Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Matt Stauffer:
"Strict" mode and other MySQL customizations in Laravel 5.2
Feb 29, 2016 @ 10:47:24

In a new post to his site Matt Stauffer revisits the topic of "strict" mode with MySQL and Laravel with some customizations you can make around how your application uses it.

If you remember my post How To Disable MySQL Strict Mode on Laravel Forge (Ubuntu), you'll remember that MySQL 5.7 introduced something we've been casually calling "strict mode," which is really a combination of new modes that, in sum, make MySQL process your queries a little more strictly than before.

In my previous post I showed how to disable it on Ubuntu, but since then, Adam Wathan has added a feature to Laravel that allows you to define whether you're using "strict" mode and also allows you to customize exactly which modes you'd like enabled--all in code.

He briefly goes back over what the "strict" in "strict mode" means for your database and application, including a list of the set of modes it contains (essentially a grouping of modes). He then shows how to use the new feature to enable/disable it in a Laravel (5.2+) application through the database configuration. You can also get more in-depth and enable/disable individual modes that the "strict" mode contains if you need a bit more custom handling.

tagged: strict mode mysql customize laravel mysql example configuration

Link: https://mattstauffer.co/blog/strict-mode-and-other-mysql-customizations-in-laravel-5-2

Aaron Saray:
Two Quick Tips for Securing PHP Sessions
Feb 15, 2016 @ 09:41:47

In a new post to his site Aaron Saray has shared two tips that can help you protect the information in your PHP sessions - two configuration options to enable that can enforce stricter standards and options enhancing their overall security.

Let’s talk a little bit about session fixation in PHP. Such a fun topic, right? Tons to get into here. But, let’s just touch the surface on two VERY SIMPLE things you can be doing now to make sure that your website is safe.

The two configuration options he mentions are ones that:

  • force the session identifier to use cookies (versus also allowing it from the URL)
  • enforce "strict mode" on the sessions

Each comes with a bit of description as to what the setting does and the recommended setting is to provide the most protection. One note, though: strict mode is only included in PHP 5.5.2 or greater.

tagged: session security tip strict mode cookies useonly phpini configuration setting

Link: http://aaronsaray.com/2016/two-quick-tips-for-securing-php-sessions

Evert Pot:
Strict typing in PHP 7 - poll results
Jan 15, 2016 @ 11:19:54

Evert Pot has shared the results of a poll he recently set up on Twitter asking PHP developers if they planned to make use of the strict typing functionality in PHP 7 in their applications. Unsurprisingly, the majority voted that they will with a more undecided audience coming in second.

Type hinting comes in two flavors: strict and non-strict. This is the result of a long battle between two camps, a strict and non-strict camp, which in the end was resolved by this compromise.

Now by default PHP acts in non-strict mode, and if you'd like to opt-in to strict-mode, you'll need to start every PHP file with this statement. [...] So I was curious about everyone and whether you will be using strict mode or not. Results are in.

According to those that voted 46% were completely in favor of using the declare statement to enable strict typing in their PHP 7 code by default. The next group, the "undecided" were at 26% with "no way" and "what is that?" coming in farther down the list. He also mentions a package that's in the works from Justin Martin that would automatically add the declare statement to your code in the desired location(s). Additionally there's an extension in development from Joe Watkins that will do the same thing but making it a bit more automatic.

tagged: php7 strict type declare poll results usage composer package extension

Link: https://evertpot.com/strict-types-pollresults/

Zend Developer Zone:
A new type of PHP, part 2: Scalar types
Sep 16, 2015 @ 09:09:26

The Zend Developer Zone has posted the second part of their series (from community member Larry Garfield) about scalar types in PHP 7, one of many features in this "coming soon" release. You can find part one of the series here.

In our last installment, we talked about the benefits of more robust variable typing in PHP 7, and specifically the new support for typed return values. That is already a big boon to the maintainability of our code, but PHP 7 goes a step further. So far, we’ve only talked about typing against classes and interfaces. We’ve been able to type against those (and arrays) for years. PHP 7, however, adds the ability to type against scalar values too, such as int, string, and float.

But wait. In PHP, most primitives are interchangeable. [...] Much the same as return types, scalar types offer greater clarity within the language as well as the ability to catch more bugs earlier. That, in turn, can help encourage more robust code in the first place, which benefits everybody.

He starts by looking at the four new types that have been added in PHP 7: int, float, string, and bool. He includes a code example showing each of them in use on class interfaces and functions. He steps through the code example, explaining how the return type checking is handled for each instance. He also talks about how return type hinting can also benefit static analysis tools, allowing them to potentially find bugs in return values easier than before. Finally he covers strict mode, the method for enforcing types in your code and preventing PHP from doing any "magic" type switching for you. He also includes a code example of this functionality and how, with it enabled, it would have caught an error in his example on a integer vs string input.

tagged: scalar type hints introduction php7 strict example

Link: http://devzone.zend.com/6622/a-new-type-of-php-part-2-scalar-types/

Medium.com:
PHP7: More strict! (but only if you want it to be)
Mar 18, 2015 @ 10:48:38

In this new article Er Galvao Abbott talks about the struggle (and finally, inclusion) of type hinting in PHP, more specifically coming in PHP7, and how strict they can be.

It wasn’t easy (we knew it wouldn’t be) and certainly wasn’t pretty (we sort of knew that as well), but it’s finally official: PHP7 will come with Scalar Type Hints (STH) and an optional “strict mode”. [...] This is basically a step towards a more strict way of coding in PHP. Will we see more steps in that direction in the future? We don’t know and we’re OK with that for now. What’s brilliant about the body of work represented by these RFCs is that by implementing their concepts and specially making the “strict mode” optional the choice of being more strict remains with the programmer.

He talks some about the background of the want and need for strict typing in PHP and mentions three RFCs that will influence the type hints and handling in PHP7:

He summarizes each RFC and what it contributes to the language. He ends the post by dispelling one thing about all of this new typing functionality - PHP will remain loosely typed, this new functionality is in a "strict mode" only used when specified.

tagged: php7 strict type hint mode rfc introduction feature

Link: https://medium.com/@galvao/php7-more-strict-but-only-if-you-want-it-to-be-78d6690f2090

Samantha Quinones:
Juggle Chainsaws, Not Types
Nov 22, 2013 @ 09:25:33

Samantha Quinones has a new post today about something that has been known to trip up both new and experienced PHP developers - PHP's dynamic type juggling.

No matter how popular an activity it is, I really don’t like to bash on PHP. Every language has its flaws when you look closely enough, and if PHP wears its idiosyncrasies a little closer to the surface than most, I think it makes up for it in other ways. PHP’s handling of types, however, is confusing at best and at worst completely deranged.

She goes on to talk about the issues with type comparisons and how much trouble using the "==" (double equals) versus the "===" (triple equals) can potentially cause. While it's easier for new PHP developers to get caught by this issue, even experienced devs might miss it. She gives an example of a time in her own development involving the comparison of strings against constants and in_array's non-string type comparisons.

tagged: type juggling strict loose comparison inarray

Link: http://www.tembies.com/2013/11/juggle-chainsaws/

Nikita Popov's Blog:
Scalar type hinting is harder than you think
Mar 07, 2012 @ 10:03:47

In this new post to his blog Nikita talks about scalar type hinting and why it's harder than most people think to accomplish.

One of the features originally planned for PHP 5.4 was scalar type hinting. But as you know, they weren’t included in the release. Recently the topic has come up again on the mailing list and there has been a hell lot of discussion about it. Yesterday ircmaxell published a blog post about his particular proposals. The reactions on reddit were mixed. On one hand it is clear that people do really want scalar type hints, on the other hand they didn't seem to like that particular proposal.

He gets into some of the details of some of the current proposals and their problems like the strict versus loosely-typed nature of PHP and type hinting that was included but not enforced. One he does like, however, is one based on casting - how the variable ends up being cast rather than the specific type it is when it comes into the function/method. This one still has its flaws, so he suggests another method - weak type hints but with stricter input validation (without casting). He also briefly mentions something called "box based type hinting" that would allow users to define their own hinting rules.

Don't worry - code examples (pseudo-code obviously) are included for each of these proposals to help you understand the differences.

tagged: type hinting static strict looselytyped proposal scalar

Link:

Lorna Mitchell's Blog:
Declaring Static Methods in PHP
Dec 10, 2010 @ 08:40:45

Lorna Mitchell has a new post to her blog today talking about static methods and how to use them correctly in your code (as discovered accidentally in her own code).

I was confused recently to realise that I had accidentally called a static method in PHP dynamically from another part of my code; I expected PHP to output warnings when this is done. On closer inspection I discovered that: static functions can be called dynamically and dynamic functions generate an E_STRICT error if called statically.

She illustrates with some sample code that, when run with E_ALL and E_STRICT throws a warning from the strict side about calling a non-static method statically. She also talks about why it throws this warning for the non-static call on a static method. She also explains why, when a static method is called dynamically, no warning is thrown.

tagged: declaring static method warning strict

Link:

Matthew Turland's Blog:
The Yin and Yang of Typing
Feb 01, 2008 @ 11:58:00

A little while back Matthew Turland posted about something that some developers moving over to PHP from more strict languages have an issue with - variable typing - and how its evolved in languages over time.

Without a little background in programming languages or computer science in general, it's entirely possible that typing systems are not something that have crossed your mind. I thought I'd take a blog entry to share some of my thoughts on how it’s affecting the creation and evolution of languages.

He walks through history a bit, mentioning C, Java, Python and PHP and how they differ in their default type handling. He especially focuses on the "blurred line" between strong and weak typing and how some if offers special features to the language that uses the method.

tagged: typing strong weak strict dynamic java python c

Link:

Clay Loveless' Blog:
PHP and JSON: Cut #987
Mar 01, 2007 @ 08:43:00

In a new post today, Clay Loveless talks about some issues he's been having with PHP and JSON, specifically with the JSON encoding method in PHP 5.2.1.

As of PHP 5.2.1, json_decode() no longer follows the published standards for JSON-encoded texts. Why not? For no reason other than the convenience of those ignorant of JSON standards.

His complaint stems from the results of a vat_dump statement - prior to this version it would give a NULL, but now it returns a "bool(true)" value back, resulting in some breakage of previous scripts. He spends the rest of the post explaining his voyage through the JSON world and how things are supposed to behave. He also digs a little deeper into the var_dump issue and why he thinks it's such a bad thing.

tagged: json vardump null true strict adhere extension standard json vardump null true strict adhere extension standard

Link: