Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Jani Hartikainen:
How many tests is too many?
Sep 13, 2016 @ 09:21:21

While not specific to PHP Jani Hartikainen asks an interesting question in his latest post - how many tests are too many?. He gives an example of the number of tests in a widely used open source project and how, sometimes, more tests doesn't mean better code.

Some time ago I stumbled upon some crazy stuff… Specifically, I found out that SQLite has 787 times more tests than they have actual code! It’s no joke, it’s documented right on their website. While they have about 116 300 lines of source code, they have 91 577 300 lines of test code.

That sounds completely insane. [...] I bet you’ve sometimes wondered what is the right amount of tests to write. In some cases, it’s easy to end up with more tests than code. [...] When thinking of how many tests is enough, we need to think of what the goals are – both for the tests and our actual project.

He focuses in on this last idea, talking more about the SQLite project and its test suite. He then helps answer the main question - how do you know how many tests are enough? Should you "bend over backwards" to make tests for every possible scenario just because you can? He suggests a few things that can help the situation including refactoring where testing is difficult and writing regression tests for bugs fixed.

tagged: testing code opinion toomany unittest sqlite project

Link: http://codeutopia.net/blog/2016/09/10/how-many-tests-is-too-many/

Toptal.com:
The Six Commandments of Good Code: Write Code that Stands the Test of Time
Sep 09, 2016 @ 09:50:44

On the Toptal.com site they've posted a guide that aims to help you write good code that stands the test of time. They provide six "commandments" that they think can help make your code better and easier to maintain in the future.

Specifically, “good code” is code that is easily and readily maintainable by an organization (not just by its author!) and will live for longer than just the sprint it was written in. The following are some things I’ve discovered in my career as an engineer at big companies and small, in the USA and abroad, that seem to correlate with maintainable, “good” software.

Their list includes suggestions like:

  • Treat Your Code the Way You Want Other’s Code to Treat You
  • Good Code Doesn’t Reinvent the Wheel, it Stands on the Shoulders of Giants
  • Don’t Cross the Streams!
  • When Possible, Let the Computer Do the Work

Each item on the list comes with a brief description with a bit more detail and how to apply it to your development. It's not focused on any one language, however, so there's no code samples here - just links to other resources and tools that can help in their application.

tagged: good code commandments better maintenance

Link: https://www.toptal.com/software/six-commandments-of-good-code

Master Zend Framework:
Preparing Legacy Applications for PHP 7 with Phan
Sep 08, 2016 @ 12:07:42

The Master Zend Framework site has posted a new tutorial for those making the move in their legacy applications up to the world of PHP 7. In it Matthew Setter shows how to use phan, a static analysis tool, to locate issues that could cause breakage in the upgrade.

Unless you’ve been living under a rock these last 12 - 18 months, you will have heard about PHP 7; the latest version of PHP. Not only is it fast, by some reports it’s up to twice as fast as PHP 5.6, and far less memory hungry.

[...] Unfortunately, your application’s source code may not be 100% compatible with version 7. Upgrading may well leave you with a broken application and a set of unhappy customers. So before you go breaking your site in the interests of speed and being one of the cool kids, find out if your code’s compatible. How? By using a static code analyser, one which gives you all the changes you need to make on your code, so that you can upgrade with confidence.

He then shows how to install the Phan tool via Composer and execute it against your codebase. The result of his commands are a file that contains the issues found during the scan. If there are some "false positives" you'd like to ignore he also shows you how to create a config.php file with these and other values set to make it all more reusable.

tagged: php7 upgrade phan detect static analysis code tutorial

Link: http://www.masterzendframework.com/preparing-for-php7-with-phan/

Christoph Rumpel:
Build a PHP chatbot in 10 minutes
Aug 15, 2016 @ 09:45:23

Christoph Rumpel has written up a tutorial showing you how to build a PHP chatbot in 10 minutes by hooking a PHP 7 based script in, via webhooks, to a Facebook Messenger application.

The chatbot topic is huge right now. Finally there is something quite new again and nobody knows what's happening next. This is the perfect time to start experimenting with chatbots and to build your own one right now. Give me 10 minutes of your time and I will give you your first chatbot!

He then walks you through the full process if setting up the Facebook Messenger application, a page to host it from and using the Chatbot boilerplate code to connect the application back to the Facebook platform. This includes both the code needed and screenshots along the way of what you can expect to see during setup. The result is a bot that can respond with, at first, a static string then is modified to show simple exchange rate data.

tagged: chatbot facebook tutorial boilerplate code example application webhook

Link: http://christoph-rumpel.com/2016/08/build-a-php-chatbot-in-10-minutes/

Evonide.com:
How we broke PHP, hacked Pornhub and earned $20,000
Jul 25, 2016 @ 12:31:48

The PornHub.com site (definitely NSFW) is a high profile site that, as it turns out, uses PHP for a lot of its functionality. In this interesting article from the Evondie Security Research Group they show how they "broke PHP and hacked PornHub (and earned a $20k USD bug bounty in the process). Don't worry, the article itself is "safe for work" as it's only descriptions and code examples of how the hack was performed.

Pornhub’s bug bounty program and its relatively high rewards on Hackerone caught our attention. That’s why we have taken the perspective of an advanced attacker with the full intent to get as deep as possible into the system, focusing on one main goal: gaining remote code execution capabilities. Thus, we left no stone unturned and attacked what Pornhub is built upon: PHP.

