Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Exakat Blog:
PHP likes sorting too much
Jan 18, 2017 @ 11:03:07

The Exakat blog has a recent post talking about how PHP likes sorting too much, that is, even in some places you're not using specific sort functions, PHP does it for you anyway.

PHP likes to sort. Of course, there is sort(), ksort() and all the cousins. But, PHP actually sorts too much. My first encounter with the problem is the infamous array_unique(). Now, this is also affecting glob() and scandir(). I’m looking for others. Until then, check your code.

He covers the functionality for each of those previously mentioned functions and what kind of sorting they're performing: array_unique, glob and scandir. He ends the post with some quick advice on how to potentially replace these auto-sorting functions and some specific functions to use instead.

tagged: sorting automatic function nonsorting

Link: https://www.exakat.io/php-likes-sorting/

Paragon Initiative:
Guide to Automatic Security Updates For PHP Developers
Oct 25, 2016 @ 12:51:21

On the Paragon Initiative blog they've posted a guide to handling automatic security updates for PHP developers, helping to prevent security-related issues by keeping your libraries up to date.

Most of the software security vulnerabilities known to man are preventable by careful development practices. [...] However, even if you're trying to do everything right, eventually we all make mistakes and ship exploitable software.

[...] By making updates manual rather than automatic, you're forcing your customers to take all the responsibility for making sure that your mistakes don't hurt their business. Only a very small minority of your customers might prefer the responsibility of verifying and applying each update themselves. [...] Automatic security updates reduce the interval between points 2 and 3 from possibly infinite to nearly zero. That's clearly a meaningful improvement over manual patch management.

The post then walks through the aspects of a secure automatic update system that includes offline cryptographic signatures, transport layer security and separation of privileges (who will perform the actual update). The author gets into a bit of detail for each item on the list, explaining how the system should be set up and some tools you can use to start working up the process in your own applications.

tagged: automatic security update developers tutorial system

Link: https://paragonie.com/blog/2016/10/guide-automatic-security-updates-for-php-developers

Theo Tzaferis:
Let CodeSniffer inspect your code in PhpStorm
Sep 15, 2016 @ 10:56:32

In a quick new post to his site Theo Tzaferis shows you how to set up PHPStorm and PHP_CodeSniffer to perform automatic inspection of your PHP code's syntax.

Some time ago I wrote an article on how to format your code automatically in PhpStorm to be conform the PSR standards. In this article I want to show you how you can enable inspections in PhpStorm which throws a warning if you have code which is not PSR, e.g.
  • Whitespace at the end of line
  • No newline at the end of file
  • No newline between namespace and use statements
  • etc…
This is pretty easy. We will use squizlabs/PHP_CodeSniffer from Github.

I’m doing this on an Ubuntu machine, but it should work the same in OS X (no idea about Windows).

He then provides the (*nix-centric) instructions on getting the two tools up and playing happily together. Fortunately PHPStorm comes with handy built-in support for PHP_CodeSniffer, basically only requiring you to install phpcs and point it to the right location. The rest is handled by the IDE when you enable the automatic evaluation.

tagged: phpstorm codesniffer tutorial setup configure automatic inspection

Link: http://tzfrs.de/2016/09/let-codesniffer-inspect-your-code-in-phpstorm/

Laravel News:
Automatically upgrade your Laravel app with Shift
Jan 06, 2016 @ 10:24:52

On the Laravel News site they've posted an interview with Jason McCreary, the lead developer behind the Laravel Shift service, a product that helps you keep your Laravel applications up to date with the latest versions of the framework.

Laravel Shift is a new project aimed at automatically upgrading out of date Laravel apps up to the current version. The way it works is you sign-in with either Github or BitBucket, purchase a shift (an upgrade package), and then review the pull request it automatically creates.

I had a chance to speak with Jason, the lead developer on the project and what follows is a Q&A about Shift.

They talk about where the idea for Laravel Shift came from originally and how the upgrade process happens (hint: it's automated). Jason also answers questions about what kinds of applications it will work on and how it's handled if there's an application that can't be upgraded. He also mentions the process for upgrading from a very old version, noting that it would be required to "shift" multiple times to achieve the correct results.

tagged: laravel shift service upgrade automatic application laravelnews

Link: https://laravel-news.com/2016/01/automatically-upgrade-your-laravel-app-with-shift/

Gonzalo Ayuso:
POST Request logger using websockets
Nov 17, 2015 @ 10:25:32

In this post to his site Gonzalo Ayuso shows you how to create a logger for your POST requests and their information with a bit of helpful code and Websockets.

Last days I’ve been working with background geolocation with an ionic application. There’s a cool plugin to do that. [...] Basically this plugin performs a POST request to the server with the GPS data. [...] I can develop a simple Silex application with a POST route and log the request in a file or flush those request to the console. This’d have been easy but as far as I’m a big fan of WebSockets (yes I must admit that I want to use WebSockets everywhere :) I had one idea in my mind.

