Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Fabien Potencier:
Symfony 4: Best Practices
Apr 10, 2017 @ 11:51:34

Fabien Potencier (creator of the Symfony framework) has a new post on his site continuing his look at Symfony 4. In this latest article he looks at some of the best practices to use in the next major release of the framework based on some of the architectural changes coming down the line.

Any major version of a project is an opportunity to revisit its best practices. Modernizing them. Adapting them to the project's new features. Symfony 4 is no exception.

He breaks it up into a few different sections offering tips around each, just to get you thinking about the path ahead with v4 releases:

  • Standardization first (using more standard tools)
  • Bundle-less Applications
  • Environment Variables
  • Unified Web Front Controller
  • Makefile
  • Assets Management

Each item includes a description of some of the changes coming and what behaviors you'll need to modify to make life smoother in the Symfony 4 transition.

tagged: symfony4 bestpractice list framework standardize bundle environment makefile assets

Link: http://fabien.potencier.org/symfony4-best-practices.html

Russell Walker:
Is Best Practice Actually Poor Practice? Dependency Injection, Type Hinting, and Uni
Apr 05, 2017 @ 13:26:03

Russell Walker has a post to his site sharing his thoughts defending dependency injection, type hinting and unit testing against some of the common objections.

I've recently been in discussion with a colleague who thinks that dependency injection (DI) is over-used and, in cases where the dependency is a concrete class, unnecessary (in the latter case, he advocates simply creating new objects on the fly).

[...] In my opinion, this line of thinking is misguided, but he sent through some links to pages that he felt supported his point of view (including Tony Marston's rant on DI, and the Laravel documentation about 'facades' - which are actually used as an alternative syntax for the service locator [anti-]pattern). I genuinely wanted to understand the reasoning behind his point of view, as it flies in the face of just about everything I have ever read regarding best practice in PHP development. After reading those resources he sent though, I began to notice some misconceptions about what unit testing actually is, as well as confusion about the difference between code that is "strongly typed" (usually good) and "tightly coupled" (usually bad), and also a tendency to blame the wrong thing when problems arise.

He then breaks the rest of the post down into a few of the common objections and makes an attempt to set the record straight:

  • Not All Automated Tests Are Unit Tests
  • Using Mocks to Test in Isolation
  • What, Never Ever Create Objects on the Fly?
  • What About Those Laravel Facades?
  • Hidden Dependencies and Other Dangers
  • Strongly Typed is not Tightly Coupled

He ends the post with "another reason" that there could be issues with developers dismissing best practices in their development - a misunderstanding of the principle and how to correctly implement it.

tagged: bestpractice dependencyinjection typehint unittest opinion

Link: http://russellscottwalker.blogspot.co.uk/2017/03/is-best-practice-actually-poor-practice.html

Stefan Koopmanschap:
Best practices on bundles in Symfony
Dec 29, 2016 @ 10:53:39

Stefan Koopmanschap has a new post to his site sharing some best practices with bundles in Symfony including structure of both the bundle and the application it lives in.

On one of my recent commutes I started listening to the Sound of Symfony podcast. As I had just discovered that one, I decided to listen to their most recent episode, which is on best practices for bundles. I quite disagreed with what was being said in the podcast. I started voicing my disagreement on Twitter but quickly decided that 140 characters is not enough to really explain my disagreement. So here's a blogpost.

He starts by talking about some of the current "best practices" documentation (like this book) and the parts of it he disagrees with. He talks about the use of the AppBundle, the general structure of a Symfony project and the use of bundles to provide better structure to your own code. He covers the placement of you code (your "domain") and the integration of the idea of bounded contexts. He finishes the post with some of his own experience with various frameworks and both good and bad project structures - and how sometimes the default framework structure isn't really what's needed.

tagged: symfony bestpractice bundles structure application opinion soundofsymfony

Link: http://leftontheweb.com/blog/2016/12/29/best-practices-on-bundles-symfony/

Exakat Blog:
6 good practices for "use" in PHP
Oct 14, 2016 @ 10:49:51

On the Exakat blog there's a new post sharing six good practices for "use" in PHP. The "use" keyword has a few different places it is used in PHP (like importing namespaced classes and passing in values to closures).

While reviewing code recently, I realized there are no guidelines for use. Every modern code do use ‘use’ (sic), as importing classes from composer or a framework is the norm. There are now quite a few variations in syntax for importing classes or traits. Although the impact on performance is low, as use is solved out, having a clean approach to ‘use’ is important to keep the code clean and readable. Let’s review what are the six good usage of use.

Each of the six tips they share come with a bit of explanation and code to back them up:

  • Do not import unused classes
  • Alway use alias
  • Place all use at first
  • Avoid using the same alias for different classes
  • Group use expression for easy reading
  • Limit the number of use expression

Some of them could be argued as to whether or not they're a "best practice" but it'd definitely interesting to see some tips for the use of this increasingly common little keyword.

tagged: bestpractice use statement keyword top6 import alias opinion

Link: https://www.exakat.io/6-good-practices-for-use/

TutsPlus.com:
Using PHP CodeSniffer With WordPress: Understanding Code Smells
Jun 13, 2016 @ 12:37:54

On the TutsPlus.com site there's a tutorial posted about using PHP CodeSniffer with WordPress, a popular PHP coding standards tool that helps enforce common coding practices and style in your application.

Oftentimes, the way in which we write code depends on how we got started with programming. [...] In this article, we're going to take an introductory look at code smells. We're going to examine what they are, what they look like, and how they often manifest themselves in the work we do. We'll be using PHP for our examples.

They start with an introduction to the topic of "code smells" including a few examples along with matching code snippets:

  • Example 1: Clear Naming Conventions
  • Example 2: Stay DRY
  • Example 3: Long Parameter Lists

They also include some solutions that can help you avoid these "smells" in your code and refactor out ones that might already exist.

tagged: phpcodesniffer smells introduction examples style bestpractice

Link: http://code.tutsplus.com/tutorials/using-php-codesniffer-with-wordpress-understanding-code-smells--cms-26352

Toptal.com:
Clean Code and The Art of Exception Handling
Apr 13, 2016 @ 09:43:50

While not specific to PHP (the examples are in Ruby, in fact) this new tutorial on the Toptal.com blog has some good information and suggestions around the use of exceptions in your applications.

Exceptions require special treatment, and an unhandled exception may cause unexpected behavior. The results are often spectacular.

Over time, these errors, and countless others [...] contributed to the impression that exceptions are bad. But exceptions are a fundamental element of modern programming; they exist to make our software better. Rather than fearing exceptions, we should embrace them and learn how to benefit from them. In this article, we will discuss how to manage exceptions elegantly, and use them to write clean code that is more maintainable.

They start by talking about why exception handling is a good thing and some common practices to help make them more manageable. They suggest that good exception handling can also help make your code more maintainable, extensible and readable in the long run. He suggests creating your own kind of exception hierarchy (more possible in PHP 7) and using them to get more specific on the type of exception that was thrown. He recommends not "rescuing" exceptions more than needed (in PHP this is try/catch) and that it's okay to defer the handling for the exception being thrown and not deal with it right away.

He also reminds you that not all exceptions need handling in your own code (sometimes it's up to the user) and that following conventions on naming can help end users better understand why there's an error. Finally, he recommends logging exceptions as they're major errors in your application, not just data problems or smaller bugs.

tagged: clean code exception handling bestpractice hierarchy trycatch convention

Link: https://www.toptal.com/qa/clean-code-and-the-art-of-exception-handling

ThePHP.cc:
Questioning PHPUnit Best Practices
Feb 05, 2016 @ 12:13:04

In this new post to thePHP.cc blog Sebastian Bergmann (creator of the PHPUnit unit testing tool) questions of some the current "best practices" involved in using the tool. More specifically he looks at the handling for expected exceptions and proposes a new practice to use going forward.

It is important to keep in mind that best practices for a tool such as PHPUnit are not set in stone. They rather evolve over time and have to be adapted to changes in PHP, for instance. Recently I was involved in a discussion that questioned the current best practice for testing exceptions. That discussion resulted in changes in PHPUnit 5.2 that I would like to explain in this article.

He talks about the currently widely used practice of the @expectedException annotation to define when an exception should be thrown from the code inside the unit test. Sebastian talks about the evolution of this into other annotations around the code and message returned from the exception too. He then proposes the new best practice as a result of some discussion around the annotation method: returning to the use of the setExpectedException method. He provides some reasoning behind the switch including the timing of the exception being thrown (not just "any time" but a more specific time).

tagged: phpunit bestpractice expected exception annotation method expectedexception

Link: https://thephp.cc/news/2016/02/questioning-phpunit-best-practices

ThePHP.cc:
Dependencies in Disguise
Sep 28, 2015 @ 08:48:27

On the PHP.cc's site has an article that looks at dependencies in disguise based on a "workshop" one of their members, Stefan Priebsch, gave at the recent Bulgaria PHP Conference.

Yesterday I gave a presentation at the [Bulgaria PHP Conference](https://thephp.cc/dates/2015/09/bulgaria-php-conference) (a great event, by the way). Following an [ad-hoc workshop](https://twitter.com/s_bergmann/status/647732967087939584) that I gave as part of the hallway track and an entertaining hackathon, I decided it was too late to join the party and went back to the hotel with some other speakers. Checking out how the day was reflected in social media, I contributed a few more tweets to a [conversation](https://twitter.com/tim_bezhashvyly/status/647861115721003008) that had started earlier in the day ([here](https://thephp.cc/dates/2015/09/bulgaria-php-conference/solid-mvc) are the slides of my talk that people are referring to). I am writing this to clarify my point, and help everybody to understand better.

He talks about dependency injection as a best practice that's followed in libraries all over the PHP ecosystem, making it easier to work with objects and their needs. Sometimes this means using a dependency injection container and others it's just constructor/method injection. He talks about how these objects are build in factory methods and recommends making one factory but points out that this only really works when all the objects you need are known up front. However, he gives several (code) examples of places where this could be difficult and how some are using service locators to solve the problem. He points out, however, that this then expands the API of the application out way too far, opening it up to objects all across the application when there may be no need. This is where the hidden dependencies can come in, things masked behind the use of a single service locator. He recommends solving the issue with more customized locators, as in his example of routing locator used to handle dependencies for a POST HTTP request.

tagged: dependency disguise injection service locator bestpractice solid development

Link: https://thephp.cc/news/2015/09/dependencies-in-disguise

AppDynamics PHP Blog:
Introduction to PHP Security – Part 2
Jul 22, 2015 @ 08:33:01

The

AppDynamics PHP blog has posted the second part of their series looking at some of the basics of PHP security. In part one they talked about some of the most common attacks and how to remediate them. In this latest part they "dive deeper" and get into some of the more advanced issues.

Truth be told, there are potentially an infinite number of ways in which a software product can be compromised and have its security breached. [...] New security flaws are regularly found, and routine patches are immediately released for most of the major software applications you utilize in your application stack. No matter whether your web or database server, your operating system, your PHP runtime, or even the MVC framework that your time adopted, your point(s) of exposure may exist anywhere within the various components that make up your application ecosystem.

They start with a few more advanced best practices including using SSL and keeping error messages away from the public eye. They briefly discuss other kinds of injection types (besides just SQL) and offer some tips about securing the data that lives in the application as well.

tagged: security introduction series part2 advanced bestpractice injectiondata

Link: https://blog.appdynamics.com/php/introduction-to-php-security-part-2

SitePoint PHP Blog:
Basic TDD in Your New PHP Package
Jan 28, 2015 @ 12:27:17

The SitePoint PHP blog continues their "How to Build Your Own PHP Package" series with their latest post (part two of the series) covering the use of test-driven development while working on the package code.

In part 1, we set up our development environment, baked in some rules as inherited from The League, and created two sample but useless classes – Diffbot and DiffbotException. In this part, we’ll get started with Test Driven Development.

He starts by briefly introducing PHPUnit, a PHP-based unit testing tool, and how to use it to generate the HTML version of the code coverage report. He helps you define a good phpunit.xml configuration file and how to execute a first sample test (code provided) from inside PHPStorm. From there he adds one some more complex testing of exception handling and checking the class types. With this foundation, he moves into the test-driven development (TDD) practices. TDD means writing the tests before writing the code to make those tests pass. He gives an example of this and shows how test abstract classes too. He then comes back around and writes the code to satisfy the test.

tagged: tdd package bestpractice unittest testdriven development tutorial

Link: http://www.sitepoint.com/basic-tdd-new-php-package/