web developer rocks: 六月 2011

2011年6月30日星期四

Site News: Blast from the Past - One Year Ago in PHP

Here's what was popular in the PHP community one year ago today:

DevShed: Violating the Liskov Substitution Principle - PHP

On DevShed today there's a new tutorial posted talking about the Liskov Substitution Principle (part of the SOLID set of principles) and how to use it in a practical example using some object-oriented PHP.

However, not all is bad with Inheritance. When used properly it can be a great ally. The question that comes to mind is: how can you keep away from building derivatives that behave totally different from the chosen abstraction(s)? Here's exactly where the Liskov Substitution Principle (LSP) comes into play.

They choose to illustrate the principle in the form of a view renderer that, when an unintentional issue happens, throws a new exception. He creates the abstract class to generate the view objects and creates a few child objects that extend it. using these, he creates a set of templates that render a header/footer/body with the data given. The problem comes up when he tries to work with his objects and a partial view instead of a composite view is passed in.

It's a complicated situation to follow, but it does help make the principle a bit more clear. I'd suggest following it all the way through and possibly even trying out their code (included) to make it even more clear.

Philip Norton's Blog: Netscape HTTP Cooke File Parser In PHP

Philip Norton has shared a script he's created in a new post today that lets you read from a Netscape-formatted cookie file (as outputted from a curl request).

This file is generated by PHP when it runs CURL (with the appropriate options enabled) and can be used in subsequent CURL calls. This file can be read to see what cookies where created after CURL has finished running. As an example, this is the sort of file that might be created during a typical CURL call.

The file is structured, plain-text content with information on the domain, path, security, name and expiration details of each cookie. His script parses out these details and pushes them into a basic array, prime for searching and sorting (and reuse) in your application.

2011年6月29日星期三

Community News: Latest Releases from PHPClasses.org

Bastien Labelle's Blog: Why PHP is So Much Better than Ruby

Bastien Labelle has posted a new (tongue-in-cheek) post to his blog today about a presentation he and a friend of his recently gave at a conference - Why PHP is so Much Better than Ruby.

Of course, saying that PHP is so much better than Ruby is pure bullshit, and this talk is, as I hope you guessed, a big big sarcasm. Trolling apart, I think this talk is also quite interesting, since somehow it shows some of the weaknesses of Ruby and its ecosystem.

Included in the post are their slides and a brief transcript of the main points they mentioned. Also interesting are some of the comments mentioning the typing issues the talk discussed and the fact that popularity isn't the same as quality.

PHP.net: PHP 5.4 alpha1 Released

On the PHP.net site today there's an announcement about the release of the PHP 5.4 alpha1, the first version of the upcoming 5.4 release.

The PHP development team is proud to announce the first PHP 5.4 alpha release. PHP 5.4 includes new language features and removes several legacy (deprecated) behaviors. Read the NEWS file for a complete list of changes. [...] This alpha release exists to encourage users to identify bugs, and to ensure that all new features and backward compatibility breaks are evaluated and documented before PHP 5.4.0 is released. Please report findings to the QA mailing list and/or the PHP bug tracker. Windows binaries can be downloaded from the Windows QA site.

They remind the development community that this is an alpha release and is not meant to be used in production. Changes in this release include traits, array dereferencing, DTrace support, the removal of several ini options and a few session-related functions.

2011年6月28日星期二

Community News: Latest PECL Releases for 06.28.2011

Latest PECL Releases:

Shay Ben Moshe's Blog: PDO Persistent Connection Analysis

Shay Ben Moshe has a new post to his blog today looking at some of the benefits that using the persistent connections offered in PDO can have on your application.

PDO is an abstraction layer for database connections in PHP, and it became increasingly popular in the past few years. PDO gives us the option to use a persistent connection. If we don't use this option, a new connection is created for each request. If we do use this option, the connection is not closed at the end of the script, and it is then re-used by other script requests.

He shares the setup for his testing (hardware and MySQL configuration) and some of the results from his tests using the Apache ab tool for making web requests against an application. You'll need to download the archived file to see the results, though. It also includes the files he used to test with, comparing regular connections to the persistent ones.

Padraic Brady's Blog: Zend Framework Contributors Mailing-List Summary; Edition #1 (June 2011)

Padraic Brady has posted the first in a new series of articles to his blog talking about the most recent happenings on the Zend Framework Contributors mailing list.

What's this nonsense then? Well, a few weeks ago I shot myself in the foot [...] and before my sanity returned to normal, I found myself hoodwinked on IRC into writing up weekly summaries of what is discussed in Zend Framework land.

The posts will try to bring together some of the major topics from the last week on the list. This week's features include the "where do things go?" question about files/resources, how to package up a Zend Framework 2 application, the View component in ZF2 and a few other topics. If you'd like to keep up with these weekly posts, you can follow along on the php-general tag on Padraic's blog.

2011年6月27日星期一

PHP.net: PHP Documentation Update

The PHP documentation team has made a new announcement about some major changes that are happening with the PHP documentation - three interesting new additions to this part of the PHP project.

PHP has several [three] new documentation features that the community should be aware of.

They've introduced the following:

PHP manual pages (man pages) - pman - installed via PEAR
An enhanced CHM (Windows help) version of the manual with user notes
The Online Documentation Editor allowing edits from anyone.

