News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

VitalFlux.com:
Top 10 PHP Code Review Tips
September 10, 2014 @ 11:15:31

On the VitalFlux site there's a recent post sharing a few tips (a Top 10 list) of things to think about when doing code reviews.

This article represents top 10 areas to consider while you are taking up the task to do the code review of a PHP project. The other day, I had a discussion with one of the PHP senior developers who asked me about where to start on the task related with reviewing a PHP web application and, we brainstormed and came up with the list. Interestingly, apart from few, most of them can be pretty much applied to applications written with other programming languages as well.

Their top ten list of things to look for during code reviews extend beyond just the syntax of the code and good coding practices. They also suggest things like:

  • Adherence to Business Functionality
  • Object-Oriented Principles
  • Security
  • Integration Patterns/Protocols

Code reviews, if done effectively and efficiently, can be a major benefit for producing quality code that not only adheres to standards but also follows good practices and principles (like SOLID).

0 comments voice your opinion now!
code review tips top10 list syntax bestpractice business

Link: http://vitalflux.com/top-10-php-code-review-tips/

Wojciech Sznapka:
Type Hinting is important
June 12, 2014 @ 09:41:51

In his latest post Wojciech Sznapka reminds us that type hinting is important in your PHP applications and can help provide more structure and better overall code practices.

One of my favorite PHP interview questions, is: what is Type Hinting and why it's important? Putting definition in one sentence, Type Hinting is a way to define type of parameter in function signature and it's a sine qua non to leverage polymorphism. [...] So given the fact, that Type Hinting is optional and we don't need to specify types of parameters passed to the method - why bother? Answer is easy: well prepared method signatures defines your model and are part of the "contract" that your code reveals to its consumers. It also prevents many silly errors and keeps codebase clean and coherent.

He talks about the best practices on using type hinting including where to put them (in an interface or base class or child class?) and some of the pros and cons of each. He also points out that some practices around type hinting, like overriding the hint and calling the method with unexpected/variable input, should be avoided (see the L in SOLID).

0 comments voice your opinion now!
typehint importance bestpractice liskov substitution principle solid

Link: http://blog.sznapka.pl/type-hinting-is-important

SitePoint.com:
Best Practice for Code Examples
August 14, 2013 @ 10:29:55

If you've ever thought about including code examples in your (blog/site/etc) posts and were wondering how to least frustrate your site's visitors, check out these suggestions from one of SitePoint's UX authors, James Edwards.

The majority of articles about web development include code examples, and across the web we see great variation in how they're formatted and presented. But a lot of them are not very good - because the code is badly formatted, hard to read, or can't be copied-and-pasted without unwanted junk. So in this article I'd like to take a hard look at code examples, to investigate the common problems they have, and try to establish some best practice for how they should be done.

He talks first about the whole point of including code examples in a post and five basic principles for what they should be like:

  • Code examples should use good semantic markup.
  • Tabs in code should not be converted to spaces.
  • Code should have basic syntax highlighting.
  • Code examples can have horizontal scrolling, but shouldn't have vertical scrolling.
  • Code examples should have line numbers, which are not included in text selection.

There's some examples of code markup included as well as some CSS rules you can drop in to help follow his suggestions.

0 comments voice your opinion now!
bestpractice code sample ux example

Link: http://www.sitepoint.com/best-practice-for-code-examples

Phil Sturgeon:
Building a Decent API
July 16, 2013 @ 09:32:46

Phil Sturgeon has posted a set of best practices he follows when building out new APIs. It covers a wide range of topics at a high level, but it's a good checklist to get you started.

PHP developers are increasingly moving over to API development, as are a lot of server-side developers. It's a trend thats been happening for the last few years and it's getting to the point where everyone and their dog are putting articles showing off how to build "awesome" API's. Unfortunately most of these are either woefully inadequate or are promoting bad practices.

His recommendations include:

  • Use the URI sparingly, and correctly
  • Resources are EVERYTHING
  • Authentication
  • Background all the things
  • Version your API like an adult

Each item in his list has some points to back it up and provide a bit more detail on what it's all about.

0 comments voice your opinion now!
api development recommendations list bestpractice

Link: http://philsturgeon.co.uk/blog/2013/07/building-a-decent-api

NetTuts.com:
How to Write Testable and Maintainable Code in PHP
May 16, 2013 @ 11:53:18

NetTuts.com has a new tutorial posted suggesting a few ways you can make testable and maintainable code in PHP applications.

Frameworks provide a tool for rapid application development, but often accrue technical debt as rapidly as they allow you to create functionality. Technical debt is created when maintainability isn't a purposeful focus of the developer. Future changes and debugging become costly, due to a lack of unit testing and structure. Here's how to begin structuring your code to achieve testability and maintainability - and save you time.

There's a few concepts they cover in the tutorial including DRY (don't repeat yourself), working with dependency injection and actually writing the tests with PHPUnit. They start with a bit of code that needs some work and use the tests to help refactor it into something that can be easily mocked (using Mockery).

