web developer rocks: 一月 2012

2012年1月31日星期二

Community News: Latest PECL Releases for 01.31.2012

Latest PECL Releases:

Marcelo Gornstein's Blog: Writing PHP applications with Doctrine2 as ORM and Ding as DI container

In a recent post Marcelo Gornstein takes a look at using dependency injection with Doctrine2 using his Ding container.

This article will show how we can develop software in php with a nifty design and architecture, and very much like other languages like java, using an ORM and an AOP, DI, Events container. I will assume you've read (or at least took a quick look) at this article that explains the tree layout used throughout the code, and that you have some basic knowledge of Doctrine2 and used it before on your own.

He starts with the result - an easy to use, self-contained (and decoupled) system for accessing the Doctrine2 instance. It's event-driven and uses Aspect-oriented programming to mange interactions between components (or as he calls them "beans"). Code is included for the entire process for a logger, the User entity, entity manager, user repository and transactional aspect. You can find the complete source for his example on his github account.

Charles Sprayberry's Blog: DI and global state

In response to some of the comments made on his previous post about why you should use dependency injection in your applications, Charles Sprayberry is back with some more concrete examples showing how it all works with some code to back it up.

To help better explain each of the three aspects of DI I discussed in the previous article I'll be going over each more thoroughly and with those code examples requested. I'll be going through each point one at a time as the explanations will likely be of some length compared to the original post.

He starts with the "villain" of the story - the Singleton design pattern, a difficult to test method that lulls you into thinking you're not in the global scope. He talks about the problem of using this approach and how the Factory design pattern can be used to create an alternative. He changes up the example to create a "DbTableFactory" class that can be used to create the objects needed - in this case a "UserTable" object with the connection injected into it at construct time.

PHPClasses.org: PHP 5.4 Features: Shall you Upgrade to the newer PHP Version?

Over on the PHPClasses.org blog today there's a new post looking at the next major upcoming PHP version (5.4), what it comes with and why you might want to make the upgrade.

PHP 5.4.0 is planned to be released on February, 2 2012. By the time you are reading this, it may already been out. It is a result of many months of development. Many features were proposed for this release. Some made into this version, others did not make it at least for now. So, now you may be wondering which interesting features really made it. Let me tell you more about some of the more interesting features present in this release.

The article mentions some of the usual major features that can be found in just about every "in PHP 5.4" list - traits, the built-in web server, binary notation for integers - but it also includes some of the features that didn't make the cut this time (like annotations and the inclusion of the APC caching extension). Also included are questions to ask to see if the upgrade is for you like:

Do you need the new features?
Do you need the updates now?
Try it and test it in dev first - does it meet your needs or cause other bugs?

The planned release for PHP 5.4 is during the first week of February (2012). Additionally, if you'd like to give the PHP development group some help testing out the latest Release Candidate, you can find instructions here.

2012年1月30日星期一

Community News: Latest PEAR Releases for 01.30.2012

Latest PEAR Releases:

7php.com: Interview With Stefan Koopmanschap Symfony Community Manager

On 7php.com there's a new interview with Stefan Koopmanschap, the Symfony Community Manager (and well-known PHP speaker and member of the PHPBenelux user group) answering some questions about himself, Symfony and the PHP community.

In this edition, I talked with Stefan Koopmanschap (@skoop) the co-founder of the Dutch PHP usergroup PFZ.nl which is merged with the PHPBelgium usergroup to form the PHPBenelux usergroup. He is also an official Sensio training partner for Benelux and Germany. [...] Koopmanschap is much involved in the OpenSource world and is a very highly respected member in the PHP Community; he advocates sensible thoughts and never fails to make his point stand out in the best way he can. You can read more about him on his personal blog - LeftOnTheWeb.

Stefan answers a few questions about himself and his experience with PHP:

A bit of background on who he is and when he got started with PHP
How he got started with the language
His opinion of PHP now versus when he first started
some of the good and bad things about PHP

You can read interviews with other PHP community members here.

Nikita Popov's Blog: htmlspecialchars() improvements in PHP 5.4

In this new post to his blog Nikita Popov looks at an update that might have gotten lost in the shuffle of new features coming in PHP 5.4 - some updates to htmlspecialchars.

One set of changes that I think is particularly important was largely overlooked: For PHP 5.4 cataphract (Artefacto on StackOverflow) heroically rewrote large parts of htmlspecialchars thus fixing various quirks and adding some really nice new features. Here a quick summary of the most important changes: UTF-8 as the default charset, improved error handling (ENT_SUBSTITUTE) and Doctype handling (ENT_HTML401,...).

He goes into each of these three main features in a bit more detail, providing code to illustrate the improved error handling and the new flags for Doctype handling (covering HTML 4.01, HTML 5, XML 1 and XHTML).

Jason Grimes' Blog: Using Doctrine 2 in Zend Framework 2

Jason Grimes has posted a new tutorial to his blog about integrating Zend Framework 2 with Doctrine, the powerful (and popular) ORM tool for PHP. In his example, he shows how to use them to store the album information from Rob's tutorial.