NetTuts.com: Integrating Two-Factor Authentication with CodeIgniter

On NetTuts.com today they have a new tutorial showing you how to use two-factor authentication in your CodeIgniter-based application - a login process combining a username/password and access to a device that's authorized for the account.

Two-factor authentication is a way of proving your identity based on your username and password as well as a physical device that you can carry with you. This makes it much harder for crooks to steal your identity, since they will need access to your phone or hardware token - not just your login credentials.

They've chosen the free service offered by Duo Security that lets you approve the device in several ways including a phone call, SMS tokens and push-based authentication. They walk you through the setup of a Duo account, making an "Integration", grabbing the PHP and Javascript files needed to make it work and changing up your user and administration module to send a bcrypted value to the service. They flesh it out with a new version of the view to include the Duo code and generating the signed request.

2011年6月24日星期五

Site News: Popular Posts for the Week of 06.24.2011

Popular posts from PHPDeveloper.org for the past week:

Voices of the ElePHPant: Interview with Paul Jones

The Voices of the ElePHPant podcast has posted their latest episode today, another interview from the Microsoft Jump In! Camp - an interview with Paul Jones, lead architect of both the Solar and Aura frameworks.

Cal and Paul talk about the Aura project, a PHP 5.3 framework and how it relates to some of the base work that the Solar framework provided for it. He mentions the work being done on the database components to work with SQL Server and how some of the coming SQL Server features will be implemented.

You can listen to this latest episode in a few different ways - either through the in-page player, by downloading the mp3 or by subscribing to their feed.

Symfony Blog: Getting help on symfony1 or Symfony2

On the Symfony blog Fabien Potencier has a new post talking about a change in the support structure for developers wanting to get help with either Symfony1 or Symfony2 - a split in the mailing list to help make things a bit easier to split out.

Now that Symfony2 is just around the corner, we need to better organize community support for both symfony1 and Symfony2. As more people start using Symfony2, the user mailing-list is becoming more and more difficult to follow. [...] After an opinionated discussion on the mailing-list, I've decided to create two new mailing-lists that are replacing the current users mailing-list: one for symfony1 and another one for Symfony2. The current mailing-list has been switched to the archive mode; all messages will remain browseable and searchable but new messages will be rejected.

If you're a current member of the "users" mailing list and want a similar experience, you'll need to subscribe to both. Otherwise, pick the one you like and watch your inbox fill up. This break up makes it easier for people to find messages specifically related to their version of choice without having to look for the "[Symfony2]" tag in the subject line.

2011年6月23日星期四

Site News: Blast from the Past - One Year Ago in PHP

Here's what was popular in the PHP community one year ago today:

Derick Rethans' Blog: Xdebug on github

As Derick Rethans notes in his latest post, the Xdebug project is now on github and can be found under his account.

I've just opened my Xdebug repository on github. Importing my old SVN repository was a bit of a task. With the help of Ole Marius Smestad I managed to cook up a bash script to import and fix-up the repository. In the meanwhile I've learned more about git than I ever wanted to know, but still not enough.

Besides the source for Xdebug itself, you'll also notice repositories for the Xdebug website, the GtkDBGp client and the DBGp protocol definition.

Community News: What PHP Needs (A Twitter Thread)

In an effort to get some real feedback from the community about the state of PHP and what they think it needs, Sean Coates asked on Twitter for people to respond with their suggestions as to what could help make PHP better and what the project itself needs.

PHP's intentional stagnation is eating away at me. I'm working on a list of things I think #PHP needs. What's on your list? Tag it #phpneeds

There's been a great response already with suggestions ranging from features the language itself needs out to suggestions for those running and participating in the project. Keep this Twitter search bookmarked to see some of the great discussion.

2011年6月22日星期三

Community News: Latest Releases from PHPClasses.org

Voices of the ElePHPant: Interview with Matthew Weier O'Phinney and Ralph Schindler

The Voices of the ElePHPant podcast is back with a new episode - an interview with two well-known members of the Zend Framework community, Matthew Weier O'Phinney and Ralph Schindler. The recording was made at the Jump In! Camp that's currently being held by Microsoft.

They spend most of the time talking about dependency injection - defining what it is and some of the plans there are to integrate it into the Zend Framework (including where the dependencies are created and used).

As always, you can either listen to this latest show via the in-page player or by downloading the mp3 for listening at your leisure. You can also subscribe to their feed to make it even easier to get this and future episodes.

PHPBuilder.com: Getting Started with Jenkins for PHP Developers

On PHPBuilder.com today there's a new tutorial from Jason Gilmore helping you get started with Jenkins for building and deploying your PHP applications. Jenkins (formerly Hudson) can make things "one click simple" for you to correctly push your applications live every time.

Although a Java-based solution, an active plugin community has made it possible to use Jenkins for far more than Java-specific projects. More recently it has become much easier for Jenkins' novices to use the project in conjunction with PHP projects thanks to the work of Sebastian Bergmann. Known as Template for Jenkins Jobs for PHP Projects, the project provides a configuration file which you'll use to enable Jenkins/PHP integration, and supports several popular familiar PHP tools such as PHP_CodeSniffer and PHPUnit.

He walks you through a brief installation of Jenkins (packages on a Debian install) and shows you how to get your git repository, the source for it to pull from) configured and ready to pull. He also includes some other screenshots showing you where to look for the build status, results from past builds and how to get the system to build documentation as a part of the build.

Symfony Blog: Symfony2: Getting Easier - Interactive Generators

On the Symfony blog they've posted the latest in their "Getting Easier" series looking at some of the things being done for the framework to help make it more appealing for those just coming in. In this new article they look at the new interactive generators that help you create the code you'll need to set up your bundles without a lot of manual effort.

symfony1 has generators for all those things, but until now, Symfony2 was not very good at generating code. Well, that's "fixed" now, thanks to the new GeneratorBundle. The bundle is included by default in Symfony SE (as of 2.0.0 RC1 which will be released on June 24th) and it knows how to generate bundles, forms, Doctrine entities, and simple CRUD controllers to get you started even faster.

A screencast is included in the post showing the process of running the new tool and generate all of the configurations you'll need for a bundle, a Doctrine2 entity, database creation and the CRUD interfaces for a Doctrine entity. You can grab the code for this new bundle from the Sensio github account.

2011年6月21日星期二

Community News: Latest PECL Releases for 06.21.2011

Latest PECL Releases:

DZone.com: File Path Injection in PHP <= 5.3.6 File Update (CVE 2011-2202)

On DZone.com's PHP on Windows section today Krzysztof Kotowicz has a new post talking about a file path injection exploit in PHP versions lower than 5.3.6.

Since the thing went public before new PHP version has been released, I present full details of the latest PHP vulnerability I reported - together with some sweet demo exploit. The issue was found with fuzzing being part of my recent file upload research. And I still have some more to show in the future :)

The issue, described in more detail here on bugs.php.net (as of the time of this post, unfortunately unavailable) and his code to reproduce the issue is here. Due to a bug in the code that should strip down the upload to just the filename, certain kinds of file paths can make it through. The real problem comes in when an application blindly uses this filename to write to, possibly overwriting important files. You can see a screenshot of it in action here.

Padraic Brady's Blog: How Would You Engineer A PEAR2/Pyrus Distribution Architecture?

Padraic Brady has a new post to his blog asking you, the reader, for your suggestions on how to architect a distribution system for the PEAR2/Pyrus components.

With the idea of PEAR2 and Pyrus, I had hoped to see a renewal - the advancement of a PEAR architecture for the 21st Century. Instead, and this is just my opinion, PEAR2/Pyrus were a relatively simple iteration on a very old theme. [...] If the PEAR ecosystem has a failing, it is one of staggered evolution. Over time it has picked up additional features tacked on top of a base model.

He breaks up his thoughts on the future of PEAR2/Pyrus distribution into a few different topics - the issues he sees surrounding packaging (like static packaging definitions), suggestions for a dynamic channel aggregation system and overall usage of the PEAR system.

2011年6月20日星期一

Community News: Latest PEAR Releases for 06.20.2011

Latest PEAR Releases:

Sebastian Bergmann's Blog: Towards Better Code Coverage Metrics in the PHP World

Sebastian Bergmann has a new post to his blog talking about some of the future plans for better code coverage metrics for PHP applications (not just the statistics that we have now as generated from PHPUnit runs combined with Code_Coverage PEAR package and Xdebug).

Xdebug currently only supports what is usually referred to as Line Coverage. This software metric measures whether each executable line was executed. Based on the line coverage information provided by Xdebug, PHP_CodeCoverage also calculates the Function / Method Coverage software metric that measures whether each function or method has been invoked.

The various kinds of coverage they're planning the in future include statement coverage, branch coverage (boolean evaluation), call coverage, path coverage with an alternative of linear code sequence and jump coverage (LCSAJ).

Zend Developer Zone: Announcing June's Zend Framework Bug Hunt Days

The Zend Developer Zone has announced the bug hunt days for June happening the 23rd through the 25th:

For those who haven't put the reoccurring event in their calendar, this announcement is for you: the Zend Framework Monthly Bug-hunt is here again! Next Thursday, Friday and Saturday (the 23rd, 24th and 25th of June), we'll be hosting our monthly bug hunt. For those of you unfamiliar with the event, each month, we organize the community to help reduce the number of open issues reported against the framework.

If you're wanting to get involved but aren't sure where to start, you'll first need to get a CLA on file then you can start browsing unresolved issues of check out their "getting started" guide for more information.

2011年6月17日星期五

Site News: Popular Posts for the Week of 06.17.2011

Popular posts from PHPDeveloper.org for the past week:

DevShed: Implementing the ArrayAccess Interface - PHP

In the first part of a new series over on DevShed.com, they introduce the concept of "segregated interfaces" and show how to use them to work with collections of arrays (using interfaces that are a part of the SPL).

To start illustrating why segregated interfaces are really useful, in the lines to come I'm going to build an example that will recreate the scenario described in the introduction. Basically, what I want to achieve here is to construct a custom countable array collection.

He shows the basic class structure needed to emulate a countable array in an object by implementing the "Countable" interface. He adds in the "Iterator" interface to allow you to work with the dataset like an array - progressing through it, rewinding to the beginning and checking to see if a value exists. Finally, they add the "ArrayAccess" interface to the class that boosts it with even more features like the ability to grab things by specific keys (numeric or string). The finish the article off with an example of an ArrayCollection object and how it can be looped through using a foreach.

Nicolas Grekas (on Github): Improved handling of HTTP requests in PHP

As Nicolas Grekas shows in this tutorial (posted as a gist), the functionality that PHP gives users to work with the raw HTTP requests is pretty limited. There's a few solutions he offers, but none of them allow for the full use of the HTTP options provided by the server.

HP offers comprehensive autoglobals to access external data sent with each request. These variables do not expose all the possibilities allowed by the HTTP protocol, but a controlled use can in practice minimize the impact of this limitation. Two problems are particularly troublesome: the lack of access to multi-valued keys without using a special syntax and complexity of the magic bracketed syntax. Until PHP natively provides another interface freed from these problems, a different interface in user space can circumvent them.

He gives some code examples of methods that can be used to parse strings like those found in cookies (or pulled in via php://stdin) including mentions of key normalization and accessing the values by literal keys. You can see a more full implementation here.

Josh Adell's Blog: Neo4j for PHP

Josh Adell has written up a new post for his blog showing some of his experience connecting PHP to Neo4j, a graph database (and open source project). It helps to solve a problem of related datasets and the difficulties that traditional RDBMS have with them.

Lately, I've been playing around with the graph database Neo4j and its application to certain classes of problems. Graph databases are meant to solve problems in domains where data relationships can be multiple levels deep. [...] As you continue to add degrees, the query becomes increasingly unwieldy, harder to maintain, and less performant.

Graph databases, like Neo4j, handle these sorts of needs perfectly. There wasn't an official PHP interface for it, so he decided to create his own that worked with the REST interface the database provides. He includes a few code snippets showing how to connect and make a few requests - setting properties on objects, relating objects to one another and making queries that follow the paths from user to user and return them as a simple array.

2011年6月16日星期四

Site News: Blast from the Past - One Year Ago in PHP

Here's what was popular in the PHP community one year ago today:

Freek Lijten's Blog: Currently on PHP's internals...

Freek Lijten has a recent post looking at some of the types of discussions that happen on the php-internals mailing list.

The internals list is the place to be to hear about the current state of PHP. It is one of PHP's many mailing lists, but this is the one where (core) developers discuss new features, current bugs and wild ideas. If you want to keep up with things it is a good idea to sign up, it is not an extremely high volume list and if you ignore the noise it is quite informative. In this article I would like to share examples of stuff typically discussed on the list.

He mentions feature requests in general and, more specifically things like traits support (multiple inheritance), array dereferencing, callable arrays and the debate over the short array syntax.

DZone.com: Automated code reviews for PHP

On the Web Builder Zone (a part of DZone.com) Giorgio Sironi take a high-level look at some of the tools you can use for automated code reviews in your projects without you ever having to lift a finger (well, once it's set up, of course).

I'm exploring an approach to automated code review: it's not as precise as the human-based one, but it scales better. [...] All in all, automated code reviews, performed with tools instead of with human intellect, can be a starting point to search for the problematic zones of a codebase. Then the human may come in, since they also have to clean up the code: their intervention was already scheduled.

The tools he mentions (and, in some cases, shows how to install/use) are:

2011年6月15日星期三

Community News: Latest Releases from PHPClasses.org

Community News: PHP North West 2011 Schedule Announced!

As posted on the PHPNW conference's blog, they've announced the schedule for this year's event and have posted it to the site.

You can now find the schedule for the PHP North West Conference 2011. We hope you like it as much as we do. The speakers have been selected via Call for Papers and hope that you share our excitement by this year's fantastic lineup! Thank you to everyone who submitted.

Topics included in this year's event are things like deployment with phing, Symfony2, DocBlox, Doctrine2, Git and various development processes types of talks. For more information about this great conference or to purchase your tickets, head over to the main conference site.

Trevor Morris' Blog: fuelphp, forms and validation

In this post to his blog Trevor Morris talks about his own introduction to the Fuel framework and some of his investigation into working with its forms support and validating the user input that comes from them.

I have been working on developing a website with the newest PHP framework on the block - Fuel, which describes itself as "a simple, flexible, community driven PHP 5.3 web framework based on the best ideas of other frameworks with a fresh start". [...] Although Fuel is a new framework, it borrows a lot of ideas from two very popular PHP frameworks, CodeIgniter and Kohana.

He starts off with one concern, a lack of documentation around some things that made it difficult for him to work with the HTML form helpers. He includes an example code snippet to show a basic email form field generation. Behind the scenes, he shows how to use the Validation library to add rules on the fields and check for a pass/fail status on the fields.

PHPClasses.org Blog: New PHP Version Fork

On the PHPClasses.org blog today Manuel Lemos gives his perspective on the recently announced PHP fork by Robert Eisele that has the community buzzing with comments from both sides of the fence.

A fork is a new version of a project that a separate group of developers that want to give the project a different route. A new PHP forked version was created by Robert Eisele to address needs that he felt were important.

He mentions the forked version as updated with the changes Robert wanted to see made and a few other concerns that have come from it. One issue is the PHP name and licensing problems and another is whether or not you should use this fork (and what its future might be).

2011年6月14日星期二

Community News: Latest PECL Releases for 06.14.2011

Latest PECL Releases:

ZendCasts.com: Creating Custom Application Resources

New on ZendCasts.com today there's a new screencast showing you how to create a custom application resource for your Zend Framework application. It's the (possibly final) video in the series he's been doing with the HTMLPurifier filtering.

We've taken a library that's outside the framework and want to find an elegant solution that takes advantage of the configuration tools that are already available in the Zend Framework.

He takes the previously hard-coded settings for the HTMLPurifier and moves them into a method where they can be set in a configuration file. You can watch the video via the in-page player.

Ibuildings techPortal: DPC11: Retrospective

On the Ibuildings techPortal site there's a retrospective of the Dutch PHP Conference from this year, 2011.

Before our memories get swamped by our daily lives, let's take a look back at the Dutch PHP Conference 2011. For me, two things stand out when I look back on this years DPC. One was the rate at which ideas were exchanged, both during the regular conference days and at the associated social events. [...] The other thing to stand out was the fact that many talks were not about PHP.

He goes on to talk about the ratios of PHP to non-PHP talks (only 37% were PHP-specific!) and breaks down the non-PHP talks into a few different categories including architecture, tooling, front end development and general framework updates. He also compares this to the PHP talks and came out with some interesting results.

For today's PHP development teams, generic software engineering principles and technologies allied to PHP have become part of their architectures and daily work routine. It is only logical that we want to know more about them and learn about new ones. It is no surprise then, that we see schedules at PHP conferences which include a good proportion of talks that are not directly about PHP itself.

Philip Norton's Blog: PHPNW11 Blind Bird Tickets Closing Soon

Philip Norton reminds you that the "Blind Bird" pricing for tickets to this year's PHP North West conference is almost coming to a close - the speaker list will be announced soon!

According to the PHPNW11 blog they had a 50% increase in paper submissions from PHPNW10, which means there will be an excellent range of talks on offer, but also a lot of papers to review before deciding on the schedule. So if you want to get in the bargain price of £75 for a fantastic two day conference then you had better get your tickets as soon as you can. After this week the early bird tickets will be released and the price will increase.

You can pick up both the Blind Bird and Tutorial day tickets right now from the ticket page of the PHPNW11 site.

2011年6月13日星期一

Community News: Latest PEAR Releases for 06.13.2011

Latest PEAR Releases:

Net_SMTP 1.6.0

Adminxweb.com: PHP Frameworks Benchmarked: Here Are the Results

The Adminxweb site has put together some framework benchmarks for several of the popular frameworks out there, some of which you may not have heard of before.

There are various PHP frameworks and they all have different speeds. The only way to judge a framework by its speed is by benchmarking - conducting tests and comparing the results. [...] Comparing various benchmarks is less of a scientific comparison and more of a subjective application. So in this post, I will review the performance of these frameworks according to the same metrics. This will allow us to arrive at the closest thing there is to an objective winner.

Among the ones they profiled, the DooPHP framework was the only one that came up with a 10 of 10 rating based on speed. It's compared to other frameworks like CodeIgniter, symfony, Solar and the Zend Framework. Take the findings with a grain of salt, however - the author doesn't provide the methods she used to arrive at the numbers. If you would like something with a bit more substance, check out Paul Jones' framework benchmarking tool posted on github.

Jason Stiles' Blog: How To Protect Your Site From XSS With PHP

In a recent post to his blog Jason Stiles takes a look at some of the things you can do with PHP to help protect your site from XSS (cross-site scripting attacks) with some basic filtering.

Cross-Site Scripting (XSS) is a type of attack where a hacker attempts to inject client-side scripting into a webpage that others are able to view. The attack could be as simple as an annoying alert window or as sophisticated as stealing a logged in user's credentials (commonly saved in browser cookies). [...] Since these types of user input can immediately be displayed to other user's, the attack could be spread pretty quickly and even without your knowledge.

He provides a basic function to get you started filtering the input from your users - a "xss_protect" method that takes in the data, whether to strip HTML tags or not and an optional set of allowed tags if you do. He also asks for opinions and better methods in his comments:

No solution is going to be perfect, but at least now you have a head start! If you have ways of improving this function, let myself and everyone else know in the comments.

2011年6月10日星期五

Site News: Popular Posts for the Week of 06.10.2011

Popular posts from PHPDeveloper.org for the past week:

Robert Eisele's Blog: PHP Hacking

Robert Eisele has a new post (and some new source) on his blog today that has gotten the PHP community both up in arms and excited about the potential it offers - a fork of PHP that's been modified to include lots of little improvements for changes in performance, some new PHP functions, usability improvements and changes in the MySQLi/mysqlnd drivers.

It took me a while but here's a new toy. Today I publish my own PHP fork based on the PHP 5.3.6 code base with a few changes that make the everydays developer life more bearable. It includes some of the patches I've already published about 3 years ago, my defcon extension and also my infusion extension plus a good bunch of extra gimmickries.

Updates in his release available on github) include:

Hardcoded constants
Turn off $_REQUEST variable if it's not needed
new methods like str_random, ob_fwrite, sigfig and strcal
changes in foreach, strstr and binary number handling
updates to MySQLi/mysqlnd to return matched rows and mysqi_return

The community reaction to this fork has been divided - some think the work put into these changes should have been submitted to the main PHP project instead and others see it as a good step forward for the language. Share your thoughts by commenting on the post.

Slawek Lukasiewicz's Blog: Working with date and time in object oriented way

Slawek Lukasiewicz has a new post today about working with dates and times in PHP on a more object-oriented fashion than in the more traditionally procedural way of just calling PHP date/time functions on the string values.

Date and time manipulation in PHP is mostly connected with functions like: date, time or strtotime. They can be sufficient, but if we want to deal with dates like with objects - we can use DateTime class. DateTime class is not only straightforward wrapper for standard functions, it has a lot of additional features - for example timezones.

He shows how to use the DateTime functionality to return an object you can call several different methods on. He gives examples of the formatting call, comparing one DateTime object to another, how to update the date after the object's created, calculating the difference between two dates and iterating through a certain time period.

Rob Allen's Blog: ZF2 Training at PHPNW 2011!

As Rob Allen points out, the PHP North West conference is happening again this year and includes a Zend Framework 2 tutorial day session as taught by him.

The fabulous PHPNW conference is back again this year on October 8th and 9th and tickets are now for sale for a mere £72. Buy now! as you only have a few days left at that price. There's no need to wait for the schedule as we know from the past 3 years, that it's going to be a great selection of relevant topics. More importantly, this year there's a tutorial day on Friday 7th October which is also very cost-effective at £330 for the tutorial day and the conference.

He mentions some of the other tutorials happening the same day including a look at Drupal performance and tools, web services and maintainable application development through components. If you're interested in the sessions and what they're about, check out the tutorial day page on the PHPNW website.

DZone.com: Hardening PHP: How to securely include remote code (part 1)

On the PHP on Windows blog from DZone.com Krzysztof Kotowicz has a new post - part one in a series on securing your PHP application - a look at securely including remote code from a source outside of your application.

First post of the series discussing various methods of including remote PHP code in your application - from security standpoint. In this post we discuss the history of remote code execution vulnerabilities in PHP apps and ways to prevent them. We finish off by presenting an unsecure method of including a remote code and describe what is the problem with that method.

He looks at the insecurity of a standard include/require, the allow_url_include php.ini setting and the issues with using hardcoded locations (like incorrect DNS records pointing to the wrong host).

2011年6月9日星期四

Site News: Blast from the Past - One Year Ago in PHP

Here's what was popular in the PHP community one year ago today:

Brian Swan's Blog: Performance Tuning PHP Apps on Windows/IIS with Output Caching

Brian Swan has a new post to his blog today showing you how to use caching for performance tuning on your Windows/IIS PHP application. He uses the IIS 7 output caching method instead of an external cacing tool or library.

The IIS output caching module allows you to configure IIS to cache dynamic pages generated by PHP. When a PHP page becomes "hot", the content of the page is cached so that is served without executing the script that generates it. [...] With the IIS Output Caching module you can cache all pages generated by PHP, vary what is cached by query string parameter value, or vary what is cached by header value.

He touches briefly on when he thinks you should use output caching for your applications since it can add extra overhead if it's not actually needed. He suggests turning it on when you have entire pages that don't change often and could benefit from just being displayed as-is. He shows how to enable the caching on IIS and includes some bits of code to show the results. There's a few other handy features he points out too like a file change notification and a configuration for a time interval caching rule.

JSClasses.org Blog: Lately in JavaScript podcast - Episode 5 (Javascript to Replace PHP?)

From the JSClasses.org site today there's a new episode of their "Lately in Javascript" podcast that asks the question "Is Javascript going to replace PHP?"

So it seems that recently Douglas Crockford of Yahoo commented they are considering to replace PHP with Node.js based JavaScript for server side Web applications. On episode 7 of the Lately in JavaScript podcast, Manuel Lemos and Michael Kimsal have Zachary Kessin, author of the Programming HTML 5 Applications book, to debate whether it makes sense to drop PHP for JavaScript on the server side.

You can listen to this latest episode either by using the in-page player or you can download the mp3 directly.

2011年6月8日星期三

Community News: Latest Releases from PHPClasses.org

Ibuildings Blog: Dutch PHP Conference 2011

On the Ibuildings blog today Hilary Boyce has posted her wrapup of the Dutch PHP Conference that just recently came to a close in Amsterdam.

I have just returned from the fifth (and my second) Dutch PHP Conference (DPC). For the technical staff at Ibuildings the conference is a highlight of our year. Not only do we have a chance to visit the delightful city of Amsterdam, but we also have 3 days of stimulating tutorials and conference talks. There is the added bonus of being able to meet and exchange ideas with fellow developers from all over Europe and further afield, many of whom are the movers and shakers in the PHP world.

She talks about the value of the conference, the advancement of knowledge it provided and the the shift in focus that's been the trend lately - less focus on the language and more on the professional development processes. She mentions specific talks such as Aral Balkan's keynote and a presentation on web services and the important role they play in application design. Other popular topics at this year's DPC were best practices in development, agile and internationalization and character sets.

Web Species Blog: Symfony2 - the best framework today?

In a new post to his Web Species blog Juozas Kaziukenas wonders if Symfony2 is the best framework today for developers looking for something that's robust, flexible and has the potential to "go big, very big".

It has its problems and flaws, but let me give you some thoughts why I think it's the framework which is going to go big. Very big. Frameworks are big creatures and naming interesting features can take thousands of words, so this is just a short glimpse of the few things I find interesting, to me. Obviously there is much more to it.

He starts with what he likes about Symfony2 and the features is offers including the Doctrine 2 support and the bundles interface they've included - self-contained plugins that are made to share and reuse across projects. He covers a few business reasons he sees to use the framework, mostly that he feels comfortable in the future of Symfony2 enough to trust using it. Of course, there's always bad parts to any piece of software and some he mentions include the steep learning curve, the use of things like dependency injection and the high amount of configuration involved.

2011年6月7日星期二

Community News: Latest PECL Releases for 06.07.2011

Latest PECL Releases:

Kevin Schroeder's Blog: Passing typed ActionScript objects to Flex using PHP and a message queue

Continuing on in his Flex and PHP series Kevin Schroeder has a new post to his blog today looking at how to send typed ActionScript objects to Flex so he could pass PHP objects and their structure directly back to the waiting frontend.

What I wanted to do was use the sales notification mechanism to pass PHP objects to Flex using the message queue. But I could not get the unserialization mechanism to work and so I had to settle for passing a simple message that a sale had been made. However, because you can pass typed objects back and forth between PHP and ActionScript over HTTP using Zend_Amf_Server I figured that there MUST be a way of doing it automatically.

He walks you through the steps to discovery that eventually got him to his end goal - making a simple valueObject class to use for the connection, a basic PHP script (using Zend_Amf) to parse the object's data and a bit of code to send it back to the waiting MQ queue via a Zend_Queue adapter.

Lorna Mitchell's Blog: PHP North West 2011

Lorna Mitchell has a new post today about this year's PHP North West conference happening October 7th through 9th in Manchester, UK. She talks some about the current status of the event and how it'll be structured.

e might still be in the thick of the summer conference season, but there's an event coming up this autumn which has me very excited: PHP North West 2011.

This is a regional PHP conference based in Manchester, UK, and I've been involved with it since it began (I'm surprised to find this is our fourth edition, it still feels like a shiny new adventure!). This year the dates are 8th and 9th of October and with an added tutorial day on the Friday, it is bigger (and of course better) than ever.

She points out the current Call for Papers that are open for submission and notes that the deadline is very soon - June 12th. She mentions the Tutorial Day with topics covering Zend Framework 2, security, Drupal performance and her web services tutorial. You can currently pick up tickets for the "blind bird" price of £72. For more information, see the main conference site.

RandomBugs.com: Apache Dynamic Virtual Hosting and PHP security

On the RandomBugs blog today there's a new post looking at some of the considerations made when setting up Apache and PHP for dynamic virtual hosting.

It's been a while since I configured the latest Dynamic Mass Virtual Hosting Server. Last time I used mod_vhost_alias to create a dynamic virtual hosting and it worked without any problem for what we need in that time. [...] Now, the problem is a little bit changed: We need a secure sever which should support ftp virtual users with quota and we don't have permission to change the packages, apply patches or recompile sources, because we need to be able to upgrade without to much stress.

Their biggest problem was dealing with the virtual users and handling the security for them to work with the files and hosts set up for them and only them. They tried both suPHP and a combination of mod_vhost_alias/php safe_mode/openbasedir but neither fit their needs. In the end it was mod_macro that did the trick with one caveat - you had to be more careful when adding the host to use the correct syntax in the configuration. It's split between multiple files and settings have to match across them.

2011年6月6日星期一

Community News: Latest PEAR Releases for 06.06.2011

Latest PEAR Releases:

Kevin Schroeder's Blog: Connecting PHP to ActionScript and Flex using Stomp

Kevin Schroeder has a recent post to his blog today looking at how he used Stomp to connect his backend PHP to frontend Flex, a text-based protocol that can be used to connect to a MQ server instance.

In yesterday's post I talked a little bit about some of the details on how I used messaging to connect a front end on demand request to a back end scheduled data processing mechanism. In this post we're going to talk about how to send data from a web page to a running Flex application without using HTTP. It is really quite easy.

His demo application watches a Magento instance and notifies him whenever a new sales comes in. Because of Magento's event-based system, it made the setup relatively easy. He includes the code for the observer on the Magento side and the Zend Framework-based logger code that it calls. Using the AS3Stomp library to make the connection, Kevin sets up the data provider for the Flex app to push the latest sale information into a list.

Chris Roane's Blog: What does it mean to be an Advanced PHP Programmer?

In a new post to his blog Chris Roane has a few suggestions about advanced programming and what it might take to be considered an advanced programmer in any language.

On a previous post I had someone comment that they did not agree that the code implementation that was presented in the article was advanced (which was described in the title). They also claimed that I was not an advanced PHP programmer. This made me think. Not because my programming skill or knowledge was challenged. But because I'm not sure what makes code or a programmer "advanced".

He asks a few questions about the criteria for considering someone an "advanced programmer" including things like how fast or efficient they are, how much they make or the conference(s) they've been to. He points out that, because "advanced" is such a relative term, it's hard to put a finger on it. Being this hard to define (and mostly worthless even if it is) he suggests an alternative to trying to figure it out:

Instead of throwing around general terms in labeling code or other programmers, let's come together and figure out ways in improving code together. Practical applications.

2011年6月3日星期五

Site News: Popular Posts for the Week of 06.03.2011

Popular posts from PHPDeveloper.org for the past week:

DZone.com: PHPSpec: BDD for your classes

In a new post to the "PHP on Windows" section of DZone.com, Giorgio Sironi looks at another testing tool to add to your arsenal - PHPSpec, a behavior-driven development testing tool similar to Ruby's RSpec.

Behavior-Driven Development can be seen as an evolution of Test-Driven Development, stricly in its outside-in version and with a refined language. In the case of the tool I'm reviewing today, BDD is implemented with code instead of with textual feature files (e.g. written in Gherkin) like in Behat. PHPSpec is similar to (or a port of) RSpec, the original BDD Ruby tool. It fills the need for an approach different from the classical xUnit at the class level.

He points out the place he thinks PHPSpec has in the software testing world as it fits with things like Behat and PHPUnit. He also includes some sample code to show it at work - a sample test that checks against an object for things like "should be an object" or "should not return the same number for multiples of three" for the basic class FizzBuzz.

Michael Nitschinger's Blog: Custom Finders with Lithium

Michael Nitschinger has another post that'll interest the Lithium framework users out there - how to create custom finders to help in code reuse for database requests.

Finders assist you with often-used database queries so you don't have to write them over and over again. Out of the box, Lithium provides you with a bunch of them: all, first, count list and "magic finders like" findById or findFirstById. How these are constructed in the core is not relevant for now, but Lithium provides you with a mechanism to write your own finders easily.

He starts with a look at the bundled finder, showing how it uses a _findFilters method to create the default filter and pass it into your configuration. He covers the parameters you'll need to define and an example of making a Task to create a new one. His example sets a limit of five results on the response. He also mentions the ability to add a custom finder to your model, loaded in the _init() automatically.

2011年6月2日星期四

Site News: Blast from the Past - One Year Ago in PHP

Here's what was popular in the PHP community one year ago today:

PHPBuilder.com: PEAR HTML_Table: Displaying Tabular Data in PHP

On PHPBuilder.com today Jason Gilmore has posted a tutorial showing you how to use the PEAR HTML_Table component to quickly and easily display tabular information on your site.

Because the task [of building tables] is so commonplace, personally I prefer to treat it like stamping out a widget, and rely on a drop in solution. While several such standardized solutions are available, I generally prefer to use HTML_Table, a great PEAR package which makes tabular data presentation a breeze. In this tutorial I'll walk you through several of HTML_Table's key features, additionally showing you how to integrate CSS and jQuery to create an eye-appealing and interactive tabular layout in no-time flat.

He helps you through the install (using the PEAR installer) and starts you down the right path with some sample code creating a table based off some example data from an array. He shows how to add headers, put in some CSS for styling them and for making the rows highlight on mouseover. He finishes it with the jQuery bit that uses the tablesorter feature to dynamically allow sorting of the table based on the values in each column.

php|architect: Impact Award Winners (for php|tek '11)

As a part of this year's php|tek conference, the folks at php|architect once again put together their choices for the "Impact Awards", a special recognition for projects that have really made a mark over the last year in a few different categories.

As part of the grand finale of php|tek '11, Keith Casey announced the winners of the first annual php|architect Impact Awards. These awards are selected by the subscribers of php|architect magazine. They represent the projects that have had the most impact on the day-to-day lives of PHP developers. php|architect is proud to announce the winners of this year's Impact Awards.

Winners this year included the Frapi (in Up & Coming), MySQL (in Data Management), Xdebug (in Integration/Development) and the Best Overall Product winner - the Zend Framework.

2011年6月1日星期三

Community News: Latest Releases from PHPClasses.org

Web Species Blog: Lazy evaluation with PHP

Juozas Kaziukenas has a new post to his Web Species blog about using "lazy evaluation" in PHP - loading the resources you need for execution and evaluation only as you need them, not all up front.

Recently I needed to process a huge array of data and because of PHP's somewhat inefficient variables and especially arrays that was resulting in "out of memory" errors. However, I couldn't use any other tools than PHP so was forced to come up with a solution implementation in it. Here is how I solved it using principles from functional languages.

He gives an example using Haskell to generate a Fibonacci sequence using its built-in lazy evaluation abilities. Unfortunately, PHP doesn't have such a thing built in, so he tries the next best thing - Iterators. He caries the idea over to the database side too, recommending fetch() in a loop over fetchAll() and some effective joins.

Robert Basic's Blog: Book review - Guide to Web Scraping with PHP

In this new post to his blog Robert Basic has a review of a book from php|architect (by Matthew Turland), "Guide to Web Scraping with PHP".

It took me a while to grab myself a copy of Matthew Turland's "Guide to Web Scraping with PHP", but a few weeks ago a copy finally arrived and I had the pleasure of reading it. [...] My overall impression of the book is that it was worth the time and I'm really glad that I bought it. Matthew did a great job explaining all the tools we have at our disposal for writing web scrapers and how to use them.

He talks about the content of a few specific chapters (the HTTP protocol, client libraries you can use and how to prepare documents for parsing) and notes that there's not much bad he can think of about the book:

It is a guide, clear and straight-to-the-point, explaining what tools are there, which one to use and how for writing scrapers and that's exactly what I wanted to know.

订阅：博文 (Atom)