0 comments voice your opinion now!
testable maintainable code tutorial bestpractice mock object

Link: http://net.tutsplus.com/tutorials/php/how-to-write-testable-and-maintainable-code-in-php

Reddit.com:
Login Security (Best Practices Recommendations)
August 14, 2012 @ 12:20:08

On Reddit.com there's a good conversation going on in the PHP category about login security and best practices surrounding it.

So I was handed an ancient project which was up to me to fix / improve. About a week later I am about done but there is 1 thing I left...Login security. As it is now, it's just md5(password) that's saved in the database. Better then nothing, but far from good enough. My plan was to have a constant pepper in the class which handles the logins, then do something like crypt(pepper . $password) to store it, since that should generate a random salt and is slower then sha1 / md5 / etc. I feel this should be save enough, do any of you have any ideas on how to improve it (without non-standard extensions)?

There's lots of comments so far and a lot of them are following along the same lines - use a better method of encryption, something like crypt with Blowfish or something similar as well as some hashing (like HMAC).

0 comments voice your opinion now!
security password hash encrypt bestpractice discussion


PHPMaster.com:
PHPMaster Security Roundup
July 18, 2012 @ 09:22:07

Security has become more of a hot topic in the PHP community recently and PHPMaster.com has pulled together a list of resources you can read up on to get some great ideas for securing your application.

The unfortunate truth of the matter is there's no excuse for [the LinkedIn, Yahoo!, eHarmony and Last.fm] leaks; they would not have been possible if simple, well-known security precautions were taken. Are you protecting yourself and your applications by guarding against SQL-injection attacks? Are you filtering and validating user input? Are you properly hashing user passwords? I hope so! If not, read some of the security-focused articles PHPMaster has published throughout the past year and apply these best practices to your code today!

Articles in their list include:

Check out the rest of the post for links to other great articles.

0 comments voice your opinion now!
security list article resource bestpractice


Jonas Hovgaard's Blog:
How I stopped writing awesome code
June 14, 2012 @ 11:55:21

In this recent post to his blog Jonas Hovgaard talks about how he "stopped writing awesome code" by dropping a few things from his usual development practices - like unit tests and interfaces.

If writing awesome code is using all the best practices I can find, writing interfaces, unit tests and using top notch IoC containers to control my repositories and services all over my application's different layers - Then I'm not writing awesome code at all! I've been that guy, the one writing the awesome code, but I stopped. I'm not awesome any more. Instead, I'm productive, I'm so damn productive!

He talks about how not writing unit tests (which "customers don't care about") gave him extra time to work on other code and how not using things like interfaces, ORMs and how he follows DRY, but only so far.

My personal result of doing all of this is productivity and better products. I can't tell if I did it all wrong, and that's why I'm writing better code now, but I truly believe that I'm not alone. In fact I think that most of us regular web developers, tend to do the same "mistakes" as I did.

The post has turned into flame bait and has pulled in lots of comments discussing his decisions and other sympathetic souls that feel the same way he does about some of the complexity of the "best practices" promoted in development today.

0 comments voice your opinion now!
opinion development practices bestpractice unittest interface orm dry


PHPMaster.com:
Input Validation Using Filter Functions
June 01, 2012 @ 15:53:28

On PHPMaster.com today there's a good tutorial that gives you some methods to do one of the most important things in any application - validating input. Their examples show how to use some of PHP's own filter functions to accomplish this.

Filter functions in PHP might not be sexy, but they can improve the stability, security, and even maintainability of your code if you learn how to use them correctly. In this article I'll explain why input validation is important, why using PHPs built-in functions for performing input validation is important, and then throw together some examples (namely using filter_input() and filter_var()), discuss some potential pitfalls, and finish with a nice, juicy call to action.

He talks about why validation is important to protect your application (and users) from malicious things like cross-site scripting. He emphasizes the use of PHP's own filter methods because they are established and, well, included in the language - no additional libraries needed. Example code is included showing how to use them to filter email addresses and check that something is an integer.

You can find out more about these functions on their manual pages: filter_input, filter_var.

0 comments voice your opinion now!
input validation filter tutorial bestpractice filtervar filterinput


Seth May's Blog:
The 5 Ws of Data Validation - Part 1
April 26, 2012 @ 11:14:03

With a reminder about the best practice of always validating your data, Seth May has this new post about the "Five Ws" of validation - why, when, where and who.

As web developers, the applications you write are complex data processing engines. They try and convince your users to enter good, meaningful data and to respond in solid, predictable ways based on what was entered. Robust data validation will allow the rest of you application to work effectively. [...] Data is scrutinized in various ways to make sure that it adheres to basic restrictions and to fundamental properties. It's no good receiving a sandwich when you expect a car.

The questions he answers are:

  • Why is Data Validation Important?
  • Where Should I be Validating Data?
  • When Should My Data Be Validated?
  • Who is Responsible for Validation?
  • How Do I Validate My Data? (yes, there's a "w" in there!)
In the real world data is ugly, crazy, and untrustworthy. Your only hope to taming the data beast is to diligently, methodically validate your data.
0 comments voice your opinion now!
data validation series five w reason bestpractice



Community Events





Don't see your event here?
Let us know!


framework community interview release install version update podcast laravel composer library language voicesoftheelephpant symfony tool series package security introduction opinion

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework