info/php-the-right-way
1
0
Fork 0
mirror of https://github.com/codeguy/php-the-right-way.git synced 2025-08-29 08:11:11 +02:00
Code Issues Projects Releases Wiki Activity

Style consistency Round 2

Browse Source 
- spacing of jekyll tags at top of file
- line wrap at 120 chars
- url/link verification and move to bottom and order
This commit is contained in:
jrfnl
2014-12-08 05:16:00 +01:00
parent 3f66f074d5
commit 87202921c7
33 changed files with 565 additions and 399 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
_posts/03-06-01-XDebug.md
View File

@@ -11,8 +11,8 @@ code and monitor the contents of the stack. XDebug, PHP's debugger, can be utili
Breakpoints and stack inspection. It can also allow tools like PHPUnit and KCacheGrind to perform code coverage
analysis and code profiling.
If you find yourself in a bind, willing to resort to var_dump/print_r, and you still can't find the solution - maybe
you need to use the debugger.
If you find yourself in a bind, willing to resort to `var_dump()`/`print_r()`, and you still can't find the solution -
maybe you need to use the debugger.
[Installing XDebug][xdebug-install] can be tricky, but one of its most important features is "Remote Debugging" - if
you develop code locally and then test it inside a VM or on another server, Remote Debugging is the feature that you

5
_posts/08-01-01-Templating.md
View File

@@ -1,5 +1,5 @@
---
title: Templating
title: Templating
anchor: templating
---
@@ -8,5 +8,4 @@ anchor: templating
Templates provide a convenient way of separating your controller and domain logic from your presentation logic.
Templates typically contain the HTML of your application, but may also be used for other formats, such as XML.
Templates are often referred to as "views", which make up **part of** the second component of the
[modelviewcontroller](http://www.phptherightway.com/pages/Design-Patterns.html#model-view-controller) (MVC)
software architecture pattern.
[modelviewcontroller](/pages/Design-Patterns.html#model-view-controller) (MVC) software architecture pattern.

2
_posts/08-02-01-Benefits.md
View File

@@ -1,6 +1,6 @@
---
isChild: true
anchor: templating_benefits
anchor: templating_benefits
---
## Benefits {#templating_benefits_title}

17
_posts/08-03-01-Plain-PHP-Templates.md
View File

@@ -1,6 +1,6 @@
---
isChild: true
anchor: plain_php_templates
anchor: plain_php_templates
---
## Plain PHP Templates {#plain_php_templates_title}
@@ -12,13 +12,12 @@ code editors already have PHP syntax highlighting and auto-completion built-in.
very fast as no compiling stage is required.
Every modern PHP framework employs some kind of template system, most of which use plain PHP by default. Outside of
frameworks, libraries like [Plates](http://platesphp.com/) or [Aura.View](https://github.com/auraphp/Aura.View) make
working with plain PHP templates easier by offering modern template functionality such as inheritance, layouts and
extensions.
frameworks, libraries like [Plates][plates] or [Aura.View][aura] make working with plain PHP templates easier by
offering modern template functionality such as inheritance, layouts and extensions.
### Simple example of a plain PHP template
Using the [Plates](http://platesphp.com/) library.
Using the [Plates][plates] library.
{% highlight php %}
<?php // user_profile.php ?>
@@ -33,7 +32,7 @@ Using the [Plates](http://platesphp.com/) library.
### Example of plain PHP templates using inheritance
Using the [Plates](http://platesphp.com/) library.
Using the [Plates][plates] library.
{% highlight php %}
<?php // template.php ?>
@@ -59,4 +58,8 @@ Using the [Plates](http://platesphp.com/) library.
<h1>User Profile</h1>
<p>Hello, <?=$this->escape($name)?></p>
{% endhighlight %}
{% endhighlight %}
[plates]: http://platesphp.com/
[aura]: https://github.com/auraphp/Aura.View

28
_posts/08-04-01-Compiled-Templates.md
View File

@@ -1,24 +1,22 @@
---
isChild: true
anchor: compiled_templates
anchor: compiled_templates
---
## Compiled Templates {#compiled_templates}
While PHP has evolved into a mature, object oriented language, it
[hasn't improved much](http://fabien.potencier.org/article/34/templating-engines-in-php) as a templating language.
Compiled templates, like [Twig](http://twig.sensiolabs.org/) or [Smarty](http://www.smarty.net/)*, fill this void by
offering a new syntax that has been geared specifically to templating. From automatic escaping, to inheritance and
simplified control structures, compiled templates are designed to be easier to write, cleaner to read and safer to use.
Compiled templates can even be shared across different languages, [Mustache](http://mustache.github.io/) being a good
example of this. Since these templates must be compiled there is a slight performance hit, however this is very minimal
when proper caching is used.
While PHP has evolved into a mature, object oriented language, it [hasn't improved much][article_templating_engines] as
a templating language. Compiled templates, like [Twig] or [Smarty]*, fill this void by offering a new syntax that has
been geared specifically to templating. From automatic escaping, to inheritance and simplified control structures,
compiled templates are designed to be easier to write, cleaner to read and safer to use. Compiled templates can even be
shared across different languages, [Mustache] being a good example of this. Since these templates must be compiled
there is a slight performance hit, however this is very minimal when proper caching is used.
**While Smarty offers automatic escaping, this feature is NOT enabled by default.*
### Simple example of a compiled template
Using the [Twig](http://twig.sensiolabs.org/) library.
Using the [Twig] library.
{% highlight text %}
{% raw %}
@@ -33,7 +31,7 @@ Using the [Twig](http://twig.sensiolabs.org/) library.
### Example of compiled templates using inheritance
Using the [Twig](http://twig.sensiolabs.org/) library.
Using the [Twig] library.
{% highlight text %}
{% raw %}
@@ -66,4 +64,10 @@ Using the [Twig](http://twig.sensiolabs.org/) library.
<p>Hello, {{ name }}</p>
{% endblock %}
{% endraw %}
{% endhighlight %}
{% endhighlight %}
[article_templating_engines]: http://fabien.potencier.org/article/34/templating-engines-in-php
[Twig]: http://twig.sensiolabs.org/
[Smarty]: http://www.smarty.net/
[Mustache]: http://mustache.github.io/

34
_posts/08-05-01-Further-Reading.md
View File

@@ -1,28 +1,28 @@
---
isChild: true
anchor: templating_further_reading
anchor: templating_further_reading
---
## Further Reading {#templating_further_reading_title}
### Articles & Tutorials
- [Templating Engines in PHP](http://fabien.potencier.org/article/34/templating-engines-in-php)
- [An Introduction to Views & Templating in CodeIgniter](http://code.tutsplus.com/tutorials/an-introduction-to-views-templating-in-codeigniter--net-25648)
- [Getting Started With PHP Templating](http://www.smashingmagazine.com/2011/10/17/getting-started-with-php-templating/)
- [Roll Your Own Templating System in PHP](http://code.tutsplus.com/tutorials/roll-your-own-templating-system-in-php--net-16596)
- [Master Pages](https://laracasts.com/series/laravel-from-scratch/episodes/7)
- [Working With Templates in Symfony 2](http://code.tutsplus.com/tutorials/working-with-templates-in-symfony-2--cms-21172)
* [Templating Engines in PHP](http://fabien.potencier.org/article/34/templating-engines-in-php)
* [An Introduction to Views & Templating in CodeIgniter](http://code.tutsplus.com/tutorials/an-introduction-to-views-templating-in-codeigniter--net-25648)
* [Getting Started With PHP Templating](http://www.smashingmagazine.com/2011/10/17/getting-started-with-php-templating/)
* [Roll Your Own Templating System in PHP](http://code.tutsplus.com/tutorials/roll-your-own-templating-system-in-php--net-16596)
* [Master Pages](https://laracasts.com/series/laravel-from-scratch/episodes/7)
* [Working With Templates in Symfony 2](http://code.tutsplus.com/tutorials/working-with-templates-in-symfony-2--cms-21172)
### Libraries
- [Aura.View](https://github.com/auraphp/Aura.View) *(native)*
- [Blade](http://laravel.com/docs/templates) *(compiled, framework specific)*
- [Dwoo](http://dwoo.org/) *(compiled)*
- [Latte](https://github.com/nette/latte) *(compiled)*
- [Mustache](https://github.com/bobthecow/mustache.php) *(compiled)*
- [PHPTAL](http://phptal.org/) *(compiled)*
- [Plates](http://platesphp.com/) *(native)*
- [Smarty](http://www.smarty.net/) *(compiled)*
- [Twig](http://twig.sensiolabs.org/) *(compiled)*
- [Zend\View](http://framework.zend.com/manual/2.3/en/modules/zend.view.quick-start.html) *(native, framework specific)*
* [Aura.View](https://github.com/auraphp/Aura.View) *(native)*
* [Blade](http://laravel.com/docs/templates) *(compiled, framework specific)*
* [Dwoo](http://dwoo.org/) *(compiled)*
* [Latte](https://github.com/nette/latte) *(compiled)*
* [Mustache](https://github.com/bobthecow/mustache.php) *(compiled)*
* [PHPTAL](http://phptal.org/) *(compiled)*
* [Plates](http://platesphp.com/) *(native)*
* [Smarty](http://www.smarty.net/) *(compiled)*
* [Twig](http://twig.sensiolabs.org/) *(compiled)*
* [Zend\View](http://framework.zend.com/manual/2.3/en/modules/zend.view.quick-start.html) *(native, framework specific)*

2
_posts/09-01-01-Errors-and-Exceptions.md
View File

@@ -1,5 +1,5 @@
---
title: Errors and Exceptions
title: Errors and Exceptions
anchor: errors_and_exceptions
---

109
_posts/09-02-01-Errors.md
View File

@@ -1,6 +1,6 @@
---
---
isChild: true
anchor: errors
anchor: errors
---
## Errors {#errors_title}
@@ -18,8 +18,8 @@ php > echo $foo;
Notice: Undefined variable: foo in php shell code on line 1
{% endhighlight %}
This is only a notice error, and PHP will happily carry on. This can be confusing for those coming from "exception-heavy"
languages, because referencing a missing variable in Python for example will throw an exception:
This is only a notice error, and PHP will happily carry on. This can be confusing for those coming from
"exception-heavy" languages, because referencing a missing variable in Python for example will throw an exception:
{% highlight console %}
$ python
@@ -31,63 +31,74 @@ NameError: name 'foo' is not defined
The only real difference is that Python will freak out over any small thing, so that developers can be super sure any
potential issue or edge-case is caught, whereas PHP will keep on processing unless something extreme happens, at which
point it will throw an error and report it.
point it will throw an error and report it.
### Error Severity
PHP has several levels of error severity. The three most common types of messages are errors, notices and warnings.
These have different levels of severity; `E_ERROR`, `E_NOTICE`, and `E_WARNING`. Errors are fatal run-time errors and
are usually caused by faults in your code and need to be fixed as they'll cause PHP to stop executing. Notices are advisory messages caused by code that may or may not cause problems during the execution of the script, execution is not halted. Warnings are non-fatal errors, execution of the script will not be halted.
PHP has several levels of error severity. The three most common types of messages are errors, notices and warnings.
These have different levels of severity; `E_ERROR`, `E_NOTICE`, and `E_WARNING`. Errors are fatal run-time errors and
are usually caused by faults in your code and need to be fixed as they'll cause PHP to stop executing. Notices are
advisory messages caused by code that may or may not cause problems during the execution of the script, execution is
not halted. Warnings are non-fatal errors, execution of the script will not be halted.
Another type of error message reported at compile time are `E_STRICT` messages. These messages are used to suggest
changes to your code to help ensure best interoperability and forward compatibility with upcoming versions of PHP.
### Changing PHP's Error Reporting Behaviour
Error Reporting can be changed by using PHP settings and/or PHP function calls. Using the built in PHP function
`error_reporting()` you can set the level of errors for the duration of the script execution by passing one of the
predefined error level constants, meaning if you only want to see Warnings and Errors - but not Notices - then
you can configure that:
Error Reporting can be changed by using PHP settings and/or PHP function calls. Using the built in PHP function
`error_reporting()` you can set the level of errors for the duration of the script execution by passing one of the
predefined error level constants, meaning if you only want to see Warnings and Errors - but not Notices - then you can
configure that:
{% highlight php %}
<?php
error_reporting(E_ERROR | E_WARNING);
{% endhighlight %}
You can also control whether or not errors are displayed to the screen (good for development) or hidden, and logged
You can also control whether or not errors are displayed to the screen (good for development) or hidden, and logged
(good for production). For more information on this check out the [Error Reporting][errorreport] section.
### Inline Error Suppression
You can also tell PHP to suppress specific errors with the Error Control Operator `@`. You put
this operator at the beginning of an expression, and any error that's a direct result of the expression is silenced.
You can also tell PHP to suppress specific errors with the Error Control Operator `@`. You put this operator at the
beginning of an expression, and any error that's a direct result of the expression is silenced.
{% highlight php %}
<?php
echo @$foo['bar'];
{% endhighlight %}
This will output `$foo['bar']` if it exists, but will simply return a null and print nothing if the variable `$foo` or
`'bar'` key does not exist. Without the error control operator, this expression could create a `PHP Notice: Undefined variable: foo` or `PHP Notice: Undefined index: bar` error.
This will output `$foo['bar']` if it exists, but will simply return a null and print nothing if the variable `$foo` or
`'bar'` key does not exist. Without the error control operator, this expression could create a `PHP Notice: Undefined
variable: foo` or `PHP Notice: Undefined index: bar` error.
This might seem like a good idea, but there are a few undesirable tradeoffs. PHP handles expressions using an `@` in a less performant way than expressions without an `@`. Premature optimization may be the root of all programming arguments, but if performance is particularly important for your application/library it's important to understand the error control operator's performance implications.
This might seem like a good idea, but there are a few undesirable tradeoffs. PHP handles expressions using an `@` in a
less performant way than expressions without an `@`. Premature optimization may be the root of all programming
arguments, but if performance is particularly important for your application/library it's important to understand the
error control operator's performance implications.
Secondly, the error control operator **completely** swallows the error. The error is not displayed, and the error is not sent to the error log. Also, stock/production PHP systems have no way to turn off the error control operator. While you may be correct that the error you're seeing is harmless, a different, less harmless error will be just as silent.
Secondly, the error control operator **completely** swallows the error. The error is not displayed, and the error is
not sent to the error log. Also, stock/production PHP systems have no way to turn off the error control operator. While
you may be correct that the error you're seeing is harmless, a different, less harmless error will be just as silent.
If there's a way to avoid the error suppression operator, you should consider it. For example, our code above could be rewritten like this
If there's a way to avoid the error suppression operator, you should consider it. For example, our code above could be
rewritten like this:
{% highlight php %}
<?php
echo isset($foo['bar']) ? $foo['bar'] : '';
{% endhighlight %}
One instance where error suppression might make sense is where `fopen()` fails to find a file to load. You could check
for the existence of the file before you try to load it, but if the file is deleted after the check and before the `fopen()`
(which might sound impossible, but it can happen) then `fopen()` will return false _and_ throw an error. This is
potentially something PHP should resolve, but is one case where error suppression might seem like the only valid
One instance where error suppression might make sense is where `fopen()` fails to find a file to load. You could check
for the existence of the file before you try to load it, but if the file is deleted after the check and before the
`fopen()` (which might sound impossible, but it can happen) then `fopen()` will return false _and_ throw an error. This
is potentially something PHP should resolve, but is one case where error suppression might seem like the only valid
solution.
Earlier we mentioned there's no way in a stock PHP system to turn off the error control operator. However, [xDebug] has an `xdebug.scream` ini setting which will disable the error control operator. You can set this via your `php.ini` file with the following.
Earlier we mentioned there's no way in a stock PHP system to turn off the error control operator. However, [xDebug] has
an `xdebug.scream` ini setting which will disable the error control operator. You can set this via your `php.ini` file
with the following.
{% highlight ini %}
xdebug.scream = On
@@ -100,39 +111,49 @@ You can also set this value at runtime with the `ini_set` function
ini_set('xdebug.scream', '1')
{% endhighlight %}
The "[Scream]" PHP extension offers similar functionality to xDebug's, although Scream's ini setting is named `scream.enabled`.
The "[Scream]" PHP extension offers similar functionality to xDebug's, although Scream's ini setting is named
`scream.enabled`.
This is most useful when you're debugging code and suspect an informative error is suppressed. Use scream with care, and as a temporary debugging tool. There's lots of PHP library code that may not work with the error control operator disabled.
This is most useful when you're debugging code and suspect an informative error is suppressed. Use scream with care,
and as a temporary debugging tool. There's lots of PHP library code that may not work with the error control operator
disabled.
* [Error Control Operators](http://php.net/language.operators.errorcontrol)
* [SitePoint](http://www.sitepoint.com/)
* [Error Control Operators]
* [SitePoint]
* [xDebug]
* [Scream]
[xDebug]: http://xdebug.org/docs/basic
[Scream]: http://php.net/book.scream
### ErrorException
PHP is perfectly capable of being an "exception-heavy" programming language, and only requires a few lines of code to
make the switch. Basically you can throw your "errors" as "exceptions" using the `ErrorException` class, which extends the `Exception` class.
PHP is perfectly capable of being an "exception-heavy" programming language, and only requires a few lines of code to
make the switch. Basically you can throw your "errors" as "exceptions" using the `ErrorException` class, which extends
the `Exception` class.
This is a common practice implemented by a large number of modern frameworks such as Symfony and Laravel. By default
Laravel will display all errors as exceptions using the [Whoops!] package if the `app.debug` switch is turned on, then
hide them if the switch is turned off.
This is a common practice implemented by a large number of modern frameworks such as Symfony and Laravel. By default
Laravel will display all errors as exceptions using the [Whoops!] package if the `app.debug` switch is turned on, then
hide them if the switch is turned off.
By throwing errors as exceptions in development you can handle them better than the usual result, and if you see an
exception during development you can wrap it in a catch statement with specific instructions on how to handle the situation. Each exception you catch instantly makes your application that little bit more robust.
By throwing errors as exceptions in development you can handle them better than the usual result, and if you see an
exception during development you can wrap it in a catch statement with specific instructions on how to handle the
situation. Each exception you catch instantly makes your application that little bit more robust.
More information on this and details on how to use `ErrorException` with error handling can be found at
[ErrorException Class][errorexception].
More information on this and details on how to use `ErrorException` with error handling can be found at
[ErrorException Class][errorexception].
* [Error Control Operators](http://php.net/language.operators.errorcontrol)
* [Predefined Constants for Error Handling](http://php.net/errorfunc.constants)
* [error_reporting](http://php.net/function.error-reporting)
* [Error Control Operators]
* [Predefined Constants for Error Handling]
* [`error_reporting()`][error_reporting]
* [Reporting][errorreport]
[errorexception]: http://php.net/class.errorexception
[errorreport]: /#error_reporting
[xDebug]: http://xdebug.org/docs/basic
[Scream]: http://php.net/book.scream
[Error Control Operators]: http://php.net/language.operators.errorcontrol
[SitePoint]: http://www.sitepoint.com/
[Whoops!]: http://filp.github.io/whoops/
[errorexception]: http://php.net/class.errorexception
[Predefined Constants for Error Handling]: http://php.net/errorfunc.constants
[error_reporting]: http://php.net/function.error-reporting

47
_posts/09-03-01-Exceptions.md
View File

@@ -1,24 +1,25 @@
---
isChild: true
anchor: exceptions
anchor: exceptions
---
## Exceptions {#exceptions_title}
Exceptions are a standard part of most popular programming languages, but they are often overlooked by PHP programmers.
Languages like Ruby are extremely Exception heavy, so whenever something goes wrong such as a HTTP request failing, or
a DB query goes wrong, or even if an image asset could not be found, Ruby (or the gems being used) will throw an
exception to the screen meaning you instantly know there is a mistake.
Exceptions are a standard part of most popular programming languages, but they are often overlooked by PHP programmers.
Languages like Ruby are extremely Exception heavy, so whenever something goes wrong such as a HTTP request failing, or
a DB query goes wrong, or even if an image asset could not be found, Ruby (or the gems being used) will throw an
exception to the screen meaning you instantly know there is a mistake.
PHP itself is fairly lax with this, and a call to `file_get_contents()` will usually just get you a `FALSE` and a warning.
Many older PHP frameworks like CodeIgniter will just return a false, log a message to their proprietary logs and maybe
let you use a method like `$this->upload->get_error()` to see what went wrong. The problem here is that you have to go
looking for a mistake and check the docs to see what the error method is for this class, instead of having it made extremely
obvious.
PHP itself is fairly lax with this, and a call to `file_get_contents()` will usually just get you a `FALSE` and a
warning.
Many older PHP frameworks like CodeIgniter will just return a false, log a message to their proprietary logs and maybe
let you use a method like `$this->upload->get_error()` to see what went wrong. The problem here is that you have to go
looking for a mistake and check the docs to see what the error method is for this class, instead of having it made
extremely obvious.
Another problem is when classes automatically throw an error to the screen and exit the process. When you do this you
stop another developer from being able to dynamically handle that error. Exceptions should be thrown to make a developer
aware of an error; they then can choose how to handle this. E.g.:
Another problem is when classes automatically throw an error to the screen and exit the process. When you do this you
stop another developer from being able to dynamically handle that error. Exceptions should be thrown to make a
developer aware of an error; they then can choose how to handle this. E.g.:
{% highlight php %}
<?php
@@ -47,28 +48,30 @@ finally
### SPL Exceptions
The generic `Exception` class provides very little debugging context for the developer; however, to remedy this,
it is possible to create a specialized `Exception` type by sub-classing the generic `Exception` class:
The generic `Exception` class provides very little debugging context for the developer; however, to remedy this, it is
possible to create a specialized `Exception` type by sub-classing the generic `Exception` class:
{% highlight php %}
<?php
class ValidationException extends Exception {}
{% endhighlight %}
This means you can add multiple catch blocks and handle different Exceptions differently. This can lead to
the creation of a <em>lot</em> of custom Exceptions, some of which could have been avoided using the SPL Exceptions
provided in the [SPL extension][splext].
This means you can add multiple catch blocks and handle different Exceptions differently. This can lead to the
creation of a <em>lot</em> of custom Exceptions, some of which could have been avoided using the SPL Exceptions
provided in the [SPL extension][splext].
If for example you use the `__call()` Magic Method and an invalid method is requested then instead of throwing a standard
Exception which is vague, or creating a custom Exception just for that, you could just `throw new BadMethodCallException;`.
If for example you use the `__call()` Magic Method and an invalid method is requested then instead of throwing a
standard Exception which is vague, or creating a custom Exception just for that, you could just
`throw new BadMethodCallException;`.
* [Read about Exceptions][exceptions]
* [Read about SPL Exceptions][splexe]
* [Nesting Exceptions In PHP][nesting-exceptions-in-php]
* [Exception Best Practices in PHP 5.3][exception-best-practices53]
[splext]: /#standard_php_library
[exceptions]: http://php.net/language.exceptions
[splexe]: http://php.net/spl.exceptions
[splext]: /#standard_php_library
[exception-best-practices53]: http://ralphschindler.com/2010/09/15/exception-best-practices-in-php-5-3
[nesting-exceptions-in-php]: http://www.brandonsavage.net/exceptional-php-nesting-exceptions-in-php/
[exception-best-practices53]: http://ralphschindler.com/2010/09/15/exception-best-practices-in-php-5-3

9
_posts/10-02-01-Web-Application-Security.md
View File

@@ -1,14 +1,17 @@
---
isChild: true
anchor: web_application_security
anchor: web_application_security
---
## Web Application Security {#web_application_security_title}
There are bad people ready and willing to exploit your web application. It is important that you
take necessary precautions to harden your web application's security. Luckily, the fine folks at [The Open Web Application Security Project][1] (OWASP) have compiled a comprehensive list of known security issues and methods to protect yourself against them. This is a must read for the security-conscious developer.
There are bad people ready and willing to exploit your web application. It is important that you take necessary
precautions to harden your web application's security. Luckily, the fine folks at
[The Open Web Application Security Project][1] (OWASP) have compiled a comprehensive list of known security issues and
methods to protect yourself against them. This is a must read for the security-conscious developer.
* [Read the OWASP Security Guide][2]
[1]: https://www.owasp.org/
[2]: https://www.owasp.org/index.php/Guide_Table_of_Contents

23
_posts/10-03-01-Password-Hashing.md
View File

@@ -1,19 +1,28 @@
---
isChild: true
anchor: password_hashing
anchor: password_hashing
---
## Password Hashing {#password_hashing_title}
Eventually everyone builds a PHP application that relies on user login. Usernames and passwords are stored in a database and later used to authenticate users upon login.
Eventually everyone builds a PHP application that relies on user login. Usernames and passwords are stored in a
database and later used to authenticate users upon login.
It is important that you properly [_hash_][3] passwords before storing them. Password hashing is an irreversible, one way function performed against the user's password. This produces a fixed-length string that cannot be feasibly reversed. This means you can compare a hash against another to determine if they both came from the same source string, but you cannot determine the original string. If passwords are not hashed and your database is accessed by an unauthorized third-party, all user accounts are now compromised. Some users may (unfortunately) use the same password for other services. Therefore, it is important to take security seriously.
It is important that you properly [_hash_][3] passwords before storing them. Password hashing is an irreversible, one
way function performed against the user's password. This produces a fixed-length string that cannot be feasibly
reversed. This means you can compare a hash against another to determine if they both came from the same source string,
but you cannot determine the original string. If passwords are not hashed and your database is accessed by an
unauthorized third-party, all user accounts are now compromised. Some users may (unfortunately) use the same password
for other services. Therefore, it is important to take security seriously.
**Hashing passwords with `password_hash`**
In PHP 5.5 `password_hash` was introduced. At this time it is using BCrypt, the strongest algorithm currently supported by PHP. It will be updated in the future to support more algorithms as needed though. The `password_compat` library was created to provide forward compatibility for PHP >= 5.3.7.
In PHP 5.5 `password_hash` was introduced. At this time it is using BCrypt, the strongest algorithm currently supported
by PHP. It will be updated in the future to support more algorithms as needed though. The `password_compat` library was
created to provide forward compatibility for PHP >= 5.3.7.
Below we hash a string, and then check the hash against a new string. Because our two source strings are different ('secret-password' vs. 'bad-password') this login will fail.
Below we hash a string, and then check the hash against a new string. Because our two source strings are different
('secret-password' vs. 'bad-password') this login will fail.
{% highlight php %}
<?php
@@ -29,12 +38,12 @@ if (password_verify('bad-password', $passwordHash)) {
{% endhighlight %}
* [Learn about `password_hash`] [1]
* [`password_compat` for PHP >= 5.3.7 && < 5.5] [2]
* [`password_compat` for PHP >= 5.3.7 && < 5.5] [2]
* [Learn about hashing in regards to cryptography] [3]
* [PHP `password_hash` RFC] [4]
[1]: http://php.net/function.password-hash
[2]: https://github.com/ircmaxell/password_compat
[3]: http://en.wikipedia.org/wiki/Cryptographic_hash_function

58
_posts/10-04-01-Data-Filtering.md
View File

@@ -1,37 +1,34 @@
---
isChild: true
anchor: data_filtering
anchor: data_filtering
---
## Data Filtering {#data_filtering_title}
Never ever (ever) trust foreign input introduced to your PHP code. Always sanitize and validate
foreign input before using it in code. The `filter_var` and `filter_input` functions can sanitize text and validate text formats (e.g.
email addresses).
Never ever (ever) trust foreign input introduced to your PHP code. Always sanitize and validate foreign input before
using it in code. The `filter_var` and `filter_input` functions can sanitize text and validate text formats (e.g. email
addresses).
Foreign input can be anything: `$_GET` and `$_POST` form input data, some values in the `$_SERVER`
superglobal, and the HTTP request body via `fopen('php://input', 'r')`. Remember, foreign input is not
limited to form data submitted by the user. Uploaded and downloaded files, session values, cookie data,
and data from third-party web services are foreign input, too.
Foreign input can be anything: `$_GET` and `$_POST` form input data, some values in the `$_SERVER` superglobal, and the
HTTP request body via `fopen('php://input', 'r')`. Remember, foreign input is not limited to form data submitted by the
user. Uploaded and downloaded files, session values, cookie data, and data from third-party web services are foreign
input, too.
While foreign data can be stored, combined, and accessed later, it is still foreign input. Every
time you process, output, concatenate, or include data in your code, ask yourself if
the data is filtered properly and can it be trusted.
While foreign data can be stored, combined, and accessed later, it is still foreign input. Every time you process,
output, concatenate, or include data in your code, ask yourself if the data is filtered properly and can it be trusted.
Data may be _filtered_ differently based on its purpose. For example, when unfiltered foreign input is passed
into HTML page output, it can execute HTML and JavaScript on your site! This is known as Cross-Site
Scripting (XSS) and can be a very dangerous attack. One way to avoid XSS is to sanitize all user-generated
data before outputting it to your page by removing HTML tags with the `strip_tags` function or escaping
characters with special meaning into their respective HTML entities with the `htmlentities`
or `htmlspecialchars` functions.
Data may be _filtered_ differently based on its purpose. For example, when unfiltered foreign input is passed into HTML
page output, it can execute HTML and JavaScript on your site! This is known as Cross-Site Scripting (XSS) and can be a
very dangerous attack. One way to avoid XSS is to sanitize all user-generated data before outputting it to your page by
removing HTML tags with the `strip_tags` function or escaping characters with special meaning into their respective
HTML entities with the `htmlentities` or `htmlspecialchars` functions.
Another example is passing options to be executed on the command line. This can be extremely dangerous
(and is usually a bad idea), but you can use the built-in `escapeshellarg` function to sanitize the executed
command's arguments.
Another example is passing options to be executed on the command line. This can be extremely dangerous (and is usually
a bad idea), but you can use the built-in `escapeshellarg` function to sanitize the executed command's arguments.
One last example is accepting foreign input to determine a file to load from the filesystem. This can be exploited by
changing the filename to a file path. You need to remove "/", "../", [null bytes][6], or other characters from the file path so it can't
load hidden, non-public, or sensitive files.
changing the filename to a file path. You need to remove "/", "../", [null bytes][6], or other characters from the file
path so it can't load hidden, non-public, or sensitive files.
* [Learn about data filtering][1]
* [Learn about `filter_var`][4]
@@ -42,24 +39,23 @@ load hidden, non-public, or sensitive files.
Sanitization removes (or escapes) illegal or unsafe characters from foreign input.
For example, you should sanitize foreign input before including the input in HTML or inserting it
into a raw SQL query. When you use bound parameters with [PDO](#databases), it will
sanitize the input for you.
For example, you should sanitize foreign input before including the input in HTML or inserting it into a raw SQL query.
When you use bound parameters with [PDO](#databases), it will sanitize the input for you.
Sometimes it is required to allow some safe HTML tags in the input when including it in the HTML
page. This is very hard to do and many avoid it by using other more restricted formatting like
Markdown or BBCode, although whitelisting libraries like [HTML Purifier][html-purifier] exists for
this reason.
Sometimes it is required to allow some safe HTML tags in the input when including it in the HTML page. This is very
hard to do and many avoid it by using other more restricted formatting like Markdown or BBCode, although whitelisting
libraries like [HTML Purifier][html-purifier] exists for this reason.
[See Sanitization Filters][2]
### Validation
Validation ensures that foreign input is what you expect. For example, you may want to validate an
email address, a phone number, or age when processing a registration submission.
Validation ensures that foreign input is what you expect. For example, you may want to validate an email address, a
phone number, or age when processing a registration submission.
[See Validation Filters][3]
[1]: http://php.net/book.filter
[2]: http://php.net/filter.filters.sanitize
[3]: http://php.net/filter.filters.validate

14
_posts/10-05-01-Configuration-Files.md
View File

@@ -1,16 +1,16 @@
---
isChild: true
anchor: configuration_files
anchor: configuration_files
---
## Configuration Files {#configuration_files_title}
When creating configuration files for your applications, best practices recommend that one of the following methods
be followed:
When creating configuration files for your applications, best practices recommend that one of the following methods be
followed:
- It is recommended that you store your configuration information where it cannot be accessed directly and pulled in
- It is recommended that you store your configuration information where it cannot be accessed directly and pulled in
via the file system.
- If you must store your configuration files in the document root, name the files with a `.php` extension. This
ensures that, even if the script is accessed directly, it will not be output as plain text.
- Information in configuration files should be protected accordingly, either through encryption or group/user file
- If you must store your configuration files in the document root, name the files with a `.php` extension. This ensures
that, even if the script is accessed directly, it will not be output as plain text.
- Information in configuration files should be protected accordingly, either through encryption or group/user file
system permissions

14
_posts/10-06-01-Register-Globals.md
View File

@@ -1,18 +1,18 @@
---
isChild: true
anchor: register_globals
anchor: register_globals
---
## Register Globals {#register_globals_title}
**NOTE:** As of PHP 5.4.0 the `register_globals` setting has been removed and can no
longer be used. This is only included as a warning for anyone in the process of upgrading a legacy application.
**NOTE:** As of PHP 5.4.0 the `register_globals` setting has been removed and can no longer be used. This is only
included as a warning for anyone in the process of upgrading a legacy application.
When enabled, the `register_globals` configuration setting that makes several types of variables (including ones from
`$_POST`, `$_GET` and `$_REQUEST`) available in the global scope of your application. This can easily lead to
security issues as your application cannot effectively tell where the data is coming from.
When enabled, the `register_globals` configuration setting that makes several types of variables (including ones from
`$_POST`, `$_GET` and `$_REQUEST`) available in the global scope of your application. This can easily lead to security
issues as your application cannot effectively tell where the data is coming from.
For example: `$_GET['foo']` would be available via `$foo`, which can override variables that have not been declared.
For example: `$_GET['foo']` would be available via `$foo`, which can override variables that have not been declared.
If you are using PHP < 5.4.0 __make sure__ that `register_globals` is __off__.
* [Register_globals in the PHP manual](http://php.net/security.globals)

19
_posts/10-07-01-Error-Reporting.md
View File

@@ -1,12 +1,12 @@
---
isChild: true
anchor: error_reporting
anchor: error_reporting
---
## Error Reporting {#error_reporting_title}
Error logging can be useful in finding the problem spots in your application, but it can also expose information about
the structure of your application to the outside world. To effectively protect your application from issues that could
Error logging can be useful in finding the problem spots in your application, but it can also expose information about
the structure of your application to the outside world. To effectively protect your application from issues that could
be caused by the output of these messages, you need to configure your server differently in development versus
production (live).
@@ -21,12 +21,13 @@ error_reporting = -1
log_errors = On
{% endhighlight %}
> Passing in the value `-1` will show every possible error, even when new levels and constants are added in future PHP versions. The `E_ALL` constant also behaves this way as of PHP 5.4. - [php.net](http://php.net/function.error-reporting)
> Passing in the value `-1` will show every possible error, even when new levels and constants are added in future PHP
> versions. The `E_ALL` constant also behaves this way as of PHP 5.4. -
> [php.net](http://php.net/function.error-reporting)
The `E_STRICT` error level constant was introduced in 5.3.0 and is not
part of `E_ALL`, however it became part of `E_ALL` in 5.4.0. What does this mean?
In terms of reporting every possible error in version 5.3 it means you must
use either `-1` or `E_ALL | E_STRICT`.
The `E_STRICT` error level constant was introduced in 5.3.0 and is not part of `E_ALL`, however it became part of
`E_ALL` in 5.4.0. What does this mean? In terms of reporting every possible error in version 5.3 it means you must
use either `-1` or `E_ALL | E_STRICT`.
**Reporting every possible error by PHP version**
@@ -45,7 +46,7 @@ error_reporting = E_ALL
log_errors = On
{% endhighlight %}
With these settings in production, errors will still be logged to the error logs for the web server, but will not be
With these settings in production, errors will still be logged to the error logs for the web server, but will not be
shown to the user. For more information on these settings, see the PHP manual:
* [error_reporting](http://php.net/errorfunc.configuration#ini.error-reporting)

12
_posts/11-01-01-Testing.md
View File

@@ -4,10 +4,10 @@ anchor: testing
# Testing {#testing_title}
Writing automated tests for your PHP code is considered a best practice and can lead to well-built
applications. Automated tests are a great tool for making sure your application
does not break when you are making changes or adding new functionality and should not be ignored.
Writing automated tests for your PHP code is considered a best practice and can lead to well-built applications.
Automated tests are a great tool for making sure your application does not break when you are making changes or adding
new functionality and should not be ignored.
There are several different types of testing tools (or frameworks) available for PHP, which use
different approaches - all of which are trying to avoid manual testing and the need for large
Quality Assurance teams, just to make sure recent changes didn't break existing functionality.
There are several different types of testing tools (or frameworks) available for PHP, which use different approaches -
all of which are trying to avoid manual testing and the need for large Quality Assurance teams, just to make sure
recent changes didn't break existing functionality.

56
_posts/11-02-01-Test-Driven-Development.md
View File

@@ -1,35 +1,39 @@
---
isChild: true
anchor: test_driven_development
anchor: test_driven_development
---
## Test Driven Development {#test_driven_development_title}
From [Wikipedia](http://en.wikipedia.org/wiki/Test-driven_development):
> Test-driven development (TDD) is a software development process that relies on the repetition of a very short development cycle: first the developer writes a failing automated test case that defines a desired improvement or new function, then produces code to pass that test and finally refactors the new code to acceptable standards. Kent Beck, who is credited with having developed or 'rediscovered' the technique, stated in 2003 that TDD encourages simple designs and inspires confidence
> Test-driven development (TDD) is a software development process that relies on the repetition of a very short
> development cycle: first the developer writes a failing automated test case that defines a desired improvement or new
> function, then produces code to pass that test and finally refactors the new code to acceptable standards. Kent Beck,
> who is credited with having developed or 'rediscovered' the technique, stated in 2003 that TDD encourages simple
> designs and inspires confidence.
There are several different types of testing that you can do for your application
There are several different types of testing that you can do for your application:
### Unit Testing
Unit Testing is a programming approach to ensure functions, classes and methods are working as
expected, from the point you build them all the way through the development cycle. By checking
values going in and out of various functions and methods, you can make sure the internal logic is
working correctly. By using Dependency Injection and building "mock" classes and stubs you can verify that dependencies are correctly used for even better test coverage.
Unit Testing is a programming approach to ensure functions, classes and methods are working as expected, from the point
you build them all the way through the development cycle. By checking values going in and out of various functions and
methods, you can make sure the internal logic is working correctly. By using Dependency Injection and building "mock"
classes and stubs you can verify that dependencies are correctly used for even better test coverage.
When you create a class or function you should create a unit test for each behavior it must have. At a very basic level you should
make sure it errors if you send it bad arguments and make sure it works if you send it valid arguments.
This will help ensure that when you make changes to this class or function later on in the development
cycle that the old functionality continues to work as expected. The only alternative to this would be
var_dump() in a test.php, which is no way to build an application - large or small.
When you create a class or function you should create a unit test for each behavior it must have. At a very basic level
you should make sure it errors if you send it bad arguments and make sure it works if you send it valid arguments. This
will help ensure that when you make changes to this class or function later on in the development cycle that the old
functionality continues to work as expected. The only alternative to this would be `var_dump()` in a test.php, which is
no way to build an application - large or small.
The other use for unit tests is contributing to open source. If you can write a test that shows broken
functionality (i.e. fails), then fix it, and show the test passing, patches are much more likely to be accepted. If
you run a project which accepts pull requests then you should suggest this as a requirement.
The other use for unit tests is contributing to open source. If you can write a test that shows broken functionality
(i.e. fails), then fix it, and show the test passing, patches are much more likely to be accepted. If you run a project
which accepts pull requests then you should suggest this as a requirement.
[PHPUnit](http://phpunit.de) is the de-facto testing framework for writing unit tests for PHP
applications, but there are several alternatives
[PHPUnit](http://phpunit.de) is the de-facto testing framework for writing unit tests for PHP applications, but there
are several alternatives
* [atoum](https://github.com/atoum/atoum)
* [Enhance PHP](https://github.com/Enhance-PHP/Enhance-PHP)
@@ -41,17 +45,21 @@ applications, but there are several alternatives
From [Wikipedia](http://en.wikipedia.org/wiki/Integration_testing):
> Integration testing (sometimes called Integration and Testing, abbreviated "I&T") is the phase in software testing in which individual software modules are combined and tested as a group. It occurs after unit testing and before validation testing. Integration testing takes as its input modules that have been unit tested, groups them in larger aggregates, applies tests defined in an integration test plan to those aggregates, and delivers as its output the integrated system ready for system testing.
> Integration testing (sometimes called Integration and Testing, abbreviated "I&T") is the phase in software testing in
> which individual software modules are combined and tested as a group. It occurs after unit testing and before
> validation testing. Integration testing takes as its input modules that have been unit tested, groups them in larger
> aggregates, applies tests defined in an integration test plan to those aggregates, and delivers as its output the
> integrated system ready for system testing.
Many of the same tools that can be used for unit testing can be used for integration testing as many
of the same principles are used.
Many of the same tools that can be used for unit testing can be used for integration testing as many of the same
principles are used.
### Functional Testing
Sometimes also known as acceptance testing, functional testing consists of using tools to create automated
tests that actually use your application instead of just verifying that individual units of code are behaving
correctly and that individual units can speak to each other correctly. These tools typically work using real
data and simulating actual users of the application.
Sometimes also known as acceptance testing, functional testing consists of using tools to create automated tests that
actually use your application instead of just verifying that individual units of code are behaving correctly and that
individual units can speak to each other correctly. These tools typically work using real data and simulating actual
users of the application.
#### Functional Testing Tools

32
_posts/11-03-01-Behavior-Driven-Development.md
View File

@@ -1,23 +1,31 @@
---
isChild: true
anchor: behavior_driven_development
anchor: behavior_driven_development
---
## Behavior Driven Development {#behavior_driven_development_title}
There are two different types of Behavior-Driven Development (BDD): SpecBDD and StoryBDD. SpecBDD focuses on technical behavior of code, while StoryBDD focuses on business or feature behaviors or interactions. PHP has frameworks for both types of BDD.
There are two different types of Behavior-Driven Development (BDD): SpecBDD and StoryBDD. SpecBDD focuses on technical
behavior of code, while StoryBDD focuses on business or feature behaviors or interactions. PHP has frameworks for both
types of BDD.
With StoryBDD, you write human-readable stories that describe the behavior of your application. These stories
can then be run as actual tests against your application. The framework used in PHP applications for StoryBDD
is Behat, which is inspired by Ruby's [Cucumber](http://cukes.info/) project and implements the Gherkin DSL
for describing feature behavior.
With StoryBDD, you write human-readable stories that describe the behavior of your application. These stories can then
be run as actual tests against your application. The framework used in PHP applications for StoryBDD is [Behat], which
is inspired by Ruby's [Cucumber] project and implements the Gherkin DSL for describing feature behavior.
With SpecBDD, you write specifications that describe how your actual code should behave. Instead of testing
a function or method, you are describing how that function or method should behave. PHP offers the PHPSpec framework for this purpose. This framework is inspired
by the [RSpec project](http://rspec.info/) for Ruby.
With SpecBDD, you write specifications that describe how your actual code should behave. Instead of testing a function
or method, you are describing how that function or method should behave. PHP offers the [PHPSpec] framework for this
purpose. This framework is inspired by the [RSpec project][Rspec] for Ruby.
### BDD Links
* [Behat](http://behat.org/), the StoryBDD framework for PHP, inspired by Ruby's [Cucumber](http://cukes.info/) project;
* [PHPSpec](http://www.phpspec.net/), the SpecBDD framework for PHP, inspired by Ruby's [RSpec](http://rspec.info/) project;
* [Codeception](http://codeception.com) is a full-stack testing framework that uses BDD principles.
* [Behat], the StoryBDD framework for PHP, inspired by Ruby's [Cucumber] project;
* [PHPSpec], the SpecBDD framework for PHP, inspired by Ruby's [RSpec] project;
* [Codeception] is a full-stack testing framework that uses BDD principles.
[Behat]: http://behat.org/
[Cucumber]: http://cukes.info/
[PHPSpec]: http://www.phpspec.net/
[RSpec]: http://rspec.info/
[Codeception]: http://codeception.com/

20
_posts/11-04-01-Complementary-Testing-Tools.md
View File

@@ -1,14 +1,24 @@
---
isChild: true
anchor: complementary_testing_tools
anchor: complementary_testing_tools
---
## Complementary Testing Tools {#complementary_testing_tools_title}
Besides individual testing and behavior driven frameworks, there are also a number of generic frameworks and helper libraries useful for any preferred approach taken.
Besides individual testing and behavior driven frameworks, there are also a number of generic frameworks and helper
libraries useful for any preferred approach taken.
### Tool Links
* [Selenium](http://seleniumhq.org/) is a browser automation tool which can be [integrated with PHPUnit](http://phpunit.de/manual/current/en/selenium.html)
* [Mockery](https://github.com/padraic/mockery) is a Mock Object Framework which can be integrated with [PHPUnit](http://phpunit.de/) or [PHPSpec](http://www.phpspec.net/)
* [Prophecy](https://github.com/phpspec/prophecy) is a highly opinionated yet very powerful and flexible PHP object mocking framework. It's integrated with [PHPSpec](http://www.phpspec.net/) and can be used with [PHPUnit](http://phpunit.de/).
* [Selenium] is a browser automation tool which can be [integrated with PHPUnit]
* [Mockery] is a Mock Object Framework which can be integrated with [PHPUnit] or [PHPSpec]
* [Prophecy] is a highly opinionated yet very powerful and flexible PHP object mocking framework. It's integrated with
[PHPSpec] and can be used with [PHPUnit].
[Selenium]: http://seleniumhq.org/
[integrated with PHPUnit]: http://phpunit.de/manual/current/en/selenium.html
[Mockery]: https://github.com/padraic/mockery
[PHPUnit]: http://phpunit.de/
[PHPSpec]: http://www.phpspec.net/
[Prophecy]: https://github.com/phpspec/prophecy

14
_posts/12-02-01-Platform-as-a-Service.md
View File

@@ -1,13 +1,13 @@
---
title: Platform as a Service (PaaS)
title: Platform as a Service (PaaS)
isChild: true
anchor: platform_as_a_service
anchor: platform_as_a_service
---
## Platform as a Service (PaaS) {#platform_as_a_service_title}
## Platform as a Service (PaaS) {#platform_as_a_service_title}
PaaS provides the system and network architecture necessary to run PHP applications on the web. This means little to no
configuration for launching PHP applications or PHP frameworks.
PaaS provides the system and network architecture necessary to run PHP applications on the web. This means little to no
configuration for launching PHP applications or PHP frameworks.
Recently PaaS has become a popular method for deploying, hosting, and scaling PHP applications of all sizes. You can
find a list of [PHP PaaS "Platform as a Service" providers](#php-paas-providers) in our [resources section](#resources).
Recently PaaS has become a popular method for deploying, hosting, and scaling PHP applications of all sizes. You can
find a list of [PHP PaaS "Platform as a Service" providers](#php_paas_providers) in our [resources section](#resources).

50
_posts/12-03-01-Virtual-or-Dedicated-Servers.md
View File

@@ -1,29 +1,53 @@
---
isChild: true
anchor: virtual_or_dedicated_servers
anchor: virtual_or_dedicated_servers
---
## Virtual or Dedicated Servers {#virtual_or_dedicated_servers_title}
If you are comfortable with systems administration, or are interested in learning it, virtual or dedicated servers give you complete control of your application's production environment.
If you are comfortable with systems administration, or are interested in learning it, virtual or dedicated servers give
you complete control of your application's production environment.
### nginx and PHP-FPM
PHP, via PHP's built-in FastCGI Process Manager (FPM), pairs really nicely with [nginx](http://nginx.org), which is a lightweight, high-performance web server. It uses less memory than Apache and can better handle more concurrent requests. This is especially important on virtual servers that don't have much memory to spare.
PHP, via PHP's built-in FastCGI Process Manager (FPM), pairs really nicely with [nginx], which is a lightweight,
high-performance web server. It uses less memory than Apache and can better handle more concurrent requests. This is
especially important on virtual servers that don't have much memory to spare.
* [Read more on nginx](http://nginx.org)
* [Read more on PHP-FPM](http://php.net/install.fpm)
* [Read more on setting up nginx and PHP-FPM securely](https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/)
* [Read more on nginx][nginx]
* [Read more on PHP-FPM][phpfpm]
* [Read more on setting up nginx and PHP-FPM securely][secure-nginx-phpfpm]
### Apache and PHP
PHP and Apache have a long history together. Apache is wildly configurable and has many available [modules](http://httpd.apache.org/docs/2.4/mod/) to extend functionality. It is a popular choice for shared servers and an easy setup for PHP frameworks and open source apps like WordPress. Unfortunately, Apache uses more resources than nginx by default and cannot handle as many visitors at the same time.
PHP and Apache have a long history together. Apache is wildly configurable and has many available
[modules][apache-modules] to extend functionality. It is a popular choice for shared servers and an easy setup for PHP
frameworks and open source apps like WordPress. Unfortunately, Apache uses more resources than nginx by default and
cannot handle as many visitors at the same time.
Apache has several possible configurations for running PHP. The most common and easiest to setup is the [prefork MPM](http://httpd.apache.org/docs/2.4/mod/prefork.html) with mod_php5. While it isn't the most memory efficient, it is the simplest to get working and to use. This is probably the best choice if you don't want to dig too deeply into the server administration aspects. Note that if you use mod_php5 you MUST use the prefork MPM.
Apache has several possible configurations for running PHP. The most common and easiest to setup is the [prefork MPM]
with mod_php5. While it isn't the most memory efficient, it is the simplest to get working and to use. This is probably
the best choice if you don't want to dig too deeply into the server administration aspects. Note that if you use
mod_php5 you MUST use the prefork MPM.
Alternatively, if you want to squeeze more performance and stability out of Apache then you can take advantage of the same FPM system as nginx and run the [worker MPM](http://httpd.apache.org/docs/2.4/mod/worker.html) or [event MPM](http://httpd.apache.org/docs/2.4/mod/event.html) with mod_fastcgi or mod_fcgid. This configuration will be significantly more memory efficient and much faster but it is more work to set up.
Alternatively, if you want to squeeze more performance and stability out of Apache then you can take advantage of the
same FPM system as nginx and run the [worker MPM] or [event MPM] with mod_fastcgi or mod_fcgid. This configuration will
be significantly more memory efficient and much faster but it is more work to set up.
* [Read more on Apache](http://httpd.apache.org/)
* [Read more on Multi-Processing Modules](http://httpd.apache.org/docs/2.4/mod/mpm_common.html)
* [Read more on mod_fastcgi](http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcgi.html)
* [Read more on mod_fcgid](http://httpd.apache.org/mod_fcgid/)
* [Read more on Apache][apache]
* [Read more on Multi-Processing Modules][apache-MPM]
* [Read more on mod_fastcgi][mod_fastcgi]
* [Read more on mod_fcgid][mod_fcgid]
[nginx]: http://nginx.org/
[phpfpm]: http://php.net/install.fpm
[secure-nginx-phpfpm]: https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/
[apache-modules]: http://httpd.apache.org/docs/2.4/mod/
[prefork MPM]: http://httpd.apache.org/docs/2.4/mod/prefork.html
[worker MPM]: http://httpd.apache.org/docs/2.4/mod/worker.html
[event MPM]: http://httpd.apache.org/docs/2.4/mod/event.html
[apache]: http://httpd.apache.org/
[apache-MPM]: http://httpd.apache.org/docs/2.4/mod/mpm_common.html
[mod_fastcgi]: http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcgi.html
[mod_fcgid]: http://httpd.apache.org/mod_fcgid/

8
_posts/12-04-01-Shared-Servers.md
View File

@@ -1,8 +1,12 @@
---
isChild: true
anchor: shared_servers
anchor: shared_servers
---
## Shared Servers {#shared_servers_title}
PHP has shared servers to thank for its popularity. It is hard to find a host without PHP installed, but be sure it's the latest version. Shared servers allow you and other developers to deploy websites to a single machine. The upside to this is that it has become a cheap commodity. The downside is that you never know what kind of a ruckus your neighboring tenants are going to create; loading down the server or opening up security holes are the main concerns. If your project's budget can afford to avoid shared servers you should.
PHP has shared servers to thank for its popularity. It is hard to find a host without PHP installed, but be sure it's
the latest version. Shared servers allow you and other developers to deploy websites to a single machine. The upside to
this is that it has become a cheap commodity. The downside is that you never know what kind of a ruckus your
neighboring tenants are going to create; loading down the server or opening up security holes are the main concerns. If
your project's budget can afford to avoid shared servers you should.

92
_posts/12-05-01-Building-your-Application.md
View File

@@ -1,15 +1,14 @@
---
isChild: true
anchor: building_and_deploying_your_application
anchor: building_and_deploying_your_application
---
## Building and Deploying your Application {#building_and_deploying_your_application_title}
If you find yourself doing manual database schema changes or running your tests manually before updating your files
(manually), think twice! With every additional manual task needed to deploy a new version of your app, the chances for
potentially fatal mistakes increase. Whether you're dealing with a simple update, a comprehensive build process or
even a continuous integration strategy, [build automation](http://en.wikipedia.org/wiki/Build_automation) is your
friend.
If you find yourself doing manual database schema changes or running your tests manually before updating your files
(manually), think twice! With every additional manual task needed to deploy a new version of your app, the chances for
potentially fatal mistakes increase. Whether you're dealing with a simple update, a comprehensive build process or even
a continuous integration strategy, [build automation][buildautomation] is your friend.
Among the tasks you might want to automate are:
@@ -23,53 +22,70 @@ Among the tasks you might want to automate are:
### Build Automation Tools
Build tools can be described as a collection of scripts that handle common tasks of software deployment. The build
tool is not a part of your software, it acts on your software from 'outside'.
Build tools can be described as a collection of scripts that handle common tasks of software deployment. The build tool
is not a part of your software, it acts on your software from 'outside'.
There are many open source tools available to help you with build automation, some are written in PHP others aren't.
There are many open source tools available to help you with build automation, some are written in PHP others aren't.
This shouldn't hold you back from using them, if they're better suited for the specific job. Here are a few examples:
[Phing](http://www.phing.info/) is the easiest way to get started with automated deployment in the PHP world. With
Phing you can control your packaging, deployment or testing process from within a simple XML build file. Phing (which
is based on [Apache Ant](http://ant.apache.org/)) provides a rich set of tasks usually needed to install or update a
web app and can be extended with additional custom tasks, written in PHP.
[Phing] is the easiest way to get started with automated deployment in the PHP world. With Phing you can control your
packaging, deployment or testing process from within a simple XML build file. Phing (which is based on [Apache Ant])
provides a rich set of tasks usually needed to install or update a web app and can be extended with additional custom
tasks, written in PHP.
[Capistrano](https://github.com/capistrano/capistrano/wiki) is a system for *intermediate-to-advanced programmers* to
execute commands in a structured, repeatable way on one or more remote machines. It is pre-configured for deploying
Ruby on Rails applications, however people are **successfully deploying PHP systems** with it. Successful use of
Capistrano depends on a working knowledge of Ruby and Rake.
[Capistrano] is a system for *intermediate-to-advanced programmers* to execute commands in a structured, repeatable way
on one or more remote machines. It is pre-configured for deploying Ruby on Rails applications, however people are **
successfully deploying PHP systems** with it. Successful use of Capistrano depends on a working knowledge of Ruby and
Rake.
Dave Gardner's blog post [PHP Deployment with Capistrano](http://www.davegardner.me.uk/blog/2012/02/13/php-deployment-with-capistrano/)
is a good starting point for PHP developers interested in Capistrano.
Dave Gardner's blog post [PHP Deployment with Capistrano][phpdeploy_capistrano] is a good starting point for PHP
developers interested in Capistrano.
[Chef](http://www.opscode.com/chef/) is more than a deployment framework, it is a very powerful Ruby based system
integration framework that doesn't just deploy your app but can build your whole server environment or virtual boxes.
[Chef] is more than a deployment framework, it is a very powerful Ruby based system integration framework that doesn't
just deploy your app but can build your whole server environment or virtual boxes.
Chef resources for PHP developers:
#### Chef resources for PHP developers:
* [Three part blog series about deploying a LAMP application with Chef, Vagrant, and EC2](http://www.jasongrimes.org/2012/06/managing-lamp-environments-with-chef-vagrant-and-ec2-1-of-3/)
* [Chef Cookbook which installs and configures PHP 5.3 and the PEAR package management system](https://github.com/opscode-cookbooks/php)
* [Chef video tutorial series by Opscode, the makers of chef](https://www.youtube.com/playlist?list=PLrmstJpucjzWKt1eWLv88ZFY4R1jW8amR)
Further reading:
* [Three part blog series about deploying a LAMP application with Chef, Vagrant, and EC2][chef_vagrant_and_ec2]
* [Chef Cookbook which installs and configures PHP 5.3 and the PEAR package management system][Chef_cookbook]
* [Chef video tutorial series][Chef_tutorial] by Opscode, the makers of chef
* [Automate your project with Apache Ant](http://net.tutsplus.com/tutorials/other/automate-your-projects-with-apache-ant/)
#### Further reading:
* [Automate your project with Apache Ant][apache_ant_tutorial]
### Continuous Integration
> Continuous Integration is a software development practice where members of a team integrate their work frequently,
> usually each person integrates at least daily — leading to multiple integrations per day. Many teams find that this
> approach leads to significantly reduced integration problems and allows a team to develop cohesive software more
> Continuous Integration is a software development practice where members of a team integrate their work frequently,
> usually each person integrates at least daily — leading to multiple integrations per day. Many teams find that this
> approach leads to significantly reduced integration problems and allows a team to develop cohesive software more
> rapidly.
*-- Martin Fowler*
There are different ways to implement continuous integration for PHP. Recently [Travis CI](https://travis-ci.org/) has
done a great job of making continuous integration a reality even for small projects. Travis CI is a hosted continuous
integration service for the open source community. It is integrated with GitHub and offers first class support for many
languages including PHP.
There are different ways to implement continuous integration for PHP. Recently [Travis CI] has done a great job of
making continuous integration a reality even for small projects. Travis CI is a hosted continuous integration service
for the open source community. It is integrated with GitHub and offers first class support for many languages including
PHP.
Further reading:
#### Further reading:
* [Continuous Integration with Jenkins](http://jenkins-ci.org/)
* [Continuous Integration with PHPCI](http://www.phptesting.org/)
* [Continuous Integration with Teamcity](http://www.jetbrains.com/teamcity/)
* [Continuous Integration with Jenkins][Jenkins]
* [Continuous Integration with PHPCI][PHPCI]
* [Continuous Integration with Teamcity][Teamcity]
[buildautomation]: http://en.wikipedia.org/wiki/Build_automation
[Phing]: http://www.phing.info/
[Apache Ant]: http://ant.apache.org/
[Capistrano]: https://github.com/capistrano/capistrano/wiki
[phpdeploy_capistrano]: http://www.davegardner.me.uk/blog/2012/02/13/php-deployment-with-capistrano/
[Chef]: http://www.opscode.com/chef/
[chef_vagrant_and_ec2]: http://www.jasongrimes.org/2012/06/managing-lamp-environments-with-chef-vagrant-and-ec2-1-of-3/
[Chef_cookbook]: https://github.com/opscode-cookbooks/php
[Chef_tutorial]: https://www.youtube.com/playlist?list=PLrmstJpucjzWKt1eWLv88ZFY4R1jW8amR
[apache_ant_tutorial]: http://net.tutsplus.com/tutorials/other/automate-your-projects-with-apache-ant/
[Travis CI]: https://travis-ci.org/
[Jenkins]: http://jenkins-ci.org/
[PHPCI]: http://www.phptesting.org/
[Teamcity]: http://www.jetbrains.com/teamcity/

14
_posts/13-01-01-Virtualization.md
View File

@@ -4,11 +4,11 @@ anchor: virtualization
# Virtualization
Running your application on different environments in development and production can lead to strange bugs
popping up when you go live. It's also tricky to keep different development environments up to date with the same
version for all libraries used when working with a team of developers.
Running your application on different environments in development and production can lead to strange bugs popping up
when you go live. It's also tricky to keep different development environments up to date with the same version for all
libraries used when working with a team of developers.
If you are developing on Windows and deploying to Linux (or anything non-Windows) or are developing in a team, you
should consider using a virtual machine.
This sounds tricky, but besides the widely known virtualization environments like VMware or VirtualBox, there are
additional tools that may help you setting up a virtual environment in a few easy steps.
If you are developing on Windows and deploying to Linux (or anything non-Windows) or are developing in a team, you
should consider using a virtual machine. This sounds tricky, but besides the widely known virtualization environments
like VMware or VirtualBox, there are additional tools that may help you setting up a virtual environment in a few easy
steps.

45
_posts/13-02-01-Vagrant.md
View File

@@ -1,36 +1,37 @@
---
isChild: true
anchor: vagrant
anchor: vagrant
---
## Vagrant {#vagrant_title}
[Vagrant][vagrant] helps you building your virtual boxes on top of the known virtual environments and will configure
these environments based on a single configuration file.
These boxes can be set up manually, or you can use "provisioning"
software such as [Puppet][puppet] or [Chef][chef] to do this for you. Provisioning the base box is a great way to
ensure that multiple boxes are set up in an identical fashion and removes the need for you to maintain complicated
"set up" command lists. You can also "destroy" your base box and recreate it without many manual steps, making it
easy to create a "fresh" installation.
[Vagrant] helps you building your virtual boxes on top of the known virtual environments and will configure these
environments based on a single configuration file. These boxes can be set up manually, or you can use "provisioning"
software such as [Puppet] or [Chef] to do this for you. Provisioning the base box is a great way to ensure that
multiple boxes are set up in an identical fashion and removes the need for you to maintain complicated "set up"
command lists. You can also "destroy" your base box and recreate it without many manual steps, making it easy to create
a "fresh" installation.
Vagrant creates folders for sharing your code between your host and your virtual machine, which means that you can
Vagrant creates folders for sharing your code between your host and your virtual machine, which means that you can
create and edit your files on your host machine and then run the code inside your virtual machine.
### A little help
If you need a little help to start using Vagrant there are some services that might be useful:
- [Rove][rove]: service that allows you to pre-generate typical Vagrant builds, PHP among the options. The
provisioning is made with Chef.
- [Puphpet][puphpet]: simple GUI to set up virtual machines for PHP development. **Heavily focused in PHP**. Besides
local VMs, it can be used to deploy to cloud services as well. The provisioning is made with Puppet.
- [Protobox][protobox]: is a layer on top of vagrant and a web GUI to setup virtual machines for web development. A single YAML document controls everything that is installed on the virtual machine.
- [Phansible][phansible]: provides an easy to use interface that helps you generate Ansible Playbooks for PHP based projects.
- [Rove]: service that allows you to pre-generate typical Vagrant builds, PHP among the options. The provisioning is
made with Chef.
- [Puphpet]: simple GUI to set up virtual machines for PHP development. **Heavily focused in PHP**. Besides local VMs,
it can be used to deploy to cloud services as well. The provisioning is made with Puppet.
- [ Protobox]: is a layer on top of vagrant and a web GUI to setup virtual machines for web development. A single YAML
document controls everything that is installed on the virtual machine.
- [Phansible]: provides an easy to use interface that helps you generate Ansible Playbooks for PHP based projects.
[vagrant]: http://vagrantup.com/
[puppet]: http://www.puppetlabs.com/
[chef]: http://www.opscode.com/
[rove]: http://rove.io/
[puphpet]: https://puphpet.com/
[protobox]: http://getprotobox.com/
[phansible]: http://phansible.com/
[Vagrant]: http://vagrantup.com/
[Puppet]: http://www.puppetlabs.com/
[Chef]: http://www.opscode.com/
[Rove]: http://rove.io/
[Puphpet]: https://puphpet.com/
[Protobox]: http://getprotobox.com/
[Phansible]: http://phansible.com/

37
_posts/13-03-01-Docker.md
View File

@@ -1,42 +1,45 @@
---
isChild: true
anchor: docker
anchor: docker
---
## Docker {#docker_title}
Beside using Vagrant, another easy way to get a virtual development or production environment up and running is [Docker][docker].
Beside using Vagrant, another easy way to get a virtual development or production environment up and running is [Docker].
Docker helps you to provide Linux containers for all kind of applications.
There are many helpful docker images which could provide you with other great services without the need to install
these services on your local machine, e.g. MySQL or PostgreSQL and a lot more.
Have a look at the [Docker Hub Registry][docker-hub] to search a list of available pre-built containers,
which you can then run and use in very few steps.
these services on your local machine, e.g. MySQL or PostgreSQL and a lot more. Have a look at the [Docker Hub Registry]
[docker-hub] to search a list of available pre-built containers, which you can then run and use in very few steps.
### Example: Runnning your PHP Applications in Docker
After you [installed docker][docker-install] on your machine, you can start an Apache with PHP support in one step.
After you [installed docker][docker-install] on your machine, you can start an Apache with PHP support in one step.
The following command will download a fully functional Apache installation with the latest PHP version and provide the
directory `/path/to/your/php/files` at `http://localhost:8080`:
{% highlight console %}
docker run -d --name my-php-webserver -p 8080:80 -v /path/to/your/php/files:/var/www/html/ php:apache
docker run -d --name my-php-webserver -p 8080:80 -v /path/to/your/php/files:/var/www/html/ php:apache
{% endhighlight %}
After running `docker run` your container is initialized and running.
After running `docker run` your container is initialized and running.
If you would like to stop or start your container again, you can use the provided name attribute and simply run
`docker stop my-php-webserver` and `docker start my-php-webserver` without providing the above mentioned parameters again.
### Learn more about Docker
The commands mentioned above only show a quick way to run an Apache web server with PHP support but there are a lot more
things that you can do with Docker.
One of the most important things for PHP developers will be linking your web server to a database instance, for example.
How this could be done is well described within the [Docker User Guide][docker-doc].
`docker stop my-php-webserver` and `docker start my-php-webserver` without providing the above mentioned parameters
again.
* [Docker Website][docker]
### Learn more about Docker
The commands mentioned above only show a quick way to run an Apache web server with PHP support but there are a lot
more things that you can do with Docker. One of the most important things for PHP developers will be linking your
web server to a database instance, for example. How this could be done is well described within the [Docker User Guide]
[docker-doc].
* [Docker Website][Docker]
* [Docker Installation][docker-install]
* [Docker Images at the Docker Hub Registry][docker-hub]
* [Docker User Guide][docker-doc]
[docker]: http://docker.com/
[Docker]: http://docker.com/
[docker-hub]: https://registry.hub.docker.com/
[docker-install]: https://docs.docker.com/installation/
[docker-doc]: https://docs.docker.com/userguide/

29
_posts/14-02-01-Opcode-Cache.md
View File

@@ -1,25 +1,34 @@
---
isChild: true
anchor: opcode_cache
anchor: opcode_cache
---
## Opcode Cache {#opcode_cache_title}
When a PHP file is executed, under the hood it is first compiled to opcodes and, only then, the opcodes are executed.
If a PHP file is not modified, the opcodes will always be the same. This means that the compilation step is a waste of CPU resources.
If a PHP file is not modified, the opcodes will always be the same. This means that the compilation step is a waste of
CPU resources.
This is where opcode caches come in. They prevent redundant compilation by storing opcodes in memory and reusing it on successive calls.
Setting up an opcode cache takes a matter of minutes, and your application will speed up significantly. There's really no reason not to use it.
This is where opcode caches come in. They prevent redundant compilation by storing opcodes in memory and reusing it on
successive calls. Setting up an opcode cache takes a matter of minutes, and your application will speed up
significantly. There's really no reason not to use it.
As of PHP 5.5, there is a built-in opcode cache called [OPcache][opcache-book]. It is also available for earlier versions.
As of PHP 5.5, there is a built-in opcode cache called [OPcache][opcache-book]. It is also available for earlier
versions.
Read more about opcode caches:
* [OPcache][opcache-book] (built-in since PHP 5.5)
* [APC](http://php.net/book.apc) (PHP 5.4 and earlier)
* [XCache](http://xcache.lighttpd.net/)
* [Zend Optimizer+](http://www.zend.com/products/server/) (part of Zend Server package)
* [WinCache](http://www.iis.net/download/wincacheforphp) (extension for MS Windows Server)
* [list of PHP accelerators on Wikipedia](http://en.wikipedia.org/wiki/List_of_PHP_accelerators)
* [APC] (PHP 5.4 and earlier)
* [XCache]
* [Zend Optimizer+] (part of Zend Server package)
* [WinCache] (extension for MS Windows Server)
* [list of PHP accelerators on Wikipedia][PHP_accelerators]
[opcache-book]: http://php.net/book.opcache
[APC]: http://php.net/book.apc
[XCache]: http://xcache.lighttpd.net/
[Zend Optimizer+]: http://www.zend.com/products/server/
[WinCache]: http://www.iis.net/download/wincacheforphp
[PHP_accelerators]: http://en.wikipedia.org/wiki/List_of_PHP_accelerators

22
_posts/14-03-01-Object-Caching.md
View File

@@ -1,6 +1,6 @@
---
isChild: true
anchor: object_caching
anchor: object_caching
---
## Object Caching {#object_caching_title}
@@ -16,17 +16,17 @@ advantage of them. APCu, XCache, and WinCache all provide APIs to save data from
The most commonly used memory object caching systems are APCu and memcached. APCu is an excellent choice for object
caching, it includes a simple API for adding your own data to its memory cache and is very easy to setup and use. The
one real limitation of APCu is that it is tied to the server it's installed on. Memcached on the other hand is installed
as a separate service and can be accessed across the network, meaning that you can store objects in a hyper-fast data
store in a central location and many different systems can pull from it.
one real limitation of APCu is that it is tied to the server it's installed on. Memcached on the other hand is
installed as a separate service and can be accessed across the network, meaning that you can store objects in a
hyper-fast data store in a central location and many different systems can pull from it.
Note that when running PHP as a (Fast-)CGI application inside your webserver, every PHP process will have its own
cache, i.e. APCu data is not shared between your worker processes. In these cases, you might want to consider using
memcached instead, as it's not tied to the PHP processes.
Note that when running PHP as a (Fast-)CGI application inside your webserver, every PHP process will have its own cache,
i.e. APCu data is not shared between your worker processes. In these cases, you might want to consider using memcached
instead, as it's not tied to the PHP processes.
In a networked configuration APCu will usually outperform memcached in terms of access speed, but memcached will be able
to scale up faster and further. If you do not expect to have multiple servers running your application, or do not need
the extra features that memcached offers then APCu is probably your best choice for object caching.
In a networked configuration APCu will usually outperform memcached in terms of access speed, but memcached will be
able to scale up faster and further. If you do not expect to have multiple servers running your application, or do not
need the extra features that memcached offers then APCu is probably your best choice for object caching.
Example logic using APCu:
@@ -45,7 +45,7 @@ print_r($data);
Note that prior to PHP 5.5, APC provides both an object cache and a bytecode cache. APCu is a project to bring APC's
object cache to PHP 5.5+, since PHP now has a built-in bytecode cache (OPcache).
Learn more about popular object caching systems:
### Learn more about popular object caching systems:
* [APCu](https://github.com/krakjoe/apcu)
* [APC Functions](http://php.net/ref.apc)

