News Feed
Jobs Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Nikita Popov:
The case against the ifsetor function
January 13, 2014 @ 09:22:52

In his latest post Nikita Popov aims to make a case against the introduction of the "ifsetor" function to be introduced into the PHP language. This function takes in a variable to find and, if found returns it. If not, it doesn't produce an error (or warning).

Recently igorw wrote a blog post on how to traverse nested array structures with potentially non-existing keys without throwing notices. The current "idiomatic" way to do something like this, is to use isset() together with a ternary operator. [...] Someone on /r/PHP pointed out that there is an alternative approach to this problem, namely the use of an ifsetor function.

He goes on to talk about by-reference argument passing, why requesting an undefined array index doesn't really throw an error and how writes don't have the same issues as reads. He then gets into his own issues around the "ifsetor" function, namely:

  • Creation of dummy values
  • No notices for nested indices
  • Null values treated as non-existing
  • Default is always evaluated
  • By-reference passing often forces a copy

He summarizes most of the issues in one statement - "there is way too much by-ref magic involved". He then looks at some of the ways that this could be helped but opts instead for something more like "get_in" as proposed by Igor.

0 comments voice your opinion now!
ifsetor getin array read write problem byreference

Link: http://nikic.github.io/2014/01/10/The-case-against-the-ifsetor-function.html

Anthony Ferrara:
Beyond Design Patterns
September 19, 2013 @ 10:43:11

Anthony Ferrara has written up a new post that looks beyond design patterns. He suggests that more emphasis should be put on learning proper methods for abstraction and communication between objects and structures.

Many people teach design patterns as a fundamental step to Object Oriented Programming. They are so universally seen as important that almost every single conference that I have been to has had at least one talk about them. They are quite often used as interview questions to test a candidate's OOP knowledge. However, just like inheritance, they are not needed for OOP. And just like inheritance, they are a distraction rather than a foundation. Instead of focusing on patterns, I suggest focusing on learning about abstraction and communication.

He briefly covers the three types of patterns most people are introduced to - creational, structural and behavioral - and his suggestions of other patterns that answer more of the "what the problem is" question:

  • Shim patterns (Flyweight, Iterator, etc)
  • Compositional patterns (Adapter, Builder, Facade, etc)
  • Decompositional patterns (Bridge, Command, Mediator, etc)

He spends some time later in the post looking a bit more closely at four specific patterns, Adapter, Bridge, Facade and Proxy. He points out that they (essentially) do the same kind of thing and boils it down to a more refined set of implementation patterns and the problems they help solve.

0 comments voice your opinion now!
designpattern communication abstraction implementation problem

Link: http://blog.ircmaxell.com/2013/09/beyond-design-patterns.html

Sherif Ramadan:
Password Hashing And Why People Do It Wrong
June 03, 2013 @ 12:18:26

In a recent post to his site Sherif Ramadan looks at the topic of password hashing and why most developers are (still) doing it wrong. He notes that "fixing the people" and their mindset about hashing/salting is much harder than just fixing the code.

Beyond just writing code I also have to solve some very tough problems on a regular basis. Some of which don't stem from code at all, but from the people behind the code. Fixing code is easy for me (computers just do what I tell them to do), but fixing people proves to be a lot more challenging. Unfortunately some people are of the mindset that they aren't wrong simply because they've never been proven wrong before. To some people being proven wrong goes beyond just words. Some of us are a lot more stubborn than others and so explaining something may not be enough. This is called the wisdom of humility.

He points out that even those that immediately think "rainbow tables" when they think about md5 hashing are behind the times. Most processing methods, including the use of a GPU, can be used much more effectively and don't require the overhead of the large tables. He illustrates with a "random" md5 generator that outputs around 916 million variations. With a GPU running 4k million per second, this kind of cracking won't take long. He also talks about salts and how they can help the situation - but not just append it, hash with it.

It's usually the result of several underlying factors that people end up making poor choices about security. Some times it's due to incompetence. Other time it's due to politics. Whatever the reasons are they are never excusable, because there are better alternatives out there and it's not as though they are more difficult or less available than others. So there really are no good reasons [not to do it] here.
0 comments voice your opinion now!
pasword hashing gpu md5 sha1 bruteforce people problem

Link: https://sheriframadan.com/2013/05/password-hashing

Software Gunslinger:
PHP is meant to die
April 05, 2013 @ 10:47:40

In this new post, titled "PHP is meant to die", the author looks at one weakness he sees in the PHP language - how PHP handles long running scripts and functionality.

In my opinion, a lot of the hatred that PHP receives misses the utter basic point: PHP is meant to die. It doesn't mean that a perfectly capable (to some extent) programming language will disappear into nothingness, it just means that your PHP code can't run forever. Now, 13 years after the first official release in 2000, that concept still looks valid to me.

He talks about some of the "dying" that PHP is good at (like making general website-related requests) but notes that if you try to have it do much more, PHP acts up. He points to the complexity of web-based applications and notes that, while PHP is good for some of it, it's not a fit for all functionality. He also covers the bringing of processes to the foreground that are best left in the background and how - despite the best of intentions - making a PHP daemon to solve the problem isn't a viable option.

Do you see the pattern? I've inherited projects where PHP was used for daemons or other stuff that's not just regular websites (yes, I'm a hired keyboard), and all of them shared that same problem. No matter how good or clever your idea looked on paper, if you want to keep the processes running forever they will crash, and will do it really fast under load, because of known or unknown reasons. That's nothing you can really control, it's because PHP is meant to die. The basic implementation, the core feature of the language, is to be suicidal, no matter what.
0 comments voice your opinion now!
die memory issues longrunning process daemon problem

Link: http://software-gunslinger.tumblr.com/post/47131406821/php-is-meant-to-die

Gonzalo Ayuso:
The reason why singleton is a "problem" with PHPUnit
September 24, 2012 @ 11:57:02

Gonzalo Ayuso has a new post that responds to the idea that "singletons are a problem when testing" your applications with something like PHPUnit.

Maybe this pattern is not as useful as it is in J2EE world. With PHP everything dies within each request, so we cannot persist our instances between requests (without any persistent mechanism such as databases, memcached or external servers). But at least in PHP we can share the same instance, with this pattern, in our script.

He illustrates a bad side effect of this sharing of resources with a simple unit test that increments a counter in a class. He notes that, because the script shares the object, you can't reliably know the state of it as you don't know what's happened before your use. He recommends two things to help the situation - either not use them at all or destroy the instance each time after using it (counterproductive to using a Singleton, obviously).

0 comments voice your opinion now!
singleton designpattern problem resource sharing


Anthony Ferrara's Blog:
The True Problem With PHP
July 06, 2012 @ 13:21:58

In response to some of the "problem with PHP" posts that have been circulating lately, Anthony Ferrara has posted about the "true problem" with PHP - less about the language, more about the community.

The core of the PHP community is filled with a lot of really talented and smart developers doing some really amazing things. But on the fringes, there are a lot of people who are writing articles, tutorials, and posts designed to help beginners learn the language (and usually how to program). The problem with this is that the majority of those authors frankly don't have a clue what they are talking about.

He talks about why this is a problem (bad practices promoted, bad code) and what you, as a PHP developer, can do about it...and maybe help in creating a separate tutorials site with content "approved" to provide good practices and quality code.

0 comments voice your opinion now!
problem language community tutorials articles quality


Marcus Bointon's Blog:
Compiling wkhtmltopdf on Mac OS X 10.7 Lion
May 16, 2012 @ 11:55:26

Marcus Bointon has written up the process he took to get the PHP extension for Wkhtmltopdf (a conversion tool for HTML to PDF generation) up and working on a Mac OSX machine - not as easy a task as it sounds.

Wkhtmltopdf is extremely cool. I've used qtwebkit for generating server-side page images before using python-webkit2png, and that's fine (unlike using Firefox running in xvfb!), but I need to produce PDFs. So, I looked around and found several neat, simple PHP wrappers for calling wkhtmltopdf, and even a PHP extension. "Great", I thought, "I'll just install that and spend time working on the layouts since the code looks really simple". I spoke too soon.

He goes through each step of the process - installing the needed wkhtmltox and libwkhtmltox support, having to manually compile wkhtmltopdf and some of the small changes you'll need to make to the Makefile to get things to cooperate. He shows where to put the resulting application files and the name of the extension to enable in your php.ini.

0 comments voice your opinion now!
compile osx wkhtmltopdf problem manual


ServerGrove Blog:
Common problems designers have when working with Symfony
May 01, 2012 @ 12:17:28

On the ServerGrove blog there's a new post that helps to bridge a gap between Symfony PHP developers and the designers that might be working with the result of their hard work. The post shares solutions to four common problems the designer might have.

For designers, Symfony2 has been a welcome change from those old flat PHP files. Twig is beautiful, the framework separates the code from the layout, and we no longer have to find our way through lines of PHP code. But if you are a designer working on a symfony project for the first time, these are a few tips that can help you get up and running quickly.

The four common problems they've seen are:

  • How do I disable the toolbar at the bottom of the page?
  • Errors about missing libraries/files
  • No Javascript or no-css showing up
  • A completely blank page
0 comments voice your opinion now!
symfony common problem designer framework


Justin Carmony's Blog:
PHP, Sessions, __sleep, and Exceptions
March 27, 2012 @ 12:25:02

Justin Carmony has a recent post to his blog about a problem he came across where his exception was being thrown with a line number of zero - cause for some investigation.

Today I ran into a problem where my PHP Application would throw this fatal error: "Fatal error: Exception thrown without a stack frame in Unknown on line 0". Which is so much fun, because it doesn't have a line number, so I had no direction as to what exactly was causing the problem.

He found a blog post that helped him track down the issue that, as it turns out, with serializing objects into the session and an error in the __sleep method.

0 comments voice your opinion now!
exception problem sleep serialization error handler


Vance Lucas' Blog:
Nginx + PHP-FPM Blank Pages with Phar Packages
March 08, 2012 @ 12:18:02

Vance Lucas has a new post sharing some of his experience in setting up nginx+PHP-FPM with phar packages that he recently had with setting up a new server instance for a company. The problem showed itself as blank pages, apparently due to a feature in the Suhosin security package.

Ran into this issue when setting up a new VPS for AutoRidge. This happens when using Nginx and PHP-FPM with PHP 5.3+ and the Suhosin patch when trying to run a PHP script using a PHAR package. From what I can gather, the Suhosin patch basically blocks PHP include/require functions from executing files ending with .phar, which results in a PHP segfault that leaves no trace of any error at all.

His solution is a pretty simple one - edit the "suhosin.ini" file to allow for the opening of includes in phar files (suhosin.executor.include.whitelist). You can find out more about the Suhosin security tool on the project's website.

0 comments voice your opinion now!
nginx phpfpm problem phar package suhosin



Community Events











Don't see your event here?
Let us know!


release install language security symfony2 component composer introduction package series framework overview hhvm podcast facebook application opinion hack dependency unittest

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework