PHPDeveloper.org

Anna Filina: Common PHP Mistakes

Mon, 07/21/2014 - 19:53

Anna Filina has posted her own addendum to a top ten list of common PHP programmer mistakes, adding seven more of her own.

I was recently asked by one of my readers to give feedback on the following article he read: 10 Most Common PHP Mistakes. It is well written and very thorough. Most of the tips are specific to PHP, others are about web programming in general or database performance. It's a very good read. I was also asked to contribute to this list, so here are 7 more tips.

Her list of seven touches on topics like caching, allowing SQL injection, disabling error reporting and ignoring accessibility. She also includes some configuration settings, code and links to other tools/resources to help provide information on preventing these other mistakes.

Link: http://afilina.com/common-php-mistakes/

php[architect]: Sending HTML Emails with Drupal 7, Webform, and Mandrill

Mon, 07/21/2014 - 18:42

The php[architect] site has a new tutorial posted giving you a step by step guide to sending HTML email with the combination of Drupal 7, Webform and Mandrill (the mail service by Mailchimp).

By default, Drupal is configured to send out plain text emails. For many developers, plain text email is sufficient and preferable to HTML email. HTML email is still, in this day and age, not guaranteed to render the same across email clients, more likely to be labeled as spam, and requires a significant amount of testing to make sure it works. Still, a minimally styled HTML message can be easier for recipients to read and help reinforce your brand/design (if you don't depend on images to do so). In this article, we'll look at the modules to install and configure to enable HTML emails and, specifically, how to change the default Webform email template to send submissions as HTML.

The tutorial comes in four different sections, each with plenty of description and some code to make it happen:

  • Set up your site to send email
  • Allow outgoing email to use HTML
  • Formatting Outgoing Email
  • Send Webform Submission as HTML Emails
Link: http://www.phparch.com/2014/07/sending-html-emails-with-drupal-7-webform-and-mandrill/

SitePoint PHP Blog: Social Network Authentication: Twitter and Facebook

Mon, 07/21/2014 - 17:32

The SitePoint PHP blog continues their series of tutorials showing how to authentication your users against various social networks. In the previous post they covered connecting to Google+ and in this latest post they move on to two other popular social networks: Facebook and Twitter.

In the previous parts of this series, we created our initial interfaces, set up our Google+ login functionality and talked about how we can merge our accounts together. In this article, we will integrate Twitter and Facebook within our application. You will see a lot of similarities with the Google+ article, so if you could follow that one easily, you won't have much trouble with this one. If you haven't read that article yet, I suggest you read it first before continuing this article.

He starts off with the Twitter authentication, creating a new "SocialLogin" object type for it and defining the three required properties it needs to connect. Code is included to make the OAuth connection, pass along the callback URL and forward on the user to the Twitter site for approval. Code is also included to store the data about the Twitter user in your application. Next up is Facebook. The connection is very similar to the others with only a slight difference in the data that's required. You can find the full code for the tutorial so far in this Github repository.

Link: http://www.sitepoint.com/social-network-authentication-twitter-facebook/

NetTuts.com: Best Practices When Working With Sensitive Data: Securing Your Application

Mon, 07/21/2014 - 16:27

The NetTuts.com site has a new tutorial posted today sharing some tips about working with sensitive data in your applications and steps to secure it.

In my previous article, I showed you how to protect your server from attacks and malicious software. This part will focus completely on the third layer of security - your application itself. So here, I will show you techniques that you can use to protect your application from attacks and intrusions.

There's three main topics covered here, each with a few subpoints and some code examples:

  • Using a Database
  • Use a Salt When Hashing
  • POSIX: Drop Privileges When You Don't Need Them
Link: http://code.tutsplus.com/tutorials/best-practices-when-working-with-sensitive-data-securing-your-application--cms-21719

Phil Sturgeon: Send PSR-0 to the Standards Farm in the Sky

Mon, 07/21/2014 - 15:09

In his latest post Phil Sturgeon makes a request of the PHP community - to "send PSR-0 to to Standards Farm in the Sky". Or, to put it another way, deprecate it in favor of the more recent autoloader handling of PSR-4.

This article attempts to convince you that deprecating the PSR-0 auto-loading standard in favor of the PSR-4 auto-loading standard is not only a good idea, but a problemless wonderland of happy benefits, in the hope that when I try to get this done on the FIG mailing list, people will be happy about it instead of sad or rage-mode. [...] I believe it was talked about as an alternative at the time because we knew that the PHP community would drop their collective bricks if we tried to pull PSR-0 out from under them, right as they were just slowly getting used to using it.

He covers a few different topics and his opinions on each including the "hate" for PSR-0 (for wanting to get rid of it) and why it should even be considered for deprecation in the first place. He also reminds readers that he's advocating the deprecation of PSR-0, not the removal of it as a standard. It can still exist and be used but it will no longer be the "moving forward" method of autoloading (in favor of PSR-4). He also comments on the large user base out there on PHP <=5.2 that wouldn't be able to make the update to PSR-4 and a suggestion to projects wanting to encourage the migration.

Link: http://philsturgeon.uk/blog/2014/07/deprecate-psr0

Community News: Packagist Latest Releases for 07.21.2014

Mon, 07/21/2014 - 14:04
Recent releases from the Packagist:

Reddit.com: What constitutes the "PHP community"?

Fri, 07/18/2014 - 18:09

There's a good conversation happening over on Reddit today about what constitutes the "PHP community" and how it can be defined. JordanLeDoux wonders if those who just write PHP are included in that group as well.

One conversation was with a dev who hates PHP because (mostly) they work with code that was written by some non-PHP dev who was asked to write it. The other was with /u/krakjoe from the PHP internals team, where I was commenting on a sentiment that sometimes finds its way into the internals mailing list: if you want a real programming language, then go use one. In both cases, I made the assertion that most people who utilize PHP or edit a script aren't actually part of the PHP community. [...] How can someone that is functionally isolated from any other person working in PHP be part of the PHP community?

Responses to the post are, for the most part, encouraging suggesting that

  • There's not a single "PHP community" but many smaller ones
  • sub-communitiies can revolve around technology or a product
  • The different definitions of community
  • The broad range of skills that "PHP developers" are known to have

Check out the full post for more opinions and share your own!

Link: http://www.reddit.com/r/PHP/comments/2ayxkg/what_constitutes_the_php_community/

Lorna Mitchell: Using Phing with Travis CI

Fri, 07/18/2014 - 17:23

Lorna Mitchell has a quick post to her site today showing you how to link up Travis-CI and phing to execute the phing build on the Travis-CI service.

We've started using Travis CI on one of my projects to run some build processes to check that everything looks good before we merge/deploy code. One thing I ran into quite quickly was that I wanted to install phing in order to use the build scripts we already have and use elsewhere, but that it isn't provided by default by Travis CI.

To get it all cooperating, she uses the "before_install" settings/functionality Travis provides to use PEAR to discover and install phing. Then in the "script" section, the build can call the phing executable without problems. She does point out one "magic" kind of thing that rehashes the Travis environment and lets to know phing exists: the...well..."rehash" configuration setting.

Link: http://www.lornajane.net/posts/2014/using-phing-with-travis-ci

Paul Jones: Action-Domain-Responder, Content Negotiation, and Routers

Fri, 07/18/2014 - 16:17

In his latest post Paul Jones comes back to his proposed application structure, the idea of Action-Domain-Responder, and answers some questions about where content negotiation happens and routing.

While talking about Action-Domain-Responder on the Crafting Code Tour, one of the common questions I got was: "Where does content negotiation happen?" My response was always: "Where does it happen in Model-View-Controller?" That opened up a discussion on how content negotiation is a tricky bit that can go in different places, depending on how you want the concerns separated, and is not a problem specific to ADR.

He goes on and tries to answer the question a bit better, pointing out that "it's a problem for everyone" isn't really good enough to take action on. He works through the different pieces of the ADR pattern, trying to reason out where the right fit is. He suggests a "first filter" on the Controller level, more specifically at the Router level. That's not to say that the Router needs to know about content handling, but it does need to know how to pass that information on.

