusions.net/pdo/mysqli_comparison

Lorna Mitchell:
Simple Access Control for CakePHP3
Apr 11, 2016 @ 09:35:01

Lorna Mitchell has a post to her site with some helpful instructions for the CakePHP3 users out there around access control. The framework comes with no built-in functionality for authentication so she shows how to set up your own.

The newest version of CakePHP doesn't ship with built in ACL, which means you need to write your own. Personally I think this is a smart move, having looked at the one-size-fits-all solutions for previous versions of the framework and knowing that every system has different requirements, this version has good hooks and documentation on how to add something that works for your application. I thought I'd share what worked for mine.

She starts with some of the initial setup: creating the relationship between the users and her custom roles table and "baking" the controllers and templates. She then goes through the use of the authorize method and how it can handle the user/request combination to determine access. She includes the code for her auth class, showing both the authorize method and a simplified userHasRole method. She walks you through the code and one downfall the setup has: not being able to validate access in views and templates.

tagged: access control cakephp3 user loggedin authorization tutorial

Link: http://www.lornajane.net/posts/2016/simple-access-control-cakephp3

SitePoint PHP Blog:
Control User Access to Classes and Methods with Rauth
Mar 17, 2016 @ 13:55:22

The SitePoint PHP blog has posted a tutorial from Bruno Skvorc showing you how to use Rauth, a tool that's designed to control access to parts of your application as set by annotations in the code.

Rauth is SitePoint’s access control package for either granting or restricting access to certain classes or methods, mainly by means of annotations.

[...] Traditional access control layers (ACLs) only control routes – you set anything starting with /admin to be only accessible by admins, and so on. This is fine for most cases, but not when: you want to control access on the command line (no routes there) or you want your access layer unchanged even if you change the routes Rauth was developed to address this need. Naturally, it’ll also work really well alongside any other kind of ACL if its features are insufficient.

He starts by dispelling the common thought (at least in most of the PHP community) that annotations are a bad thing and relying on them for functionality isn't a good practice to follow. With that out of the way, he shows a simple example: a set of users and fake routes that are evaluated by Rauth based on the annotations in a One controller-ish class. He describes what the evaluation is doing and how changing the annotations would make a difference in the results. He also includes a dependency injection example with PHP-DI and the Fast-Route package and a more "real world". He ends the post with a look at another handy feature of the library: bans (blocking based on other types of annotations, @auth-ban).

tagged: rauth access control class method annotation tutorial

Link: http://www.sitepoint.com/control-user-access-to-classes-and-methods-with-rauth/

Gonzalo Ayuso:
Alternative way to inject providers in a Silex application
Oct 19, 2015 @ 11:18:10

Gonazalo Ayuso has shared a method he's found for injecting providers into Silex that replaces accessing the dependency injection container as an array. It instead replaces it and allows defining function parameters instead.

I normally use Silex when I need to build one Backend. It’s simple and straightforward to build one API endpoint using this micro framework. But there’s something that I don’t like it: The “array access” way to access to the dependency injection container. I need to remember what kind of object provides my service provider and also my IDE doesn’t help me with autocompletion. OK I can use PHPDoc comments or even create one class that inherits from SilexApplication and use Traits. Normally I’m lazy to do it. Because of that I’ve create this simple service provider to help me to do what I’m looking for. Let me explain it a little bit.

He includes examples of both the normal way you can access Silex's injection containers (the "array access" method) and contrasts this with his updated method, via a method parameter on the route closure. His service provider (complete code in the post and on github), when registered, looks for controller events and performs reflection on the closure to detect which objects need to be injected. The method is then called normally but with the extra attributes set, populating the parameters.

tagged: slex service provider alternative array access parameter method dependency injection

Link: http://gonzalo123.com/2015/10/19/alternative-way-to-inject-providers-in-a-silex-application/

SitePoint PHP Blog:
Re-introducing PDO – the Right Way to Access Databases in PHP
Aug 25, 2015 @ 11:10:14

On the SitePoint PHP blog they have a post that "reintroduces PDO" or as they describe it, the "right way to access databases in PHP". The PDO functionality in PHP provides extra handling around database connections and queries as well as making it easier to connect to multiple types of databases with similar code.

PDO is the acronym of PHP Data Objects. As the name implies, this extension gives you the ability to interact with your database through objects. [...] PHP is rapidly growing, and it is moving toward becoming a better programming language. Usually, when this happens in a dynamic language, the language increases its strictness in order to allow programmers to write enterprise applications with peace of mind.

In case of PHP, better PHP means object-oriented PHP. This means the more you get to use objects, the better you can test your code, write reusable components, and, usually, increase your salary. Using PDO is the first step in making the database layer of your application object-oriented and reusable.

He starts by answering the question most ask about PDO versus mysql/mysqli by pointing out that PDO is more OOP friendly, it allows for parameter binding and the fact that the mysql extension is no longer supported. He shows how to check and ensure PDO is installed on your setup and, if not, how to add it in (for both linux and Windows systems). The tutorial then walks you through using PDO: making the connections to the server, running queries and returning the results. This includes a section on prepared statements and bound parameters and their benefits including SQL injection prevention.

tagged: pdo database access tutorial introduction prepared statements phpdataobjects

Link: http://www.sitepoint.com/re-introducing-pdo-the-right-way-to-access-databases-in-php/

Rob Allen:
Accessing services in Slim 3
Jun 23, 2015 @ 10:51:36

Rob Allen has a new post to his site today showing you how to access services in a Slim 3 application using container injection instead of the previous "getInstance" method.

One of the changes between Slim Framework 2 and 3 is that the application singleton has gone. [...] In general, you didn't need access to $app itself, but rather you wanted access to something that the app knows about, such as a database adapter, or the router for access to the urlFor method to create a URL to a route. With Slim 3, there is no getInstance() on App, so you need to inject the instances of whatever you need where ever you need them.

He shows you how to create a simple Slim dependency injection container (service locator?) and push two kinds of objects in for later reuse. He shows how to reference this container from inside of your routes in both the callable/closure and class contexts. He also includes an example of referencing the same container from inside middleware (again in both the closure and class contexts).

tagged: slim microframework framework slim3 service access container this

Link: http://akrabat.com/accessing-services-in-slim-3/

Joshua Thijssen:
Advanced user switching
Feb 25, 2015 @ 09:12:05

Joshua Thijssen has a new post today with a "neat trick" that the Symfony Security component allows - switching (impersonating) another user programatically.

This allows you to login as another user, without supplying their password. Suppose a client of your application has a problem at a certain page which you want to investigate. Sometimes this is not possible under your own account, as you don’t have the same data as the user, so the issue might not even occur in your account. Instead of asking the password from the user itself, which is cumbersome, and not a very safe thing to begin with, you can use the switch-user feature.

He talks about how to enable it, how to use it to switch to another user and, most important, how to restrict its use. He points out that there's no way to define who a user can switch to built-in, so he's come up with a custom "switch listener" to help add in this protection. His "SwitchUserListener" class replicates some of the code in the original handling (well, the whole class) and updates the "attemptSwitchUser" method to check the user they're trying to switch to and see if they have the right role. Finally he shows how to add it to the services configuration and how it overrides the default listener.

tagged: user switching advanced tutorial custom listener role access validate

Link: https://www.adayinthelifeof.nl/2015/02/24/advanced-user-switching/

Evert Pot:
Accessing protected properties from objects that share the same ancestry.
Sep 16, 2014 @ 11:19:23

In his latest post Evert Pot shows an interesting side effect of working with two objects from the same class: accessing protected properties from one instance to the other.

I realized something odd about accessing protected properties the other day. It's possible in PHP to access protected properties from other objects, as long as they are from the same class. [...] I always thought that protected strictly allows objects to access things from the current inheritence tree, but didn't realize that this also extends to other instances of the same object.

He includes a bit of sample code showing two object instances each being able to access the protected "val" property from the other. He also shows an example of how it works in two different objects, both that derive from a common ancestor. He shares a few other code examples showing this relationship and points out a few places where it could come in handy.

tagged: protected property object ancestor access

Link: http://evertpot.com/properted-properties-from-shared-ancestry/

Master Zend Framework:
Accessing ServiceManager Services in Controller Plugins
Jul 31, 2014 @ 09:43:49

Matthew Setter has posted another new tutorial to his Master Zend Framework site today showing you how to access ServiceManager services in controller plugins. Controller plugins are a Zend Framework feature that allows certain events to trigger the plugin code during the lifetime of the controller.

I’ve seen some questions on Google+ and StackOverflow of late, regarding how to get access to the Zend Framework 2 database adapter, along with other ServiceManager-defined services, in a custom controller plugin. This type of setup can come in handy for a number of situations. You may want to access services such as caching, logging or databases and want to provide a simple interface for doing so. People seem really interested in how to do it, but how to get access to services from the ServiceManager doesn’t seem to be as clear as it could be. Gladly, there’s not much involved in actually doing it.

He shows you how to create a plugin for an existing module, creating the two needed classes and adding a new function to configure it. He starts with the plugin factory that can be used to generate an instance of the plugin. Next is the plugin class itself that extends the abstract plugin and controller plugin classes. The required database adapter is injected into it via a constructor injection. Finally, in the Module.php configuration, he creates a "getControllerPluginConfig" method that registers the new plugin and points to its class. A screencast is also provided showing the active development of the code.

tagged: servicemanager plugin controller tutorial access zendframework2

Link: http://www.masterzendframework.com/servicemanager/accessing-servicemanager-services-controller-plugins

SitePoint PHP Blog:
Google's BigQuery Provides Free Access to GDELT
Jun 03, 2014 @ 10:19:31

In this recent post to the SitePoint PHP blog Bruno Skvorc points out a recent announcement from Google that the GDELT database information is now available via their BigQuery functionality.

The Global Database of Events, Language and Tone is one of the largest datasets on the planet. It is the quantitative database of human society, relying on thousands of news sources from every corner of the globe dating back to 1979. [...] Google BigQuery, “Google’s powerful cloud-based analytical database service” is, basically, the world’s fastest SQL engine, and it’s completely free for any and all uses of GDELT. Due to the sheer power of BigQuery, you can get results on GDELT queries in near real-time and any permutation of fields and values you can think of won’t be enough to bog it down to a halt – unless you really mess things up and go against the grain.

He goes on to describe the GDELT database and what kind of information it contains. He also includes an example query and the kind of data it returns (screenshot). He also links to a PHP-based library that you can install via Composer and use API keys to access their search endpoints.

tagged: gdelt database bigquery access library sdk api

Link: http://www.sitepoint.com/googles-bigquery-provides-free-access-gdelt/