Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Eric Wastl:
Your Job Is Not to Write Code
Dec 04, 2014 @ 15:05:04

Eric Wastl has written an open letter to software developers out there in response to this post and sharing some of his own thoughts (and corrections) about what it suggested.

Dear [Software] Engineers, Your job is not to write code. Rather, your job isn't only to write code. Your job is to design and build software, and one of the steps in that process happens to be explaining to a computer how to do its new job. An article appeared on Medium recently that writing code isn't really a big deal and it's not really what your job is about. It is. You can smell "Product Manager" miles before the signature line of the article. The article goes on to talk about how your job is to improve your products for your users. This is not the job of an engineer - this is the job of every person at your company.

He talks about some of the "other jobs" the Medium article suggests a software developer be doing including making sure the "code runs the way it should" (devops, testing, etc) and that it "actually gets merged and pushed into production" (a release engineer). He points out the dissonance between the request for things to "run under all conditions" and when it makes sense to add analytics to your code.

Because your job is to write code. Your job is to write the best code you can, as quickly as you can, within budget, meeting all of the expected features, in a maintainable way, and a million other things, and still make the users happy. [...] Your job is to tell someone when you make a mistake. Your job is to work together with your testers and with operations and with product and finance and, yes, even the other engineers. Your job is to figure out what product will ask for before they ask for it, and build the code so that if and when they do, adding the feature is easy because the code wasn't written in a way that requires a year-long refactoring project to do it in a way that wouldn't make Cthulhu literally gleeful at the thought of it.
tagged: software engineer write code opinion correction medium

Link: http://hexatlas.com/entries/5

Greg Freeman:
Steps to Take When you Know your PHP Site has been Hacked
Mar 07, 2013 @ 15:53:02

Greg Freeman has posted the second part of his "hacked PHP application" series (part one is here). In this new post he looks at the aftermath - what to do and check to do cleanup and fixes so it doesn't happen again.

This is a follow up post from my previous post “How to Tell if Your PHP Site has been Hacked or Compromised“. This post will discuss some the first steps you should take when you have identified that your site has been compromised. The first sections discuss a few points that are not relevant to everyone, the later sections will discuss how to fix the exploits.

He includes a list of things to think about including:

  • What kind of hosting you use (and if that contributed)
  • The option to redirect all requests for your site to one page
  • Get a list of all PHP files to locate something malicious
  • Locating "non-PHP PHP files"
  • Finding files with possible malicious content

He also includes a few suggestions to help prevent issues in the future - update to the latest versions, patch your code, rethinking your permissions and monitoring for potential repeat attacks.

tagged: hack compromise steps correction fix upgrade exploit

Link:

Anthony Ferrara's Blog:
In Response To: Building Secured Web Applications Using PHP - The Basics
Jun 28, 2011 @ 16:15:10

In a response to this post that introduced some basic security methods for your applications, Anthony Ferrara has posted some corrections and updates to the suggested methods, even pointing out where some of them are completely wrong.

Today an article popped into my feed reader that raise my eyebrows. The article's title is "Building Secured Web Applications Using PHP - The Basics". The summary of the item looked interesting, so I decided to open it up...What I found blew me away. It was filled with loads of bad information including some down-right wrong suggestions. Let me go through point by point and shed some light on the subject...

His response goes back through the original article by section header and explains either why the advice was bad and/or the more correct way to do things.

Security is not something you can learn in a page. It's not something that you can learn in a single book. It takes a lot of time and effort. It should not be trivialized into a simple "Do this and you'll be secure" style post. It sends the wrong message...
tagged: building secure application basics response correction

Link:

Community News:
OXID eShop - Opinions and Corrections
Aug 27, 2009 @ 13:17:55

There have been a few posts around the community related to the OXID application ever since the Zend Developer Zone posted the latest article in a series looking at using their eShop software. The quality of the application came up and several even questioned the "94% code coverge" they claimed.

Some of the posts on the matter include:

However, in this piece from Lars Jankowfsky he tries to set the record straight on a few things:

As I am the guy who introduced the disliked functionality many years ago ( actually years before ZF popped up) I feel the need for a statement to put the things into the right order. Please note that I did work for OXID in the past (years ago) but I do not nowadays.

He responds to the criticism of the way modules/classes are used in the eShop application and the comments about the test coverage claims made without the proof released to show it's true.

tagged: oxid eshop opinion correction

Link:

PHP 10.0 Blog:
PHP performance tips from Google
Jun 26, 2009 @ 13:43:15

In this new post to the PHP 10.0 blog Stas has some responses to the recent suggestions from Google as to how to optimize your applications.

