News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
MVC - a Problem or a Solution?
July 28, 2014 @ 11:42:36

The SitePoint PHP blog has a new post by Jeroen Meeus that wonders if MVC is a solution or a problem when it comes to developing web applications.

Repositories, Adapters, MVC with all it cousins, SOLID, RTFM… As a (PHP) developer, those words are thrown at you from every corner of the web. And I hate it, I've had enough. Stop telling me what to do and show me those kittens instead. [...] When solving the web-application problem, we are forced to use MVC. The dev community often frowns upon those who don't use it, but seldom lets those they're frowning upon ask why. [...] MVC doesn't solve the Code complexity problem. It doesn't solve the code reuse or no-flexibility problem either. And it doesn't guarantee decoupled code.

He goes on to talk about how design patterns don't "solve problems". Rather they help us as developers by providing a best practice we can follow to get the job done. He suggests, though, that MVC has become "the new Singleton" but it has been used so much in so many different ways, it's boarding on the point of being abused.

Depending on the situation, and the problem at hand, different patterns can help you write robust, secure and understandable code. Just be careful using them - if you catch yourself using the MVC pattern for a 1-pager, ctrl+a del.
0 comments voice your opinion now!
mvc designpattern problem solution abuse

Link: http://www.sitepoint.com/mvc-problem-solution/

Docnet.nu:
SSL And PHP Streams - Part 1 You Are Doing It Wrong™
June 26, 2014 @ 09:54:40

On the Docnet.nu blog today they've kicked off a series looking at the use of streams and SSL in PHP and asking if you're doing it wrong in your current applications. The focus is more on the security aspect, breaking it down into a set of common problems (and how to work around them).

The upcoming PHP 5.6 release brings with it a number of improvements to encrypted PHP streams, both internally and externally. In these articles I will try to cover the most important changes, and how they affect your code. This article will focus on how to get the best security level in code that needs to be run on PHP versions below 5.6, and highlighting some of the gaps in the currently available functionality. Version 5.4.13 is the earliest version that supports all the options described below - and if you are running something earlier than this, then you really should consider upgrading to at least the latest version of the 5.4 series 1.

Their list is made up of six different problems:

  • Problem 1: Peer Verification
  • Problem 2: Cipher Lists
  • Problem 3: Protocol Support
  • Problem 4: TLS Compression Attack Vulnerability
  • Problem 5: Cipher Order
  • Problem 6: TLS Renegotiation Attacks

Each problem comes with a brief description of what it is and why it's an issues. Some also include code snippets showing how to correct the issue, usually relatively simply.

0 comments voice your opinion now!
streams problem list solution https tutorial

Link: http://www.docnet.nu/tech-portal/2014/06/26/ssl-and-php-streams-part-1-you-are-doing-it-wrongtm/C0

Nikita Popov:
The case against the ifsetor function
January 13, 2014 @ 09:22:52

In his latest post Nikita Popov aims to make a case against the introduction of the "ifsetor" function to be introduced into the PHP language. This function takes in a variable to find and, if found returns it. If not, it doesn't produce an error (or warning).

Recently igorw wrote a blog post on how to traverse nested array structures with potentially non-existing keys without throwing notices. The current "idiomatic" way to do something like this, is to use isset() together with a ternary operator. [...] Someone on /r/PHP pointed out that there is an alternative approach to this problem, namely the use of an ifsetor function.

He goes on to talk about by-reference argument passing, why requesting an undefined array index doesn't really throw an error and how writes don't have the same issues as reads. He then gets into his own issues around the "ifsetor" function, namely:

  • Creation of dummy values
  • No notices for nested indices
  • Null values treated as non-existing
  • Default is always evaluated
  • By-reference passing often forces a copy

He summarizes most of the issues in one statement - "there is way too much by-ref magic involved". He then looks at some of the ways that this could be helped but opts instead for something more like "get_in" as proposed by Igor.

0 comments voice your opinion now!
ifsetor getin array read write problem byreference

Link: http://nikic.github.io/2014/01/10/The-case-against-the-ifsetor-function.html

Anthony Ferrara:
Beyond Design Patterns
September 19, 2013 @ 10:43:11

Anthony Ferrara has written up a new post that looks beyond design patterns. He suggests that more emphasis should be put on learning proper methods for abstraction and communication between objects and structures.

Many people teach design patterns as a fundamental step to Object Oriented Programming. They are so universally seen as important that almost every single conference that I have been to has had at least one talk about them. They are quite often used as interview questions to test a candidate's OOP knowledge. However, just like inheritance, they are not needed for OOP. And just like inheritance, they are a distraction rather than a foundation. Instead of focusing on patterns, I suggest focusing on learning about abstraction and communication.

He briefly covers the three types of patterns most people are introduced to - creational, structural and behavioral - and his suggestions of other patterns that answer more of the "what the problem is" question:

  • Shim patterns (Flyweight, Iterator, etc)
  • Compositional patterns (Adapter, Builder, Facade, etc)
  • Decompositional patterns (Bridge, Command, Mediator, etc)

He spends some time later in the post looking a bit more closely at four specific patterns, Adapter, Bridge, Facade and Proxy. He points out that they (essentially) do the same kind of thing and boils it down to a more refined set of implementation patterns and the problems they help solve.

0 comments voice your opinion now!
designpattern communication abstraction implementation problem

Link: http://blog.ircmaxell.com/2013/09/beyond-design-patterns.html

Sherif Ramadan:
Password Hashing And Why People Do It Wrong
June 03, 2013 @ 12:18:26

In a recent post to his site Sherif Ramadan looks at the topic of password hashing and why most developers are (still) doing it wrong. He notes that "fixing the people" and their mindset about hashing/salting is much harder than just fixing the code.

Beyond just writing code I also have to solve some very tough problems on a regular basis. Some of which don't stem from code at all, but from the people behind the code. Fixing code is easy for me (computers just do what I tell them to do), but fixing people proves to be a lot more challenging. Unfortunately some people are of the mindset that they aren't wrong simply because they've never been proven wrong before. To some people being proven wrong goes beyond just words. Some of us are a lot more stubborn than others and so explaining something may not be enough. This is called the wisdom of humility.

He points out that even those that immediately think "rainbow tables" when they think about md5 hashing are behind the times. Most processing methods, including the use of a GPU, can be used much more effectively and don't require the overhead of the large tables. He illustrates with a "random" md5 generator that outputs around 916 million variations. With a GPU running 4k million per second, this kind of cracking won't take long. He also talks about salts and how they can help the situation - but not just append it, hash with it.

It's usually the result of several underlying factors that people end up making poor choices about security. Some times it's due to incompetence. Other time it's due to politics. Whatever the reasons are they are never excusable, because there are better alternatives out there and it's not as though they are more difficult or less available than others. So there really are no good reasons [not to do it] here.
0 comments voice your opinion now!
pasword hashing gpu md5 sha1 bruteforce people problem

Link: https://sheriframadan.com/2013/05/password-hashing

Software Gunslinger:
PHP is meant to die
April 05, 2013 @ 10:47:40

In this new post, titled "PHP is meant to die", the author looks at one weakness he sees in the PHP language - how PHP handles long running scripts and functionality.

In my opinion, a lot of the hatred that PHP receives misses the utter basic point: PHP is meant to die. It doesn't mean that a perfectly capable (to some extent) programming language will disappear into nothingness, it just means that your PHP code can't run forever. Now, 13 years after the first official release in 2000, that concept still looks valid to me.

He talks about some of the "dying" that PHP is good at (like making general website-related requests) but notes that if you try to have it do much more, PHP acts up. He points to the complexity of web-based applications and notes that, while PHP is good for some of it, it's not a fit for all functionality. He also covers the bringing of processes to the foreground that are best left in the background and how - despite the best of intentions - making a PHP daemon to solve the problem isn't a viable option.

