In this new post Josh Adell looks at working with PHP sessions and how you can manually encode data to look as if it came from the normal session handling.

If you have ever popped open a PHP session file, or stored session data in a database, you may have noticed that this serialization looks very similar to the serialize function's output, but it is not the same. Recently, I needed to serialize data so that it looked like PHP session data (don't ask why; I highly suggest not doing this if it can be avoided.) It turns out, PHP has a function that encodes data in this format: session_encode.

Unfortunately, this method doesn't take arguments - it just outputs the encoded version of the current session data. So, he came up with his own encode/decode methods that use the PHP session, extract the serialized string and return it.

On PHPMaster.com today there's a new tutorial for the Twig templating users out there showing you how to extend your templates via inheritance, filters and functions - all abilities already built in to the tool.

When working within an MVC architecture, it's common to use a template library to populate the dynamic content of our views. There are dozens of such libraries available for PHP, but Twig is one of the standouts because of the ability to extend core features with custom implementations. In this article we'll explore how Twig templates can be extended using template inheritance, filters, and functions.

He starts first with some of the common limitations of templating frameworks (extension) and how Twig gets around this. He shows the use of the "extends" keyword and the "block"/"endblock" for splitting up the page into reusable chunks. He also shows how to use filters and functions in your Twig tags, allowing for more customized content and functionality for your output.

On the Etsy "Code as Craft" blog there's a recent post about their move to using the GeoNames service internally rather than the external, third-party API previously in use.

People are passionate about where they live. At Etsy we need to keep track of lots of different locations, such as buyers' billing and shipping addresses and sellers' shop locations. As Etsy continues to expand internationally we wanted to provide better localization and translations for our location place names. We determined that the best way to effect this change was to move from using a closed location API provider to internal services backed by the open GeoNames data set.

The post details some of the steps in the process including the mapping of the current data to the new structure (the script is available on github). They talk about how they mapped their old data over (trial and error sometimes) and the creation of a database of "GeoNameIDs" for each customer in their records. They've also implemented a Lucene/Solr search for improved searching and auto-suggestion based on the user's location.

The latest issue of the Web and PHP Magazine has been published - issue #12, "Don't get in a PECL". This latest issue includes articles like:

• "The Power of PECL" by Simon Holywell
• "Be 'ready' if you want to be done!" by Steffan Surdek
• "All Data is Relational" by Cory Isaacson
• "Fixing PHP Production Problems with APM" by Dan Delany and Chris Kelly
• "Trust" by Sebastian Bergmann

You can download your copy for free from their site and catch up on back issues.

In this new post to his CodeDiesel site Sameer Borate looks at something that's been a controversial topic with developers (not just PHP) about storing binary data, like images, in a database instead of on the local file system.

There is much discussion and argument with no final say on the issue. In one of my recent project the same issue was raised; the client and myself discussing the benefits and drawback of storing the images into a database. The project needed storing around 50,000 images, so it was important to get the question resolved satisfactorily. After much deliberation we settled on using the file system. The major factor in the decision was that we needed the database and images decoupled as we would be having multiple databases using the same set of images.

He goes on to talk about some of the things you should consider when you're deciding if storing images in the database is the right thing for your application including:

• The bloat that can come with storing binary data (larger database size)
• Updating images requires two operations - updating the database and updating the cached image locally
• Images usually serve faster when they come from the filesystem through the web server
• BLOB (a common type for binary data storage) is variable-width and can degrade performance

You can read the rest of the reasons (and get more detail on the ones above) in the rest of the post.

In a new post to PHPMaster.com today, Rakhitha Nimesh takes a look at Faker, a tool that can be used to generate random test case data as a part of your workflow.

Testing is an iterative part of the development process that we carry out to ensure the quality of our code. A large portion of this entails writing test cases and testing each unit of our application using random test data. Actual data for our application comes in when we release it to production, but during the development process we need fake data similar to real data for testing purposes. The popular open source library Faker provides us with the ability to generate different data suitable for a wide range of scenarios.

Faker uses built-in data providers like "Person", "Company", "DateTime" and "UserAgent" to give you randomized output from the data sets you define. Code is included showing how to create the provider in your objects, extending the correct provider and making a request for a property. A real-world example is also included about testing an email marketing engine for address, title, name and content. There's also a little bit added at the end showing how you can increase the randomness of the results returned by "seeding" the Faker engine.

Paul Reinhemier has written up post sharing his creation of the code to get XHGui working with MongoDB.

Mark Story & I are pleased as punch to introduce XHGui on MongoDB. Our goal was to get as close to the original feature set of the tool I worked on a few years ago (which leveraged the starting point provided by Facebook) and then to release what we had. What we've got now works; there's still a good distance to go, but we think it's far enough that we can ask for help form the community at large.

The tool collects XHProf data and stores it into a MongoDB database and allows you to view recent activity. There's a few warnings that he includes with the post, so be sure to read those through if you plan on using the tool.

Ulrich Kautz has recently taken a look at validation and sanitization of data in PHP applications. He talks about several different methods - both in core PHP and in various frameworks.

Validation and sanitization are extremely important topics, any developer should be aware of. Especially with powerful, modern frameworks, people seem to forget about the underlying concepts and wrongly assume it's already solved somehow. Correctly used and early on integrated, both play the central role in defending against attacks on your application.

He talks a bit about why you should care about the topic, some of the common issues/threats that could come up because of it and some general information on what validation and sanitization are. He looks at implementation with the filter extension and touches on functionality from Symfony 2, Laravel 3, CakePHP 2 and shares his own data filtering module with examples of its use.

Shashikant Jagtap has Behat TDD testing tool and the BrowserMob-Proxy to make an automated system that collects performance data on your applications (including load time, recording headers and simulations of network traffic and latency).

BrowserMob Proxy is a utility which is used for capuring HTTP traffic and performance data from the browser. BrowserMob-Proxy adds in essential missing capabilities such as checking HTTP status codes and injecting headers for HTTP Basic Auth. Web Perfomance data can be manually captured by other tools like Firebug or Developers Tools. Using BrowserMob Proxy we can capture perfonace data in HAR format while running automated tests.

He includes the commands you'll need to set up the PHP interface for BrowserMob (PHPBrowserMob) the proxy itself and a sample test and context file that runs some checks against Facebook.

On the MaltBlue blog Matt Setter has a new post introducing you to using FilterIterators for data traversal:

There's load of ways to traverse data, especially in PHP where there are a variety of loops available; including while, do while, for and foreach. These are fine for normal structures, such as scalar and associative arrays. But what if you want to get a bit more fancy?

He includes a bit of code showing the typical looping approach that a lot of developers take and how, using a FilterIterator, you can extend the default and make a custom "accept" method to remove certain matching items from the data set.