There are a bunch of advices there, some of them are quite sound, if not new – like use latest versions if possible, profile your code, cache whatever can be cached, etc. Some are of doubtful value – like the output buffering one, which could be useful in some situations but do nothing or be worse in others, and if you’re a beginner generally it’s better for you to leave it alone until you’ve solved the real performance problems.

He mentions four things that need amending from what Google suggests:

  • Don’t copy variables for no reason
  • Avoid doing SQL queries within a loop.
  • Use single-quotes for long strings
  • Use switch/case instead of if/else
tagged: correction google tip performance

Link:

Till's Blog:
ZendFramework (performance) II
Dec 01, 2008 @ 18:08:49

On his blog, till has posted the second part of his testing on the Zend Framework and its performance in general usage tasks.

A disclaimer which I should have added to my last article would include that most of my pseudo benchmarks are very subjective and also way too basic. For example, our server setup is pretty comprehensive but we have to take everything into account in order to provide real benchmark. And when I write everything I mean CPU (cores), RAM, motherboard, HDD and so on. Maybe even the throughput of the network card -- if it's different.

This second post is an attempt to correct some of the sore points from the previous one. Here's a list:

  • require/include(_once) and __autoload, or "Why is __autoload() 'better'?"
  • Zend_Loader ERRATA
  • Caching database results
  • Zend_Db
  • Zend Framework (what it currently lacks)
tagged: zendframework performance correction autoload zendloader zenddb

Link:

Marco Tabini's Blog:
It turns out, I was wrong
Dec 01, 2008 @ 13:54:29

Correcting himself from some previous comments concerning PHP 5 versus PHP 4 usage among developers, Marco Tabini has posted something new to his blog with some updated stats.

In the past, I have not been shy about sharing my opinion that the impending death of PHP 4 would have wreaked all sorts of havoc over the PHP world. I am glad to say that I've been wrong - dead wrong, in fact - and that I have never been as happy to be so far off the mark before.

According to a readers survey that the php|architect magazine ran (about a year ago even) PHP 5 is stronger than ever, taking up well over sixty percent of the usage with only a small part still hanging with PHP 4. Check out his graph for the full rankings.

tagged: statistics php4 php5 usage correction phparchitect survey reader

Link:

Matthew Turland's Blog:
How-To (and How-Not-To) on Web Scraping
Mar 14, 2008 @ 16:18:44

Matthew Turland has a few things to say about web scraping (and recent articles covering it) on his blog today as an author of a previous article published in php|architect covering the same topic:

A friend of mine who shall remain nameless pointed a post out to me on the PHP DZone web site recently. Noting that the article's content was misinformed at best and downright ignorant at worst, even when examining it sheerly from the author's knowledge of PHP as a language, this friend asked that I set the author straight.

He mentions his comments on the post correcting the author on some points as well as a more "clued in" post on the xml.lt website talking about using PHP's DOM functionality instead.

tagged: web scraping howto correction article misinformed

Link:

Christopher Jones' Blog:
Duplicate Columns in "2 Day Plus PHP Developer Guide"
Jan 08, 2007 @ 22:33:00

Christopher Jones has a correction on his blog for a developer guide that Oracle has put out (Oracle Database Express Edition 2 Day Plus PHP Developer Guide 10g Release 2) mentioning a problem in chapter three:

In chapter three "Connecting to the Database" at step 5 of you will get duplicate columns returned if you use the latest version of PHP.

By adding in a "OCI_ASSOC+" to the oci_fetch_array statement, all is corrected. This was due to a change in how oci_fetch_array worked (as seen in this bug).

tagged: oracle developer guide ocifetcharray ociassoc correction oracle developer guide ocifetcharray ociassoc correction

Link:

Christopher Jones' Blog:
Duplicate Columns in "2 Day Plus PHP Developer Guide"
Jan 08, 2007 @ 22:33:00

Christopher Jones has a correction on his blog for a developer guide that Oracle has put out (Oracle Database Express Edition 2 Day Plus PHP Developer Guide 10g Release 2) mentioning a problem in chapter three:

In chapter three "Connecting to the Database" at step 5 of you will get duplicate columns returned if you use the latest version of PHP.

By adding in a "OCI_ASSOC+" to the oci_fetch_array statement, all is corrected. This was due to a change in how oci_fetch_array worked (as seen in this bug).

tagged: oracle developer guide ocifetcharray ociassoc correction oracle developer guide ocifetcharray ociassoc correction

Link:


Trending Topics: