Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHP 7 Up and Running (Video Series)
Aug 28, 2015 @ 10:38:14

The Laracasts site has posted a set of videos that can help you learn all about PHP7 and get you up to speed before this next major release is available for download (well, a stable release anyway).

Slated for release in October, 2015, PHP 7 brings a wealth of new features, bug fixes, and performance improvements. If you're curious, come with me, as I demonstrate what's new!

The videos cover some of the major new features coming to the language including:

More videos are coming too, including one already listed showing how to use anonymous classes. Keep an eye on this series to learn all about PHP 7 before it's even released.

tagged: php7 video series introduction major version tutorial

Link: https://laracasts.com/series/php7-up-and-running

Joe Fallon:
Immutable Objects in PHP
Aug 27, 2015 @ 11:53:36

Joe Fallon has a post to his site talking about immutable objects in PHP, objects that once the property values are set they cannot change.

When I first learned to program, I made many objects that were mutable. I made lots of getters and lots of setters. I could create objects using a constructor and mutate and morph the heck out of that object in all kinds of ways. Unfortunately, this led to many problems. My code was harder to test, it was harder to reason about, and my classes became chock full of checks to ensure that it was in a consistent state anytime anything changed.

[...] Now, I favor creating immutable objects. The folks over in the functional camp are super excited about this concept. However, it’s been around for quite a while and it has so many benefits.

He talks about how immutable objects make it easier to not only test code but also allow for more rational reasoning about their contents. He points out that they also make it easier to understand the state of an application should an exception arise. He then gets into some examples of immutable objects, creating an ImmutableClass and a ImmutableClassBuilder to help create instances based on values provided.

tagged: immutable object introduction class builder example benefits

Link: http://blog.joefallon.net/2015/08/immutable-objects-in-php/

ORMs under the hood
Aug 26, 2015 @ 09:55:01

The Vertabelo site has posted a tutorial that gives you an "under the hood" view of ORMs and what they're doing in the background to help make accessing your database information easier.

It often happens that if something is loved, it is also hated with the same power. The idea of object relational mapping fits into this concept perfectly. You will definitely come across many opposite points and fierce discussions as well as unwavering advocates and haters. So if you have ever asked whether to use ORM or not, the answer “it depends” will not be enough.

They start with a definition of an ORM to get everyone on the same page, highlighting how they represent database contents and what some of the benefits are in using them. From there the article talks about the importance of good SQL and a few common dangers in using an ORM and not knowing SQL. Then the article gets into how ORMs work and some of the common design patterns they can implement. It lists some of the more popular ORMs (for Python, Java and PHP) and covers some of the main disadvantages to their use. The article ends with examples of some of the libraries mentioned, highlighting the Propel ORM for the PHP world.

tagged: orm behindthescenes introduction advantages disadvantages types propel example

Link: http://www.vertabelo.com/blog/technical-articles/orms-under-the-hood

SitePoint PHP Blog:
Re-introducing PDO – the Right Way to Access Databases in PHP
Aug 25, 2015 @ 11:10:14

On the SitePoint PHP blog they have a post that "reintroduces PDO" or as they describe it, the "right way to access databases in PHP". The PDO functionality in PHP provides extra handling around database connections and queries as well as making it easier to connect to multiple types of databases with similar code.

PDO is the acronym of PHP Data Objects. As the name implies, this extension gives you the ability to interact with your database through objects. [...] PHP is rapidly growing, and it is moving toward becoming a better programming language. Usually, when this happens in a dynamic language, the language increases its strictness in order to allow programmers to write enterprise applications with peace of mind.

In case of PHP, better PHP means object-oriented PHP. This means the more you get to use objects, the better you can test your code, write reusable components, and, usually, increase your salary. Using PDO is the first step in making the database layer of your application object-oriented and reusable.

He starts by answering the question most ask about PDO versus mysql/mysqli by pointing out that PDO is more OOP friendly, it allows for parameter binding and the fact that the mysql extension is no longer supported. He shows how to check and ensure PDO is installed on your setup and, if not, how to add it in (for both linux and Windows systems). The tutorial then walks you through using PDO: making the connections to the server, running queries and returning the results. This includes a section on prepared statements and bound parameters and their benefits including SQL injection prevention.

tagged: pdo database access tutorial introduction prepared statements phpdataobjects

Link: http://www.sitepoint.com/re-introducing-pdo-the-right-way-to-access-databases-in-php/

Paragon Initiative:
A Gentle Introduction to Application Security
Aug 17, 2015 @ 10:51:56

The Paragon Initiative blog has posted a gentle introduction to application security for those new to some of the ideas of secure code and wanting to learn more.

If you are a web developer (or are thinking about teaching yourself web programming), you probably don't think of yourself as a security engineer, or a white-hat/blue-team member of an information security assurance team. You might have considered security threats in the context of quality assurance before (e.g. validating input), but perhaps you're no expert on the subject. But the second your code is deployed in production, your code is the front line of defense for that entire system and quite possibly the entire network. Logically, that means the software you produce must be made reasonably secure.

[...] This might seem like a lot of pressure. [...] I'm not going to say you need to become an application security expert. That very notion betrays the (largely untapped) potential for rich diversity in the technology communities. But I will say this: Application Security is Every Developer's Responsibility

They remind developers that there's a lot more than just 10 types of vulnerabilities (or even 25) and proposes a new model for thinking of security weaknesses in your applications. He outlines five points for assessing the security of your apps, not just common vulnerabilities to fix:

  • Failure to Separate Data from Instructions
  • Unsound Application Logic
  • Your Application's Operating Environment
  • Cryptographic Weaknesses

The fifth is a catch-all "miscellaneous" category that would contain things that are either crossing the boundaries of the other categories or are just each in their own category. He suggests we move on to a "more secure tomorrow", evaluate our applications along these criteria.

tagged: gentle introduction security application paragon initiative taxonomy

Link: https://paragonie.com/blog/2015/08/gentle-introduction-application-security

How to Create a PHP C Extension to Manipulate Arrays Part 1: Basic Array Class Exten
Aug 11, 2015 @ 10:27:24

Dmitry Mamontov has posted a the first part of a series looking at manipulating arrays in the PHP source and enhancing performance for certain handing as a PHP extension.

In PHP projects, arrays are used every where because they are useful and flexible to store all sorts of data structures. However, when you need to maximize the performance the manipulation of arrays for specific purposes, you can achieve great gains if you implement a PHP extension written in the C language. Read this tutorial to learn how to build your own basic array manipulation extension in C.

He covers all the steps you'll need to get start building the extension, introduces a few key concepts and starts on the code for the extension:

  • Building PHP from the Source
  • Building a PHP Extension (overview)
  • Brief Introduction to zval and Functions
  • Defining a Class in Our Extension
  • D for Dynamic (working with dynamic array values)

The C code needed is included through out the post. The next part in the series will build on this and show how to implement interfaces like ArrayAccess and Traversable.

tagged: extension array manipulate part1 series introduction source

Link: http://www.phpclasses.org/blog/post/304-How-to-Create-a-PHP-C-Extension-to-Manipulate-Arrays--Part-1-Basic-Array-Class-Extension.html

Paragon Initiative:
You Wouldn't Base64 a Password - Cryptography Decoded
Aug 10, 2015 @ 12:33:43

The Paragon Initiative has posted an article about cryptography, introducing some of the basic concepts and explaining why "you wouldn't base64 a password" to adequately protect it in your application.

If you feel that cryptography is a weird, complicated, and slightly intimidating subject for which your feelings might be best described as lukewarm (on a good day), we hope that by the time you finish reading this page, you will have a clear understanding of the terms and concepts people use when this topic comes up.

He starts with some of the basics around hashing (keyless cryptography) and the advantages/disadvantages of the method. He moves from there a step up and gets into secret key cryptography, using things like HMAC hashing to ensure message validity. The next move up is to secret key encryption, using some kind of "secret" as a part of the encryption process along with the right algorithm and mode for the encryption level desired. He also covers authenticated key encryption, public key encryption, shared secrets and digital signatures. He ends the post covering some of the common pitfalls of using cryptography in things like password storage, file verification and a reminder that encoding (like base64 encoding) and compression aren't encryption.

tagged: encryption introduction cryptography base64 decoded tutorial hashing

Link: https://paragonie.com/blog/2015/08/you-wouldnt-base64-a-password-cryptography-decoded

Revath S Kumar:
PHP : Service classes
Aug 07, 2015 @ 12:08:40

Revath S Kumar has a post to his site that wants to help get you started writing service classes for your application. Service classes are useful when interacting with multiple pieces of data that need either interaction or correlation.

When I started with MVC in PHP, I used to write the whole logic in controller, then when I learned about skinny controllers fat models I reduced the code in controller and moved logic into models. But that was not enough. [...] In order to make this more convenient and reusable I thought of abstracting the logic for creating the order into service classes. I got this idea of service classes from Ruby on Rails. So when I came back to PHP world I thought of using service classes.

He uses examples of service classes he's written for a Yii framework based application, showing a before and after example of his "Orders" controller. He moves most of the logic from the controller (less reusable) into a service class that creates the order record based on the data its been provided. He uses exceptions to handle validation errors, making it simpler in the controller to catch multiple exception types in one place.

tagged: service class introduction yiiframework tutorial orders

Link: http://blog.revathskumar.com/2015/08/php-service-classes.html

SitePoint PHP Blog:
Appserver – a Production-ready PHP-based Server
Aug 06, 2015 @ 08:57:44

The SitePoint PHP blog has posted a new review of Appserver, a "production-ready PHP application server" that includes a web server written in PHP. Appserver is a downloadable project that can be run on any server that already has PHP installed.

You’re probably asking, “Why is appserver paradigm changing?” The answer is, because it tackles the last frontier of PHP application development: high performance for large applications from a server resource optimization and collaboration perspective. This is the realm of PHP development which a good number of professional PHP developers have been calling for, like Manuel Lemos in his “PHP7 Features and Release Date” blog (see the section about a “Standalone Multi-threading Web Server”) and Fabien Potencier, father of Symfony, in his presentation “My Take on PHP”, where he notes he is also working on such an application server solution himself. Well, look no longer Fabien, we already have a really good solution with appsever.io.

In this first part of a new series author Scott Molinari introduces some of the basic concepts behind an appserver in general and helps you get the software installed. He talks about threading and compares the typical PHP server stack against the appserver approach. The main difference is that, with the appserver, there's more control over what's destroyed for each request, allowing more control over the execution and reuse of components. He points out that it does require a bit of different kind of thinking to write code that works with an appserver. He finishes off the post with a few quick steps to getting the latest version of the Appserver build into a local VM via the apt-get package manager and starting it up.

tagged: appserver appserverio application server introduction part1 series concept installation

Link: http://www.sitepoint.com/appserver-a-production-ready-php-based-server

Semaphore CI Blog:
Getting Started with BDD in Laravel
Aug 05, 2015 @ 09:17:43

Bruno Skvorc has written up a tutorial on the Semaphore-CI blog showing you how to get started with behavior-driven development in Laravel applications. He makes use of the Behat and PHPSpec libraries to write and execute the tests.

For many developers BDD is a complicated subject, and getting started with it the right way often does not come easy - especially when you need to implement it into an existing framework. This tutorial aims to help you get a BDD-powered Laravel project up and running in very little time, introducing you to the basic concepts and workflow you'll need to proceed on your own. We'll be installing and using Behat and PhpSpec.

He walks you through the process of getting everything you need installed: a simple Laravel application and Behat (also requiring a bit of setup to make it "play nice" with Laravel). He initializes the Behat directory and explains the concept of "context" and how to configure your Behat installation. He then gets into writing the features, creating a basic test that checks the main page of the Laravel application for the phrase "Laravel 5". A bit of additional PHP code is required to make the tests work (included) and the result is a passing test, executed with just a behat command.

The second half of the article is about PHPSpec, showing how it can be used as a sort of replacement for PHPUnit with a bit more readable syntax. He shows how to write a simple test against an object. Finally, he shows how to combine the powers of Behat and PHPSpec into a single method of testing, using PHPSpec behind the scenes in the Behat context to help with testing assertions.

tagged: phpunit phpspec testing behaviordriven behat bdd introduction tutorial

Link: https://semaphoreci.com/community/tutorials/getting-started-with-bdd-in-laravel