Do you see the pattern? I've inherited projects where PHP was used for daemons or other stuff that's not just regular websites (yes, I'm a hired keyboard), and all of them shared that same problem. No matter how good or clever your idea looked on paper, if you want to keep the processes running forever they will crash, and will do it really fast under load, because of known or unknown reasons. That's nothing you can really control, it's because PHP is meant to die. The basic implementation, the core feature of the language, is to be suicidal, no matter what.
0 comments voice your opinion now!
die memory issues longrunning process daemon problem

Link: http://software-gunslinger.tumblr.com/post/47131406821/php-is-meant-to-die

Gonzalo Ayuso:
The reason why singleton is a "problem" with PHPUnit
September 24, 2012 @ 11:57:02

Gonzalo Ayuso has a new post that responds to the idea that "singletons are a problem when testing" your applications with something like PHPUnit.

Maybe this pattern is not as useful as it is in J2EE world. With PHP everything dies within each request, so we cannot persist our instances between requests (without any persistent mechanism such as databases, memcached or external servers). But at least in PHP we can share the same instance, with this pattern, in our script.

He illustrates a bad side effect of this sharing of resources with a simple unit test that increments a counter in a class. He notes that, because the script shares the object, you can't reliably know the state of it as you don't know what's happened before your use. He recommends two things to help the situation - either not use them at all or destroy the instance each time after using it (counterproductive to using a Singleton, obviously).

0 comments voice your opinion now!
singleton designpattern problem resource sharing


Anthony Ferrara's Blog:
The True Problem With PHP
July 06, 2012 @ 13:21:58

In response to some of the "problem with PHP" posts that have been circulating lately, Anthony Ferrara has posted about the "true problem" with PHP - less about the language, more about the community.

The core of the PHP community is filled with a lot of really talented and smart developers doing some really amazing things. But on the fringes, there are a lot of people who are writing articles, tutorials, and posts designed to help beginners learn the language (and usually how to program). The problem with this is that the majority of those authors frankly don't have a clue what they are talking about.

He talks about why this is a problem (bad practices promoted, bad code) and what you, as a PHP developer, can do about it...and maybe help in creating a separate tutorials site with content "approved" to provide good practices and quality code.

0 comments voice your opinion now!
problem language community tutorials articles quality


Marcus Bointon's Blog:
Compiling wkhtmltopdf on Mac OS X 10.7 Lion
May 16, 2012 @ 11:55:26

Marcus Bointon has written up the process he took to get the PHP extension for Wkhtmltopdf (a conversion tool for HTML to PDF generation) up and working on a Mac OSX machine - not as easy a task as it sounds.

Wkhtmltopdf is extremely cool. I've used qtwebkit for generating server-side page images before using python-webkit2png, and that's fine (unlike using Firefox running in xvfb!), but I need to produce PDFs. So, I looked around and found several neat, simple PHP wrappers for calling wkhtmltopdf, and even a PHP extension. "Great", I thought, "I'll just install that and spend time working on the layouts since the code looks really simple". I spoke too soon.

He goes through each step of the process - installing the needed wkhtmltox and libwkhtmltox support, having to manually compile wkhtmltopdf and some of the small changes you'll need to make to the Makefile to get things to cooperate. He shows where to put the resulting application files and the name of the extension to enable in your php.ini.

0 comments voice your opinion now!
compile osx wkhtmltopdf problem manual


ServerGrove Blog:
Common problems designers have when working with Symfony
May 01, 2012 @ 12:17:28

On the ServerGrove blog there's a new post that helps to bridge a gap between Symfony PHP developers and the designers that might be working with the result of their hard work. The post shares solutions to four common problems the designer might have.

For designers, Symfony2 has been a welcome change from those old flat PHP files. Twig is beautiful, the framework separates the code from the layout, and we no longer have to find our way through lines of PHP code. But if you are a designer working on a symfony project for the first time, these are a few tips that can help you get up and running quickly.

The four common problems they've seen are:

  • How do I disable the toolbar at the bottom of the page?
  • Errors about missing libraries/files
  • No Javascript or no-css showing up
  • A completely blank page
0 comments voice your opinion now!
symfony common problem designer framework



Community Events





Don't see your event here?
Let us know!


threedevsandamaybe release symfony list series api introduction tips framework bugfix code voicesoftheelephpant community zendserver interview laravel language deployment conference podcast

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework