Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Master Zend Framework:
Can You Create Apps in Zend Expressive as Easily as With Laravel?
Jul 27, 2016 @ 13:23:01

On the Master Zend Framework site Matthew Setter has written up a post that tries to answer the question: "can you create Zend Expressive apps as easily as with Laravel?" He works through each of the major features in the frameworks (controllers, routing, views, etc) and compares the two and how easy they make it for the developer.

Laravel is the PHP framework For web Artisans, able to create applications nary with the speed of thought. Zend Framework, on the other hand, is the enterprise-ready framework; one that can build the largest of applications, for companies in the Fortune 500. I was asked, recently, if applications could be built as easily in Zend Expressive as in Laravel. Recently I sought to find out. Here's what I found.

He starts off with more of an "overview comparison" of his own experience building a simple application with Laravel and how, interestingly, there's not an easy way to make a direct comparison between the two. He also mentions picking the right tool for the job and not "fitting a square peg in a round hole" or trying to use the same development practices between the two. From there he then gets into more of the specifics of the features:

  • Forms and Entities (and Form ViewHelpers)
  • Routes and Controllers
  • View Helpers
  • Database Access
  • Data Models
  • Database Migrations and Testing
  • Testing

Each of the sections comes with some brief code snippets and examples from either side of the fence, helping you get a better idea of how they differ. He finishes off the post sharing his own opinions on the comparison between the two....but you'll have to read the article to find out about those.

tagged: laravel zendexpressive framework comparison features easy

Link: http://www.masterzendframework.com/zend-expressive-or-laravel/

PHPDelusions.com:
Usability problems of mysqli compared to PDO
Jun 27, 2016 @ 09:49:44

On the PHPDelusions.com site there's a post that compares the functionality of mysqli to PDO and looks at the differences in their overall usability.

By no means I am going to say that mysqli is worse than PDO. Mysqli is an excellent extension, with many specific features. But it's just not intended to be used directly. To make it usable, one have to always wrap it into a helper library, to reduce the enormous amount of code that otherwise have to be written by hand.

[...] But for the average PHP/MySQL user, standard APIs are the only known methods for database interaction. Thus they tend to use both extensions right in the application code, without any intermediate wrapper around. For such a use PDO is an indisputable winner, and I'll show you why.

The post then breaks it down into sections comparing the functionality between the two database access methods:

  • Named placeholders
  • General inconvenience in binding
  • Getting single column value
  • Getting multiple rows
  • Binding unknown number of parameters
  • Compatibility
Of course, all the inconveniences above could be overcame by a good wrapper. This is why if you choose mysqli, you definitely have to use one.
tagged: pdo mysqli comparison usability database access categories

Link: https://phpdelusions.net/pdo/mysqli_comparison

SitePoint PHP Blog:
Benchmarking: Can AppServer Beat Symfony’s Performance?
May 19, 2016 @ 10:45:51

The SitePoint PHP blog has posted a new article comparing AppServer and Symfony on a performance level and wonders if the AppServer platform can outperform the framework on some base level functionality.

After the release of the first part of our Appserver series, it was clear through the ensuing discussions on both SitePoint and Reddit that we had touched a nerve for a good number of PHP channel’s devoted readers. I also quickly realized this new (for PHP) technology had a good number of serious doubters. One of the most poignant responses in the discussions was something along the lines of,

Needless to say, those doubtful and critical comments sounded like a real challenge. I was also very interested in finding out where appserver would land, if it were to be benchmarked against another well known PHP framework. [...] I decided to use my favorite framework, Symfony, to make the comparison. This is because appserver, as a stock PHP application server, also offers a good bit of important application functionality similar to Symfony.

They start with the approach they took to the comparison and how they set up the systems to evaluate the difference between the two (including hardware specs). The remainder of the post shares the results of several Apache Bench runs - the raw command line output - and more graphical versions of the same information (bar graphs). While there are a few "wins" on the AppServer side, overall it came in a bit slower (mostly because of the technologies involved in every request, however).

tagged: appserver appserverio performance symfony comparison benchmark results

Link: https://www.sitepoint.com/benchmarking-can-appserver-beat-symfonys-performance/

Djordje Kovacevic:
PHP cloud hosting comparison (OpenShift vs Heroku vs Fortrabbit)
Jan 22, 2016 @ 11:54:01

In this post to his site Djordje Kovacevic shares the results of his evaluation of hosting providers in the platform-as-a-service arena for hosting PHP applications: OpenShift, Heroku and Fortrabbit.