He shows the creation of a simple Silex-based application with just two endpoints (channel that handles both GET and POST) that uses the Guzzle HTTP library to listen on the Websockets port for incoming connections. He then shows how to add the code necessary on the frontend (using express) to send the POST data automatically to the waiting Silex application. He's provided the full working code for the example on his GitHub account as well so you can see it fully fleshed out.

tagged: websockets post log silex tutorial example gps plugin automatic debug

Link: http://gonzalo123.com/2015/11/16/post-request-logger-using-websockets/

Shameer C:
Automatic construction injection in Slim 3
Oct 20, 2015 @ 11:09:38

Shameer C has a post to his site showing you how to automatically inject values in constructors on Slim 3 based applications. This makes use of the inheritance of constructor parameter functionality the Aura.DI container makes available.

In the previous blog post we have discussed how to replace the default Pimple Container with Aura.DI in Slim framework 3. Aura.DI gives us more flexibility in terms of managing dependencies. We saw one most useful feature in Aura.DI, Inheritance of constructor parameters, that will help us to avoid repeating common parameters for Controllers and Models. In this article we will see another advantage of the same feature.

He gives an example of how, with the default DI container in Slim (Pimple) you have to make a new instance of a class manually each time you need it. He talks about how Slim 3 internally resolves controller classes (using a CallableResolver) and a small change that can be made to prevent you from needed to define every constructor into the DI container and allow for more dynamic handling.

tagged: automatic injection constructor callableresolver slim3 tutorial auradi dependencyinjection

Link: http://blog.shameerc.com/2015/10/automatic-construction-injection-in-slim-3

Implementing Automatic Database Backup and Optimization in PHP
Nov 27, 2013 @ 10:52:31

On PHPBuilder.com today they have a new article posted sharing a few different methods you can use to do backups of your (MySQL) database and a few handy tricks/tools you can use to optimize it as well.

Every computer system has a backup. Nevertheless, the number of problems caused by a lack of a recent backup is huge. One of the reasons for that may be the fact that the backup process is not entirely automated. So, let's see how to automate the database backup process in PHP.

There's three recommendations for the (simple) database backup that can produce a file of the current database contents - mysqldump, mysqlhostcopy and a "SELECT INTO OUTFILE" statement. On the optimization size they suggest mysqlcheck, an OPTIMIZE query to help find trouble spots. There's a script included at the end showing how these methods can be combined into a simple PHP script, something that can easily be dropped into a cron job to perform every so often.

tagged: automatic database backup optimization

Link: http://www.phpbuilder.com/articles/databases/mysql/implementing-automatic-database-backup-and-optimization-in-php.html

Automatic Testing for TDD with PHP
Aug 24, 2012 @ 09:09:04

If you practice the TDD (test-driven development) methodology in your work, you know that sometimes switching back and forth between a terminal and your IDE can be distracting. In this new tutorial from NetTuts.com, they show you how to streamline things a bit with a simple Ruby script.

Traditional test-driven development can, at times, be cumbersome. You have to stop writing code in order to run your tests. Luckily, there are solutions, which provide the ability to automatically run your tests as you code. In this tutorial, you will learn how to use a Ruby gem, called watchr, to monitor your code and automatically run the appropriate tests whenever you save your work.

The IDE doesn't matter in this case because the "watchr" tool keeps an eye on when things change in the watched directory and automatically fires off a script when it sees an update. They include the few short lines of Ruby to make it all happen and even have the "notify-send" command built in to give you a popup about the pass/fail status.

tagged: automatic testing tdd ruby watchr popup execute


Pádraic Brady's Blog:
Automatic Output Escaping In PHP & The Real Future Of Preventing XSS
Jun 18, 2012 @ 11:58:22

Pádraic Brady has a new post to his blog about the state of output escaping in PHP and the steps that need to be taken to help prevent and protect applications from the real threat of cross-site scripting.

Automatic escaping has a certain appeal given its goal of removing the need to type escape() all over your templates. Funny thing, though, is that this is basically its one and only advantage. The second claimed goal is to remove a factor of human error (i.e. forgetting to type escape() somewhere), however, this hasn’t posed an issue for me in the past where simple analysis of templates can quickly locate such omissions. And no, using automatic escaping does not remove the need to analyse templates for security issues – that’s still needed regardless.

He goes on to define what "automatic escaping" is and isn't and how it relates to the context of the information (the same data may not always be filtered the same way in every place). He talks about scope-limited escaping, context-aware escaping and an idea that could help make life easier - a content security policy defining how the client should behave when interpreting HTML.

tagged: escape automatic xss crosssitescripting security content policy


Design Aeon:
Check Dead Links From Database Using PHP CURL
Jun 18, 2012 @ 09:45:55

On DesignAeon.com there's a recent tutorial posted showing you how to extract URLs from your database and determine which ones are "dead" automatically with the help of cURL.

Checking Deadlinks From the database manually is a Headache ,So why not use a script which return the http status of the particular link and tell us if the link is dead or not.So how do we check the dead links from the database ? How do we programatically check whether the link is dead or not ? To check broken or dead links from Database we will use curl .

Included in the post is a sample script that extracts the URLs from a field in the database (you'd need some extra smarts if you're pulling it from content) and running it though a "checklink" function. If the call to curl_getinfo returns false, the link is marked dead.

tagged: dead link url curl check automatic tutorial database