info/php-the-right-way
1
0
Fork 0
mirror of https://github.com/codeguy/php-the-right-way.git synced 2025-08-16 10:43:58 +02:00
Code Issues Projects Releases Wiki Activity

Merge branch 'gh-pages' into i18n

Browse Source
This commit is contained in:
Igor Santos
2018-06-20 15:04:20 -03:00
committed by GitHub
parent 08dffd329d 9f88b73edf
commit 43f8b81d35
78 changed files with 852 additions and 732 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
_posts/01-02-01-Use-the-Current-Stable-Version.md
View File

@@ -1,16 +1,15 @@
---
title: Use the Current Stable Version (7.0)
title: Use the Current Stable Version (7.2)
isChild: true
anchor: use_the_current_stable_version
---
## Use the Current Stable Version (7.0) {#use_the_current_stable_version_title}
## Use the Current Stable Version (7.2) {#use_the_current_stable_version_title}
If you are getting started with PHP, start with the current stable release of [PHP 7.0][php-release]. PHP 7.0 is very
new, and adds many amazing [new features](#language_highlights) over the older 5.x versions. The engine has been largely re-written, and PHP is now even quicker than older versions.
If you are getting started with PHP, start with the current stable release of [PHP 7.2][php-release]. PHP 7.x adds many [new features](#language_highlights) over the older 5.x versions. The engine has been largely re-written, and PHP is now even quicker than older versions.
Most commonly in the near future you will find PHP 5.x being used, and the latest 5.x version is 5.6. This is not a bad option, but you should try to upgrade to the latest stable quickly. Upgrading is really quite easy, as there are not many [backwards compatibility breaks][php70-bc]. If you are not sure which version a function or feature is in, you can check the PHP documentation on the [php.net][php-docs] website.
You should try to upgrade to the latest stable version quickly - PHP 5.6 [will not receive security updates beyond 2018](http://php.net/supported-versions.php). Upgrading is easy, as there are not many [backwards compatibility breaks][php72-bc]. If you are not sure which version a function or feature is in, you can check the PHP documentation on the [php.net][php-docs] website.
[php-release]: http://php.net/downloads.php
[php-docs]: http://php.net/manual/
[php70-bc]: http://php.net/manual/migration70.incompatible.php
[php72-bc]: http://php.net/manual/migration72.incompatible.php

40
_posts/01-04-01-Mac-Setup.md
View File

@@ -5,18 +5,17 @@ anchor: mac_setup
## Mac Setup {#mac_setup_title}
OS X comes prepackaged with PHP but it is normally a little behind the latest stable. Mavericks has 5.4.17,
Yosemite has 5.5.9 and El Capitan has 5.5.29, but with PHP 7.0 out that is often not good enough.
There are multiple ways to install PHP on OS X.
macOS comes prepackaged with PHP but it is normally a little behind the latest stable release. There are multiple ways to install the latest PHP version on macOS.
### Install PHP via Homebrew
[Homebrew] is a powerful package manager for OS X, which can help you install PHP and various extensions easily.
[Homebrew PHP] is a repository that contains PHP-related "formulae" for Homebrew, and will let you install PHP.
[Homebrew] is a package manager for macOS that helps you easily install PHP and various extensions. The Homebrew core repository provides "formulae" for PHP 5.6, 7.0, 7.1, and 7.2. Install the latest version with this command:
At this point, you can install `php53`, `php54`, `php55`, `php56` or `php70` using the `brew install` command, and switch
between them by modifying your `PATH` variable. Alternatively you can use [brew-php-switcher][brew-php-switcher] which will switch automatically for you.
```
brew install php@7.2
```
You can switch between Homebrew PHP versions by modifying your `PATH` variable. Alternatively, you can use [brew-php-switcher][brew-php-switcher] to switch PHP versions automatically.
### Install PHP via Macports
@@ -26,17 +25,17 @@ command-line, X11 or Aqua based open-source software on the OS X operating
system.
MacPorts supports pre-compiled binaries, so you don't need to recompile every
dependencies from the source tarball files, it saves your life if you don't
dependency from the source tarball files, it saves your life if you don't
have any package installed on your system.
At this point, you can install `php54`, `php55`, `php56` or `php70` using the `port install` command, for example:
At this point, you can install `php54`, `php55`, `php56`, `php70` or `php71` using the `port install` command, for example:
sudo port install php56
sudo port install php70
sudo port install php71
And you can run `select` command to switch your active php:
And you can run `select` command to switch your active PHP:
sudo port select --set php php70
sudo port select --set php php71
### Install PHP via phpbrew
@@ -45,8 +44,8 @@ applications/projects require different versions of PHP, and you are not using v
### Install PHP via Liip's binary installer
Another popular option is [php-osx.liip.ch] which provides one liner installation methods for versions 5.3 through 7.0.
It doesn't overwrite the php binaries installed by Apple, but installs everything in a separate location (/usr/local/php5).
Another popular option is [php-osx.liip.ch] which provides one liner installation methods for versions 5.3 through 7.1.
It doesn't overwrite the PHP binaries installed by Apple, but installs everything in a separate location (/usr/local/php5).
### Compile from Source
@@ -60,15 +59,14 @@ The solutions listed above mainly handle PHP itself, and do not supply things li
"All-in-one" solutions such as [MAMP][mamp-downloads] and [XAMPP][xampp] will install these other bits of software for
you and tie them all together, but ease of setup comes with a trade-off of flexibility.
[Homebrew]: http://brew.sh/
[Homebrew]: https://brew.sh/
[Homebrew PHP]: https://github.com/Homebrew/homebrew-php#installation
[MacPorts]: https://www.macports.org/install.php
[phpbrew]: https://github.com/phpbrew/phpbrew
[php-osx.liip.ch]: http://php-osx.liip.ch/
[mac-compile]: http://php.net/install.macosx.compile
[php-osx.liip.ch]: https://php-osx.liip.ch/
[mac-compile]: https://secure.php.net/install.macosx.compile
[xcode-gcc-substitution]: https://github.com/kennethreitz/osx-gcc-installer
["Command Line Tools for XCode"]: https://developer.apple.com/downloads
[mamp-downloads]: http://www.mamp.info/en/downloads/
[xampp]: http://www.apachefriends.org/en/xampp.html
[mamp-downloads]: https://www.mamp.info/en/downloads/
[xampp]: https://www.apachefriends.org/index.html
[brew-php-switcher]: https://github.com/philcook/brew-php-switcher

40
_posts/01-05-01-Windows-Setup.md
View File

@@ -1,22 +1,22 @@
---
isChild: true
anchor: windows_setup
---
## Windows Setup {#windows_setup_title}
You can download the binaries from [windows.php.net/download][php-downloads]. After the extraction of PHP, it is recommended to set the [PATH][windows-path] to the root of your PHP folder (where php.exe is located) so you can execute PHP from anywhere.
For learning and local development you can use the built in webserver with PHP 5.4+ so you don't need to worry about
configuring it. If you would like an "all-in-one" which includes a full-blown webserver and MySQL too then tools such
as the [Web Platform Installer][wpi], [XAMPP][xampp], [EasyPHP][easyphp], [OpenServer][openserver] and [WAMP][wamp] will
help get a Windows development environment up and running fast. That said, these tools will be a little different from
production so be careful of environment differences if you are working on Windows and deploying to Linux.
---
isChild: true
anchor: windows_setup
---
If you need to run your production system on Windows then IIS7 will give you the most stable and best performance. You
can use [phpmanager][phpmanager] (a GUI plugin for IIS7) to make configuring and managing PHP simple. IIS7 comes with
FastCGI built in and ready to go, you just need to configure PHP as a handler. For support and additional resources
there is a [dedicated area on iis.net][php-iis] for PHP.
## Windows Setup {#windows_setup_title}
You can download the binaries from [windows.php.net/download][php-downloads]. After the extraction of PHP, it is recommended to set the [PATH][windows-path] to the root of your PHP folder (where php.exe is located) so you can execute PHP from anywhere.
For learning and local development, you can use the built in webserver with PHP 5.4+ so you don't need to worry about
configuring it. If you would like an "all-in-one" which includes a full-blown webserver and MySQL too then tools such
as the [Web Platform Installer][wpi], [XAMPP][xampp], [EasyPHP][easyphp], [OpenServer][openserver] and [WAMP][wamp] will
help get a Windows development environment up and running fast. That said, these tools will be a little different from
production so be careful of environment differences if you are working on Windows and deploying to Linux.
If you need to run your production system on Windows, then IIS7 will give you the most stable and best performance. You
can use [phpmanager][phpmanager] (a GUI plugin for IIS7) to make configuring and managing PHP simple. IIS7 comes with
FastCGI built in and ready to go, you just need to configure PHP as a handler. For support and additional resources
there is a [dedicated area on iis.net][php-iis] for PHP.
Generally running your application on different environment in development and production can lead to strange bugs popping up when you go
live. If you are developing on Windows and deploying to Linux (or anything non-Windows) then you should consider using a [Virtual Machine](/#virtualization_title).
@@ -30,6 +30,6 @@ Chris Tankersley has a very helpful blog post on what tools he uses to do [PHP d
[php-downloads]: http://windows.php.net/download/
[php-iis]: http://php.iis.net/
[windows-path]: http://www.windows-commandline.com/set-path-command-line/
[windows-tools]: http://ctankersley.com/2015/07/01/developing-on-windows/
[wpi]: http://www.microsoft.com/web/downloads/platform.aspx
[windows-tools]: http://ctankersley.com/2016/11/13/developing-on-windows-2016/
[wpi]: https://www.microsoft.com/web/downloads/platform.aspx
[xampp]: http://www.apachefriends.org/en/xampp.html

19
_posts/01-06-01-Common-Directory-Structure.md Normal file
View File

@@ -0,0 +1,19 @@
---
title: Common Directory Structure
isChild: true
anchor: common_directory_structure
---
## Common Directory structure {#common_directory_structure_title}
A common question among those starting out with writing programs for the web is, "where do I put my stuff?" Over the years, this answer has consistently been "where the `DocumentRoot` is." Although this answer is not complete, it's a great place to start.
For security reasons, configuration files should not be accessible by a site's visitors; therefore, public scripts are kept in a public directory and private configurations and data are kept outside of that directory.
For each team, CMS, or framework one works in, a standard directory structure is used by each of those entities. However, if one is starting a project alone, knowing which filesystem structure to use can be daunting.
[Paul M. Jones] has done some fantastic research into common practices of tens of thousands of github projects in the realm of PHP. He has compiled a standard file and directory structure, the [Standard PHP Package Skeleton], based on this research. In this directory structure, `DocumentRoot` should point to `public/`, unit tests should be in the `tests/` directory, and third party libraries, as installed by [composer], belong in the `vendor/` directory. For other files and directories, abiding by the [Standard PHP Package Skeleton] will make the most sense to contributors of a project.
[Paul M. Jones]: https://twitter.com/pmjones
[Standard PHP Package Skeleton]: https://github.com/php-pds/skeleton
[Composer]: /#composer_and_packagist

55
_posts/02-01-01-Code-Style-Guide.md
View File

@@ -10,16 +10,15 @@ PHP developers to choose several of these and combine them into a single project
their projects.
The [Framework Interop Group][fig] has proposed and approved a series of style recommendations. Not all of them related
to code-style, but those that do are [PSR-0][psr0], [PSR-1][psr1], [PSR-2][psr2] and [PSR-4][psr4]. These
recommendations are merely a set of rules that some projects like Drupal, Zend, Symfony, CakePHP, phpBB, AWS SDK,
FuelPHP, Lithium, etc are starting to adopt. You can use them for your own projects, or continue to use your own
to code-style, but those that do are [PSR-1][psr1], [PSR-2][psr2] and [PSR-4][psr4]. These
recommendations are merely a set of rules that many projects like Drupal, Zend, Symfony, Laravel, CakePHP, phpBB, AWS SDK,
FuelPHP, Lithium, etc are adopting. You can use them for your own projects, or continue to use your own
personal style.
Ideally you should write PHP code that adheres to a known standard. This could be any combination of PSR's, or one
Ideally, you should write PHP code that adheres to a known standard. This could be any combination of PSRs, or one
of the coding standards made by PEAR or Zend. This means other developers can easily read and work with your code, and
applications that implement the components can have consistency even when working with lots of third-party code.
* [Read about PSR-0][psr0]
* [Read about PSR-1][psr1]
* [Read about PSR-2][psr2]
* [Read about PSR-4][psr4]
@@ -27,33 +26,45 @@ applications that implement the components can have consistency even when workin
* [Read about Symfony Coding Standards][symfony-cs]
You can use [PHP_CodeSniffer][phpcs] to check code against any one of these recommendations, and plugins for text
editors like [Sublime Text 2][st-cs] to be given real time feedback.
editors like [Sublime Text][st-cs] to be given real-time feedback.
You can fix the code layout automatically by using one of the two following tools. One is the [PHP Coding Standards Fixer][phpcsfixer] which has a very well tested codebase.
Another option is [php.tools][phptools], which is made popular by the [sublime-phpfmt][sublime-phpfmt] editor plugin. While being newer, it makes great improvements in performance, meaning real-time editor fixing is more fluid.
You can fix the code layout automatically by using one of the following tools:
- One is the [PHP Coding Standards Fixer][phpcsfixer] which has a very well tested codebase.
- Also, the [PHP Code Beautifier and Fixer][phpcbf] tool which is included with PHP_CodeSniffer can be used to adjust your code accordingly.
And you can run phpcs manually from shell:
phpcs -sw --standard=PSR2 file.php
It will show errors and descriptions how to fix them.
It will show errors and describe how to fix them.
It can also be helpful to include this command in a git hook.
That way branches which contain violations against the chosen standard cannot enter the repository
until those violations have been fixed.
That way, branches which contain violations against the chosen standard cannot enter the repository until those
violations have been fixed.
If you have PHP_CodeSniffer, then you can fix the code layout problems reported by it, automatically, with the
[PHP Code Beautifier and Fixer][phpcbf].
phpcbf -w --standard=PSR2 file.php
Another option is to use the [PHP Coding Standards Fixer][phpcsfixer].
It will show which kind of errors the code structure had before it fixed them.
php-cs-fixer fix -v --level=psr2 file.php
English is preferred for all symbol names and code infrastructure. Comments may be written in any language easily
readable by all current and future parties who may be working on the codebase.
Finally, a good supplementary resource for writing clean PHP code is [Clean Code PHP][cleancode].
[fig]: http://www.php-fig.org/
[psr0]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md
[psr1]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-1-basic-coding-standard.md
[psr2]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md
[psr4]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4-autoloader.md
[pear-cs]: http://pear.php.net/manual/en/standards.php
[symfony-cs]: http://symfony.com/doc/current/contributing/code/standards.html
[phpcs]: http://pear.php.net/package/PHP_CodeSniffer/
[fig]: https://www.php-fig.org/
[psr1]: https://www.php-fig.org/psr/psr-1/
[psr2]: https://www.php-fig.org/psr/psr-2/
[psr4]: https://www.php-fig.org/psr/psr-4/
[pear-cs]: https://pear.php.net/manual/en/standards.php
[symfony-cs]: https://symfony.com/doc/current/contributing/code/standards.html
[phpcs]: https://pear.php.net/package/PHP_CodeSniffer/
[phpcbf]: https://github.com/squizlabs/PHP_CodeSniffer/wiki/Fixing-Errors-Automatically
[st-cs]: https://github.com/benmatselby/sublime-phpcs
[phpcsfixer]: http://cs.sensiolabs.org/
[phptools]: https://github.com/phpfmt/php.tools
[sublime-phpfmt]: https://github.com/phpfmt/sublime-phpfmt
[phpcsfixer]: https://cs.sensiolabs.org/
[cleancode]: https://github.com/jupeter/clean-code-php

