Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Benjamin Eberlei:
Explicit Global State with Context Objects
Mar 24, 2017 @ 11:50:12

In a post to his site Benjamin Eberlei looks at global state in PHP using something called "context objects" and how they can be used as an alternative to true global state.

Global State is considered bad for maintainability of software. Side effects on global state can cause a very nasty class of bugs. Context objects are one flavour of global state. For example, I remember that Symfony1 had a particularly nasty context object that was a global singleton containing references to very many services of the framework.

As with every concept in programming, there are no absolute truths though and there are many use-cases where context objects make sense. This blog posts tries to explain my reasons for using context objects.

He starts by getting everyone on the same page by defining a context - the "circumstances in which something can be fully understood". He then moves into the world of context objects, talking about how they encapsulate the information other objects need to execute. They're essentially "container" objects that allow for more control that something like the normal PHP superglobals. From there he helps you define what kind of context objects you might need in your application and provides a real-world example from his own experience at Tideways.

tagged: global state context object tutorial introduction definition

Link: https://beberlei.de/2017/03/12/explicit_global_state_with_context_objects.html

Robert Basic:
Tags for PHP in Vim
Mar 10, 2016 @ 11:32:34

In a post to his site Robert Basic has shared some helpful plugins for PHP developers using Vim as their primary editor. These plugins not only help you jump around in your code but get more context on where you're at.

One thing I was missing for a long time in Vim is to be able to "jump to definition" in an easy and painless way. The other thing I wanted to improve is to be able to tell easily where am I actually in the code base; to see the current class and method name of wherever the cursor was.

With a bit of googling and poking around, I finally came up with a perfect combo of 5 plugins (yep, five!) that enables me to do both, and a little bit of extra.

He shows examples of using three different things he wanted to be able to do when working in his code and the plugins that satisfy each:

One line examples are included showing how to configure them with your current Vim use.

tagged: tags vim plugin jump definition context class method

Link: http://robertbasic.com/blog/tags-for-php-in-vim

Setting the Context in a Laravel Application
Sep 24, 2015 @ 13:39:46

Continuing on their series about context in Laravel applications, the Culttt.com blog has posted the next part talking about setting the context of the application. In this case the term "context" relates to the "operating environment" the request is happening in (not to be confused with the environment, things like the server/software installed).

Last week we looked at managing context in a Laravel application. Context is a very important aspect of a web application as this foundational structure will be relied upon for almost every piece of code. Setting the context usually involves checking against the business rules of the application.

For example, does the current user have access to this group? Does the current task belong to this project? Can this user create a new post in this thread? These kind of foundational business rules need to be addressed whenever a request enters the application.

He starts by talking about the importance of the URL the user is requesting, pointing out that it should be both useful to identify the resource and provide a "sense of hierarchy" for the application. He then shows how to, using the "Guard" handling in Laravel, to define the context and ensure that the user is operating within an allowed context. Full code is included to set up the system and creating the objects to resolve the group and request information into something useful.

tagged: context laravel application tutorial group request guard

Link: http://culttt.com/2015/09/21/setting-the-context-in-a-laravel-application/

Rob Allen:
Improved error handling in Slim 3 RC1
Sep 08, 2015 @ 12:23:52

Rob Allen has a quick post to his site talking about some of the improved error handling that's been updated in the latest version of the Slim microframework to help make reporting issues easier in multiple contexts.

From RC1 of Slim 3, we have improved our error handling. We've always had error handling for HTML so that when an exception occurs, you get a nice error page [...] However, if you're writing an API that sends and expects JSON, then it still sends back HTML. [...] At least we set the right Content-Type and status code! However, this isn't really good enough. We should send back JSON if the client has asked for JSON. Until RC1, the only way to do this was to register your own error handler.

With Slim 3 the framework handles things more correctly based on the value of the "Accept" header sent along with the request. This value is checked and, if it references JSON or XML, the error message is translated either giving the default output or reporting back for the "notFound" and "notAllowed" error types.

tagged: slimframework slim3 error handling context html json xml accept header

Link: http://akrabat.com/improved-error-handling-in-slim-3/

Paragon Initiative:
Everything [About] Preventing Cross-Site Scripting Vulnerabilities in PHP
Jun 17, 2015 @ 12:19:29

The Paragon Initiative has posted a new tutorial that wants to provide you with everything you need to know about preventing cross-site scripting in PHP applications.

Cross-Site Scripting (abbreviated as XSS) is a class of security vulnerability whereby an attacker manages to use a website to deliver a potentially malicious JavaScript payload to an end user. XSS vulnerabilities are very common in web applications. They're a special case of code injection attack; except where SQL injection, local/remote file inclusion, and OS command injection target the server, XSS exclusively targets the users of a website.

[...] Cross-Site Scripting represents an asymmetric in the security landscape. They're incredibly easy for attackers to exploit, but XSS mitigation can become a rabbit hole of complexity depending on your project's requirements.

He introduces the concept of cross-site scripting (XSS) for those new to the term and provides a brief "mitigation guide" for those wanting to jump to the end. He then gets into some examples of what a XSS vulnerability could look like, both stored and reflected and provides the "quick and dirty" method for preventing them. He also mentions some tips in implementing your solution including avoiding HTML in your data if at all possible. He goes on to talk about the use of HTMLPurifier to prevent attacks, context-sensitive escaping (HTML vs JS vs CSS) and some of the browser-level features that help prevent XSS for the user.

tagged: prevent xss crosssitescripting security prevent vulnerability context browser

Link: https://paragonie.com/blog/2015/06/preventing-xss-vulnerabilities-in-php-everything-you-need-know

ServerGrove Blog:
Useful Linux command-line tools to work with PHP projects
Apr 24, 2015 @ 11:16:20

The ServerGrove blog has posted a new tutorial with a selection of useful command line tools to help you in working with your PHP applications. None of them are PHP specific but are Unix-based commands that can help in every day development.

Linux provides a lot of interesting command-line tools that we can use when working with PHP projects. In this post we give you some useful commands.

They include examples of commands that can help with:

  • Find all PHP files in the current directory
  • Check the syntax of all PHP files in the current directory
  • Get the size of each Composer dependency
  • Find suspicious PHP files
  • Find files with abstract classes
  • List PHP settings for the xdebug extension
  • Find empty files and/or directories
  • List files currently open by a PHP process

As mentioned, most of the tools themselves are not PHP specific but these example commands do relate to things that are more in a PHP context.

tagged: useful linux commandline tool context example list

Link: http://blog.servergrove.com/2015/04/23/useful-linux-command-line-tools-work-php-projects/

Matthew Setter:
Can VIM Ever Replace PHPStorm?
Mar 02, 2015 @ 10:54:13

In an interesting new post to his site Matthew Setter wonders if an IDE like PHPStorm can be replaced by VIM, a standard in the editor community for decades.

Is it reasonable, even practical, to expect that a 30 year old application can match a modern one? Is it conceivable to be able to code as well using VIM, said 30 year old application, as I can in PhpStorm, with all the IntelliSense-lead functionality PhpStorm offers?

He starts with some of his recent experience with the editor and some of the things he's (happily) found it can do he didn't know before. He includes a screenshot of a multi-pane view, explains what each is and what he can do with them. He points out that this example is Markdown documents but it can just as easily be used for code too. Finally he talks about the subject any PHPStorm user wants to know about, the IntelliSense functionality. Unfortunately, while there are some tools he mentions that can do similar things, they don't provide the context PHPStorm can deliver.

He ends the post with an interesting question: is IntelliSense the right approach? He wonders if having more context is a better answer rather than just the auto-complete handling IntelliSense offers.

tagged: vim editor replacement phpstorm opinion autcomplete context screenshot

Link: http://www.matthewsetter.com/can-vim-ever-replace-phpstorm/

Paul Jones:
Action-Domain-Responder and the “Domain Payload” Pattern
Oct 01, 2014 @ 10:16:11

Paul Jones has a new post with more information about his proposed "Action-Domain-Responder" design pattern (a replacement for the typical MVC) and suggests a new piece, the Domain Payload pattern. This pattern would use a domain payload object to wrap the data and provide the responder with additional handling and context.

In Action-Domain-Responder the Action passes input to the Domain layer, which then returns some data for the Action to pass to the Responder. In simple scenarios, it might be enough for the Responder to inspect the data to determine how it should present that data. In more complex scenarios, though, it would make more sense for the Domain to pass back the data in a way that indicates the status of the data. Instead of the Responder inspecting the Domain results, the Domain should tell us what kind of results they are.

He shows a code example of this Domain Payload object in action, starting with some typical MVC code and refactoring it along the way into an ADR structure. He shifts from a typical model into a more domain-driven approach and describes the wrapping of the data in the payload, context for the contents (even just a class name helps) and how those relate to the actual output. You can find the resulting code in this example over on Paul's GitHub account.

tagged: action domain responder mvc adr payload wrapper context data

Link: http://paul-m-jones.com/archives/6043

Paul Jones:
Some Rules For Good Naming
Apr 30, 2014 @ 09:29:42

Paul Jones has a new post to his site today talking about the importance of naming when it comes to the use of different patterns in development. He also makes some recommendations to help clear up some of the confusion around different names for the same things.

[Thoughts in a] Grumpy Programmer mailing-list essay got me thinking. [...] I completely agree with the emphasis on using a common vocabulary. One issue here is that naming things properly is very, very hard. It is one of the only two hard problems in programming. Are there any rules (even rules-of-thumb) that can we use to make it easier to pick good names for the classes and concepts in our projects?

He reminds readers that code is no place for a "novel context", that is that it's not meant to be instructions for humans, but instructions for computers. He points out that patterns are more about behavior than the name you give them and that picking a name that's "close enough" isn't a good idea. He also recommends that you avoid picking a name for a special context the code might be involved in.

tagged: naming rules opinion designpattern behavior context

Link: http://paul-m-jones.com/archives/5952

Attempting to understand Namespacing, and its benefits
Jan 02, 2014 @ 11:54:23

If you're relatively new to PHP, you may have read about something called "namespacing" but not fully understood it or the benefits it provides. Over on Reddit, there's a recent discussion where the poster asks about just that:

As I understand it, Namespacing provides a lot of useful context for developers, as well as making the autoloading of classes much easier (though I've never personally tried this). I can also see it being used in a large enough application where it might help keep things in scope, but this seems like a bit of a stretch to me. Apart from that, I'm not too clear on what namespacing actually does.

The comments to the thread including things like links to other resources and other suggestions like:

  • tools to try out
  • places to start using it in your own code
  • the difference between underscores and real namespacing
  • how they help avoid conflicts in naming and functionality
tagged: namespace benefit context autoload opinion discussion

Link: http://www.reddit.com/r/PHP/comments/1u1ztr/attempting_to_understand_namespacing_and_its