Douglas Brown has a few helpful hints to help you write your PHP code defensively, protecting your code from malicious attackers.
The phenomenal growth of PHP applications has also led to a mushrooming of increased quantum of malicious activity. It thus becomes imperative that you write secure PHP code to protect your website. Here are some tips for the same. The three most vulnerable aspects of PHP that can become easily accessible to anyone are XSS (Cross Site Scripting), Global Variables and SQL code.
He details what each is and how you can protect your code against the problems they cause. Some example code is included to give you a better idea of the possible solution.
Kris Jordan recently posted five tips to help you get a "more correct" REST interface in your application.
As we entered a programmable web of applications with APIs the decision to ignore HTTP gave us problems we're still dealing with today. We have an internet full of applications with different interfaces (GET /user/1/delete vs. POST /user/delete {id=1}). With REST we can say /user/1 is a resource and use the HTTP DELETE verb to delete it.
Let's take a look at 10 useful, yet rather unknown RSS-tricks for WordPress. Each section of the article presents a problem, suggests a solution and provides you with an explanation of the solution, so that you can not just solve some of your RSS-related problems but also understand what you are actually doing.
Andre Liem has posted five simple tips (part one of a two-part series) on ways to optimize your PHP applications.
After experiencing some issues with an application running the Zend Framework, I realized there were a lot of things I was not doing to optimize my application. There are simple and more complex actions you can take to speed up your application. Since time is precious, and developers with an expertise on optimization are not always available, I've split this post into two sections (simple and more advanced). This post focuses on the simple part.
His simpler suggestions include using the YSlow extension in Firefox, minification of Javascript and CSS, merging CSS/JS requests, using gzip and avoiding CSS background images.
In this new post to his blog, Brandon Savage looks at a few methods you can use to help reduce the overhead connecting to the database can cause.
Below are a list of my top five quick-and-dirty strategies for improving database performance in web applications. These suggestions are culled from recent experience and mixed with some ideas that I've implemented in my own code. They're not high level, but they are something we need consistent reminders about.
Here's the short version of the list:
Try caching
Reduce the number of queries that run
Use indexes
Optimize data usage
Avoid functions in WHERE statements
You'll have to check out his post for the full versions, though.
Jamie Hemmett has a few suggestions for local user groups out there on what to do and not to do to help make their group successful. Some of it was gathered from personal experience, other tips from the recent user group panel discussion from this year's ZendCon.
I just listened to the PHP User group Panel discussion from the Unconference session at ZendCon. While I listened I took some notes to try and help our Irish PHP Users Group be awesome like some of the other groups out there. I reckon the podcast and great tips it contains will help other User Groups out there too (not just PHP).
Some of the observations/comments she mentions include:
Freelancing PHP developers may not feel like attending a group with "the competition"
Several factors dissuade developers from attending (distance, confusing schedules, timing)
Some ideas that groups out there could use to attract and keep more members
Why the groups can make you a better developer
and some sponsorship/promotion ideas to help grow and better the group
This is a great post packed with some good suggestions and observations. If you're involved at all in your local group (or would like to be) be sure to read it.
The Midstride Solutions blog has posted five tips and tools that can help to make you a better developer (and possibly make you a faster one).
In this post, I will discuss 5 tips and tools that the php community has provided to speed up development time and improve code quality. These should help you out if you don't already know them, but if you do I would like to hear what you use to speed up your development time.
Their five tips/tools are:
Framework with the Model View Controller (MVC)
AJAX Frameworks
Integrated Development Environment (IDE)
Database Creation/Management Software
Object Relational Mapping (ORM)
Included for each is his personal preference and recommendation.
Jayson Minard has a new post to the Zend Developer Zone talking about scaling your PHP applications - some of the best practices to follow that can make it easier on you.
As a consultant, I deal with companies of all sizes. From new startups all the way up to large conglomerates. And I am constantly amazed at the old-world view to application scalability and performance. [...] They seem unaware that scalability has many facets, and some haunt them from the first draft of an architecture all the way through each milestone of coding. And many can be resolved without spending money on hardware or expensive software, or even without derailing the project schedule. Here are some of my scalability tips that should be applied at all times of a project's life.
His suggestions include:
Build Your Technical Team From The Top Down
Develop With Realistically Sized Data
Design For A Single-Slice Cluster
Your Transaction Database Is Not Your Reporting Database
and several more - check out the full post for explanations of these and the other great tips.
In a new post today Alex Netkachov shows a handy little tip for the Eclipse users out there that want to use the @var type hint in their code.
@var variable type hint is very useful, but adding it a little bit complex: usually you need to type the class name or copy/paste it from somewhere. But with Eclipse PDT templates you can simplify this and add an autocomplete for variable name and class name.
It's a simple one-step process - you just add in a new template to your Eclipse application and it will prompt you to select the class name from a list and drop it right in. No more cut and paste needed!