18
_posts/03-02-01-Programming-Paradigms.md
View File

@@ -50,14 +50,14 @@ available as `__call()` and `__callStatic()`.
* [Read about Overloading][overloading]
[oop]: http://php.net/language.oop5
[traits]: http://php.net/language.oop5.traits
[anonymous-functions]: http://php.net/functions.anonymous
[closure-class]: http://php.net/class.closure
[oop]: https://secure.php.net/language.oop5
[traits]: https://secure.php.net/language.oop5.traits
[anonymous-functions]: https://secure.php.net/functions.anonymous
[closure-class]: https://secure.php.net/class.closure
[closures-rfc]: https://wiki.php.net/rfc/closures
[callables]: http://php.net/language.types.callable
[call-user-func-array]: http://php.net/function.call-user-func-array
[magic-methods]: http://php.net/language.oop5.magic
[reflection]: http://php.net/intro.reflection
[overloading]: http://php.net/language.oop5.overloading
[callables]: https://secure.php.net/language.types.callable
[call-user-func-array]: https://secure.php.net/function.call-user-func-array
[magic-methods]: https://secure.php.net/language.oop5.magic
[reflection]: https://secure.php.net/intro.reflection
[overloading]: https://secure.php.net/language.oop5.overloading

16
_posts/03-03-01-Namespaces.md
View File

@@ -6,7 +6,7 @@ anchor: namespaces
## Namespaces {#namespaces_title}
As mentioned above, the PHP community has a lot of developers creating lots of code. This means that one library's PHP
code may use the same class name as another library. When both libraries are used in the same namespace, they collide
code might use the same class name as another. When both libraries are used in the same namespace, they collide
and cause trouble.
_Namespaces_ solve this problem. As described in the PHP reference manual, namespaces may be compared to operating
@@ -19,19 +19,15 @@ with other libraries.
One recommended way to use namespaces is outlined in [PSR-4][psr4], which aims to provide a standard file, class and
namespace convention to allow plug-and-play code.
In October 2014 the PHP-FIG deprecated the previous autoloading standard: [PSR-0][psr0], which has been replaced with
[PSR-4][psr4]. Currently both are still perfectly usable and PSR-0 is not going away. As PSR-4 requires PHP 5.3 and
many PHP 5.2-only projects currently implement PSR-0. Luckily those PHP 5.2-only projects are starting to up their
version requirements, meaning PSR-0 is being used less and less.
In October 2014 the PHP-FIG deprecated the previous autoloading standard: [PSR-0][psr0]. Both PSR-0 and PSR-4 are still perfectly usable. The latter requires PHP 5.3, so many PHP 5.2-only projects implement PSR-0.
If you're going to use an autoloader standard for a new application or package then you almost certainly want
to look into PSR-4.
If you're going to use an autoloader standard for a new application or package, look into PSR-4.
* [Read about Namespaces][namespaces]
* [Read about PSR-0][psr0]
* [Read about PSR-4][psr4]
[namespaces]: http://php.net/language.namespaces
[psr0]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md
[psr4]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4-autoloader.md
[namespaces]: https://secure.php.net/language.namespaces
[psr0]: https://www.php-fig.org/psr/psr-0/
[psr4]: https://www.php-fig.org/psr/psr-4/

4
_posts/03-04-01-Standard-PHP-Library.md
View File

@@ -14,5 +14,5 @@ over these datastructures or your own classes which implement SPL interfaces.
* [SPL video course on Lynda.com(Paid)][spllynda]
[spl]: http://php.net/book.spl
[spllynda]: http://www.lynda.com/PHP-tutorials/Up-Running-Standard-PHP-Library/175038-2.html
[spl]: https://secure.php.net/book.spl
[spllynda]: https://www.lynda.com/PHP-tutorials/Up-Running-Standard-PHP-Library/175038-2.html

15
_posts/03-05-01-Command-Line-Interface.md
View File

@@ -52,13 +52,10 @@ Hello, world
* [Learn about running PHP from the command line][php-cli]
* [Learn about setting up Windows to run PHP from the command line][php-cli-windows]
[phpinfo]: http://php.net/function.phpinfo
[cli-options]: http://php.net/features.commandline.options
[argc]: http://php.net/reserved.variables.argc
[argv]: http://php.net/reserved.variables.argv
[exit-codes]: http://www.gsp.com/cgi-bin/man.cgi?section=3&topic=sysexits
[php-cli]: http://php.net/features.commandline
[php-cli-windows]: http://php.net/install.windows.commandline
[phpinfo]: https://secure.php.net/function.phpinfo
[cli-options]: https://secure.php.net/features.commandline.options
[argc]: https://secure.php.net/reserved.variables.argc
[argv]: https://secure.php.net/reserved.variables.argv
[exit-codes]: https://www.gsp.com/cgi-bin/man.cgi?section=3&topic=sysexits
[php-cli]: https://secure.php.net/features.commandline.options

10
_posts/03-06-01-XDebug.md
View File

@@ -21,8 +21,8 @@ will want to enable right away.
Traditionally, you will modify your Apache VHost or .htaccess file with these values:
{% highlight ini %}
php_value xdebug.remote_host=192.168.?.?
php_value xdebug.remote_port=9000
php_value xdebug.remote_host 192.168.?.?
php_value xdebug.remote_port 9000
{% endhighlight %}
The "remote host" and "remote port" will correspond to your local computer and the port that you configure your IDE to
@@ -41,6 +41,6 @@ stand-alone Xdebug GUI for Mac.
* [Learn more about MacGDBp][macgdbp-install]
[xdebug-install]: http://xdebug.org/docs/install
[xdebug-docs]: http://xdebug.org/docs/
[macgdbp-install]: http://www.bluestatic.org/software/macgdbp/
[xdebug-install]: https://xdebug.org/docs/install
[xdebug-docs]: https://xdebug.org/docs/
[macgdbp-install]: https://www.bluestatic.org/software/macgdbp/

86
_posts/04-02-01-Composer-and-Packagist.md
View File

@@ -1,34 +1,33 @@
---
title: Composer and Packagist
isChild: true
anchor: composer_and_packagist
---
## Composer and Packagist {#composer_and_packagist_title}
Composer is a **brilliant** dependency manager for PHP. List your project's dependencies in a `composer.json` file and,
Composer is the recommended dependency manager for PHP. List your project's dependencies in a `composer.json` file and,
with a few simple commands, Composer will automatically download your project's dependencies and setup autoloading for
you. Composer is analogous to NPM in the node.js world, or Bundler in the Ruby world.
There are already a lot of PHP libraries that are compatible with Composer, ready to be used in your project. These
There is a plethora of PHP libraries that are compatible with Composer and ready to be used in your project. These
"packages" are listed on [Packagist], the official repository for Composer-compatible PHP libraries.
### How to Install Composer
You can install Composer locally (in your current working directory) or globally (e.g. /usr/local/bin, recommended).
Let's assume you want to install Composer globally:
The safest way to download composer is by [following the official instructions](https://getcomposer.org/download/).
This will verify the installer is not corrupt or tampered with.
The installer installs a `composer.phar` binary in your _current working directory_.
We recommend installing Composer *globally* (e.g. a single copy in `/usr/local/bin`). To do so, run this command next:
{% highlight console %}
curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer
{% endhighlight %}
**Note:** If the above fails due to permissions, run the `mv` line again with `sudo`.
**Note:** If the above fails due to permissions, prefix with `sudo`.
This will download `composer.phar` (a PHP binary archive). You can run this with `php` to manage your project
dependencies.
**Please Note:** If you pipe downloaded code directly into an interpreter, please read the
code online first to confirm it is safe.
To run a locally installed Composer you'd use `php composer.phar`, globally it's simply `composer`.
#### Installing on Windows
@@ -36,59 +35,27 @@ For Windows users the easiest way to get up and running is to use the [ComposerS
performs a global install and sets up your `$PATH` so that you can just call `composer` from any
directory in your command line.
### How to Install Composer (manually)
Manually installing Composer is an advanced technique; however, there are various reasons why a
developer might prefer this method vs. using the interactive installation routine. The interactive
installation checks your PHP installation to ensure that:
- a sufficient version of PHP is being used
- `.phar` files can be executed correctly
- certain directory permissions are sufficient
- certain problematic extensions are not loaded
- certain `php.ini` settings are set
Since a manual installation performs none of these checks, you have to decide whether the trade-off is
worth it for you. As such, below is how to obtain Composer manually:
{% highlight console %}
curl -s https://getcomposer.org/composer.phar -o $HOME/local/bin/composer
chmod +x $HOME/local/bin/composer
{% endhighlight %}
The path `$HOME/local/bin` (or a directory of your choice) should be in your `$PATH` environment
variable. This will result in a `composer` command being available.
When you come across documentation that states to run Composer as `php composer.phar install`, you can
substitute that with:
{% highlight console %}
composer install
{% endhighlight %}
This section will assume you have installed composer globally.
### How to Define and Install Dependencies
Composer keeps track of your project's dependencies in a file called `composer.json`. You can manage it
by hand if you like, or use Composer itself. The `composer require` command adds a project dependency
by hand if you like, or use Composer itself. The `composer require` command adds a project dependency
and if you don't have a `composer.json` file, one will be created. Here's an example that adds [Twig]
as a dependency of your project.
{% highlight console %}
composer require twig/twig:~1.8
composer require twig/twig:^2.0
{% endhighlight %}
Alternatively the `composer init` command will guide you through creating a full `composer.json` file
Alternatively, the `composer init` command will guide you through creating a full `composer.json` file
for your project. Either way, once you've created your `composer.json` file you can tell Composer to
download and install your dependencies into the `vendor/` directory. This also applies to projects
download and install your dependencies into the `vendor/` directory. This also applies to projects
you've downloaded that already provide a `composer.json` file:
{% highlight console %}
composer install
{% endhighlight %}
Next, add this line to your application's primary PHP file; this will tell PHP to use Composer's
Next, add this line to your application's primary PHP file; this will tell PHP to use Composer's
autoloader for your project dependencies.
{% highlight php %}
@@ -101,13 +68,14 @@ Now you can use your project dependencies, and they'll be autoloaded on demand.
### Updating your dependencies
Composer creates a file called `composer.lock` which stores the exact version of each package it
downloaded when you
first ran `composer install`. If you share your project with other coders and the `composer.lock` file
is part of your distribution, when they run `composer install` they'll get the same versions as you.
To update your dependencies, run `composer update`.
downloaded when you first ran `composer install`. If you share your project with others,
ensure the `composer.lock` file is included, so that when they run `composer install` they'll
get the same versions as you. To update your dependencies, run `composer update`. Don't use
`composer update` when deploying, only `composer install`, otherwise you may end up with different
package versions on production.
This is most useful when you define your version requirements flexibly. For instance a version
requirement of `~1.8` means "anything newer than `1.8.0`, but less than `2.0.x-dev`". You can also use
This is most useful when you define your version requirements flexibly. For instance, a version
requirement of `~1.8` means "anything newer than `1.8.0`, but less than `2.0.x-dev`". You can also use
the `*` wildcard as in `1.8.*`. Now Composer's `composer update` command will upgrade all your
dependencies to the newest version that fits the restrictions you define.
@@ -125,7 +93,7 @@ file and tell you if you need to update any of your dependencies.
### Handling global dependencies with Composer
Composer can also handle global dependencies and their binaries. Usage is straight-forward, all you need
to do is prefix your command with `global`. If for example you wanted to install PHPUnit and have it
to do is prefix your command with `global`. If for example you wanted to install PHPUnit and have it
available globally, you'd run the following command:
{% highlight console %}
@@ -133,14 +101,14 @@ composer global require phpunit/phpunit
{% endhighlight %}
This will create a `~/.composer` folder where your global dependencies reside. To have the installed
packages' binaries available everywhere, you'd then add the `~/.composer/vendor/bin` folder to your
packages' binaries available everywhere, you'd then add the `~/.composer/vendor/bin` folder to your
`$PATH` variable.
* [Learn about Composer]
[Packagist]: http://packagist.org/
[Twig]: http://twig.sensiolabs.org
[Packagist]: https://packagist.org/
[Twig]: https://twig.symfony.com/
[VersionEye]: https://www.versioneye.com/
[Security Advisories Checker]: https://security.sensiolabs.org/
[Learn about Composer]: http://getcomposer.org/doc/00-intro.md
[Learn about Composer]: https://getcomposer.org/doc/00-intro.md
[ComposerSetup]: https://getcomposer.org/Composer-Setup.exe

19
_posts/04-03-01-PEAR.md
View File

@@ -1,4 +1,5 @@
---
title: PEAR
isChild: true
anchor: pear
---
@@ -17,10 +18,10 @@ version conflicts between two projects arise.
### How to install PEAR
You can install PEAR by downloading the `.phar` installer and executing it. The PEAR documentation has
You can install PEAR by downloading the `.phar` installer and executing it. The PEAR documentation has
detailed [install instructions][2] for every operating system.
If you are using Linux, you can also have a look at your distribution package manager. Debian and Ubuntu,
If you are using Linux, you can also have a look at your distribution package manager. Debian and Ubuntu,
for example, have an apt `php-pear` package.
### How to install a package
@@ -46,7 +47,7 @@ handle your PEAR dependencies. This example will install code from `pear2.php.ne
"repositories": [
{
"type": "pear",
"url": "http://pear2.php.net"
"url": "https://pear2.php.net"
}
],
"require": {
@@ -57,7 +58,7 @@ handle your PEAR dependencies. This example will install code from `pear2.php.ne
{% endhighlight %}
The first section `"repositories"` will be used to let Composer know it should "initialize" (or "discover" in PEAR
terminology) the pear repo. Then the require section will prefix the package name like this:
terminology) the pear repo. Then the `require` section will prefix the package name like this:
> pear-channel/Package
@@ -79,9 +80,9 @@ $request = new pear2\HTTP\Request();
* [Learn more about using PEAR with Composer][6]
[1]: http://pear.php.net/
[2]: http://pear.php.net/manual/en/installation.getting.php
[3]: http://pear.php.net/packages.php
[4]: http://pear.php.net/manual/en/guide.users.commandline.channels.php
[1]: https://pear.php.net/
[2]: https://pear.php.net/manual/installation.getting.php
[3]: https://pear.php.net/packages.php
[4]: https://pear.php.net/manual/guide.users.commandline.channels.php
[5]: /#composer_and_packagist
[6]: http://getcomposer.org/doc/05-repositories.md#pear
[6]: https://getcomposer.org/doc/05-repositories.md#pear

2
_posts/05-02-01-The-Basics.md
View File

@@ -6,7 +6,7 @@ anchor: the_basics
## The Basics {#the_basics_title}
PHP is a vast language that allows coders of all levels the ability to produce code not only quickly, but efficiently.
However while advancing through the language, we often forget the basics that we first learnt (or overlooked) in favor
However, while advancing through the language, we often forget the basics that we first learnt (or overlooked) in favor
of short cuts and/or bad habits. To help combat this common issue, this section is aimed at reminding coders of the
basic coding practices within PHP.

9
_posts/05-03-01-Date-and-Time.md
View File

@@ -1,4 +1,5 @@
---
title: Date and Time
isChild: true
anchor: date_and_time
---
@@ -42,7 +43,7 @@ On DateTime objects you can use standard comparison:
{% highlight php %}
<?php
if ($start < $end) {
echo "Start is before end!\n";
echo "Start is before the end!\n";
}
{% endhighlight %}
@@ -60,8 +61,10 @@ foreach ($periodIterator as $date) {
}
{% endhighlight %}
A popular PHP API extension is [Carbon](https://carbon.nesbot.com/). It inherits everything in the DateTime class, so involves minimal code alterations, but extra features include Localization support, further ways to add, subtract and format a DateTime object, plus a means to test your code by simulating a date and time of your choosing.
* [Read about DateTime][datetime]
* [Read about date formatting][dateformat] (accepted date format string options)
[datetime]: http://php.net/book.datetime
[dateformat]: http://php.net/function.date
[datetime]: https://secure.php.net/book.datetime
[dateformat]: https://secure.php.net/function.date

4
_posts/05-04-01-Design-Patterns.md
View File

@@ -14,4 +14,6 @@ lot of the pattern decisions are made for you. But it is still up to you to pick
code you build on top of the framework. If, on the other hand, you are not using a framework to build your application
then you have to find the patterns that best suit the type and size of application that you're building.
* Continue reading on [Design Patterns](/pages/Design-Patterns.html)
You can learn more about PHP design patterns and see working examples at:
<https://designpatternsphp.readthedocs.io/>

70
_posts/05-05-01-PHP-and-UTF8.md
View File

@@ -6,7 +6,7 @@ anchor: php_and_utf8
## Working with UTF-8 {#php_and_utf8_title}
_This section was originally written by [Alex Cabal](https://alexcabal.com/) over at
_This section was originally written by [Alex Cabal](https://alexcabal.com/) over at
[PHP Best Practices](https://phpbestpractices.org/#utf-8) and has been used as the basis for our own UTF-8 advice_.
### There's no one-liner. Be careful, detailed, and consistent.
@@ -18,7 +18,7 @@ for a brief, practical summary.
### UTF-8 at the PHP level
The basic string operations, like concatenating two strings and assigning strings to variables, don't need anything
special for UTF-8. However most string functions, like `strpos()` and `strlen()`, do need special consideration. These
special for UTF-8. However, most string functions, like `strpos()` and `strlen()`, do need special consideration. These
functions often have an `mb_*` counterpart: for example, `mb_strpos()` and `mb_strlen()`. These `mb_*` strings are made
available to you via the [Multibyte String Extension], and are specifically designed to operate on Unicode strings.
@@ -44,7 +44,7 @@ Finally, If you are building a distributed application and cannot be certain tha
enabled, then consider using the [patchwork/utf8] Composer package. This will use `mbstring` if it is available, and
fall back to non UTF-8 functions if not.
[Multibyte String Extension]: http://php.net/book.mbstring
[Multibyte String Extension]: https://secure.php.net/book.mbstring
[patchwork/utf8]: https://packagist.org/packages/patchwork/utf8
### UTF-8 at the Database level
@@ -63,26 +63,30 @@ Further Reading for why.
Use the `mb_http_output()` function to ensure that your PHP script outputs UTF-8 strings to your browser.
The browser will then need to be told by the HTTP response that this page should be considered as UTF-8. The historic
approach to doing that was to include the [charset `<meta>` tag](http://htmlpurifier.org/docs/enduser-utf8.html) in
your page's `<head>` tag. This approach is perfectly valid, but setting the charset in the `Content-Type` header is
actually [much faster](https://developers.google.com/speed/docs/best-practices/rendering#SpecifyCharsetEarly).
The browser will then need to be told by the HTTP response that this page should be considered as UTF-8. Today, it is common to set the character set in the HTTP response header like this:
{% highlight php %}
<?php
header('Content-Type: text/html; charset=UTF-8')
{% endhighlight %}
The historic approach to doing that was to include the [charset `<meta>` tag](http://htmlpurifier.org/docs/enduser-utf8.html) in your page's `<head>` tag.
{% highlight php %}
<?php
// Tell PHP that we're using UTF-8 strings until the end of the script
mb_internal_encoding('UTF-8');
// Tell PHP that we'll be outputting UTF-8 to the browser
mb_http_output('UTF-8');
// Our UTF-8 test string
$string = 'Êl síla erin lû e-govaned vîn.';
// Transform the string in some way with a multibyte function
// Note how we cut the string at a non-Ascii character for demonstration purposes
$string = mb_substr($string, 0, 15);
// Connect to a database to store the transformed string
// See the PDO example in this document for more information
// Note the `charset=utf8mb4` in the Data Source Name (DSN)
@@ -95,19 +99,19 @@ $link = new PDO(
PDO::ATTR_PERSISTENT => false
)
);
// Store our transformed string as UTF-8 in our database
// Your DB and tables are in the utf8mb4 character set and collation, right?
$handle = $link->prepare('insert into ElvishSentences (Id, Body) values (?, ?)');
$handle->bindValue(1, 1, PDO::PARAM_INT);
$handle->bindValue(2, $string);
$handle->execute();
// Retrieve the string we just stored to prove it was stored correctly
$handle = $link->prepare('select * from ElvishSentences where Id = ?');
$handle->bindValue(1, 1, PDO::PARAM_INT);
$handle->execute();
// Store the result into an object that we'll output later in our HTML
$result = $handle->fetchAll(\PDO::FETCH_OBJ);
@@ -130,23 +134,21 @@ header('Content-Type: text/html; charset=UTF-8');
### Further reading
* [PHP Manual: String Operations](http://php.net/language.operators.string)
* [PHP Manual: String Functions](http://php.net/ref.strings)
* [`strpos()`](http://php.net/function.strpos)
* [`strlen()`](http://php.net/function.strlen)
* [`substr()`](http://php.net/function.substr)
* [PHP Manual: Multibyte String Functions](http://php.net/ref.mbstring)
* [`mb_strpos()`](http://php.net/function.mb-strpos)
* [`mb_strlen()`](http://php.net/function.mb-strlen)
* [`mb_substr()`](http://php.net/function.mb-substr)
* [`mb_internal_encoding()`](http://php.net/function.mb-internal-encoding)
* [`mb_http_output()`](http://php.net/function.mb-http-output)
* [`htmlentities()`](http://php.net/function.htmlentities)
* [`htmlspecialchars()`](http://php.net/function.htmlspecialchars)
* [PHP UTF-8 Cheatsheet](http://blog.loftdigital.com/blog/php-utf-8-cheatsheet)
* [Handling UTF-8 with PHP](http://www.phpwact.org/php/i18n/utf-8)
* [Stack Overflow: What factors make PHP Unicode-incompatible?](http://stackoverflow.com/questions/571694/what-factors-make-php-unicode-incompatible)
* [Stack Overflow: Best practices in PHP and MySQL with international strings](http://stackoverflow.com/questions/140728/best-practices-in-php-and-mysql-with-international-strings)
* [How to support full Unicode in MySQL databases](http://mathiasbynens.be/notes/mysql-utf8mb4)
* [Bringing Unicode to PHP with Portable UTF-8](http://www.sitepoint.com/bringing-unicode-to-php-with-portable-utf8/)
* [Stack Overflow: DOMDocument loadHTML does not encode UTF-8 correctly](http://stackoverflow.com/questions/8218230/php-domdocument-loadhtml-not-encoding-utf-8-correctly)
* [PHP Manual: String Operations](https://secure.php.net/language.operators.string)
* [PHP Manual: String Functions](https://secure.php.net/ref.strings)
* [`strpos()`](https://secure.php.net/function.strpos)
* [`strlen()`](https://secure.php.net/function.strlen)
* [`substr()`](https://secure.php.net/function.substr)
* [PHP Manual: Multibyte String Functions](https://secure.php.net/ref.mbstring)
* [`mb_strpos()`](https://secure.php.net/function.mb-strpos)
* [`mb_strlen()`](https://secure.php.net/function.mb-strlen)
* [`mb_substr()`](https://secure.php.net/function.mb-substr)
* [`mb_internal_encoding()`](https://secure.php.net/function.mb-internal-encoding)
* [`mb_http_output()`](https://secure.php.net/function.mb-http-output)
* [`htmlentities()`](https://secure.php.net/function.htmlentities)
* [`htmlspecialchars()`](https://secure.php.net/function.htmlspecialchars)
* [Stack Overflow: What factors make PHP Unicode-incompatible?](https://stackoverflow.com/questions/571694/what-factors-make-php-unicode-incompatible)
* [Stack Overflow: Best practices in PHP and MySQL with international strings](https://stackoverflow.com/questions/140728/best-practices-in-php-and-mysql-with-international-strings)
* [How to support full Unicode in MySQL databases](https://mathiasbynens.be/notes/mysql-utf8mb4)
* [Bringing Unicode to PHP with Portable UTF-8](https://www.sitepoint.com/bringing-unicode-to-php-with-portable-utf8/)
* [Stack Overflow: DOMDocument loadHTML does not encode UTF-8 correctly](https://stackoverflow.com/questions/8218230/php-domdocument-loadhtml-not-encoding-utf-8-correctly)

63
_posts/05-06-01-Internationalization-and-Localization.md
View File

@@ -31,16 +31,18 @@ don't try this if your project will contain more than a couple of pages.
The most classic way and often taken as reference for i18n and l10n is a [Unix tool called `gettext`][gettext]. It dates
back to 1995 and is still a complete implementation for translating software. It is easy enough to get running, while
it still sports powerful supporting tools. It is about Gettext we will be talking here. Also, to help you not get messy
over the command-line, we will be presenting a great GUI application that can be used easily update your l10n source
files.
still sporting powerful supporting tools. It is about Gettext we will be talking here. Also, to help you not get messy
over the command-line, we will be presenting a great GUI application that can be used to easily update your l10n source
### Other tools
There are common libraries used that support Gettext and other implementations of i18n. Some of them may seem easier to
install or sport additional features or i18n file formats. In this document, we focus on the tools provided with the
install or sport additional features or i18n file formats. In this document, we focus on the tools provided with the
PHP core, but here we list others for completion:
- [aura/intl][aura-intl]: Provides internationalization (I18N) tools, specifically package-oriented per-locale message
translation. It uses array formats for message. Does not provide a message extractor, but does provide advanced
message formatting via the `intl` extension (including pluralized messages).
- [oscarotero/Gettext][oscarotero]: Gettext support with an OO interface; includes improved helper functions, powerful
extractors for several file formats (some of them not supported natively by the `gettext` command), and can also export
to other formats besides `.mo/.po` files. Can be useful if you need to integrate your translation files into other
@@ -86,7 +88,7 @@ You will always have one pair of PO/MO files per language and region, but only o
There are some cases, in big projects, where you might need to separate translations when the same words convey
different meaning given a context. In those cases, you split them into different _domains_. They are, basically, named
groups of POT/PO/MO files, where the filename is the said _translation domain_. Small and medium-sized projects usually,
for simplicity, use only one domain; its name is arbitrary, but we will be using "main" for our code samples.
for simplicity, use only one domain; its name is arbitrary, but we will be using "main" for our code samples.
In [Symfony] projects, for example, domains are used to separate the translation for validation messages.
#### Locale code
@@ -142,7 +144,7 @@ given number falls (starting the count with 0). For example:
- Brazilian Portuguese: `nplurals=2; plural=(n > 1);` - two rules, second if N is bigger than one, first otherwise
Now that you understood the basis of how plural rules works - and if you didn't, please look at a deeper explanation
on the [LingoHub tutorial](lingohub_plurals) -, you might want to copy the ones you need from a [list][plural] instead
on the [LingoHub tutorial][lingohub_plurals] -, you might want to copy the ones you need from a [list][plural] instead
of writing them by hand.
When calling out Gettext to do localization on sentences with counters, you will have to give him the
@@ -175,8 +177,8 @@ msgstr[1] "%d mensagens não lidas"
The first section works like a header, having the `msgid` and `msgstr` especially empty. It describes the file encoding,
plural forms and other things that are less relevant.
The second section translates a simple string from English to
Brazilian Portuguese, and the third does the same, but leveraging string replacement from [`sprintf`](sprintf) so the
translation may contain the user name and visit date.
Brazilian Portuguese, and the third does the same, but leveraging string replacement from [`sprintf`][sprintf] so the
translation may contain the user name and visit date.
The last section is a sample of pluralization forms, displaying
the singular and plural version as `msgid` in English and their corresponding translations as `msgstr` 0 and 1
(following the number given by the plural rule). There, string replacement is used as well so the number can be seen
@@ -190,8 +192,8 @@ translated `msgstr` lines.
Talking about translation keys, there are two main "schools" here:
1. _`msgid` as a real sentence_.
The main advantages are:
1. _`msgid` as a real sentence_.
The main advantages are:
- if there are pieces of the software untranslated in any given language, the key displayed will still maintain some
meaning. Example: if you happen to translate by heart from English to Spanish but need help to translate to French,
you might publish the new page with missing French sentences, and parts of the website would be displayed in English
@@ -202,7 +204,7 @@ Talking about translation keys, there are two main "schools" here:
- The only disadvantage: if you need to change the actual text, you would need to replace the same `msgid`
across several language files.
2. _`msgid` as a unique, structured key_.
2. _`msgid` as a unique, structured key_.
It would describe the sentence role in the application in a structured way, including the template or part where the
string is located instead of its content.
- it is a great way to have the code organized, separating the text content from the template logic.
@@ -258,7 +260,7 @@ call. More on domain configuration in the next example.
* @return bool
*/
function valid($locale) {
return in_array($locale, ['en_US', 'en', 'pt_BR', 'pt', 'es_ES', 'es');
return in_array($locale, ['en_US', 'en', 'pt_BR', 'pt', 'es_ES', 'es']);
}
//setting the source/default locale, for informational purposes
@@ -309,10 +311,10 @@ textdomain('main');
#### 3. Preparing translation for the first run
One of the great advantages Gettext has over custom framework i18n packages is its extensive and powerful file format.
Oh man, thats quite hard to understand and edit by hand, a simple array would be easier! Make no mistake,
applications like [Poedit] are here to help - _a lot_. You can get the program from their website, its free and
available for all platforms. Its a pretty easy tool to get used to, and a very powerful one at the same time -
using all features Gettext has available. This small guide is based on PoEdit 1.8.
"Oh man, thats quite hard to understand and edit by hand, a simple array would be easier!" Make no mistake,
applications like [Poedit] are here to help - _a lot_. You can get the program from [their website][poedit_download],
its free and available for all platforms. Its a pretty easy tool to get used to, and a very powerful one at the same
time - using all features Gettext has available. This guide is based on PoEdit 1.8.
In the first run, you should select “File > New...” from the menu. Youll be asked straight ahead for the language:
here you can select/filter the language you want to translate to, or use that format we mentioned before, such as
@@ -344,8 +346,8 @@ file will be (re)compiled into the same folder and ta-dah: your project is inter
As you may have noticed before, there are two main types of localized strings: simple ones and those with plural
forms. The first ones have simply two boxes: source and localized string. The source string cannot be modified as
Gettext/Poedit do not include the powers to alter your source files - you should change the source itself and rescan
the files. Tip: you may right-click a translation line, and it will hint you with the files and lines where that string
is being used.
the files. Tip: you may right-click a translation line and it will hint you with the source files and lines where that
string is being used.
On the other hand, plural form strings include two boxes to show the two source strings, and tabs so you can configure
the different final forms.
@@ -393,8 +395,8 @@ After including those new rules in the `.po` file, a new scan will bring in your
* [Wikipedia: i18n and l10n](https://en.wikipedia.org/wiki/Internationalization_and_localization)
* [Wikipedia: Gettext](https://en.wikipedia.org/wiki/Gettext)
* [LingoHub: PHP internationalization with gettext tutorial](lingohub)
* [PHP Manual: Gettext](http://php.net/manual/en/book.gettext.php)
* [LingoHub: PHP internationalization with gettext tutorial][lingohub]
* [PHP Manual: Gettext](https://secure.php.net/manual/book.gettext.php)
* [Gettext Manual][manual]
[Poedit]: https://poedit.net
@@ -403,22 +405,23 @@ After including those new rules in the `.po` file, a new scan will bring in your
[lingohub_plurals]: https://lingohub.com/blog/2013/07/php-internationalization-with-gettext-tutorial/#Plurals
[plural]: http://docs.translatehouse.org/projects/localization-guide/en/latest/l10n/pluralforms.html
[gettext]: https://en.wikipedia.org/wiki/Gettext
[manual]: http://www.gnu.org/software/gettext/manual/gettext.html
[manual]: https://www.gnu.org/software/gettext/manual/gettext.html
[639-1]: https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes
[3166-1]: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
[rare]: http://www.gnu.org/software/gettext/manual/gettext.html#Rare-Language-Codes
[3166-1]: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
[rare]: https://www.gnu.org/software/gettext/manual/gettext.html#Rare-Language-Codes
[func_format]: https://www.gnu.org/software/gettext/manual/gettext.html#Language-specific-options
[aura-intl]: https://github.com/auraphp/Aura.Intl
[oscarotero]: https://github.com/oscarotero/Gettext
[symfony]: https://symfony.com/doc/current/components/translation.html
[zend]: https://docs.zendframework.com/zend-i18n/translation
[laravel]: https://laravel.com/docs/master/localization
[yii]: http://www.yiiframework.com/doc-2.0/guide-tutorial-i18n.html
[intl]: http://br2.php.net/manual/en/intro.intl.php
[yii]: https://www.yiiframework.com/doc/guide/2.0/en/tutorial-i18n
[intl]: https://secure.php.net/manual/intro.intl.php
[ICU project]: http://www.icu-project.org
[symfony-keys]: https://symfony.com/doc/current/components/translation/usage.html#creating-translations
[sprintf]: http://php.net/manual/en/function.sprintf.php
[func]: http://php.net/manual/en/function.gettext.php
[n_func]: http://php.net/manual/en/function.ngettext.php
[d_func]: http://php.net/manual/en/function.dgettext.php
[dn_func]: http://php.net/manual/en/function.dngettext.php
[sprintf]: https://secure.php.net/manual/function.sprintf.php
[func]: https://secure.php.net/manual/function.gettext.php
[n_func]: https://secure.php.net/manual/function.ngettext.php
[d_func]: https://secure.php.net/manual/function.dgettext.php
[dn_func]: https://secure.php.net/manual/function.dngettext.php

4
_posts/06-01-01-Dependency-Injection.md
View File

@@ -5,9 +5,9 @@ anchor: dependency_injection
# Dependency Injection {#dependency_injection_title}
From [Wikipedia](http://en.wikipedia.org/wiki/Dependency_injection):
From [Wikipedia](https://wikipedia.org/wiki/Dependency_injection):
> Dependency injection is a software design pattern that allows the removal of hard-coded dependencies and makes it
> Dependency injection is a software design pattern that allows the removal of hard-coded dependencies and makes it
> possible to change them, whether at run-time or compile-time.
This quote makes the concept sound much more complicated than it actually is. Dependency Injection is providing a

2
_posts/06-02-01-Basic-Concept.md
View File

@@ -47,6 +47,6 @@ class Database
class MysqlAdapter {}
{% endhighlight %}
Now we are giving the `Database` class its dependency rather than it creating it itself. We could even create a method
Now we are giving the `Database` class its dependency rather than creating it itself. We could even create a method
that would accept an argument of the dependency and set it that way, or if the `$adapter` property was `public` we
could set it directly.

65
_posts/06-03-01-Complex-Problem.md
View File

@@ -10,24 +10,71 @@ If you have ever read about Dependency Injection then you have probably seen the
### Inversion of Control
Inversion of Control is as it says, "inverting the control" of a system by keeping organisational control entirely
Inversion of Control is as it says, "inverting the control" of a system by keeping organizational control entirely
separate from our objects. In terms of Dependency Injection, this means loosening our dependencies by controlling and
instantiating them elsewhere in the system.
For years, PHP frameworks have been achieving Inversion of Control, however, the question became, which part of control
are you inverting, and where to? For example, MVC frameworks would generally provide a super object or base controller
are we inverting, and where to? For example, MVC frameworks would generally provide a super object or base controller
that other controllers must extend to gain access to its dependencies. This **is** Inversion of Control, however,
instead of loosening dependencies, this method simply moved them.
Dependency Injection allows us to more elegantly solve this problem by only injecting the dependencies we need, when we
need them, without the need for any hard coded dependencies at all.
### Dependency Inversion Principle
### S.O.L.I.D.
Dependency Inversion Principle is the "D" in the S.O.L.I.D set of object oriented design principles that states one
should *"Depend on Abstractions. Do not depend on concretions."*. Put simply, this means our dependencies should be
interfaces/contracts or abstract classes rather than concrete implementations. We can easily refactor the above example
to follow this principle.
#### Single Responsibility Principle
The Single Responsibility Principle is about actors and high-level architecture. It states that “A class should have
only one reason to change.” This means that every class should _only_ have responsibility over a single part of the
functionality provided by the software. The largest benefit of this approach is that it enables improved code
_reusability_. By designing our class to do just one thing, we can use (or re-use) it in any other program without
changing it.
#### Open/Closed Principle
The Open/Closed Principle is about class design and feature extensions. It states that “Software entities (classes,
modules, functions, etc.) should be open for extension, but closed for modification.” This means that we should design
our modules, classes and functions in a way that when a new functionality is needed, we should not modify our existing
code but rather write new code that will be used by existing code. Practically speaking, this means that we should write
classes that implement and adhere to _interfaces_, then type-hint against those interfaces instead of specific classes.
The largest benefit of this approach is that we can very easily extend our code with support for something new without
having to modify existing code, meaning that we can reduce QA time, and the risk for negative impact to the application
is substantially reduced. We can deploy new code, faster, and with more confidence.
#### Liskov Substitution Principle
The Liskov Substitution Principle is about subtyping and inheritance. It states that “Child classes should never break
the parent class type definitions.” Or, in Robert C. Martins words, “Subtypes must be substitutable for their base
types.”
For example, if we have a `FileInterface` interface which defines an `embed()` method, and we have `Audio` and `Video`
classes which both implement the `embed()` method, then we can expect that the usage of the `embed()` method will always
do the thing that we intend. If we later create a `PDF` class or a `Gist` class which implement the `FileInterface`
interface, we will already know and understand what the `embed()` method will do. The largest benefit of this approach
is that we have the ability to build flexible and easily-configurable programs, because when we change one object of a
type (e.g., `FileInterface`) to another we don't need to change anything else in our program.
#### Interface Segregation Principle
The Interface Segregation Principle (ISP) is about _business-logic-to-clients_ communication. It states that “No client
should be forced to depend on methods it does not use.” This means that instead of having a single monolithic interface
that all conforming classes need to implement, we should instead provide a set of smaller, concept-specific interfaces
that a conforming class implements one or more of.
For example, a `Car` or `Bus` class would be interested in a `steeringWheel()` method, but a `Motorcycle` or `Tricycle`
class would not. Conversely, a `Motorcycle` or `Tricycle` class would be interested in a `handlebars()` method, but a
`Car` or `Bus` class would not. There is no need to have all of these types of vehicles implement support for both
`steeringWheel()` as well as `handlebars()`, so we should break-apart the source interface.
#### Dependency Inversion Principle
The Dependency Inversion Principle is about removing hard-links between discrete classes so that new functionality can
be leveraged by passing a different class. It states that one should *"Depend on Abstractions. Do not depend on
concretions."*. Put simply, this means our dependencies should be interfaces/contracts or abstract classes rather than
concrete implementations. We can easily refactor the above example to follow this principle.
{% highlight php %}
<?php
@@ -50,12 +97,12 @@ class MysqlAdapter implements AdapterInterface {}
There are several benefits to the `Database` class now depending on an interface rather than a concretion.
Consider that you are working in a team and the adapter is being worked on by a colleague. In our first example, we
Consider that we are working in a team and the adapter is being worked on by a colleague. In our first example, we
would have to wait for said colleague to finish the adapter before we could properly mock it for our unit tests. Now
that the dependency is an interface/contract we can happily mock that interface knowing that our colleague will build
the adapter based on that contract.
An even bigger benefit to this method is that our code is now much more scalable. If a year down the line we decide
that we want to migrate to a different type of database, we can write an adapter that implements the original interface
and inject that instead, no more refactoring would be required as we can ensure that the adapter follows the contract
and injects that instead, no more refactoring would be required as we can ensure that the adapter follows the contract
set by the interface.

4
_posts/06-05-01-Further-Reading.md
View File

@@ -8,5 +8,5 @@ anchor: further_reading
* [Learning about Dependency Injection and PHP](http://ralphschindler.com/2011/05/18/learning-about-dependency-injection-and-php)
* [What is Dependency Injection?](http://fabien.potencier.org/article/11/what-is-dependency-injection)
* [Dependency Injection: An analogy](https://mwop.net/blog/260-Dependency-Injection-An-analogy.html)
* [Dependency Injection: Huh?](http://net.tutsplus.com/tutorials/php/dependency-injection-huh/)
* [Dependency Injection as a tool for testing](http://philipobenito.github.io/dependency-injection-as-a-tool-for-testing/)
* [Dependency Injection: Huh?](https://code.tutsplus.com/tutorials/dependency-injection-huh--net-26903)
* [Dependency Injection as a tool for testing](https://medium.com/philipobenito/dependency-injection-as-a-tool-for-testing-902c21c147f1)

6
_posts/07-01-01-Databases.md
View File

@@ -14,6 +14,6 @@ MySQL and a little bit of MSSQL, or you need to connect to an Oracle database, t
same drivers. You'll need to learn a brand new API for each database &mdash; and that can get silly.
[mysqli]: http://php.net/mysqli
[pgsql]: http://php.net/pgsql
[mssql]: http://php.net/mssql
[mysqli]: https://secure.php.net/mysqli
[pgsql]: https://secure.php.net/pgsql
[mssql]: https://secure.php.net/mssql

22
_posts/07-02-01-Databases_MySQL.md
View File

@@ -6,7 +6,7 @@ anchor: mysql_extension
## MySQL Extension {#mysql_extension_title}
The [mysql] extension for PHP is incredibly old and has superseded by two other extensions:
The [mysql] extension for PHP is incredibly old and has superseded by two other extensions:
- [mysqli]
- [pdo]
@@ -14,12 +14,12 @@ The [mysql] extension for PHP is incredibly old and has superseded by two other
Not only did development stop long ago on [mysql], but it was [deprecated as of PHP 5.5.0]
[mysql_deprecated], and **has been [officially removed in PHP 7.0][mysql_removed]**.
To save digging into your `php.ini` settings to see which module you are using, one option is to search for `mysql_*`
in your editor of choice. If any functions such as `mysql_connect()` and `mysql_query()` show up, then `mysql` is
To save digging into your `php.ini` settings to see which module you are using, one option is to search for `mysql_*`
in your editor of choice. If any functions such as `mysql_connect()` and `mysql_query()` show up, then `mysql` is
in use.
Even if you are not using PHP 7.0 yet, failing to consider this upgrade as soon as possible will lead to greater
hardship when the PHP 7.0 upgrade does come about. The best option is to replace mysql usage with [mysqli] or [PDO] in
Even if you are not using PHP 7.x yet, failing to consider this upgrade as soon as possible will lead to greater
hardship when the PHP 7.x upgrade does come about. The best option is to replace mysql usage with [mysqli] or [PDO] in
your applications within your own development schedules so you won't be rushed later on.
**If you are upgrading from [mysql] to [mysqli], beware lazy upgrade guides that suggest you can simply find and replace `mysql_*` with `mysqli_*`. Not only is that a gross oversimplification, it misses out on the advantages that mysqli provides, such as parameter binding, which is also offered in [PDO][pdo].**
@@ -27,10 +27,10 @@ your applications within your own development schedules so you won't be rushed l
* [PHP: Choosing an API for MySQL][mysql_api]
* [PDO Tutorial for MySQL Developers][pdo4mysql_devs]
[mysql]: http://php.net/mysql
[mysql_deprecated]: http://php.net/migration55.deprecated
[mysql_removed]: http://php.net/manual/en/migration70.removed-exts-sapis.php
[mysqli]: http://php.net/mysqli
[pdo]: http://php.net/pdo
[mysql_api]: http://php.net/mysqlinfo.api.choosing
[mysql]: https://secure.php.net/mysqli
[mysql_deprecated]: https://secure.php.net/migration55.deprecated
[mysql_removed]: https://secure.php.net/manual/migration70.removed-exts-sapis.php
[mysqli]: https://secure.php.net/mysqli
[pdo]: https://secure.php.net/pdo
[mysql_api]: https://secure.php.net/mysqlinfo.api.choosing
[pdo4mysql_devs]: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers

6
_posts/07-03-01-Databases_PDO.md
View File

@@ -71,7 +71,7 @@ unless of course you are using persistent connections.
* [Learn about PDO connections]
[pdo]: http://php.net/pdo
[pdo]: https://secure.php.net/pdo
[SQL Injection]: http://wiki.hashphp.org/Validation
[Learn about PDO]: http://php.net/book.pdo
[Learn about PDO connections]: http://php.net/pdo.connections
[Learn about PDO]: https://secure.php.net/book.pdo
[Learn about PDO connections]: https://secure.php.net/pdo.connections

15
_posts/07-04-01-Interacting-via-Code.md
View File

@@ -19,7 +19,7 @@ foreach ($db->query('SELECT * FROM table') as $row) {
</ul>
{% endhighlight %}
This is bad practice for all sorts of reasons, mainly that its hard to debug, hard to test, hard to read and it is
This is bad practice for all sorts of reasons, mainly that it's hard to debug, hard to test, hard to read and it is
going to output a lot of fields if you don't put a limit on there.
While there are many other solutions to doing this - depending on if you prefer [OOP](/#object-oriented-programming) or
@@ -33,7 +33,8 @@ function getAllFoos($db) {
return $db->query('SELECT * FROM table');
}
foreach (getAllFoos($db) as $row) {
$results = getAllFoos($db);
foreach ($results as $row) {
echo "<li>".$row['field1']." - ".$row['field1']."</li>"; // BAD!!
}
{% endhighlight %}
@@ -48,7 +49,7 @@ logic in and you have a "View", which is very nearly [MVC] - a common OOP archit
{% highlight php %}
<?php
$db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8', 'username', 'password');
$db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8mb4', 'username', 'password');
// Make your model available
include 'models/FooModel.php';
@@ -86,7 +87,7 @@ class FooModel
{% highlight php %}
<?php foreach ($fooList as $row): ?>
<?= $row['field1'] ?> - <?= $row['field1'] ?>
<li><?= $row['field1'] ?> - <?= $row['field1'] ?></li>
<?php endforeach ?>
{% endhighlight %}
@@ -98,6 +99,6 @@ real problem if you ever want to [unit-test](/#unit-testing) your application.
developers just getting used to the concept of interacting with databases.
[MVC]: http://code.tutsplus.com/tutorials/mvc-for-noobs--net-10488
[PHPBridge]: http://phpbridge.org/
[Creating a Data Class]: http://phpbridge.org/intro-to-php/creating_a_data_class
[MVC]: https://code.tutsplus.com/tutorials/mvc-for-noobs--net-10488
[PHPBridge]: https://phpbridge.org/docs/
[Creating a Data Class]: https://phpbridge.org/intro-to-php/creating_a_data_class

12
_posts/07-05-01-Abstraction-Layers.md
View File

@@ -18,13 +18,13 @@ installed in any application you like:
* [Aura SQL][6]
* [Doctrine2 DBAL][2]
* [Propel][7]
* [ZF2 Db][4]
* [Zend-db][4]
[1]: http://php.net/book.pdo
[2]: http://www.doctrine-project.org/projects/dbal.html
[4]: http://packages.zendframework.com/docs/latest/manual/en/index.html#zend-db
[1]: https://secure.php.net/book.pdo
[2]: https://www.doctrine-project.org/projects/dbal.html
[4]: https://packages.zendframework.com/docs/latest/manual/en/index.html#zendframework/zend-db
[6]: https://github.com/auraphp/Aura.Sql
[7]: http://propelorm.org/
[psr0]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md
[psr4]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4-autoloader.md
[psr0]: https://www.php-fig.org/psr/psr-0/
[psr4]: https://www.php-fig.org/psr/psr-4/

1
_posts/08-03-01-Plain-PHP-Templates.md
View File

@@ -1,4 +1,5 @@
---
title: Plain PHP Templates
isChild: true
anchor: plain_php_templates
---

6
_posts/08-04-01-Compiled-Templates.md
View File

@@ -68,7 +68,7 @@ Using the [Twig] library.
[article_templating_engines]: http://fabien.potencier.org/article/34/templating-engines-in-php
[Twig]: http://twig.sensiolabs.org/
[Twig]: https://twig.symfony.com/
[Brainy]: https://github.com/box/brainy
[Smarty]: http://www.smarty.net/
[Mustache]: http://mustache.github.io/
[Smarty]: https://www.smarty.net/
[Mustache]: https://mustache.github.io/

18
_posts/08-05-01-Further-Reading.md
View File

@@ -8,23 +8,23 @@ anchor: templating_further_reading
### Articles & Tutorials
* [Templating Engines in PHP](http://fabien.potencier.org/article/34/templating-engines-in-php)
* [An Introduction to Views & Templating in CodeIgniter](http://code.tutsplus.com/tutorials/an-introduction-to-views-templating-in-codeigniter--net-25648)
* [Getting Started With PHP Templating](http://www.smashingmagazine.com/2011/10/17/getting-started-with-php-templating/)
* [Roll Your Own Templating System in PHP](http://code.tutsplus.com/tutorials/roll-your-own-templating-system-in-php--net-16596)
* [An Introduction to Views & Templating in CodeIgniter](https://code.tutsplus.com/tutorials/an-introduction-to-views-templating-in-codeigniter--net-25648)
* [Getting Started With PHP Templating](https://www.smashingmagazine.com/2011/10/getting-started-with-php-templating/)
* [Roll Your Own Templating System in PHP](https://code.tutsplus.com/tutorials/roll-your-own-templating-system-in-php--net-16596)
* [Master Pages](https://laracasts.com/series/laravel-from-scratch/episodes/7)
* [Working With Templates in Symfony 2](http://code.tutsplus.com/tutorials/working-with-templates-in-symfony-2--cms-21172)
* [Working With Templates in Symfony 2](https://code.tutsplus.com/tutorials/working-with-templates-in-symfony-2--cms-21172)
* [Writing Safer Templates](https://github.com/box/brainy/wiki/Writing-Safe-Templates)
### Libraries
* [Aura.View](https://github.com/auraphp/Aura.View) *(native)*
* [Blade](http://laravel.com/docs/blade) *(compiled, framework specific)*
* [Blade](https://laravel.com/docs/blade) *(compiled, framework specific)*
* [Brainy](https://github.com/box/brainy) *(compiled)*
* [Dwoo](http://dwoo.org/) *(compiled)*
* [Latte](https://github.com/nette/latte) *(compiled)*
* [Mustache](https://github.com/bobthecow/mustache.php) *(compiled)*
* [PHPTAL](http://phptal.org/) *(compiled)*
* [PHPTAL](https://phptal.org/) *(compiled)*
* [Plates](http://platesphp.com/) *(native)*
* [Smarty](http://www.smarty.net/) *(compiled)*
* [Twig](http://twig.sensiolabs.org/) *(compiled)*
* [Zend\View](http://framework.zend.com/manual/2.3/en/modules/zend.view.quick-start.html) *(native, framework specific)*
* [Smarty](https://www.smarty.net/) *(compiled)*
* [Twig](https://twig.symfony.com/) *(compiled)*
* [Zend\View](https://framework.zend.com/manual/2.3/en/modules/zend.view.quick-start.html) *(native, framework specific)*

34
_posts/09-02-01-Errors.md
View File

@@ -1,5 +1,5 @@
---
isChild: true
---
isChild: true
anchor: errors
---
@@ -48,7 +48,7 @@ changes to your code to help ensure best interoperability and forward compatibil
Error Reporting can be changed by using PHP settings and/or PHP function calls. Using the built in PHP function
`error_reporting()` you can set the level of errors for the duration of the script execution by passing one of the
predefined error level constants, meaning if you only want to see Warnings and Errors - but not Notices - then you can
predefined error level constants, meaning if you only want to see Errors and Warnings - but not Notices - then you can
configure that:
{% highlight php %}
@@ -87,7 +87,8 @@ rewritten like this:
{% highlight php %}
<?php
echo isset($foo['bar']) ? $foo['bar'] : '';
//Null Coalescing Operator
echo $foo['bar'] ?? '';
{% endhighlight %}
One instance where error suppression might make sense is where `fopen()` fails to find a file to load. You could check
@@ -104,7 +105,7 @@ with the following.
xdebug.scream = On
{% endhighlight %}
You can also set this value at runtime with the `ini_set` function
You can also set this value at runtime with the `ini_set` function
{% highlight php %}
<?php
@@ -131,9 +132,10 @@ PHP is perfectly capable of being an "exception-heavy" programming language, and
make the switch. Basically you can throw your "errors" as "exceptions" using the `ErrorException` class, which extends
the `Exception` class.
This is a common practice implemented by a large number of modern frameworks such as Symfony and Laravel. By default
Laravel will display all errors as exceptions using the [Whoops!] package if the `app.debug` switch is turned on, then
hide them if the switch is turned off.
This is a common practice implemented by a large number of modern frameworks such as Symfony and Laravel. In debug
mode *(or dev mode)* both of these frameworks will display a nice and clean *stack trace*.
There are also some packages available for better error and exception handling and reporting. Like [Whoops!], which comes with the default installation of Laravel and can be used in any framework as well.
By throwing errors as exceptions in development you can handle them better than the usual result, and if you see an
exception during development you can wrap it in a catch statement with specific instructions on how to handle the
@@ -149,11 +151,11 @@ More information on this and details on how to use `ErrorException` with error h
[errorreport]: /#error_reporting
[Xdebug]: http://xdebug.org/docs/basic
[Scream]: http://php.net/book.scream
[Error Control Operators]: http://php.net/language.operators.errorcontrol
[SitePoint]: http://www.sitepoint.com/
[Whoops!]: http://filp.github.io/whoops/
[errorexception]: http://php.net/class.errorexception
[Predefined Constants for Error Handling]: http://php.net/errorfunc.constants
[error_reporting]: http://php.net/function.error-reporting
[Xdebug]: https://xdebug.org/docs/basic
[Scream]: https://secure.php.net/book.scream
[Error Control Operators]: https://secure.php.net/language.operators.errorcontrol
[SitePoint]: https://www.sitepoint.com/
[Whoops!]: https://filp.github.io/whoops/
[errorexception]: https://secure.php.net/class.errorexception
[Predefined Constants for Error Handling]: https://secure.php.net/errorfunc.constants
[error_reporting]: https://secure.php.net/function.error-reporting

6
_posts/09-03-01-Exceptions.md
View File

@@ -71,7 +71,7 @@ standard Exception which is vague, or creating a custom Exception just for that,
[splext]: /#standard_php_library
[exceptions]: http://php.net/language.exceptions
[splexe]: http://php.net/spl.exceptions
[nesting-exceptions-in-php]: http://www.brandonsavage.net/exceptional-php-nesting-exceptions-in-php/
[exceptions]: https://secure.php.net/language.exceptions
[splexe]: https://secure.php.net/spl.exceptions
[nesting-exceptions-in-php]: https://www.brandonsavage.net/exceptional-php-nesting-exceptions-in-php/
[exception-best-practices53]: http://ralphschindler.com/2010/09/15/exception-best-practices-in-php-5-3

3
_posts/10-01-01-Security.md
View File

@@ -3,3 +3,6 @@ anchor: security
---
# Security {#security_title}
The best resource I've found on PHP security is [The 2018 Guide to Building Secure PHP Software](https://paragonie.com/blog/2017/12/2018-guide-building-secure-php-software) by
[Paragon Initiative](https://paragonie.com/).

27
_posts/10-02-01-Web-Application-Security.md
View File

@@ -5,6 +5,25 @@ anchor: web_application_security
## Web Application Security {#web_application_security_title}
It is very important for every PHP developer to learn [the basics of web application security][4], which can be broken
down into a handful of broad topics:
1. Code-data separation.
* When data is executed as code, you get SQL Injection, Cross-Site Scripting, Local/Remote File Inclusion, etc.
* When code is printed as data, you get information leaks (source code disclosure or, in the case of C programs,
enough information to bypass [ASLR][5]).
2. Application logic.
* Missing authentication or authorization controls.
* Input validation.
3. Operating environment.
* PHP versions.
* Third party libraries.
* The operating system.
4. Cryptography weaknesses.
* [Weak random numbers][6].
* [Chosen-ciphertext attacks][7].
* [Side-channel information leaks][8].
There are bad people ready and willing to exploit your web application. It is important that you take necessary
precautions to harden your web application's security. Luckily, the fine folks at
[The Open Web Application Security Project][1] (OWASP) have compiled a comprehensive list of known security issues and
@@ -15,4 +34,10 @@ methods to protect yourself against them. This is a must read for the security-c
[1]: https://www.owasp.org/
[2]: https://www.owasp.org/index.php/Guide_Table_of_Contents
[3]: http://phpsecurity.readthedocs.org/en/latest/index.html
[3]: https://phpsecurity.readthedocs.io/en/latest/index.html
[4]: https://paragonie.com/blog/2015/08/gentle-introduction-application-security
[5]: http://searchsecurity.techtarget.com/definition/address-space-layout-randomization-ASLR
[6]: https://paragonie.com/blog/2016/01/on-design-and-implementation-stealth-backdoor-for-web-applications
[7]: https://paragonie.com/blog/2015/05/using-encryption-and-authentication-correctly
[8]: http://blog.ircmaxell.com/2014/11/its-all-about-time.html

43
_posts/10-03-01-Password-Hashing.md
View File

@@ -8,12 +8,31 @@ anchor: password_hashing
Eventually everyone builds a PHP application that relies on user login. Usernames and passwords are stored in a
database and later used to authenticate users upon login.
It is important that you properly [_hash_][3] passwords before storing them. Password hashing is an irreversible, one
way function performed against the user's password. This produces a fixed-length string that cannot be feasibly
reversed. This means you can compare a hash against another to determine if they both came from the same source string,
but you cannot determine the original string. If passwords are not hashed and your database is accessed by an
unauthorized third-party, all user accounts are now compromised. Some users may (unfortunately) use the same password
for other services. Therefore, it is important to take security seriously.
It is important that you properly [_hash_][3] passwords before storing them. Hashing and encrypting are [two very different things][7]
that often get confused.
Hashing is an irreversible, one-way function. This produces a fixed-length string that cannot be feasibly reversed.
This means you can compare a hash against another to determine if they both came from the same source string, but you
cannot determine the original string. If passwords are not hashed and your database is accessed by an unauthorized
third-party, all user accounts are now compromised.
Unlike hashing, encryption is reversible (provided you have the key). Encryption is useful in other areas, but is a poor
strategy for securely storing passwords.
Passwords should also be individually [_salted_][5] by adding a random string to each password before hashing. This prevents dictionary attacks and the use of "rainbow tables" (a reverse list of crytographic hashes for common passwords.)
Hashing and salting are vital as often users use the same password for multiple services and password quality can be poor.
Additionally, you should use [a specialized _password hashing_ algoithm][6] rather than fast, general-purpose
cryptographic hash function (e.g. SHA256). The short list of acceptable password hashing algorithms (as of June 2018)
to use are:
* Argon2 (available in PHP 7.2 and newer)
* Scrypt
* **Bcrypt** (PHP provides this one for you; see below)
* PBKDF2 with HMAC-SHA256 or HMAC-SHA512
Fortunately, nowadays PHP makes this easy.
**Hashing passwords with `password_hash`**
@@ -35,16 +54,22 @@ if (password_verify('bad-password', $passwordHash)) {
} else {
// Wrong password
}
{% endhighlight %}
{% endhighlight %}
`password_hash()` takes care of password salting for you. The salt is stored, along with the algorithm and "cost", as part of the hash. `password_verify()` extracts this to determine how to check the password, so you don't need a separate database field to store your salts.
* [Learn about `password_hash()`] [1]
* [`password_compat` for PHP >= 5.3.7 && < 5.5] [2]
* [Learn about hashing in regards to cryptography] [3]
* [Learn about salts] [5]
* [PHP `password_hash()` RFC] [4]
[1]: http://php.net/function.password-hash
[1]: https://secure.php.net/function.password-hash
[2]: https://github.com/ircmaxell/password_compat
[3]: http://en.wikipedia.org/wiki/Cryptographic_hash_function
[3]: https://wikipedia.org/wiki/Cryptographic_hash_function
[4]: https://wiki.php.net/rfc/password_hash
[5]: https://wikipedia.org/wiki/Salt_(cryptography)
[6]: https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016
[7]: https://paragonie.com/blog/2015/08/you-wouldnt-base64-a-password-cryptography-decoded

14
_posts/10-04-01-Data-Filtering.md
View File

@@ -62,11 +62,11 @@ phone number, or age when processing a registration submission.
[See Validation Filters][3]
[1]: http://php.net/book.filter
[2]: http://php.net/filter.filters.sanitize
[3]: http://php.net/filter.filters.validate
[4]: http://php.net/function.filter-var
[5]: http://php.net/function.filter-input
[6]: http://php.net/security.filesystem.nullbytes
[1]: https://secure.php.net/book.filter
[2]: https://secure.php.net/filter.filters.sanitize
[3]: https://secure.php.net/filter.filters.validate
[4]: https://secure.php.net/function.filter-var
[5]: https://secure.php.net/function.filter-input
[6]: https://secure.php.net/security.filesystem.nullbytes
[html-purifier]: http://htmlpurifier.org/
[unserialize]: https://secure.php.net/manual/en/function.unserialize.php
[unserialize]: https://secure.php.net/manual/function.unserialize.php

2
_posts/10-05-01-Configuration-Files.md
View File

@@ -14,4 +14,4 @@ via the file system.
that, even if the script is accessed directly, it will not be output as plain text.
- Information in configuration files should be protected accordingly, either through encryption or group/user file
system permissions.
- It is a good idea to ensure that you do not commit configuration files containing sensitive information eg passwords or API tokens to source control.
- It is a good idea to ensure that you do not commit configuration files containing sensitive information e.g. passwords or API tokens to source control.

2
_posts/10-06-01-Register-Globals.md
View File

@@ -15,4 +15,4 @@ issues as your application cannot effectively tell where the data is coming from
For example: `$_GET['foo']` would be available via `$foo`, which can override variables that have not been declared.
If you are using PHP < 5.4.0 __make sure__ that `register_globals` is __off__.
* [Register_globals in the PHP manual](http://php.net/security.globals)
* [Register_globals in the PHP manual](https://secure.php.net/security.globals)

10
_posts/10-07-01-Error-Reporting.md
View File

@@ -23,7 +23,7 @@ log_errors = On
> Passing in the value `-1` will show every possible error, even when new levels and constants are added in future PHP
> versions. The `E_ALL` constant also behaves this way as of PHP 5.4. -
> [php.net](http://php.net/function.error-reporting)
> [php.net](https://secure.php.net/function.error-reporting)
The `E_STRICT` error level constant was introduced in 5.3.0 and is not part of `E_ALL`, however it became part of
`E_ALL` in 5.4.0. What does this mean? In terms of reporting every possible error in version 5.3 it means you must
@@ -49,7 +49,7 @@ log_errors = On
With these settings in production, errors will still be logged to the error logs for the web server, but will not be
shown to the user. For more information on these settings, see the PHP manual:
* [error_reporting](http://php.net/errorfunc.configuration#ini.error-reporting)
* [display_errors](http://php.net/errorfunc.configuration#ini.display-errors)
* [display_startup_errors](http://php.net/errorfunc.configuration#ini.display-startup-errors)
* [log_errors](http://php.net/errorfunc.configuration#ini.log-errors)
* [error_reporting](https://secure.php.net/errorfunc.configuration#ini.error-reporting)
* [display_errors](https://secure.php.net/errorfunc.configuration#ini.display-errors)
* [display_startup_errors](https://secure.php.net/errorfunc.configuration#ini.display-startup-errors)
* [log_errors](https://secure.php.net/errorfunc.configuration#ini.log-errors)

16
_posts/11-02-01-Test-Driven-Development.md
View File

@@ -5,7 +5,7 @@ anchor: test_driven_development
## Test Driven Development {#test_driven_development_title}
From [Wikipedia](http://en.wikipedia.org/wiki/Test-driven_development):
From [Wikipedia](https://wikipedia.org/wiki/Test-driven_development):
> Test-driven development (TDD) is a software development process that relies on the repetition of a very short
> development cycle: first the developer writes a failing automated test case that defines a desired improvement or new
@@ -32,17 +32,17 @@ The other use for unit tests is contributing to open source. If you can write a
(i.e. fails), then fix it, and show the test passing, patches are much more likely to be accepted. If you run a project
which accepts pull requests then you should suggest this as a requirement.
[PHPUnit](http://phpunit.de) is the de-facto testing framework for writing unit tests for PHP applications, but there
[PHPUnit](https://phpunit.de/) is the de-facto testing framework for writing unit tests for PHP applications, but there
are several alternatives
* [atoum](https://github.com/atoum/atoum)
* [Kahlan](https://github.com/crysalead/kahlan)
* [Peridot](http://peridot-php.github.io/)
* [Peridot](https://peridot-php.github.io/)
* [SimpleTest](http://simpletest.org)
### Integration Testing
From [Wikipedia](http://en.wikipedia.org/wiki/Integration_testing):
From [Wikipedia](https://wikipedia.org/wiki/Integration_testing):
> Integration testing (sometimes called Integration and Testing, abbreviated "I&T") is the phase in software testing in
> which individual software modules are combined and tested as a group. It occurs after unit testing and before
@@ -62,7 +62,7 @@ users of the application.
#### Functional Testing Tools
* [Selenium](http://seleniumhq.com)
* [Mink](http://mink.behat.org)
* [Codeception](http://codeception.com) is a full-stack testing framework that includes acceptance testing tools
* [Storyplayer](http://datasift.github.io/storyplayer) is a full-stack testing framework that includes support for creating and destroying test environments on demand
* [Selenium](https://docs.seleniumhq.org/)
* [Mink](http://mink.behat.org/)
* [Codeception](https://codeception.com/) is a full-stack testing framework that includes acceptance testing tools
* [Storyplayer](https://datasift.github.io/storyplayer/) is a full-stack testing framework that includes support for creating and destroying test environments on demand

8
_posts/11-03-01-Behavior-Driven-Development.md
View File

@@ -25,7 +25,7 @@ purpose. This framework is inspired by the [RSpec project][Rspec] for Ruby.
[Behat]: http://behat.org/
[Cucumber]: http://cukes.info/
[PHPSpec]: http://www.phpspec.net/
[RSpec]: http://rspec.info/
[Codeception]: http://codeception.com/
[Cucumber]: https://cucumber.io/
[PHPSpec]: https://www.phpspec.net/
[RSpec]: https://rspec.info/
[Codeception]: https://codeception.com/

11
_posts/11-04-01-Complementary-Testing-Tools.md
View File

@@ -14,11 +14,16 @@ libraries useful for any preferred approach taken.
* [Mockery] is a Mock Object Framework which can be integrated with [PHPUnit] or [PHPSpec]
* [Prophecy] is a highly opinionated yet very powerful and flexible PHP object mocking framework. It's integrated with
[PHPSpec] and can be used with [PHPUnit].
* [php-mock] is a library to help to mock PHP native functions.
* [Infection] is a PHP implementation of [Mutation Testing] to help to measure the effectiveness of your tests.
[Selenium]: http://seleniumhq.org/
[Selenium]: https://www.seleniumhq.org/
[integrated with PHPUnit]: https://github.com/giorgiosironi/phpunit-selenium/
[Mockery]: https://github.com/padraic/mockery
[PHPUnit]: http://phpunit.de/
[PHPSpec]: http://www.phpspec.net/
[PHPUnit]: https://phpunit.de/
[PHPSpec]: https://www.phpspec.net/
[Prophecy]: https://github.com/phpspec/prophecy
[php-mock]: https://github.com/php-mock/php-mock
[Infection]: https://github.com/infection/infection
[Mutation Testing]: https://en.wikipedia.org/wiki/Mutation_testing

1
_posts/12-01-01-Servers-and-Deployment.md
View File

@@ -1,4 +1,5 @@
---
title: Servers and Deployment
anchor: servers_and_deployment
---

29
_posts/12-03-01-Virtual-or-Dedicated-Servers.md
View File

@@ -1,4 +1,5 @@
---
title: Virtual or Dedicated Servers
isChild: true
anchor: virtual_or_dedicated_servers
---
@@ -20,7 +21,7 @@ especially important on virtual servers that don't have much memory to spare.
### Apache and PHP
PHP and Apache have a long history together. Apache is wildly configurable and has many available
PHP and Apache have a long history together. Apache is wildly configurable and has many available
[modules][apache-modules] to extend functionality. It is a popular choice for shared servers and an easy setup for PHP
frameworks and open source apps like WordPress. Unfortunately, Apache uses more resources than nginx by default and
cannot handle as many visitors at the same time.
@@ -34,20 +35,26 @@ Alternatively, if you want to squeeze more performance and stability out of Apac
same FPM system as nginx and run the [worker MPM] or [event MPM] with mod_fastcgi or mod_fcgid. This configuration will
be significantly more memory efficient and much faster but it is more work to set up.
If you are running Apache 2.4 or later, you can use [mod_proxy_fcgi] to get great performance that is easy to setup.
* [Read more on Apache][apache]
* [Read more on Multi-Processing Modules][apache-MPM]
* [Read more on mod_fastcgi][mod_fastcgi]
* [Read more on mod_fcgid][mod_fcgid]
* [Read more on mod_proxy_fcgi][mod_proxy_fcgi]
* [Read more on setting up Apache and PHP-FPM with mod_proxy_fcgi][tutorial-mod_proxy_fcgi]
[nginx]: http://nginx.org/
[phpfpm]: http://php.net/install.fpm
[nginx]: https://nginx.org/
[phpfpm]: https://secure.php.net/install.fpm
[secure-nginx-phpfpm]: https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/
[apache-modules]: http://httpd.apache.org/docs/2.4/mod/
[prefork MPM]: http://httpd.apache.org/docs/2.4/mod/prefork.html
[worker MPM]: http://httpd.apache.org/docs/2.4/mod/worker.html
[event MPM]: http://httpd.apache.org/docs/2.4/mod/event.html
[apache]: http://httpd.apache.org/
[apache-MPM]: http://httpd.apache.org/docs/2.4/mod/mpm_common.html
[mod_fastcgi]: http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcgi.html
[mod_fcgid]: http://httpd.apache.org/mod_fcgid/
[apache-modules]: https://httpd.apache.org/docs/2.4/mod/
[prefork MPM]: https://httpd.apache.org/docs/2.4/mod/prefork.html
[worker MPM]: https://httpd.apache.org/docs/2.4/mod/worker.html
[event MPM]: https://httpd.apache.org/docs/2.4/mod/event.html
[apache]: https://httpd.apache.org/
[apache-MPM]: https://httpd.apache.org/docs/2.4/mod/mpm_common.html
[mod_fastcgi]: https://blogs.oracle.com/opal/entry/php_fpm_fastcgi_process_manager
[mod_fcgid]: hhttps://httpd.apache.org/mod_fcgid/
[mod_proxy_fcgi]: https://httpd.apache.org/docs/current/mod/mod_proxy_fcgi.html
[tutorial-mod_proxy_fcgi]: https://serversforhackers.com/video/apache-and-php-fpm

2
_posts/12-04-01-Shared-Servers.md
View File

@@ -9,6 +9,6 @@ PHP has shared servers to thank for its popularity. It is hard to find a host wi
the latest version. Shared servers allow you and other developers to deploy websites to a single machine. The upside to
this is that it has become a cheap commodity. The downside is that you never know what kind of a ruckus your
neighboring tenants are going to create; loading down the server or opening up security holes are the main concerns. If
your project's budget can afford to avoid shared servers you should.
your project's budget can afford to avoid shared servers, you should.
To make sure your shared servers are offering the latest versions of PHP, check out [PHP Versions](http://phpversions.info/shared-hosting/).

79
_posts/12-05-01-Building-your-Application.md
View File

@@ -20,40 +20,45 @@ Among the tasks you might want to automate are:
* Deployment
### Build Automation Tools
### Deployment Tools
Build tools can be described as a collection of scripts that handle common tasks of software deployment. The build tool
is not a part of your software, it acts on your software from 'outside'.
Deployment tools can be described as a collection of scripts that handle common tasks of software deployment. The deployment tool is not a part of your software, it acts on your software from 'outside'.
There are many open source tools available to help you with build automation, some are written in PHP others aren't.
This shouldn't hold you back from using them, if they're better suited for the specific job. Here are a few examples:
There are many open source tools available to help you with build automation and deployment, some are written in PHP others aren't. This shouldn't hold you back from using them, if they're better suited for the specific job. Here are a few examples:
[Phing] is the easiest way to get started with automated deployment in the PHP world. With Phing you can control your
packaging, deployment or testing process from within a simple XML build file. Phing (which is based on [Apache Ant])
provides a rich set of tasks usually needed to install or update a web app and can be extended with additional custom
tasks, written in PHP.
[Phing] can control your packaging, deployment or testing process from within a XML build file. Phing (which is based on [Apache Ant]) provides a rich set of tasks usually needed to install or update a web application and can be extended with additional custom tasks, written in PHP. It's a solid and robust tool and has been around for a long time, however the tool could be perceived as a bit old fashioned because of the way it deals with configuration (XML files).
[Capistrano] is a system for *intermediate-to-advanced programmers* to execute commands in a structured, repeatable way
on one or more remote machines. It is pre-configured for deploying Ruby on Rails applications, however people are **successfully deploying PHP systems** with it. Successful use of Capistrano depends on a working knowledge of Ruby and
Rake.
[Capistrano] is a system for *intermediate-to-advanced programmers* to execute commands in a structured, repeatable way on one or more remote machines. It is pre-configured for deploying Ruby on Rails applications, however you can successfully deploy PHP systems with it. Successful use of Capistrano depends on a working knowledge of Ruby and Rake.
Dave Gardner's blog post [PHP Deployment with Capistrano][phpdeploy_capistrano] is a good starting point for PHP
developers interested in Capistrano.
[Rocketeer] gets its inspiration and philosophy from the Laravel framework. Its goal is to be fast, elegant and easy to use with smart defaults. It features multiple servers, multiple stages, atomic deploys and deployment can be performed in parallel. Everything in the tool can be hot swapped or extended, and everything is written in PHP.
[Chef] is more than a deployment framework, it is a very powerful Ruby based system integration framework that doesn't
just deploy your app but can build your whole server environment or virtual boxes.
[Deployer] is a deployment tool written in PHP. It's simple and functional. Features include running tasks in parallel, atomic deployment and keeping consistency between servers. Recipes of common tasks for Symfony, Laravel, Zend Framework and Yii are available. Younes Rafie's article [Easy Deployment of PHP Applications with Deployer][phpdeploy_deployer] is a great tutorial for deploying your application with the tool.
[Deployer] is a deployment tool written in PHP, it's simple and functional. Runs tasks in parallel, atomic deployment, keeps consistency between servers. Recipes of common tasks for Symfony, Laravel, Zend Framework and Yii.
#### Chef resources for PHP developers:
* [Three part blog series about deploying a LAMP application with Chef, Vagrant, and EC2][chef_vagrant_and_ec2]
* [Chef Cookbook which installs and configures PHP and the PEAR package management system][Chef_cookbook]
* [Chef video tutorial series][Chef_tutorial]
[Magallanes] is another tool written in PHP with simple configuration done in YAML files. It has support for multiple servers and environments, atomic deployment, and has some built in tasks that you can leverage for common tools and frameworks.
#### Further reading:
* [Automate your project with Apache Ant][apache_ant_tutorial]
* [Deploying PHP Applications][deploying_php_applications] - paid book on best practices and tools for PHP deployment.
### Server Provisioning
Managing and configuring servers can be a daunting task when faced with many servers. There are tools for dealing with this so you can automate your infrastructure to make sure you have the right servers and that they're configured properly. They often integrate with the larger cloud hosting providers (Amazon Web Services, Heroku, DigitalOcean, etc) for managing instances, which makes scaling an application a lot easier.
[Ansible] is a tool that manages your infrastructure through YAML files. It's simple to get started with and can manage complex and large scale applications. There is an API for managing cloud instances and it can manage them through a dynamic inventory using certain tools.
[Puppet] is a tool that has its own language and file types for managing servers and configurations. It can be used in a master/client setup or it can be used in a "master-less" mode. In the master/client mode the clients will poll the central master(s) for new configuration on set intervals and update itself if necessary. In the master-less mode you can push changes to your nodes.
[Chef] is a powerful Ruby based system integration framework that you can build your whole server environment or virtual boxes with. It integrates well with Amazon Web Services through their service called OpsWorks.
#### Further reading:
* [An Ansible Tutorial][an_ansible_tutorial]
* [Ansible for DevOps][ansible_for_devops] - paid book on everything Ansible
* [Ansible for AWS][ansible_for_aws] - paid book on integrating Ansible and Amazon Web Services
* [Three part blog series about deploying a LAMP application with Chef, Vagrant, and EC2][chef_vagrant_and_ec2]
* [Chef Cookbook which installs and configures PHP and the PEAR package management system][Chef_cookbook]
* [Chef video tutorial series][Chef_tutorial]
### Continuous Integration
@@ -76,18 +81,26 @@ PHP.
* [Continuous Integration with Teamcity][Teamcity]
[buildautomation]: http://en.wikipedia.org/wiki/Build_automation
[Phing]: http://www.phing.info/
[Apache Ant]: http://ant.apache.org/
[Capistrano]: https://github.com/capistrano/capistrano/wiki
[phpdeploy_capistrano]: http://www.davegardner.me.uk/blog/2012/02/13/php-deployment-with-capistrano/
[buildautomation]: https://wikipedia.org/wiki/Build_automation
[Phing]: https://www.phing.info/
[Apache Ant]: https://ant.apache.org/
[Capistrano]: http://capistranorb.com/
[phpdeploy_deployer]: https://www.sitepoint.com/deploying-php-applications-with-deployer/
[Chef]: https://www.chef.io/
[chef_vagrant_and_ec2]: http://www.jasongrimes.org/2012/06/managing-lamp-environments-with-chef-vagrant-and-ec2-1-of-3/
[Chef_cookbook]: https://github.com/chef-cookbooks/php
[Chef_tutorial]: https://www.youtube.com/playlist?list=PL11cZfNdwNyPnZA9D1MbVqldGuOWqbumZ
[apache_ant_tutorial]: http://net.tutsplus.com/tutorials/other/automate-your-projects-with-apache-ant/
[apache_ant_tutorial]: https://code.tutsplus.com/tutorials/automate-your-projects-with-apache-ant--net-18595
[Travis CI]: https://travis-ci.org/
[Jenkins]: http://jenkins-ci.org/
[PHPCI]: http://www.phptesting.org/
[Teamcity]: http://www.jetbrains.com/teamcity/
[Deployer]: https://github.com/deployphp/deployer
[Jenkins]: https://jenkins.io/
[PHPCI]: https://www.phptesting.org/
[Teamcity]: https://www.jetbrains.com/teamcity/
[Deployer]: https://deployer.org/
[Rocketeer]: http://rocketeer.autopergamene.eu/
[Magallanes]: https://www.magephp.com/
[deploying_php_applications]: https://deployingphpapplications.com/
[Ansible]: https://www.ansible.com/
[Puppet]: https://puppet.com/
[ansible_for_devops]: https://leanpub.com/ansible-for-devops
[ansible_for_aws]: https://leanpub.com/ansible-for-aws
[an_ansible_tutorial]: https://serversforhackers.com/an-ansible-tutorial

6
_posts/13-02-01-Vagrant.md
View File

@@ -28,10 +28,10 @@ document controls everything that is installed on the virtual machine.
- [Phansible][Phansible]: provides an easy to use interface that helps you generate Ansible Playbooks for PHP based projects.
[Vagrant]: http://vagrantup.com/
[Puppet]: http://www.puppetlabs.com/
[Vagrant]: https://www.vagrantup.com/
[Puppet]: https://puppet.com/
[Chef]: https://www.chef.io/
[Rove]: http://rove.io/
[Puphpet]: https://puphpet.com/
[Protobox]: http://getprotobox.com/
[Protobox]: https://www.getprotobox.com/
[Phansible]: http://phansible.com/

41
_posts/13-03-01-Docker.md
View File

@@ -5,41 +5,40 @@ anchor: docker
## Docker {#docker_title}
Beside using Vagrant, another easy way to get a virtual development or production environment up and running is [Docker].
Docker helps you to provide Linux containers for all kind of applications.
There are many helpful docker images which could provide you with other great services without the need to install
these services on your local machine, e.g. MySQL or PostgreSQL and a lot more. Have a look at the [Docker Hub Registry]
[docker-hub] to search a list of available pre-built containers, which you can then run and use in very few steps.
[Docker] - a lightweight alternative to a full virtual machine - is so called because it's all about "containers". A container is a building block which, in the simplest case, does one specific job, e.g. running a web server. An "image" is the package you use to build the container - Docker has a repository full of them.
A typical LAMP application might have three containers: a web server, a PHP-FPM process and MySQL. As with shared folders in Vagrant, you can leave your application files where they are and tell Docker where to find them.
You can generate containers from the command line (see example below) or, for ease of maintenance, build a `docker-compose.yml` file for your project specifying which to create and how they communicate with one another.
Docker may help if you're developing multiple websites and want the separation that comes from installing each on it's own virtual machine, but don't have the necessary disk space or the time to keep everything up to date. It's efficient: the installation and downloads are quicker, you only need to store one copy of each image however often it's used, containers need less RAM and share the same OS kernel, so you can have more servers running simultaneously, and it takes a matter of seconds to stop and start them, no need to wait for a full server boot.
### Example: Running your PHP Applications in Docker
After you [installed docker][docker-install] on your machine, you can start an Apache with PHP support in one step.
The following command will download a fully functional Apache installation with the latest PHP version and provide the
directory `/path/to/your/php/files` at `http://localhost:8080`:
After [installing docker][docker-install] on your machine, you can start a web server with one command.
The following will download a fully functional Apache installation with the latest PHP version, map `/path/to/your/php/files` to the document root, which you can view at `http://localhost:8080`:
{% highlight console %}
docker run -d --name my-php-webserver -p 8080:80 -v /path/to/your/php/files:/var/www/html/ php:apache
{% endhighlight %}
After running `docker run` your container is initialized and running.
If you would like to stop or start your container again, you can use the provided name attribute and simply run
`docker stop my-php-webserver` and `docker start my-php-webserver` without providing the above mentioned parameters
again.
This will initialize and launch your container. `-d` makes it runs in the background. To stop and start it, simply run `docker stop my-php-webserver` and `docker start my-php-webserver` (the other parameters are not needed again).
### Learn more about Docker
The commands mentioned above only show a quick way to run an Apache web server with PHP support but there are a lot
more things that you can do with Docker. One of the most important things for PHP developers will be linking your
web server to a database instance, for example. How this could be done is well described within the [Docker User Guide]
[docker-doc].
The command above shows a quick way to run a basic server. There's much more you can do (and thousands of pre-built images in the [Docker Hub][docker-hub]). Take time to learn the terminology and read the [Docker User Guide][docker-doc] to get the most from it, and don't run random code you've downloaded without checking it's safe unofficial images may not have the latest security patches. If in doubt, stick to the [official repositiories][docker-hub-official].
The [PHPDocker.io] site will auto-generate all the files you need for a fully-featured LAMP/LEMP stack, including your choice of PHP version and extensions.
* [Docker Website][Docker]
* [Docker Installation][docker-install]
* [Docker Images at the Docker Hub Registry][docker-hub]
* [Docker User Guide][docker-doc]
* [Docker Hub][docker-hub]
* [Docker Hub - official images][docker-hub-official]
[Docker]: http://docker.com/
[Docker]: https://www.docker.com/
[docker-hub]: https://hub.docker.com/
[docker-install]: https://docs.docker.com/installation/
[docker-doc]: https://docs.docker.com/userguide/
[docker-hub-official]: https://hub.docker.com/explore/
[docker-install]: https://docs.docker.com/install/
[docker-doc]: https://docs.docker.com/
[PHPDocker.io]: https://phpdocker.io/generator

29
_posts/14-02-01-Opcode-Cache.md
View File

@@ -5,30 +5,25 @@ anchor: opcode_cache
## Opcode Cache {#opcode_cache_title}
When a PHP file is executed, under the hood it is first compiled to opcodes and, only then, the opcodes are executed.
If a PHP file is not modified, the opcodes will always be the same. This means that the compilation step is a waste of
CPU resources.
When a PHP file is executed, it must first be compiled into [opcodes](https://secure.php.net/manual/internals2.opcodes.php) (machine language instructions for the CPU). If the source code is unchanged, the opcodes will be the same, so this compilation step becomes a waste of CPU resources.
This is where opcode caches come in. They prevent redundant compilation by storing opcodes in memory and reusing it on
successive calls. Setting up an opcode cache takes a matter of minutes, and your application will speed up
significantly. There's really no reason not to use it.
An opcode cache prevents redundant compilation by storing opcodes in memory and reusing them on successive calls. It will typically check signature or modification time of the file first, in case there have been any changes.
As of PHP 5.5, there is a built-in opcode cache called [OPcache][opcache-book]. It is also available for earlier
versions.
It's likely an opcode cache will make a significant speed improvement to your application. Since PHP 5.5 there is one built in - [Zend OPcache][opcache-book]. Depending on your PHP package/distribution, it's usually turned on by default - check [opcache.enable](https://secure.php.net/manual/opcache.configuration.php#ini.opcache.enable) and the output of `phpinfo()` to make sure. For earlier versions there's a PECL extension.
Read more about opcode caches:
* [OPcache][opcache-book] (built-in since PHP 5.5)
* [APC] (PHP 5.4 and earlier)
* [Zend OPcache][opcache-book] (bundled with PHP since 5.5)
* Zend OPcache (formerly known as Zend Optimizer+) is now [open source][Zend Optimizer+]
* [APC] - PHP 5.4 and earlier
* [XCache]
* [Zend Optimizer+] (part of Zend Server package)
* [WinCache] (extension for MS Windows Server)
* [list of PHP accelerators on Wikipedia][PHP_accelerators]
[opcache-book]: http://php.net/book.opcache
[APC]: http://php.net/book.apc
[XCache]: http://xcache.lighttpd.net/
[Zend Optimizer+]: http://www.zend.com/en/products/zend_server
[WinCache]: http://www.iis.net/download/wincacheforphp
[PHP_accelerators]: http://en.wikipedia.org/wiki/List_of_PHP_accelerators
[opcache-book]: https://secure.php.net/book.opcache
[APC]: https://secure.php.net/book.apc
[XCache]: https://xcache.lighttpd.net/
[Zend Optimizer+]: https://github.com/zendtech/ZendOptimizerPlus
[WinCache]: https://www.iis.net/downloads/microsoft/wincache-extension
[PHP_accelerators]: https://wikipedia.org/wiki/List_of_PHP_accelerators

10
_posts/14-03-01-Object-Caching.md
View File

@@ -48,8 +48,8 @@ object cache to PHP 5.5+, since PHP now has a built-in bytecode cache (OPcache).
### Learn more about popular object caching systems:
* [APCu](https://github.com/krakjoe/apcu)
* [APC Functions](http://php.net/ref.apc)
* [Memcached](http://memcached.org/)
* [Redis](http://redis.io/)
* [XCache APIs](http://xcache.lighttpd.net/wiki/XcacheApi)
* [WinCache Functions](http://php.net/ref.wincache)
* [APC Functions](https://secure.php.net/ref.apc)
* [Memcached](https://memcached.org/)
* [Redis](https://redis.io/)
* [XCache APIs](https://xcache.lighttpd.net/wiki/XcacheApi)
* [WinCache Functions](https://secure.php.net/ref.wincache)

14
_posts/15-02-01-PHPDoc.md
View File

@@ -70,10 +70,10 @@ difference between the second and third methods' doc block is the inclusion/excl
`@return void` explicitly informs us that there is no return; historically omitting the `@return void` statement also results in the same (no return) action.
[tags]: http://www.phpdoc.org/docs/latest/references/phpdoc/tags/index.html
[PHPDoc manual]: http://www.phpdoc.org/docs/latest/index.html
[@author]: http://www.phpdoc.org/docs/latest/references/phpdoc/tags/author.html
[@link]: http://www.phpdoc.org/docs/latest/references/phpdoc/tags/link.html
[@param]: http://www.phpdoc.org/docs/latest/references/phpdoc/tags/param.html
[@return]: http://www.phpdoc.org/docs/latest/references/phpdoc/tags/return.html
[@throws]: http://www.phpdoc.org/docs/latest/references/phpdoc/tags/throws.html
[tags]: https://docs.phpdoc.org/references/phpdoc/tags/index.html
[PHPDoc manual]: https://docs.phpdoc.org/index.html
[@author]: https://docs.phpdoc.org/references/phpdoc/tags/author.html
[@link]: https://docs.phpdoc.org/references/phpdoc/tags/link.html
[@param]: https://docs.phpdoc.org/references/phpdoc/tags/param.html
[@return]: https://docs.phpdoc.org/references/phpdoc/tags/return.html
[@throws]: https://docs.phpdoc.org/references/phpdoc/tags/throws.html

5
_posts/16-02-01-From-the-Source.md
View File

@@ -1,9 +1,10 @@
---
title: From the Source
isChild: true
anchor: from_the_source
---
## From the Source {#from_the_source_title}
* [PHP Website](http://php.net/)
* [PHP Documentation](http://php.net/docs.php)
* [PHP Website](https://secure.php.net/)
* [PHP Documentation](https://secure.php.net/docs.php)

9
_posts/16-03-01-People-to-Follow.md
View File

@@ -1,13 +1,14 @@
---
title: People to Follow
isChild: true
anchor: people_to_follow
---
## People to Follow {#people_to_follow_title}
It's difficult to find interesting and knowledgable PHP
It's difficult to find interesting and knowledgeable PHP
community members when you are first starting out. You can
find a comprehensive list of PHP community members and their
Twitter handles at:
find an abbreviated list of PHP community members to get you started at:
<http://followphpdevs.com/>
* <https://www.ogprogrammer.com/2017/06/28/how-to-get-connected-with-the-php-community/>
* <https://twitter.com/CalEvans/lists/phpeople>

2
_posts/16-04-01-Mentoring.md
View File

@@ -5,4 +5,4 @@ anchor: mentoring
## Mentoring {#mentoring_title}
* [phpmentoring.org](http://phpmentoring.org/) - Formal, peer to peer mentoring in the PHP community.
* [php-mentoring.org](https://php-mentoring.org/) - Formal, peer to peer mentoring in the PHP community.

24
_posts/16-05-01-PHP-PaaS-Providers.md
View File

@@ -1,22 +1,24 @@
---
title: PHP PaaS Providers
isChild: true
anchor: php_paas_providers
---
## PHP PaaS Providers {#php_paas_providers_title}
* [PagodaBox](https://pagodabox.com/)
* [AppFog](https://www.ctl.io/appfog/)
* [Heroku](https://devcenter.heroku.com/categories/php)
* [fortrabbit](http://fortrabbit.com/)
* [Engine Yard Cloud](https://www.engineyard.com/products/cloud)
* [Red Hat OpenShift Platform](http://openshift.com)
* [dotCloud](https://www.dotcloud.com/dev-center/platform-documentation)
* [AWS Elastic Beanstalk](http://aws.amazon.com/elasticbeanstalk/)
* [cloudControl](https://www.cloudcontrol.com/)
* [Windows Azure](http://www.windowsazure.com/)
* [Google App Engine](https://developers.google.com/appengine/docs/php/gettingstarted/)
* [Jelastic](http://jelastic.com/)
* [AWS Elastic Beanstalk](https://aws.amazon.com/elasticbeanstalk/)
* [Cloudways](https://www.cloudways.com/)
* [Engine Yard Cloud](https://www.engineyard.com/features)
* [fortrabbit](https://www.fortrabbit.com/)
* [Google App Engine](https://cloud.google.com/appengine/docs/php/)
* [Heroku](https://devcenter.heroku.com/categories/php-support)
* [IBM Cloud](https://console.bluemix.net/docs/runtimes/php/getting-started.html#getting_started)
* [Jelastic](https://jelastic.com/)
* [Microsoft Azure](https://azure.microsoft.com/)
* [Nanobox](https://nanobox.io/)
* [Pivotal Web Services](https://run.pivotal.io/)
* [Platform.sh](https://platform.sh/)
* [Red Hat OpenShift](https://www.openshift.com/)
To see which versions these PaaS hosts are running, head over to [PHP Versions](http://phpversions.info/paas-hosting/).

6
_posts/16-06-01-Frameworks.md
View File

@@ -19,10 +19,8 @@ Micro-frameworks are essentially a wrapper to route a HTTP request to a callback
possible, and sometimes come with a few extra libraries to assist development such as basic database wrappers and the
like. They are prominently used to build remote HTTP services.
Many frameworks add a considerable number of features on top of what is available in a micro-framework and these are
known Full-Stack Frameworks. These often come bundled with ORMs, Authentication packages, etc.
Many frameworks add a considerable number of features on top of what is available in a micro-framework; these are
called Full-Stack Frameworks. These often come bundled with ORMs, Authentication packages, etc.
Component-based frameworks are collections of specialized and single-purpose libraries. Disparate component-based
frameworks can be used together to make a micro- or full-stack framework.
* [Popular PHP Frameworks](https://github.com/codeguy/php-the-right-way/wiki/Frameworks)

21
_posts/16-07-01-Components.md
View File

@@ -20,9 +20,15 @@ another source of packages which ideally have little to no dependencies on other
For example, you can use the [FuelPHP Validation package], without needing to use the FuelPHP framework itself.
* [Aura]
* CakePHP Components
* [Collection]
* [Database]
* [Datasource]
* [Event]
* [I18n]
* [ORM]
* [FuelPHP]
* [Hoa Project]
* [Orno]
* [Symfony Components]
* [The League of Extraordinary Packages]
* Laravel's Illuminate Components
@@ -38,13 +44,18 @@ components best decoupled from the Laravel framework are listed above._
[PEAR]: /#pear
[Dependency Management]: /#dependency_management
[FuelPHP Validation package]: https://github.com/fuelphp/validation
[Aura]: http://auraphp.com/framework/2.x/en/
[Aura]: http://auraphp.com/framework/
[FuelPHP]: https://github.com/fuelphp
[Hoa Project]: https://github.com/hoaproject
[Orno]: https://github.com/orno
[Symfony Components]: http://symfony.com/doc/current/components/index.html
[The League of Extraordinary Packages]: http://thephpleague.com/
[Symfony Components]: https://symfony.com/doc/current/components/index.html
[The League of Extraordinary Packages]: https://thephpleague.com/
[IoC Container]: https://github.com/illuminate/container
[Eloquent ORM]: https://github.com/illuminate/database
[Queue]: https://github.com/illuminate/queue
[Illuminate components]: https://github.com/illuminate
[Collection]: https://github.com/cakephp/collection
[Database]: https://github.com/cakephp/database
[Datasource]: https://github.com/cakephp/datasource
[Event]: https://github.com/cakephp/event
[I18n]: https://github.com/cakephp/i18n
[ORM]: https://github.com/cakephp/orm

15
_posts/16-08-01-Sites.md
View File

@@ -16,7 +16,20 @@ PHP versions
* [PHP Best Practices](https://phpbestpractices.org/)
* [Best practices for Modern PHP Development](https://www.airpair.com/php/posts/best-practices-for-modern-php-development)
* [Why You Should Be Using Supported PHP Versions](https://kinsta.com/blog/php-versions/)
### News around the PHP and web development communities
You can subscribe to weekly newsletters to keep yourself informed on new libraries, latest news, events and general
announcements, as well as additional resources being published every now and then:
* [PHP Weekly](http://www.phpweekly.com)
* [JavaScript Weekly](https://javascriptweekly.com/)
* [Frontend Focus](https://frontendfoc.us/)
* [Mobile Web Weekly](https://mobiledevweekly.com/)
There are also Weeklies on other platforms you might be interested in; here's [a list of some](https://github.com/jondot/awesome-weekly).
### PHP universe
* [PHP Developer blog](http://blog.phpdeveloper.org/)
* [PHP Developer blog](https://blog.phpdeveloper.org/)

10
_posts/16-09-01-Videos.md
View File

@@ -6,7 +6,7 @@ title: Video Tutorials
## Video Tutorials {#videos}
### Youtube Channels
### YouTube Channels
* [PHP Academy](https://www.youtube.com/user/phpacademy)
* [The New Boston](https://www.youtube.com/user/thenewboston)
* [Sherif Ramadan](https://www.youtube.com/user/businessgeek)
@@ -14,8 +14,8 @@ title: Video Tutorials
### Paid Videos
* [Standards and Best practices](http://teamtreehouse.com/library/standards-and-best-practices)
* [PHP Training on Pluralsight](http://www.pluralsight.com/search/?searchTerm=php)
* [PHP Training on Lynda.com](http://www.lynda.com/search?q=php)
* [PHP Training on Tutsplus](http://code.tutsplus.com/categories/php/courses)
* [Standards and Best practices](https://teamtreehouse.com/library/php-standards-and-best-practices)
* [PHP Training on Pluralsight](https://www.pluralsight.com/search?q=php)
* [PHP Training on Lynda.com](https://www.lynda.com/search?q=php)
* [PHP Training on Tutsplus](https://code.tutsplus.com/categories/php/courses)
* [Laracasts](https://laracasts.com/)

15
_posts/16-10-01-Books.md
View File

@@ -5,9 +5,7 @@ anchor: books
## Books {#books_title}
There are a lot of books around for PHP but some are sadly now quite old and no longer contain accurate information.
There are even books published for "PHP 6" which does not exist, and will not now ever exist. The next major version of
PHP will be named "PHP 7" because of those books.
There are many PHP books; sadly some are now quite old and no longer accurate. In particular, avoid books on "PHP 6", a version that will now never exist. The next major release of PHP after 5.6 was "PHP 7", [partly because of this](https://wiki.php.net/rfc/php6).
This section aims to be a living document for recommended books on PHP development in general. If you would like your
book to be added, send a PR and it will be reviewed for relevancy.
@@ -21,16 +19,17 @@ for modern, secure, and fast cryptography.
### Paid Books
* [Build APIs You Won't Hate](https://leanpub.com/build-apis-you-wont-hate) - Everyone and their dog wants an API,
* [Build APIs You Won't Hate](https://apisyouwonthate.com/) - Everyone and their dog wants an API,
so you should probably learn how to build them.
* [Modern PHP](http://shop.oreilly.com/product/0636920033868.do) - covers modern PHP features, best practices, testing, tuning, deployment and setting up a dev environment.
* [Building Secure PHP Apps](https://leanpub.com/buildingsecurephpapps) - Learn the security basics that a senior
developer usually acquires over years of experience, all condensed down into one quick and easy handbook
* [Modernizing Legacy Applications In PHP](https://leanpub.com/mlaphp) - Get your code under control in a series of
small, specific steps
* [Securing PHP: Core Concepts](https://leanpub.com/securingphp-coreconcepts) - A guide to some of the most common
security terms and provides some examples of them in every day PHP
* [Scaling PHP]( https://leanpub.com/scalingphp) - Stop playing sysadmin and get back to coding
* [Signaling PHP]( https://leanpub.com/signalingphp) - PCNLT signals are a great help when writing PHP scripts that
* [Scaling PHP](http://www.scalingphpbook.com/) - Stop playing sysadmin and get back to coding
* [Signaling PHP](https://leanpub.com/signalingphp) - PCNLT signals are a great help when writing PHP scripts that
run from the command line.
* [The Grumpy Programmer's Guide To Building Testable PHP Applications](https://leanpub.com/grumpy-testing) - Learning
to write testable code doesn't have to suck
* [Minimum Viable Tests](https://leanpub.com/minimumviabletests) - Long-time PHP testing evangelist Chris Hartjes goes over what he feels is the minimum you need to know to get started.
* [Domain-Driven Design in PHP](https://leanpub.com/ddd-in-php) - See real examples written in PHP showcasing Domain-Driven Design Architectural Styles (Hexagonal Architecture, CQRS or Event Sourcing), Tactical Design Patterns, and Bounded Context Integration.

6
_posts/17-01-01-Community.md
View File

@@ -14,8 +14,8 @@ friends! Other community resources include the Google+ PHP [Programmer community
[Read the Official PHP Events Calendar][php-calendar]
[php-irc]: http://webchat.freenode.net/?channels=phpc
[php-irc]: https://webchat.freenode.net/?channels=phpc
[phpc-twitter]: https://twitter.com/phpc
[php-programmers-gplus]: https://plus.google.com/u/0/communities/104245651975268426012
[php-so]: http://stackoverflow.com/questions/tagged/php
[php-calendar]: http://php.net/cal.php
[php-so]: https://stackoverflow.com/questions/tagged/php
[php-calendar]: https://secure.php.net/cal.php

9
_posts/17-02-01-User-Groups.md
View File

@@ -6,9 +6,9 @@ anchor: user_groups
## PHP User Groups {#user_groups_title}
If you live in a larger city, odds are there's a PHP user group nearby. You can easily find your local PUG at
the [usergroup-list at php.net][php-uglist] which is based upon [PHP.ug][php-ug]. Alternate sources might be
[Meetup.com][meetup] or a search for ```php user group near me``` using your favourite search engine
(i.e. [Google][google]). If you live in a smaller town, there may not be a local PUG; if that's the case, start one!
[PHP.ug][php-ug]. Alternate sources might be [Meetup.com][meetup] or a search for ```php user group near me```
using your favorite search engine (i.e. [Google][google]). If you live in a smaller town, there may not be a
local PUG; if that's the case, start one!
Special mention should be made of two global user groups: [NomadPHP] and [PHPWomen]. [NomadPHP] offers twice monthly
online user group meetings with presentations by some of the top speakers in the PHP community.
@@ -20,8 +20,7 @@ generally promote the creating of a "female friendly" and professional atmospher
[google]: https://www.google.com/search?q=php+user+group+near+me
[meetup]: http://www.meetup.com/find/
[php-ug]: http://php.ug/
[php-ug]: https://php.ug/
[NomadPHP]: https://nomadphp.com/
[PHPWomen]: http://phpwomen.org/
[php-wiki]: https://wiki.php.net/usergroups
[php-uglist]: http://php.net/ug.php

2
_posts/17-03-01-Conferences.md
View File

@@ -12,4 +12,4 @@ industry leaders.
[Find a PHP Conference][php-conf]
[php-conf]: http://php.net/conferences/index.php
[php-conf]: https://secure.php.net/conferences/index.php

4
_posts/17-04-01-Elephpants.md
View File

@@ -10,6 +10,6 @@ anchor: elephpants
[Interview with Vincent Pontier][vincent-pontier-interview]
[elephpant]: http://php.net/elephpant.php
[vincent-pontier-interview]: http://7php.com/elephpant/
[elephpant]: https://secure.php.net/elephpant.php
[vincent-pontier-interview]: https://7php.com/elephpant/
[vincent-pontier]: http://www.elroubio.net/