The post then walks you, step-by-step, through the process they followed to discover the exploit. The main entry point was through PornHub's use of the unserialize function that included a flaw allowing for code execution when a specially crafted object was injected. With the help of this they were able to "leak" out of the PHP execution and inject custom C code to be executed in the local environment. This was, in turn, then used to execute a file_get_contents on the local /etc/password file and return its contents.

tagged: pornhub hack evonide serialize code injection security

Link: https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/

TutsPlus.com:
New Features in Laravel 5.2
Jul 25, 2016 @ 11:14:31

On the TutsPlus.com site they've posted a guide sharing some of the new features that have come with the 5.2 version of the Laravel framework. With v5.3 on the horizon, it's good to get a solid base with 5.2 first.

In this article, I will take a look at the new features of Laravel 5.2 and describe them one by one. The new features are [...]: implicit route model binding, form array validation, API rate-limiting middleware, middleware groups, authentication scaffold and multiple authentication guard drivers

The post then goes through each of these topics providing a bit of explanation of what they're about and how they can be useful. There's also snippets of code included where helpful to show off the feature and provide a more useful example.

tagged: laravel features v52 overview code example description

Link: http://code.tutsplus.com/tutorials/new-features-in-laravel-52--cms-26229

Intracto Blog:
How to save a kitten by writing clean code
Jun 03, 2016 @ 12:52:50

On the Intracto blog there's a new post from Joeri Timmermans talking about writing clean code with some good suggestions you can easily incorporate into your current processes.

So you came here to save a kitten? That's wonderful, but the real reason we're both here is to talk about clean code. In this blog post I'll be sharing some of my personal experiences and tips. But before we dive into the tips and tricks part, let's talk about what we, as developers, do and why we do it.

He touches on several topics including:

  • Best vs Fastest
  • Reading vs Writing
  • File and Folder Organization
  • Naming [conventions and clarity]

He also makes the recommendation to "return often", keep things DRY and makes a few recommendations of PHP-specific tools that can help.

tagged: clean code recommendation process development opinion

Link: http://blog.intracto.com/how-to-save-a-kitten-by-writing-clean-code

QaFoo Blog:
When to Abstract?
May 18, 2016 @ 10:12:18

On the QaFoo blog they've posted an article that shares some of their thoughts on "when to abstract" in your code - essentially finding that point where abstracting out functionality makes sense.

One of the most difficult challenges in a developers life is finding the "right" abstraction, or at least the best one given the current circumstances. The core problem is that abstraction is a bet on the future development of the software and we know that future is volatile. The circumstances will change, so will the view on the best abstraction change.

But there is another dimension which influences this decision: What kind of software are you developing?

They start off by defining three different types of projects (internal, library and adaptable) and move into how this type changes when/how you abstract things in your code. They give a brief summary for each type and when it usually makes sense, including steps to take (concrete first, then abstract).

tagged: abstract code library internal adaptable type opinion concrete

Link: https://qafoo.com/blog/084_when_to_abstract.html

Mathias Verraes:
The Repair/Replace Heuristic for Legacy Software
Apr 28, 2016 @ 11:48:06

Mathias Verraes has shared some thoughts about legacy applications and how development should be handled as new features are added and bugs are fixed. He proposes a "heuristic" to keep in mind as you work in your legacy code: the Repair/Replace Heuristic.

Technical Debt is a great metaphor. It shares many analogous properties with financial debt: loans, accrued interest, token payments, bankruptcy… There is a key difference however. We take financial debt with another party. [...] Technical Debt has no measure like money, and no ruleset like Property law, and, more importantly, with Technical Debt there is no other party. The organisation is both the creditor and debtor. [...] In “Managed Technical Debt”, I propose a cheap, imprecise, but surprisingly effective method for mapping and measuring debt. In short, it involves posting stickies whenever progress is impeded by debt, and keep marking the stickies for every incident.

By following this method, you gather together a better overall picture that makes determining the worst debt in your application easier. He proposes using this to follow the Repair/Replace methods: repairing something if it's well architected or replacing it if it's not.

Even when you’re not trying to decide on Repair/Replace — perhaps the decision was already made by others — the process of mapping its history will teach you more about the system and and its design. And one deep insight you learn from temporal modelling.
tagged: legacy code replace repair heuristic software opinion

Link: http://verraes.net/2016/04/repair-replace-heuristic-for-legacy-software/

PHP Roundtable:
044: Asynchronous PHP
Apr 27, 2016 @ 09:23:05

The PHP Roundtable, with host and PHP community member Sammy K Powers, has posted a new episode featuring a discussion about Asynchronous PHP. In this show Sammy is joined by guests Christopher Pitt, Sara Golemon and Aaron Piotrowski.

Async? Isn't that like AJAX in Javascript or something? Most PHP developers encounter asynchronous code for the first time in Javascript, but not many are aware that PHP can do async too. We discuss asynchronous programming in PHP and how we might be able to implement it in our own projects using various libraries. We also take a look at how async features could be added to PHP core to support async natively.

There's plenty of detail in the show notes for this episode covering all of the topics mentioned and links to some other resources you can use to find out more about asynchronous development in PHP. You can listen/watch this latest episode either through the in-page video player or directly on YouTube. If you enjoy the show, be sure to subscribe to their feed and follow them on Twitter for the latest updates when new shows are released.

tagged: phproundtable podcast ep44 asynchronous code discussion

Link: https://www.phproundtable.com/episode/asynchronous-php