Link: http://paul-m-jones.com/archives/6020

7PHP.com: Michelangelo van Dam - 7PHP Interviewee VIP Profile

Fri, 07/18/2014 - 15:55

The 7PHP.com site has a new community spotlight posted today, focusing in on Michelangelo van Dam and providing his "VIP profile" (links to information about him).

Links for Michelangolo include:

There's also several quotes included in the post about Michelangelo from other members of the community.

Link: http://7php.com/michelangelo-van-dam/

Toptal Blog: 10 Most Common PHP Mistakes

Thu, 07/17/2014 - 18:52

On the Toptal blog Ilya Sanosyan has a post sharing what he sees as the top ten most common mistakes PHP developers make on a day to day basis. While most of the tips are code-specific there are one or two that are a bit more abstract.

PHP makes it relatively easy to build a web-based system, which is much of the reason for its popularity. But its ease of use notwithstanding, PHP has evolved into quite a sophisticated language, with many nuances and subtleties that can bite developers, leading to hours of hair-pulling debugging. This article highlights ten of the more common mistakes that PHP developers need to beware of.

Among the items on his list are things like:

  • Leaving dangling array references after foreach loops
  • Confusion about returning by reference vs. by value
  • Memory usage headfakes and inefficiencies
  • Assuming $_POST will always contain your POST data
  • Thinking that PHP supports a character data type

Each of the items comes with a good description, some code and suggestions on how to avoid and/or fix it in your applications.

Link: http://www.toptal.com/php/10-most-common-mistakes-php-programmers-make

SitePoint PHP Blog: Getting Started with FluentPDO

Thu, 07/17/2014 - 17:08

The SitePoint PHP blog recently posted a new tutorial helping you get up and running with FluentPDO, a small PHP library that makes building queries easier and faster. In the tutorial Francesco Malatesta introduces you to the tool and creates a test project to show it in use.

You know the story: writing SQL queries is so boring. Especially when you don't have time to do it. If you feel like me, today we are going to see something really cool: Fluent PDO. [...] The result? No more SQL queries. Maybe this is not the first one you have seen: there are many similar projects out there and every single one has its key features. Fluent's key feature is a great JOIN Query Builder.

His test project links a "wishlist" listing with a users table based on a "user_id" field. He includes the SQL to create the two tables and helps you get the library installed (via Composer). He shows some basic select operations using the fluent interface including where clauses, order by and group by handling. He also covers some basic examples of the other CRUD operations (create, read, update, delete) before getting into one of the more advanced features: the join query builder. Finally, he wraps up the post with a brief look at the query debugger, making it a bit simpler to tell where the failures might lie.

Link: http://www.sitepoint.com/getting-started-fluentpdo/

Qandidate.com Blog: Fault tolerant programming in PHP

Thu, 07/17/2014 - 16:44

The Qandidate.com blog has a new post today looking at fault tolerant programming in PHP applications. Essentially, this means writing your code so that error conditions are handled gracefully and with as little impact as possible.

In your application, every time you call an "external" service you are vulnerable to the failure in that service. That either might be a third party API being down, your database being unresponsive or unexpected errors from the 3rd party library you are using. With many developers and companies being interested in composing applications out of microservices at the moment, guarding for failures because of broken dependencies gets even more important.

They describe a situation where data is coming from an external source (an inventory service) and a timeout or connection failure occurs. They propose a sort of "circuit breaker" to be put in place to protect the application, fail fast on error and maybe even retry until the request is successful. They also point out a library from oDesk, Phystrix, that allows for fault tolerant execution through a wrapper that traps errors and deals with them instead of just breaking. This is the first part of a series, so in part two they'll show the library in use along with the React HTTP client.

Link: http://labs.qandidate.com/blog/2014/07/14/fault-tolerant-programming-in-php/

Derick Rethans: No to a Uniform Variable Syntax

Thu, 07/17/2014 - 15:32

There's been an RFC that's recently made it through the voting process and was approved for inclusion in PHP6, the uniform variable syntax handling. When these changes are put into effect, some of the odd syntax you had to use for things like variable variables will be cleared up and standardized. However, Derick Rethans stood out as the only "no" vote, here's why...

