This recent post from the Mind Tree blog shares a few methods for testing your web application (not unit test, just general things).

Because the Web "environment" is so diverse and contains so many forms of programmatic content, input validation and sanity checking is the key to Web applications security. This involves both identifying and enforcing the valid domain of every user-definable data element, as well as a sufficient understanding of the source of all data elements to determine what is potentially user definable.

They note that the root of most problems is input validation - most applications either just don't do it or do it poorly. They include a few tips on first security the environment the application is running in (like checking the HEAD/OPTIONS values and ensuring you're only allowing known file extensions and directories). They also mention the insecurity behind HIDDEN form elements and some issues surrounding user authentication.

In this new post on the PHP::Impact blog, Federico looks at some examples of directory setups for web apps that can help to make them both scalable and flexible.

Designing a modular and component-based directory structure for your Web applications can seem like an easy task. If your system is small, it may seem logical to go with the simplest design possible, but if there's anything more time consuming and complex than developing a new directory structure design, it's trying to redesign an existing system that wasn't developed with growth in mind.

He breaks it up into a few different topics that can be applied where needed to keep the application in check:

• Consistency
• Scalability and Flexibility
• Single Application
• Multi-application
• Naming Conventions
• Versioning
• Proposed Structure

Jonathan Street has posted a review of a book from Quentin Zervaas - "Practical Web 2.0 Applications with PHP".

If you are already comfortable taking a project from concept to a working application this book will have little for you. If you are comfortable working with PHP, able to put together standalone tools and pages, perhaps develop a wordpress plugin but have not yet created a complete site from scratch then this may be the book that helps you "step up a gear".

He mentions the application that he book helps you develop (a blogging platform) and goes through a summary of each chapter with opinions on each. He also points to a sample chapter if you'd like an idea of what the book is like.

On the local.ch blog today, there's this new post (from Philipp Kelle) showing how to, with the help of geben, easily debug your applications from emacs.

While PHP-developing it sometimes is just too tedious to do those 'add a echo here and there, then reload and search the echoed strings on the screen'-loops. So I searched for a debugger for my favourite editor emacs. After a lengthy install procedure I finally got it running: With geben on emacs you can debug PHP (step through and evaluate expressions).

The post steps you through the installation - adding in xdebug, changing the PHP configuration, and getting and installing geben (along with other required packages).

In a new post today Dhiraj Patra shares some tips on making your PHP applications as scalable as they need to be.

The first part of this article, "Real-World PHP Security", appeared in the April 2004 issue of Linux Journal and covered the subject of secure PHP development. This article takes you, the professional PHP developer, one step further, by providing detailed explanations and reliable source code that illustrate the steps to follow in order to develop successful PHP applications.

He mentions some key issues - like keeping a clean environment and correctly using database connectivity - that can keep your application running smoothly.

In this recent post on the Invoke Media blog Andrew Liem takes a look at the Zend Framework and shows how to create a simple site from install to execute.

This article is aimed at php developers who are looking to learn more about how not to reinvent the wheel, in particular, with the new Zend framework. This is not a comparative list of all php frameworks, as there are many good ones out there, CakePHP and Symphony to name two. I've evaluated other frameworks to some degree, not exhaustively by any means, and the Zend framework seems to fit nicely with my requirements. It may not for you, but I'll try to persuade you in this article

He introduces the framework first including a brief touch on MVC, the DOJO integration and its power and flexibility. From there he lists the tools you'll need to follow along with him, setting up the framework and creating a very simple site in it based on a pre-generated database (with the typical create/read/update/delete functionality).

Ian Barber has written up a look at dependency injection as a part of the Zend Framework's controller functionality for the Ibuildings blog.

Among the standard object oriented principles is favouring composition over inheritance, and there are plenty of design patterns that work along this line. However, one of the most useful day-to-day facets of the idea doesn't seem to get a lot of attention from PHP developers, namely dependency injection.

The general idea is, that if your class depends on some other object, that object should be passed in rather than generated internally or retrieved via a global variable or singleton.

He shares few ideas on how you can use this method in the controller of a Zend Framework including the use of the Zend Registry and an Action Helper. Code snips are provided for reach to show you how it'd be done.

Sandro Groganz has pointed out a new article in the latest issue of the German publication PHP Magazin about marketing open source PHP software titled "Auf die offene Art".

Good source doesn't always speak for itself because the better product does not always establish itself without help. Why is that? This article gives some answers as to how a PHP-based product can be presented well in the market with the right marketing and community as a PHP based product well in the market can be placed through appropriate marketing and communication palatable to potential customers.

You can get your copy of this latest issue (German only) from the PHP Magazin website (with a cover story looking at the DojoX framework).

The Zend Developer Zone has posted a new tutorial today (from Richard Bates) about creating PDF forms from inside a Flex application with a little help from PHP.

Leveraging the power of PHP and a PDF generation library called dompdf, you can create a simple, seamless user experience in Adobe Flex. Flex enables you to create an outstanding presentation to the end-user, with instant validation of user-supplied data and the full power of ActionScript 3. Through AMFPHP, you'll gain access to PHP's full toolset, enabling virtually limitless applications.

They show how to install the needed packages - AMFPHP and the dompdf PHP package to make the PDF generation easy ("one of the best PDF tools for PHP you can get"). The rest is the creation of the Flex part of the application - generating the form and using PHP to push out a PDF file at the other end, complete with their data.