Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Toon Verwerft:
Optimizing PHP performance by using fully-qualified function calls
Dec 22, 2016 @ 12:27:55

Toon Verwerft has a post on his site with details about a micro-optimization you can use in your PHP application by using fully-qualified function calls, specifying the namespace even for root level PHP functions.

Today, a little conversation on Twitter escalated rather quickly. Apparently PHP runs function calls differently depending on namespaced or non namespaced context. When calling functions in a namespaced context, additional actions are triggered in PHP which result in slower execution. In this article, I'll explain what happens and how you can speed up your application.

The conversation started with [this tweet]. To understand the difference between global and namespaced function calls better, I'll explain what is going on under the hood.

He starts with this "under the hood" functionality, showing an example of a user-defined, root level function and the opcodes that result. He compares this to the opcodes generated when a namespaced function is called and the extra checking that goes into it (including checking both the namespace and the root levels). Another tweet implied that, because of this difference in checking, fully-qualified function calls would result in a performance increase. He set out to prove it as fact and used the phpbench tool to run four tests with various namespaced and non-namespaced examples. He includes the code he used for the testing and the results from a sample execution. There is, in fact, a slight performance gain from the fully-qualified version. He finishes up the post with some suggestions on using this knowledge including the root-level namespacing for built-in PHP functions.

tagged: performance optimize fullyqualified function call benchmark

Link: http://veewee.github.io/blog/optimizing-php-performance-by-fq-function-calls/

Simon Holywell:
Importing and aliasing PHP functions
Oct 24, 2016 @ 11:34:29

In this recent post to his site Simon Holywell continues his look at namespacing in PHP with a look at importing and aliasing specific functions, not the entire class.

As a follow on to my short post about namespaces and functions from a year ago I thought it would be worth covering importing a specific function and aliasing functions via namespace operators too. This has been possible since PHP 5.6, but there is a nice addition in PHP 7 I’ll cover towards the end.

He starts with a refresher example of pulling in a namespace and using a method with the "use" statement. Following this he shares an update that just imports the one method via a "use function" call rather than the entire class/namespace. He again refactors this into something more usable (the original method name is quite long) with an alias. He then ends the post with the PHP 7 only trick using the braces to define grouped namespace handling (however, this doesn't allow for function level aliasing).

tagged: import alias function namespace grouping php7 tutorial

Link: https://www.simonholywell.com/post/2016/10/importing-and-aliasing-php-functions/

Johannes Schlüter:
JSON Aggregation functions
Sep 16, 2016 @ 11:53:25

Johannes Schlüter has written up an article covering an interesting feature of the latest MySQL server release related to its JSON column handling: JSON Aggregation functions.

[The JSON datatype, functions and generated columns] combined allow building very powerful applications without committing to a fixed data structure on every part, but I was missing one thing a lot: Aggregation.

A topic I'm thinking a lot about is finding ways to select nested data. In MySQL we typically have two ways for this. Either one sends multiple queries to retrieve different nesting levels or one builds JOINs which tend to deliver repetitive responses.

He points out that one solution is the GROUP_CONCAT function, but the results of this can be difficult to work with and larger data may override the small memory space allowed. Instead he introduces two new functions in v8 to help with this nested data selection: JSON_ARRAYAGG and JSON_OBJECTAGG. He provides a brief example of the use of these two functions together to replace the "concat" handling from before.

tagged: mysql json function v8 release aggregation tutorial

Link: http://schlueters.de/blog/archives/183-MySQL-8.0-JSON-Aggregation-functions.html

Fabian Schmengler:
Using class_alias to maintain BC while moving/renaming classes
Sep 09, 2016 @ 11:55:12

In a post to his site Fabian Schmengler has shown how to use class_alias to prevent breakage while renaming or moving classes around in your application during refactoring.

Sometimes you want to rename a class or move it to a different namespace. But as soon as it is used anywhere outside the package, this is breaking backwards compatibility and should not be done lightheartedly.

Luckily there is a way in PHP to have both, the old class and the new class, while deprecating the old one: class_alias().

He then gets into the details of using this handy function to define the links between the files, necessary in two different places to prevent autoloading breakage. He also offers an alternative, making use of the "autoload.files" option in the Composer configuration (but this means adding each one to that list). He finishes the post by suggesting one more thing as you update your code: making it with an @deprecated annotation to help locate it later (and flag it in your IDE of choice).

tagged: classalias function maintain backwardscompatibility move rename class refactor

Link: https://www.schmengler-se.de/en/2016/09/php-using-class_alias-to-maintain-bc-while-move-rename-classes/

Freek Van der Herten:
Debugging collections
Jun 17, 2016 @ 09:47:42

Freek Van der Herten has a post to his site with a guide about debugging collections in Laravel applications. He quickly shows how to use the "macro" functionality to gather more insight into what's happening inside.

Lately I’ve been working a lot with collections in Laravel. If you’re not in the know: a collection is a sort of super charged array with a lot of powerful functions to transform the data inside it. The only thing I found a bit of a hassle is how to debug the various steps in a collection chain. Here’s how I improved the workflow.

He shows a simple collection setup with a chain of functions being applied to transform the data inside (ex: filter, map, sortBy). He was able to get a bit more information by using the dd helper Laravel provides but it's not the most "clean" way to just wrap the collection on it. Instead he proposes he use of a "macro" to call the dd function and keep it in the flow of the methods called on the collection (as ->dd()).

tagged: debug collection laravel dd helper function macro

Link: https://murze.be/2016/06/debugging-collections/

The Ultimate Guide - PHP Logging Basics
Dec 08, 2015 @ 11:34:32

Loggly, the online logging management service, has posted a guide that aims to help you get up to speed with logging in PHP starting from the basics out to more recent changes in PHP 7.

This guide explores the basics of logging in PHP, where to find PHP logs, and how these logs help you more effectively troubleshoot problems and monitor your PHP application. There are a couple of different elements you’ll want to consider logging: errors emitted by the PHP engine itself when a core function fails or if code can’t be parsed, custom errors that your application triggers, usually caused by missing or incorrect user input and activities in your application that you may want to analyze at a later time, such as recording when a user account is updated or content in a CMS is updated

They start with a look at the configuration settings you can change to modify how and what your application logs. They also mention run-time configuration changes and the default error log locations (file-based). From there they get into some of the basic, built-in logging functions and the format of the logs they write. The next section talks about application error logs (logs based on failures in PHP itself) and an example of writing logs with JSON instead of plain text. The post ends with a look at exception handling and logging for base, custom and SPL exception types, pointing out the change in PHP 7 around the Throwable interface.

tagged: logging basics application custom tutorial function introduction configuration

Link: https://www.loggly.com/ultimate-guide/php-logging-basics/

David Sklar:
Fixing Broken UTF-8
Aug 27, 2015 @ 10:48:29

David Sklar has a post to his site showing you how to fix broken UTF-8 characters in content being passed through the normal string functions.

When working on the i18n bits of Learning PHP 7, I had a problem. My example showing how plain string functions such as strtolower() and strtoupper() mangle multibyte UTF-8 characters was making the book formatting/rendering pipeline barf. The processing tools are expecing nicely formatted, valid, UTF-8 encoded HTMLBook files. It didn’t like the mangled invalid UTF-8 characters in my example output.

To fix this, I wrote the following function to replace invalid UTF-8 sequences with the Unicode Replacement Character (U+FFFD).

He includes the code for this method that walks through the string, character by character, and checks the bytes it contains to see how it needs to be translated. There's plenty of comments in it too, explaining what it's doing as it goes along.

tagged: fix broken utf8 character function example unicode replacement

Link: http://www.sklar.com/php/2015/08/25/fixing-broken-utf8/

Optional Value Control-flows in PHP using Traits and Magic-methods
Jun 18, 2015 @ 09:44:02

The MyBuilderTech.com site has a new tutorial posted talking about the use of traits and magic methods for optional value handling.

Recently I have been interested in experimenting with different ways to handle optional values. Their are many examples that exist demonstrating the use of the Maybe/Optional structure within the PHP landscape. I would instead like to focus my attention on only looking into the concept of 'orElse', which I have found to be a prominent control-flow whilst using these types of value. Typically, in an imperative mind-set we are accustom to evaluating a value, and based on its existence - defined as falsely in this regard - follow a different course of action, and by-way result.

He gives an example of where a value is checked for null and something else happens when it is. This is a common practice in PHP development, but he's more interested in other ways of handling. The first of these ways is with traits. His example shows an "OrElse" trait that can be used to perform the same evaluation but does some extra magic based on the method name called (his example is "findByIdOrElse"). If the trait method isn't for you, he also offers another possible solution around the use of composition. In this case he uses the same trait but makes it a part of its own class that's then given the object to work with (his "repository").

The post ends with one more "bonus" method for handling optional values - a simple function ("_or") that evaluates the arguments given and returns the first that's "truthy".

tagged: optional value control flow trait magicmethod function truthy

Link: http://tech.mybuilder.com/optional-value-control-flows-in-php-using-traits-and-magic-methods/

Simon Holywell:
Memoization or function cache
May 18, 2015 @ 11:09:17

Simon Holywell's latest post shares an interesting feature of PHP's static function handling that lets you cache the results of a function call to improve performance.

A little known feature of PHP’s static keyword is that it allows for memoization or function caching. This is a process whereby a functions heavy lifting can be cached so that subsequent calls are faster. It is possible to store any value in a memoized way such as arrays or even objects. This is done without any external side effects - that is to say that the code calling the function will require no changes to support memoization.

He includes an example of this in action, showing the use of a "static" keyword on a variable over two function calls. He goes through and explains how it works and the flow of the simple function. He builds this up a bit and shows the same functionality in the handling (and parsing) of a JSON document. He then gets more into the "real world" usage of this kind of static handling, pointing out that it can be very useful for caching without the need for an external service (like memcache or redis). His final example shows the caching of a function call using the same method and dependent on the arguments provided.

tagged: function cache static example tutorial memoization

Link: https://www.simonholywell.com/post/2015/05/memoization-or-function-cache/

Anthony Ferrara:
Security Issue: Combining Bcrypt With Other Hash Functions
Mar 13, 2015 @ 09:32:02

Anthony Ferrara has a new post today looking at a potential security issue in PHP applications when using bcrypt with encryption and other hashing functions. His findings have to do with some research he did on long passwords and denial of service attacks they might lead to.

The other day, I was directed at an interesting question on StackOverflow asking if password_verify() was safe against DoS attacks using extremely long passwords. Many hashing algorithms depend on the amount of data fed into them, which affects their runtime. This can lead to a DoS attack where an attacker can provide an exceedingly long password and tie up computer resources. It's a really good question to ask of Bcrypt (and password_hash). As you may know, Bcrypt is limited to 72 character passwords. So on the surface it looks like it shouldn't be vulnerable. But I chose to dig in further to be sure. What I found surprised me.

To find out exactly how things are processed he gets down into the C code behind the PHP functionality in the crypt function. He discovers something interesting about the way it determines the length of the input password. It loops over the key, taking one byte at a time but resetting when it comes across a null byte. While this method is safe in itself, he points out the real issue - using pre-hashing before the bcrypt password checking to, possibly, allow for longer passwords.

The problem is that this method could lead to those null bytes and cause issues with the password checking, especially if opting for the use of raw data. He includes a simple script to illustrate this problem, finding a few collisions for his made up key and "random looking" password. Thankfully, he includes a method for checking to ensure the hash doesn't contain a null byte. He points out that not all hashing combinations are at risk and suggests a few alternatives that can keep your application 100% safe.

The underlying problem is that combining cryptographic operators that weren't designed to be combined can be disastrous. Is it possible to do so safely? Yes. Is it a good idea to do it? No. This particular case is just one example where combining operations can be exceedingly dangerous.
tagged: bcrypt hash function combination issue crypt null byte

Link: http://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html