As you might have heard, PHP developers voted on an RFC called "Uniform Variable Syntax". This RFC "proposes the introduction of an internally consistent and complete variable syntax". In general, this RFC argues for making PHP's parser more complete for all sorts of variable dereferences. [...] Thirty people voted for, and one against: Me. Does that mean that I am against a unified variable syntax? No, I am not. I am actually quite a fan of having a consistent language, but we need to be careful when this hits existing users.

He points out that there's known backwards compatibility breaks in the changes and this breaks the semantics of the language. While the BC breaks are understood, Derick suggests that this is one of the worst changes a language can make: "...and this is exactly why people whine that PHP breaks BC and does not care about its users".

Link: http://derickrethans.nl/uniform-variable-syntax.html

SitePoint PHP Blog: Social Network Authentication: Merging Accounts

Wed, 07/16/2014 - 18:19

The SitePoint PHP blog continues their series looking at authenticating your application against other social networking services with this new post discussing the merging of accounts. This merging allows you to determine if the same user is using more than one account to log into your system.

If you allow users to sign up through different social networks and perhaps your own registration system, there is a good chance some users will have multiple accounts. How annoying can it be for a user who signed up through Facebook earlier, to come back later and log in through Twitter because he thought he used that one? We can prevent this by letting the user merge manually or try to use an automatic system to try and identify duplicated users.

He tracks the information about the users in two different database tables, one for the user themselves and another representing that user's provider (the social network). He gives an overview of two methods you could use for merging these accounts: either doing it manually by suggesting it to the user or trying to do it automatically based on the data you already have.

Link: http://www.sitepoint.com/social-network-authentication-merging-accounts/

Engine Yard Blog: Celebrating 10 Years of PHP 5.0.0

Wed, 07/16/2014 - 17:56

On the Engine Yard blog Davey Shafik has a new post celebrating ten years of PHP 5 as of July 13th, 2014:

Ten years ago yesterday on July 13th 2004, PHP 5.0.0 was unleashed onto the world. Bringing with it the Zend Engine 2, effectively a brand new PHP. [...] The truth is that until PHP 5, PHP was a mostly procedural language, while it supported classes and objects, they were a bolt-on feature. This history is still visible in the majority of its default feature set even today - including some of its newest additions like the new password hashing API.

He talks about the evolution of PHP even since version 5.0.0 and how other technologies, like Ruby on Rails, has influenced the language and its developers towards greater things. He shares his answers to a few questions including:

    What is the most significant change to PHP in the last 10 years?
  • What's the biggest change in the community in the last 10 years?
  • What's the most pressing issue for PHP?
  • What would you like to see in the next major version?

He also includes an infographic of the timeline that lead up to the PHP 5.0.0 release and the advancements since then. There's even a look at the "Future of PHP" with some emerging technologies and what might lie in store for "PHP 6" (whatever that may end up being).

Link: https://blog.engineyard.com/2014/php-5-10th-anniversary

Hari KT: Aura Framework V2: The Missing Manual

Wed, 07/16/2014 - 16:14

Hari KT has a new post to his site today about a book he's been working around around the Aura framework that provides the missing manual for v2 of the project. He's publishing it as a book over on Leanpub too, so it's easy to grab...and for free too.

Aura has an awesome collection of libraries for different purpose. [...] If you are new to aura, there is probably something you may want to figure out yourself. Some of the components have version 1 and version 2 releases. There is a question of which branch corresponds to which version. [...] But people new to aura may be having hard time to find the specific documentation or may be stuck sometime. [...] I was talking with Paul M Jones regarding the documentation lately, and he too shared some concerns. Talking with him gave me some inspiration to start the missing manual for the aura framework.

The goal of the book it to provide a good resource for people to learn about the framework/components and their use and to help promote Aura. The book is available for free either on Github or Leanpub (or, to help support Hari and the project consider purchasing a copy).

Link: http://harikt.com/blog/2014/07/15/aura-framework-v2-the-missing-manual/