Zend Framework 2 is getting close to release, and among the changes are new ways to handle dependency injection, and new ways to work with third-party code as modules. Rob "Akrabat" Allen has updated his iconic Getting Started with Zend Framework tutorial for ZF2, and it's a great place to start. After working through that tutorial, the next thing I wanted to do was figure out how to get the Doctrine 2 ORM up and running. This article shows how to set up and use Doctrine 2 in Zend Framework 2, by extending Rob's Getting Started tutorial to use Doctrine instead of Zend_Db.

Using Rob's example as a starting point, he shows how to install the Doctrine modules, update the "Album" model and controller to use Doctrine instead of Zend_Db and create the entity for the Albums.

2012年1月27日星期五

Site News: Popular Posts for the Week of 01.27.2012

Popular posts from PHPDeveloper.org for the past week:

Ibuildings Blog: 2011: A Year in PHP

On the Ibuildings blog today there's a year in review post (from Ben Longden, Rowan Merewood and Alistair Stead) looking back at 2011 and everything that happened in the world of PHP.

2011 has flown by in a blur as we have been busy helping many new clients with large scale PHP projects - proof that PHP continues to gain traction with enterprise. [...] The ongoing financial climate only adds pressure for IT managers to cut costs and deliver more value from their existing infrastructure and therefore require enterprises to re-consider any prior aversion to open source and PHP. This is allowing our industry to consistently buck the trend of the markets and expand to support the increased demand.

They list some of the changes in PHP itself, like the Release Candidates for PHP 5.4 and the 5.3 requirements of some frameworks, as well as some community-related changes: Facebook's Virtual PHP Machine (hhvm) and the number of PHP-related events in Europe and the UK. They mention some projects that become more prominent in 2011 including BDD testing, Platform as a Service products and the EBay acquisition of Magento.

Also included in the post are a few predictions for 2012 including a possible merging of frameworks along similar strategies, the increased use of dependency injection containers and a serious look into caching in PHP applications.

Mike Wallner's Blog: Dropping server load with HTTP caching

Mike Wallner has shared a quick and easy HTTP caching technique in a new post to his blog today. The key is in using the PEAR HTTP_Header package.

Ever watched youself browsing e.g. a web forum? Noticed that you viewed the same page several times? Well, this means extraordinary and useless load for your server if there's no caching mechanism implemented in the web application. Even if there is some file or db cache you can still improve performance with implementing some http cache.

With a few simple lines of code using HTTP_Header, you can tell your scripts how long to set the "expires" header to on your requests. This increment (in seconds) is relayed to the browser to tell it when to next fetch the page and not reload from cache.

2012年1月26日星期四

Site News: Blast from the Past - One Year Ago in PHP

Here's what was popular in the PHP community one year ago today:

Francois Zaninotto's Blog: Node.js for PHP Programmers #1: Event-Driven Programming... and Pasta

On his blog today Francois Zaninotto has a post that aims to introduce those with a PHP background to how Node.js works. In this first part of his series, he tries to explain the idea of event-driven programming - parallel processing of different parts of an application based on some action taken in the code.

For a PHP developer, asynchronicity is the most puzzling aspect of the Node.js runtime. It's simply a new way to write programs. And once you pass the first learning steps, event-driven programming opens a world of possibilities PHP programmers would never dream of. I'll try to explain you how it works, but first, let's talk about pasta.

In his "pasta" example, he shows how a typical PHP application would make a "Pan" object, call a "warm" action, "add olive oil", etc. All of this happens in sequence, though and takes 29 "minutes" to complete. To help things along, he implements an "EventLoop" class that handles tracking the timing and includes two methods to execute callbacks and delayed methods. He expands on this example with asynchronous objects and method calls to handle multiple things at once. He relates this to what Node.js offers - a built in event handling system, an included EventLoop object and native blocking I/O operations.

Mike Purcell's Blog: Use PHPUnit without PEAR

Mike Purcell has a new post to his blog showing a method he's followed to be able to use the popular PHPUnit unit testing software without having to go through the PEAR installer to get there.

PHPUnit is a great tool to protect us developers from introducing new defects when adding new features or re-factoring code. However there is one HUGE downside to PHPUnit; it must be installed using PEAR. Personally, I don't like 'auto-installers', I'd prefer to know what exactly is happening behind the scenes with regards to which libraries are required and how they are being called. [...] After breaking down the PHPUnit source code, I realized it could be installed without going through PEAR, and without too much headache.

He walks you through the directories you'll need to set up (test/vendor), the commands you'll need to get the latest version and unpack it, changes to set up some symlinks and updating the PHPUnit source to modify the autoloader, bootstrap and phpunit executable.

2012年1月25日星期三

Community News: Latest Releases from PHPClasses.org

Fabien Potencier's Blog: Create your own framework... on top of the Symfony2 Components (part 12)

In this final post of his series about building a framework on Symfony2 components, Fabien Potencier focuses again on flexibility - allowing you to have more than one front controller with different configurations thanks to dependency injections.

Does it means that we have to make a choice between flexibility, customization, ease of testing and not having to copy and paste the same code into each application front controller? As you might expect, there is a solution. We can solve all these issues and some more by using the Symfony2 dependency injection container.

The Symfony2 DIC (DependencyInjection) allows you to create a container with the objects and settings that you want and inject that into the main "Framework" class for its use. He registers most of the components he's added over the series like the UrlMatcher, RouterListener, ExceptionListener, EventDispatcher and the Framework class itself. This is all stored in a separate file(s) and can be conditionally included based on your environment. He shows how to register a custom listener, add parameters to the DIC configuration.

DevShed: Using Closures as View Helpers

New on DevShed today there's a tutorial looking at using one of the newer features of PHP, closures, as view helpers in a basic templating system.

In this two-part tutorial I'll be showing you, in a step-by-step fashion, how to use the goodies offered by closures in the implementation of an object-based, easily extendable template system. This system will allow you to embed anonymous functions easily into template files, and call them as typical view helpers, too.

He starts the process of creating the templating system by defining two interfaces, the View and DataHandler. Using these as a base, he creates an instance of the ViewInterface (a "View" class) that can set the template file to use, set values to be displayed and render the formatted output. Included is a basic template and how to use the View class to set values into it. The "render" method is called on the view and the HTML markup is produced. The closure comes in when they try to call a value "clientIp" that needs to do something more complicated than just having a string assigned to it.

2012年1月24日星期二

Community News: Latest PECL Releases for 01.24.2012

Latest PECL Releases:

PHP.net: PHP 5.4.0 RC6 released

The PHP.net has announced the availability of the latest Release Candidate in the PHP 5.4.0 series - PHP 5.4.0 RC6:

The PHP development team announces the 6th release candidate of PHP 5.4. PHP 5.4 includes new language features and removes several legacy (deprecated) behaviours. Windows binaries can be downloaded from the Windows QA site. [...] The 6th release candidate focused on improving traits. Please test them carefully and help us to identify bugs in order to ensure that the release is solid and all things behave as expected.

You can download this latest release from the PHP QA site (Windows binaries) and test it on your local instance/applications. Any and all feedback about issues should be reported to either the QA mailing list or on the bug tracker. A complete list of updates is available in the NEWS file.

KingFoo Blog: PHP 5.4 - What's new?

On the KingFoo blog today there's an excellent look at everything new coming up in PHP 5.4, the next version of PHP set to be released in early February.

PHP 5.4 will be stable soon.
In this post I'll try to give you an overview and examples of the new PHP 5.4 features. If you want to try out PHP 5.4 (which is currently in RC3), it has to be installed first. I suggest that you try this out on a virtual machine so you don't break your current PHP version.

Improvements on the list include:

Improved Session Extension
Built-in webserver
Traits
Array dereferencing
Method calls through arrays
Binary notation for integers
Instantiate a class without running constructor
Improved JSON extension
Improved CURL extension

And this is just a start - they detail each of the improvements and provide code where needed to illustrate the update. They also link over to the PHP.net manual (or PHP bug tracker) for more information on the new feature/change.

Paul Reinheimer's Blog: Cookies don't replace Sessions

In a new post to his blog Paul Reinheimer talks about replacing sessions with cookies and some of the (security) pitfalls that can come with it.

I've seen several instances where people have demonstrated the ease with which encrypted cookies can replace sessions within PHP. Michael Nitschinger wrote a piece recently demonstrating the switch with Lithium, while CodeIgniter does this by default (optionally encrypting). The problem is that while replacing sessions with cookies works, it introduces a few risks not present with native session support, and these risks tend to be under documented.

He gives an illustration of an attacker who sits between Amazon and one of their warehouses. Despite encrypting their order details, all it would take is the attacker to grab an order and copy it and resend (a "replay attack"). He's created an example application to illustrate the point (source on github). The attacker doesn't even have to know what the encrypted information contains - they only have to replicate it.

2012年1月23日星期一

Community News: Latest PEAR Releases for 01.23.2012

Latest PEAR Releases:

Text_LanguageDetect 0.3.0

PHPMaster.com: Rapid Application Development with CakePHP

On PHPMaster.com today there's a a new tutorial helping you take some first steps with CakePHP, a popular full-stack PHP framework, by Vito Tardia.

CakePHP is a framework that provides a solid base for PHP development. It allows users at any skill level to rapidly develop robust web applications. [...] Personally, the reason why I prefer CakePHP over other PHP frameworks is its better support for console applications. CakePHP has a powerful console tool that can be customized to build applications for both the web and the console world. In this article I'll introduce you to two of CakePHP's most useful features:
automatic code generation using the console tool Bake and dynamic scaffolding.

He walks you through the full (user friendly) installation and configuration, a few changes to increase security and where to go to set up your database connection. From there he shows how to use the "Bake" command to generate a "subscribers" model and automatically create the user interfaces to work with it (CRUD operations)

NetTuts.com: Testing your PHP Codebase with EnhancePHP

On NetTuts.com today a new tutorial has been posted to help you test your applications and make it a simpler process using the EnhancePHP framework. EnhancePHP is a lightweight Open Source PHP unit testing framework with support for mocks and stubs.

You know it; I know it. We should be testing our code more than we do. Part of the reason we don't, I think, is that we don't know exactly how. Well, I'm getting rid of that excuse today: I'm teaching you to test your PHP with the EnhancePHP framework.

He shows you how to download it, get it installed and creates a simple structure to do some TDD (Test-Driven Development) with it. His tests check three things - valid email addresses, username restrictions and phone number formatting. He also includes a look at creating mocks/stubs for a "scoreboard" example.

You can find out more about the EnhancePHP framework on its github page.

2012年1月20日星期五

Site News: Popular Posts for the Week of 01.20.2012

Popular posts from PHPDeveloper.org for the past week:

Brian Swan's Blog: Using SQL Azure Federations via PHP

Brian Swan has a new post to his blog about using Azure Federations in your PHP applications:

In a nutshell, SQL Azure Federations introduces an abstraction layer for the sharding of SQL Azure databases. The value in federations lies in your ability to have elastic scalability of the database layer of your application (to match the elastic scalability of the rest of your application when it's running in the cloud). And, one nice thing about the way federations work is that nearly everything can be done with simple SQL commands. Of course, that means that using SQL Azure Federations via PHP should be easy. So in this post, I'll introduce you to SQL Azure federations by showing you how to use them via PHP.

He uses the SQL Server drivers to make the connection to the Azure instance and, based on his included code, creates a federation and tables inside it.
He also shows how to insert data into these tables, split up a federation, insert data after this split and how to query a federation member with the filtering on or off.

DZone.com: PHPUnit_Selenium

On DZone.com today Giorgio Sironi has a quick tutorial showing you how to set up and use the PHPUnit_Selenium component in the latest releases of the popular testing software.

With the 1.2 release, PHPUnit_Selenium supports (basically) for the first time the Selenium 2 WebDriver API. While PHPUnit_Selenium already worked with Selenium 2, it did so only by using the Selenium 1 emulation included in the jar; now it provides an object-oriented API right natively supported in a base PHPUnit test case, shipped in PHPUnit's PEAR channel.

He includes the steps you'll need to pull it from the PEAR channel and how to set up a test case based on the PHPUnit_Extensions_Selenium2TestCase object. He gives a few examples of how to select various components on the page (via CSS selectors and XPath), assert that the right information is there and interact with forms.

2012年1月19日星期四

Site News: Blast from the Past - One Year Ago in PHP

Here's what was popular in the PHP community one year ago today:

Fabien Potencier's Blog: Create your own framework... on top of the Symfony2 Components (part 9)

Fabien Potencier has posted the ninth part of his "build a framework on Symfony2 components series. In this latest tutorial he takes the simple framework he's already created (complete with some unit tests) and makes it easier to extend.

Our framework is still missing a major characteristic of any good framework: extensibility. Being extensible means that the developer should be able to easily hook into the framework life cycle to modify the way the request is handled.

He chooses the Observer design pattern as a basis for his example, allowing any kind of behavior/actions to be added to the framework's execution. He includes the Symfony2 dispatcher to make this work and includes the code for a "handle" method to fire off events. It executes a "ResponseEvent" every time the framework is executed. An "addListener" method provides the hook to apply a callback to an event - in his case an anonymous function (or closure).

Volker Dusch's Blog: Never trust other peoples benchmarks - A recent example (exceptions)

In response to a previous post benchmarking exceptions, Volker Dusch has posted some of his own thoughts and benchmarking results on the same topic.

Some days ago there was a blog post regarding php exception performance in 5.4 and the numbers got reported all over the place. The actually numbers are secondary. The main point is: Don't trust "random" stuff on the Internet when thinking about improving your application performance. You always need to measure things for your self and take care doing so! I've initially trusted the benchmark myself and disgraced the whole post saying: "Well yes, exceptions are slower than if statements but nice that they got faster".

He includes some results with a bit more standardized testing - one run with both 5.3 and 5.4 using XDebug and another with it turned off for both. His results make sense, if you think about them:

So what we learn from that? Running stuff with debugging tools is slower than not doing that. That's why we don't use xDebug in production.

2012年1月18日星期三

Community News: Latest Releases from PHPClasses.org

Ibuildings techPortal: DPC Radio: Advanced OO Patterns

On the Ibuildings techPortal today they've posted the latest episode in their DPC Radio series as recorded at the last Dutch PHP Conference. In this new episode they share a session from Tobias Schlitt called "Advanced OO Patterns".

You already know Singleton, Signal/Observer, Factory and friends. But, which object oriented patterns are en vogue in the PHP world and how can you seize their power? This talk gives you an overview on Dependency Injection, Data Mapper and more OO patterns the PHP world talks about right know, using practical code examples.

You can listen to this latest episode either via the in-page player or by downloading the mp3 directly. You can follow along with the talk in his slides over on the qafoo.com site.

PHPBuilder.com: Create PHP Voice Recognition Apps on the Cheap

On PHPBuilder.com today Jason Gilmore has a new tutorial showing how to create voice recognition applications with PHP and the help of open source voice interpretation tools.

Voice recognition or speech recognition technology is not easy to develop. In-house development would be very costly, and buying proprietary libraries that convert voice to text would make the developed application very expensive for end users. On the other hand, when developing in PHP, you have many open-source solutions available. The same dilemma happens with voice recognition in PHP -- there is an open-source class that can be used in voice applications. That way your application would cost less, and you also can offer it for free.

His tool of choice is Voice PHP, an open source project that uses four classes with support for SSML, SRGS, CCXML and VoiceXML. In his sample application he shows how to use the libraries to generate an application that can listen to a user's voice and translate that into certain menu options.

2012年1月17日星期二

Community News: Latest PECL Releases for 01.17.2012

Latest PECL Releases:

Gonzalo Ayuso's Blog: Checking the performance of PHP exceptions

Gonzalo Ayuso has a new post to his blog today looking at the performance of PHP exceptions and how it could effect your application's overall speed.

Sometimes we use exceptions to manage the flow of our scripts. I imagine that the use of exceptions must have a performance lack. Because of that I will perform a small benchmark to test the performance of one simple script throwing exceptions and without them.

His (little) benchmarking scripts are included - both looping 100000 times, one throwing an exception and the other not. The results were pretty obvious - the memory usage was about the same but the speed was about ten times faster without the exceptions (in PHP 5.3). In PHP 5.4, however, the numbers were closer as far as time to run. Obviously, unless you make super heavy use of exceptions, you're not even going to come close to something like this (micro-optimization anyone?).

Fabien Potencier's Blog: Create your own framework... on top of the Symfony2 Components (part 8)

Fabien Potencier has posted the eighth part in his "building a framework on Symfony2 components" series. So far he's created a full-featured microframework with routing, controllers, HTTP handling and namespaced code. In this latest part he improves the sample framework by adding some unit tests.

Some watchful readers pointed out some subtle but nonetheless important bugs in the framework we have built yesterday. When creating a framework, you must be sure that it behaves as advertised. If not, all the applications based on it will exhibit the same bugs. The good news is that whenever you fix a bug, you are fixing a bunch of applications too. Today's mission is to write unit tests for the framework we have created by using PHPUnit.

He includes the XML for a basic phpunit.xml configuration file and uses a UrlMatcher and ControllerResolver in a "Framework" class and makes the test check for "not found" URLs and for checking for a correct Response.

2012年1月16日星期一

Community News: Latest PEAR Releases for 01.16.2012

Latest PEAR Releases:

HTTP2 0.1.0

Fabien Potencier's Blog: Create your own framework... on top of the Symfony2 Components (part 7)

Fabien Potencier has posted the seventh part of his series looking at how to make a custom framework on top of the components from the Symfony2 framework. In this part of the series he improves his basic framework by adding some namespacing to organize the application a bit more.

If you have a closer look at the code, front.php has one input, the Request, and one output, the Response. Our framework class will follow this simple principle: the logic is about creating the Response associated with a Request. As the Symfony2 components requires PHP 5.3, let's create our very own namespace for our framework: Simplex.

He puts the main front controller in just the "Simplex" namespace but adds in others for the controllers and models. He also updates his Composer configuration to create some PSR-0 autoloading.

Davey Shafik's Blog: The Closure Puzzle

Davey Shafik has posted about an interesting find with closures in PHP revolving around an update to add "$this" access inside the closure.

However, it didn't stop there; there was also the addition of Closure::bind() and Closure->bindTo(). These methods are identical except one is a static method into which the closure is passed, the second an instance method on the closure itself. These methods both take two arguments (on top of the closure for the static version): $newthis and $newscope. What this means is that unlike the regular object model the concept of $this and lexical scope (what is in scope for the function with regards to private/protected methods inside objects) are completely separated.

He also mentions that you can change the "$this" to a different object (complex) or swapping out the object the closure is bound to while keeping "$this" the same (simpler). He mentions that it could be useful for unit testing but can have its drawbacks. He's included code to illustrate
the breakage it can cause in the PHP OOP model (with an explanation).

2012年1月13日星期五

Site News: Popular Posts for the Week of 01.13.2012

Popular posts from PHPDeveloper.org for the past week:

DZone.com: Open/Closed Principle on real world code

In a new post to DZone.com Giorgio Sironi talks about the "open/closed principle" in software development and shows an example based on the design of the PHPUnit_Selenium project.

This article shows an example of how the application of the Open/Closed Principle improved the design of a real project, the open source library PHPUnit_Selenium. These design concepts apply to every object-oriented language, including Java, Ruby or even C++. The Open Closed Principle, part of SOLID set, states that software should be open for extension and at the same time closed for modification.

He starts with a little background on the project, pointing out that there's a Session object it uses for all of its testing with a magic "__call" method that handles any kind of method call to the object. This method has issues (dependencies, strict requirements for use) but can be refactored according to the Open/Closed idea to set up an array of anonymous functions that can be called as a "command". Examples of these types of classes are also included (one for the "click" action on a button and another for getting the current location).

2012年1月12日星期四

Site News: Blast from the Past - One Year Ago in PHP

Here's what was popular in the PHP community one year ago today:

PHPClasses.org: PHP Vulnerability May Halt Millions of Servers

On the PHPClasses.org blog today there's a new post looking at the security vulnerability that effected not only PHP but lots of other languages making them susceptible to attack from the outside.

In PHP and several other languages used to implement Web applications, arrays are used to store the values of request variables such as $_GET, $_POST, $COOKIE, etc.. IF you receive a request with a large number of request values, until recent versions PHP may run into trouble.

He goes on to explain why there's an issue with the array overloading and what PHP has done in recent releases to help correct the issue - the max_input_vars setting in the php.ini. He also points out that this is not a new issue - it was originally identified back in 2003 (with a video of the original presentation). He points out that the most recent releases of the PHP language have this fix in them and, if at all possible, you should upgrade to protect your applications.

Paul Reinheimer's Blog: The Danger of Hooks

Paul Reinheimer has a recent post to his blog talking about the danger of "hooks" in your development - the functionality several frameworks and other tools come with to allow you to add functionality to the core without having to change the main source.

I ran into hooks rather simultaneously with two very different frameworks: Code Igniter and Lithium. In both cases I was using a rather nifty hook to handle ensuring that users were properly authenticated and authorized before accessing a page. [...] One day, while messing around, I accidentally turned off the hook configuration within Code Igniter (actually I clobbered a file, and restored the wrong one). Then, things came crashing down in a horrible cacophony of... actually they didn't. Everything kept working: that was the problem.

He shows two solutions he came up with to be sure that his hooks were executed - one for Lithium and the other for CodeIgniter. The Lithium one uses a "_remap" method and the CodeIgniter example uses the magic "__invoke" method to check for an "AUTH_CHECKED" constant that's only defined as a part of his hooks.

I'm no longer entirely dependent on one configuration option or file for my security to function. Should it fail, I've got a secondary check in place; this example of defence in depth allows me to be comfortable with the hooks security system once more.

2012年1月11日星期三

Community News: Latest Releases from PHPClasses.org

PHP.net: PHP 5.3.9 Released!

The PHP development group has officially announced the release of PHP 5.3.9, the latest in the 5.3.x series.

The PHP development team would like to announce the immediate availability of PHP 5.3.9. This release focuses on improving the stability of the PHP 5.3.x branch with over 90 bug fixes, some of which are security related.

Bugfixes and updates in this release include the max_input_vars directive, an autoloading issue with is_a and changes to the FPM SAPI module. You can see the full list of changes here or just go over and download this latest release and get to installing - source, Windows binaries.

Lukas Smith's Blog: My take on the MicroPHP manifesto buzz

Lukas Smith has a new post to his blog today with his own take on the MicroPHP manifesto that was posted by Ed Finkler recently. Lukas shares his thoughts on when he sees each type of framework (micro/full stack) has its place and how the project or development team can influence this choice.

Ed's recent blog post labeled the The MicroPHP Manifesto got a lot of attention. [...] In general I totally agree with Ed on the point that we need more decoupled components in the PHP world. The timing seems a bit odd since exactly that seems to be an emerging trend with all the various libraries cropping up since PHP 5.3.

He gets into more of his thoughts comparing the recently popular microframeworks to the full stack, broad use case frameworks that try to provide everything you might need. He talks about the difference between them related to configuration over code and when he sees is a good shifting point to move from the simpler micro world to the full stack (hint: business logic).

So the key take a way point is that when choosing to go micro or full stack its very important to consider in what kind of company on what kind of products you are working on.

2012年1月10日星期二

Community News: Latest PECL Releases for 01.10.2012

Latest PECL Releases:

PHPWomen.org: Book review: PHP Master

On the PHPWomen blog today there's a new book review of SitePoint's latest major PHP publication - "PHP Master" (by Lorna Mitchell, Davey Shafik and Matthew Turland).

At 357 pages (375 including index), this book provides a thorough grounding in the key topics todays PHP developer should strive to know, and know well. The back cover ambitiously states that the book is "guaranteed to take your PHP skills to the next level". Keep reading to find out whether or not I agree.

She walks you through the contents of the book, noting that, despite her being an experienced developer, there were still things that she found new.

Despite the stated demographic, I think this book has a lot to offer novice developers. It would be a real challenge to properly digest and understand the wide range of topics covered, but an achievable and worthwhile one nonetheless. [...] If you're still undecided, my advice is buy the book - you won't regret it.

Nikita Popov's Blog: Disproving the Single Quotes Performance Myth

In this new post to his blog Nikita Popov aims to dispel the popular micro-optimization myth of using single quotes over double quotes for a performance boost.

If there is one PHP related thing that I really hate, then it is definitely the Single Quotes Performance Myth. [...] Let's do a random Google search for "PHP single quotes performance": You will get many results telling you that single quotes are faster than double quotes and that string interpolation is much slower than string concatenation. Most of them advise to use single quotes and concatenation to improve the performance of your application. Let's be clear here: This is pointless.

He did some benchmarking of his own to see how the myth would hold up and, as it turns out, it doesn't - "There is none". His proof compares two strings, one normal single-quoted and the other a double-quoted, and the opcodes they generate. They end up exactly the same. Since it's the opcodes that matter, he recommends using something like APC if you're really worried about the performance. He also includes an example using the token_get_all function of PHP to see how fast the strings run through the lexer too (again, almost no difference).

As an added bonus, he also throws in a bit about string concatenation versus string interpolation with some benchmarking scripts and results of their own.

2012年1月9日星期一

Community News: Latest PEAR Releases for 01.09.2012

Latest PEAR Releases:

PHP.net: PHP 5.4.0 RC5 released

The PHP development team has officially released PHP 5.4.0 RC5, the latest (and the second to last) release candidate for the next major version of the language.

The PHP development team announces the 5th release candidate of PHP 5.4. PHP 5.4 includes new language features and removes several legacy (deprecated) behaviours. Windows binaries can be downloaded from the Windows QA site.

Bugs fixed in this version include a few to the Core, SAPI/CLI SAPI, PHP-FPM support and improvements to the session extension. Download and test out this latest version on your systems - the more feedback they receive the better! You can report issues you might find on the PHP bug tracker.

7php.com: Interview With Chris Tankersley Founder Of Northwest Ohio PHP Users Group

7php.com has posted a new interview today with Chris Tankersley of the Northwest Ohio PHP Users group. The interview (made up of about 20 questions) talks about everything from what Chris thinks about PHP to some advice to aspiring developers to his framework preference.

In this edition, I talked with Chris Tankersley a Zend PHP 5.3 Certified Engineer who has around 8-9 years programming experience in PHP. I'm impressed with his humbleness. He has not even mentioned his blog where he obviously rambles and grumbles about PHP and his projects. Chris has written a nice article on the PHP | Architect blog where he explains How To Exactly Find Where You Are Using The Yahoo PlaceFinder web service.

Fabien Potencier's Blog: Create your own framework...on top of the Symfony2 Components (parts 3 & 4)

Fabien Potencier has posted the third and fourth parts of his "Build a framework on top of Symfony2 components series to his blog:

Part three adds on another page to the sample site, creating a front controller and changing the output to use "setContent()" instead of just echoing the data.
In part four he refactors the code to be a bit more readable, adds in the Symfony2 Routing component to correctly get the requests to the right controller and an example of how to generate routes based on route definitions.

You can find the other parts of the series here: part one, part two.

2012年1月6日星期五

Site News: Popular Posts for the Week of 01.06.2012

Popular posts from PHPDeveloper.org for the past week:

7php.com: Building Your PHP Geek Cred To Publicly Be An Awesome PHP Developer

On the 7php.com blog Khayrattee Wasseem has a few suggestions about how to "build your geek cred" as a PHP developer - suggestions of resources and things you can do to get more involved in the language and its community.

If you've read the PHP|Architect Magazine - March 2011 Edition, you have surely enjoyed the nice article by Jason Austin (a PHP developer from Raleigh, NC) titled "Good PHP help is hard to find". Jason talks about 'the why' and 'the how' to distinguish yourself as a qualified PHP Professional from the crowd. And the way to do that is: "You have to build your geek cred". I think he did a brilliant job with the article.

Some of Khayrattee's suggestions include (each rated with a number of "cred points"):

Get certified with recognised certifications like the Zend Certified Engineer program
Start a PHP meetup group near you
Sign up to attend PHP conferences around the world
Blog about PHP { have a blog dedicated to it }

Stoimen Popov's Blog: PHP Performance: Bitwise Division

Stoimen Popov has a new post to his blog today comparing the performance of bitwise division versus the normal "/" division operator.

Recently I wrote about binary search and then I said that in some languages, like PHP, bitwise division by two is not faster than the typical "/" operator. However I decided to make some experiments and here are the results.

According to his results using the bitwise method is slightly faster, but you'd only really notice it when working with large sets of data (like his example using 10,000,000). The code to run his benchmarks is included in the post.

2012年1月5日星期四

Site News: Blast from the Past - One Year Ago in PHP

Here's what was popular in the PHP community one year ago today:

Fabien Potencier's Blog: Create your own framework... on top of the Symfony2 Components (part 2)

Fabien Potencier is back with the next installment of his "Building a framework on top of Symfony2" tutorial series with this look at using the HttpFoundation component to use the Request and Response classes to handle HTTP interaction. (Part one is here.)

The first step towards better code is probably to use an Object-Oriented approach; that's the main goal of the Symfony2 HttpFoundation component: replacing the default PHP global variables and functions by an Object-Oriented layer.

He shows how using this component not only makes OOP handling of requests/responses simpler, but also helps to make your application more secure through features already included in the HttpFoundation component. Sample code is included showing how to fetch the current request, get filtered values from the superglobals (GET/SERVER/etc) and how to respond with a refactored version of the "Hello world" message from the previous example.

Anthony Ferrara's Blog: The MicroPHP Fallacy

Anthony Ferrara has posted his own response to the recently posted MicroPHP Manifesto (from Ed Finkler that has caused quite a stir in the PHP community). In the post, Anthony mentions some of the points he both agrees and disagrees with about the manifesto.

I came across a rather interesting post yesterday entitled The MicroPHP Manifesto. The author made clever use of a very interesting analogy (drum players) to try to prove his point that less is more. The article makes a very interesting read, and I would suggest that everyone reads it. Go ahead. I'll wait. With that said, I have to disagree with the article rather vehemently. I think the message is somewhat right, but for all the wrong reasons.

One of his main points is that he believes in the "right tool for the right job" mentality and suggests that, like the manifesto says, small things are good for some jobs. In other places, though, a full-stack framework (or component-based one) is the right fit. He finishes off the post by going through the manifesto points themselves and adding commentary with his thoughts on each.

2012年1月4日星期三

Community News: Latest Releases from PHPClasses.org

Fabien Potencier's Blog: Create your own framework... on top of the Symfony2 Components (part 1)

Fabien Potencier has written up a new post on his blog talking about creating your own framework layered on top of the Symfony2 framework's component system (yes, a framework from a framework).

Symfony2 is a reusable set of standalone, decoupled, and cohesive PHP components that solve common web development problems. Instead of using these low-level components, you can use the ready-to-be-used Symfony2 full-stack web framework, which is based on these components... or you can create your very own framework. This series is about the latter.

He talks about the reasoning behind wanting to make your own framework, mostly dealing with exploration and/or proving you can do it. He walks you through every step of the way - creating the base directory, setting up a project via Composer, creating an autoloader and making a first basic file - a "Hello world" echo message. In the next part of the series, he'll add in the HttpFoundation component for web interaction.

Reddit.com: A Response to "The MicroPHP Manifesto"

On Reddit today there's a rather large discussion going on about the recently posted manifesto from Ed Finkler about building simple, manageable tools rather than using "kitchen sink" frameworks for your applications.

As of the time of this post there's about sixty-five comments posted to the thread with widely ranging opinions:

"How is [lots of separate libraries scattered around] better than simply using a framework?"
"This is part of the reason for the PSR0 reference for auto loaders [...] Part of the problem is an inconsistent way to load modules."
"I would love to see this become a trend in the PHP community. I think this is exactly the direction needed to make PHP exciting again and regain mindshare in the wider dev community."
"I know, many people are currently on that micro trip but seriously, I think that there is as much to microframeworks as there is to microoptimization"
"A framework is a tool. If you don't need it, why use it?"
"There's a tool for ever job, I agree some projects or companies "need" something like Zend or Symfony for their enterprise projects. Whether or not you'd want to work on a project with 1000's of classes is something else all together."

Read the full responses to Ed's article here.

2012年1月3日星期二

Community News: Latest PECL Releases for 01.03.2012

Latest PECL Releases:

cairo 0.3.0

PHPMaster.com: Understanding the Command Design Pattern

On PHPMaster.com today there's a new article introducing you to the Command design pattern and looking to help you understand its use a bit better.

The majority of [cell phone] users have opted to receive an email, but a significant number are now opting to receive the notifications via SMS. Here's the problem: How do you send a message via two different channels to both groups of users? The logical approach would be to split the users into 2 groups, email recipients and SMS recipients, which would involve running 2 different queries and sending the codeword to each group separately. Using the Command Pattern, which I will introduce you to in this article, you can send the message to both groups of users in a single process.

He uses the message queue he mentioned as an example - showing how you can can queue up different kinds of objects (actions) based on a common interface into the same process. He creates a "DailyAlertEmail" and "DailyAlertSMS" classes, both with a "send" method. The settings for these are then pulled from a database and the "execute" method on the "MessageQueue" class is called to loop through them, calling "send" to do that work.

Rob Allen's Blog: Sublime Text 2 Snippet for PHP getter and setter generation

In a quick new post to his blog, Rob Allen has shared a snippet for the Sublime Text 2 editor to make creating getters and setters for your class simpler (dynamically too).

As with a lot of editors, Sublime Text supports snippets which are essentially text expansions of a short phrase into more text. I needed to create a few getXxx() and setXxx() methods for some properties of a class and decided that the easiest way to do this would be with a snippet.

Included in the post is the code you'll need to put into the snippet - a simple find (regular expression based) looks at the currently selected variable and expands out the getter and setter for it. For more information on the Sublime Text 2 editor, see the product's website.

2012年1月2日星期一

Kenny Katzgrau's Blog: The Top 10 CodeIgniter Sparks of 2011

Kenny Katzgrau has a new post with the top ten Sparks (CodeIgniter packages) for the year of 2011:

It's a moderately simple app that provides a vehicle for quickly dropping other developers' code in your codebase. Many of the packages on GetSparks are very well maintained. I am continually impressed by the amount of effort spark developers pour into their submissions when I peruse the site and try new packages out. [...] GetSparks has almost clocked 50,000 package downloads at this point, but there are handful of sparks that have really stood out in terms of popularity.

Packages in the top ten list by popularity include (in no particular order) php-activerecord, template, gravatar_helper and markdown. He also thanks a few of the folks that have made the GetSparks.org site what it is.

订阅：博文 (Atom)