I want PHP 5.6+, so I did some basic testing of those services to pick cheep and good solution to host my blog. OpenShift because I use it and it's free for 3 small gears, it was pretty good solution few years ago. Heroku because I used it for Ruby on Rails projects and they support multiple languages (even multiple build packs for one project)! I used FortRabbit too, so I decided to test theirs new apps.

For his testing he used a simple Laravel (v5.2) application with a handful of routes - something simple just to test out the setup and deployment processes. There is a "tl;dr" of the results but he also gets a bit more in-depth on what each service has to offer and some of the pros and cons of each. He also includes the results of some basic performance testing on the instances, linking to the raw output if you'd like to run your own metrics against it.

tagged: heroku openshift fortrabbit paas platformasaservice hosting provider comparison pro con benchmark

Link: http://djordjekovacevic.com/articles/php-cloud-hosting-comparison-(openshift-vs-heroku-vs-fortrabbit)

Jordi Boggiano:
PHP Versions Stats - 2015 Edition
Nov 23, 2015 @ 13:17:54

It's come to "that time of year" again and Jordi Boggiano has posted the latest update in his series of PHP usage statistics. In this summary he looks at the PHP versions installed based on the packagist.org logs for developers using Composer.

It's that time of the year again, where I figure it's time to update my yearly data on PHP version usage. Last year's post showed 5.5 as the main winner and 5.3 declining rapidly. Let's see what 2015 brought.

[...] A quick note on methodology, because all these stats are imperfect as they just sample some subset of the PHP user base. [...] Composer sends the PHP version it is running with in its User-Agent header, so I can use that to see which PHP versions people are using Composer with. Of course this data set is probably biased towards development machines and CI servers and as such it should also be taken with a grain of salt.

He first compares the statics for his 2015 searches against the 2014 stats and shows the differences in usage for PHP versions 5.3.3 up to 5.6.0. Fortunately, the results show a rise in the usage of PHP 5.5 and a decline in all others...but it's not too much of a difference (2-3% range). Pie graphs are also included to help visualize these differences. He also includes some statistics on what PHP versions are required by certain packages for the ones listed on Packagist with increases starting with 5.4 and the largest advance for 5.5.

tagged: usage statistics version comparison yearly packagist composer required

Link: http://seld.be/notes/php-versions-stats-2015-edition

SitePoint PHP Blog:
PHP vs Ruby – Let’s All Just Get Along
Nov 23, 2015 @ 09:36:09

On the SitePoint PHP blog Phil Sturgeon has written up a comparison of the PHP language versus Ruby suggests that we all just get along from the perspective of a developer that works with both happily.

Quite often you see developers who have a lot of experience in one language try to play with another, then make a rather quick comparison between the two. This comparison is usually quite worthless, but the clickbait titles get them a lot of traffic.

Instead of doing that, I thought it would be interesting to have a slightly more fair comparison, from the perspective of someone who really enjoys writing both PHP and Ruby, and has done so for years. The aim here is not to find out which is “better”, but to point out a few key things I like about Ruby and its ecosystem.

He starts with some of the basics conceptual differences between the two languages including the differences with methods/variables/properties and type hinting versus duck typing. He also covers some "fun features" of each language including:

  • Nested classes
  • Using debuggers (and the tools offered)
  • "Unless" handling
  • Predicate methods
  • Shorter array syntax (in Ruby)

There's many more mentioned through the end of the post too, so be sure to check out the rest in the remainder of the article. Each point come with some brief code examples show how the feature is implemented depending on which language is being discussed.

tagged: ruby language comparison features differences

Link: http://www.sitepoint.com/php-vs-ruby-lets-all-just-get-along/

Paragon Initiative:
Preventing Timing Attacks on String Comparison with a Double HMAC Strategy
Nov 09, 2015 @ 12:07:19

The Paragon Initiative has a post showing you how to prevent timing attacks when comparing strings using a double HMAC method. Essentially this method replaces timing safe comparison methods (non-native) using a constant key in the HMAC generation.

One of the common cryptographic side-channels that developers should be aware of is how long a specific operation, such as a string comparison, takes to complete. Thus, they are called timing attacks. [...] Timing attacks are possible because string comparison (usually implemented internally via memcmp()) is optimized. [...] These concerns have led many security to propose a Double HMAC strategy instead of writing a constant time comparison loop where one is not already provided (e.g. PHP before 5.6.0).

He points out that while the has_equals approach can be effective in preventing this kind of issue, if you're not running PHP 5.6 you're a bit out of luck. There are polyfill functions that mimic it but he suggests another option - the double HMAC. He includes an example of the code to perform this kind of evaluation, using the same constant key value in the HMAC generation for both input strings. He then refactors this and shows how to use a more randomized key making use of the native CSPRNG functions coming in PHP 7 (ployfill available for this too).

tagged: prevent timing attack double hmac comparison hashequals polyfill

Link: https://paragonie.com/blog/2015/11/preventing-timing-attacks-on-string-comparison-with-double-hmac-strategy

Alejandro Celaya:
My first approach to Zend Expressive
Sep 14, 2015 @ 10:50:40

The team behind the Zend Framework recently released a microframework of sorts that makes use of middleware as its primary location for processing: Zend Expressive. In this post to his site Alejandro Celaya takes a "first approach" to this new framework and shares some of what he's discovered.

One of the trending topics in the PHP world nowadays is the one about microframeworks. It started some years ago with Slim and Silex, but recently it has been an explossion of new microframeworks. First, Slim's team announced the third version of its own framework, which implemented the psr-7 HTTP standard by taking advantage of the middleware concept. [...] Then, Laravel launched the Lumen project, which is another microframework based on Laravel components [and] Zend framework's team launched Zend Expressive, which is similar to Slim 3 in the fact that it works with middleware and psr-7, built on top of zend-stratigility and zend-diactoros.

He starts the post off answering two "why" questions: "why microframeworks" and "why Zend Expressive". He then gets into the technical details, comparing some of the basic route handling across the different microframework projects (with code examples). He shows how Expression allows the use of a service container as the main object instead of just defining routes (and what routers that's compatible with). He briefly covers some of the other piece of the Expression puzzle: template library support, the service container, error management and some other considerations to think about with evaluating the tool.

tagged: zendexpressive expressive microframework introduction overview comparison

Link: http://blog.alejandrocelaya.com/2015/09/12/my-first-approach-to-zend-expressive/

SitePoint PHP Blog:
The State of Accessibility in PHP Tools
Aug 03, 2015 @ 11:19:21

On the SitePoint PHP blog Parham Doustdar has posted a look at accessibility in PHP tools or how easy they make it for those with disabilities (such as his own blindness) to do their development work.

Usually when I tell people that I’m blind, many people ask me how I can use the computer. “Is someone reading you my messages?” I remember someone asking. Many people imagine that I have this super-nifty speech recognition software that I can just talk to, and it would do anything, even write code. Imagine dictating code to a speech recognition system! [...] I gave an answer on Quora, to someone who had asked How does a visually impaired computer programmer do programming? I recommend you go through that answer to have a better context on what I’ll be talking about in this post.

He starts with a look at how visually impaired people could normally use a computer using screen readers, interaction with the software (all through the keyboard) and some things that just can't be done with this setup. He covers some of the issues screen readers have when parsing web applications and links to the WebAIM articles page for more information there. He then gets into the IDE comparison covering essential, assistance and supplementary features as well as community engagement around accessibility issues. He compares:

  • PHPStorm
  • SublimeText
  • NetBeans
  • Eclipse-based IDEs (Zend Studio, Eclipse PDT)
  • Notepad++

Unfortunately, most of the software on his list received a rating of "zero" on the scale with the exception of Notepad++, though it still has places it falls flat.

tagged: accessibility tools blind programming ide comparison screenreader

Link: http://www.sitepoint.com/the-state-of-accessibility-in-php-tools/

SitePoint Web Blog:
PHP vs Node.js Smackdown: Right of Reply
Jul 09, 2015 @ 09:53:22

in response to the previously posted Node.js vs PHP "Smackdown" article on the SitePoint Web blog, PHP blog editor Bruno Skvorc and an author from the SitePoint Javascript channel, James Hibbard, come back with their own rebuttal to some of the points made in the previous article from a more "PHP perspective."

In SitePoint's recent PHP vs Node.js Smackdown, Craig Buckler pitted these development disciplines against each other over a series of ten challenges, to determine which is the overall winner. As Craig notes in the article, these comparisons are always somewhat controversial. As a fun followup, we asked Bruno Skvorc (SitePoint's PHP editor) and James Hibbard (one of SitePoint's JavaScript editors) to provide a commentary on each of the rounds.

For each of the rounds, they start with a summary of the related findings by Craig in the first article and share comments from both Bruno and James. With his slant towards Javascript James often agrees with what the original article stated but Bruno usually disagrees or adds comments in to clarify the PHP side of the situation (from a more insider's perspective).

tagged: smackdown nodejs language comparison reply brunoskvorc jameshibbard

Link: http://www.sitepoint.com/php-vs-node-js-smackdown-right-of-reply/