18
_posts/15-02-01-Frameworks.md
View File

@@ -5,20 +5,24 @@ anchor: frameworks
## Frameworks {#frameworks_title}
Rather than re-invent the wheel, many PHP developers use frameworks to build out web applications. Frameworks abstract away many of the low-level concerns and provide helpful, easy-to-use interfaces to complete common tasks.
Rather than re-invent the wheel, many PHP developers use frameworks to build out web applications. Frameworks abstract
away many of the low-level concerns and provide helpful, easy-to-use interfaces to complete common tasks.
You do not need to use a framework for every project. Sometimes plain PHP is the right way to go, but if you do need a framework then there are three main types available:
You do not need to use a framework for every project. Sometimes plain PHP is the right way to go, but if you do need a
framework then there are three main types available:
* Micro Frameworks
* Full-Stack Frameworks
* Component Frameworks
Micro-frameworks are essentially a wrapper to route a HTTP request to a callback, controller, method, etc as quickly as possible, and sometimes come with a few extra libraries to assist development such as basic database wrappers and the like. They are prominently used
to build remote HTTP services.
Micro-frameworks are essentially a wrapper to route a HTTP request to a callback, controller, method, etc as quickly as
possible, and sometimes come with a few extra libraries to assist development such as basic database wrappers and the
like. They are prominently used to build remote HTTP services.
Many frameworks add a considerable number of features on top of what is available in a micro-framework and these are known Full-Stack
Frameworks. These often come bundled with ORMs, Authentication packages, etc.
Many frameworks add a considerable number of features on top of what is available in a micro-framework and these are
known Full-Stack Frameworks. These often come bundled with ORMs, Authentication packages, etc.
Component-based frameworks are collections of specialized and single-purpose libraries. Disparate component-based frameworks can be used together to make a micro- or full-stack framework.
Component-based frameworks are collections of specialized and single-purpose libraries. Disparate component-based
frameworks can be used together to make a micro- or full-stack framework.
* [Popular PHP Frameworks](https://github.com/codeguy/php-the-right-way/wiki/Frameworks)

55
_posts/15-03-01-Components.md
View File

@@ -5,33 +5,44 @@ anchor: components
## Components {#components_title}
As mentioned above "Components" are another approach to the common goal of creating, distributing and implementing shared code. Various
component repositories exist, the main two of which are:
As mentioned above "Components" are another approach to the common goal of creating, distributing and implementing
shared code. Various component repositories exist, the main two of which are:
* [Packagist](/#composer_and_packagist)
* [PEAR](/#pear)
* [Packagist]
* [PEAR]
Both of these repositories have command line tools associated with them to help the installation and upgrade
processes, and have been explained in more detail in the [Dependency Management] section.
Both of these repositories have command line tools associated with them to help the installation and upgrade processes,
and have been explained in more detail in the [Dependency Management] section.
There are also component-based frameworks and component-vendors that offer no framework at all. These projects provide
There are also component-based frameworks and component-vendors that offer no framework at all. These projects provide
another source of packages which ideally have little to no dependencies on other packages, or specific frameworks.
For example, you can use the [FuelPHP Validation package], without needing to use the FuelPHP framework
itself.
For example, you can use the [FuelPHP Validation package], without needing to use the FuelPHP framework itself.
[Dependency Management]: /#dependency_management
[FuelPHP Validation package]: https://github.com/fuelphp/validation
* [Aura](http://auraphp.github.com/)
* [FuelPHP](https://github.com/fuelphp)
* [Hoa Project](https://github.com/hoaproject)
* [Orno](https://github.com/orno)
* [Symfony Components](http://symfony.com/doc/current/components/index.html)
* [The League of Extraordinary Packages](http://thephpleague.com/)
* [Aura]
* [FuelPHP]
* [Hoa Project]
* [Orno]
* [Symfony Components]
* [The League of Extraordinary Packages]
* Laravel's Illuminate Components
* [Eloquent ORM](https://github.com/illuminate/database)
* [Queue](https://github.com/illuminate/queue)
* [Eloquent ORM]
* [Queue]
_Laravel's [Illuminate components](https://github.com/illuminate) will become better decoupled from the Laravel framework.
For now, only the components best decoupled from the Laravel framework are listed above._
_Laravel's [Illuminate components] will become better decoupled from the Laravel framework. For now, only the
components best decoupled from the Laravel framework are listed above._
[Packagist]: /#composer_and_packagist
[PEAR]: /#pear
[Dependency Management]: /#dependency_management
[FuelPHP Validation package]: https://github.com/fuelphp/validation
[Aura]: http://auraphp.github.com/
[FuelPHP]: https://github.com/fuelphp
[Hoa Project]: https://github.com/hoaproject
[Orno]: https://github.com/orno
[Symfony Components]: http://symfony.com/doc/current/components/index.html
[The League of Extraordinary Packages]: http://thephpleague.com/
[Eloquent ORM]: https://github.com/illuminate/database
[Queue]: https://github.com/illuminate/queue
[Illuminate components]: https://github.com/illuminate

33
_posts/15-04-01-Books.md
View File

@@ -5,26 +5,27 @@ anchor: books
## Books {#books_title}
There are a lot of books around for PHP but some are sadly now quite old and no
longer contain accurate information. There are even books published for "PHP 6"
which does not exist, and will not now ever exist. The next major version of PHP
will be named "PHP 7" because of those books.
There are a lot of books around for PHP but some are sadly now quite old and no longer contain accurate information.
There are even books published for "PHP 6" which does not exist, and will not now ever exist. The next major version of
PHP will be named "PHP 7" because of those books.
This section aims to be a living document for recommended books on PHP
development in general. If you would like your book to be added, send a PR and
it will be reviewed for relevancy.
This section aims to be a living document for recommended books on PHP development in general. If you would like your
book to be added, send a PR and it will be reviewed for relevancy.
### Free Books
* [PHP The Right Way](https://leanpub.com/phptherightway/) - This website is
available as a book completely for free
* [PHP The Right Way](https://leanpub.com/phptherightway/) - This website is available as a book completely for free.
### Paid Books
* [Modernizing Legacy Applications In PHP](https://leanpub.com/mlaphp) - Get
your code under control in a series of small, specific steps
* [Building Secure PHP Apps](https://leanpub.com/buildingsecurephpapps) - Learn the security basics that a senior developer usually acquires over years of experience, all condensed down into one quick and easy handbook
* [The Grumpy Programmer's Guide To Building Testable PHP Applications](https://leanpub.com/grumpy-testing) - Learning to write testable doesn't have to suck
* [Securing PHP: Core Concepts](https://leanpub.com/securingphp-coreconcepts) - A guide to some of the most common security terms and provides some examples of them in every day PHP
* [Scaling PHP](https://leanpub.com/scalingphp) - Stop playing sysadmin and get back to coding
* [Signaling PHP](https://leanpub.com/signalingphp) - PCNLT signals are a great help when writing PHP scripts that run from the command line.
* [Modernizing Legacy Applications In PHP](https://leanpub.com/mlaphp) - Get your code under control in a series of
small, specific steps
* [Building Secure PHP Apps](https://leanpub.com/buildingsecurephpapps) - Learn the security basics that a senior
developer usually acquires over years of experience, all condensed down into one quick and easy handbook
* [The Grumpy Programmer's Guide To Building Testable PHP Applications](https://leanpub.com/grumpy-testing) - Learning
to write testable doesn't have to suck
* [Securing PHP: Core Concepts](https://leanpub.com/securingphp- coreconcepts) - A guide to some of the most common
security terms and provides some examples of them in every day PHP
* [Scaling PHP]( https:// leanpub.com/scalingphp) - Stop playing sysadmin and get back to coding
* [Signaling PHP]( https:// leanpub.com/ signalingphp) - PCNLT signals are a great help when writing PHP scripts that
run from the command line.

15
_posts/16-01-01-Community.md
View File

@@ -4,13 +4,20 @@ anchor: community
# Community {#community_title}
The PHP community is as diverse as it is large, and its members are ready and willing to support new PHP programmers. Consider joining your local PHP user group (PUG) or attending larger PHP conferences to learn more about the best practices shown here. You can hang out on IRC in the #phpc channel on [irc.freenode.com][php-irc] and follow the [@phpc][phpc-twitter] twitter account. Get out there, meet new developers, learn new topics, and above all, make new friends! Other community resources include the Google+ PHP [Programmer community][php-programmers-gplus] and [StackOverflow][php-so].
The PHP community is as diverse as it is large, and its members are ready and willing to support new PHP programmers.
Consider joining your local PHP user group (PUG) or attending larger PHP conferences to learn more about the best
practices shown here. You can hang out on IRC in the #phpc channel on [irc.freenode.com][php-irc] and follow the
[@phpc][phpc-twitter] twitter account. Get out there, meet new developers, learn new topics, and above all, make new
friends! Other community resources include the Google+ PHP [Programmer community][php-programmers-gplus] and
[StackOverflow][php-so].
[Read the Official PHP Events Calendar][php-calendar]
## PHP User Groups
If you live in a larger city, odds are there's a PHP user group nearby. Although there's not yet an official list of PUGs, you can easily find your local PUG by searching on [Google][google], [Meetup.com][meetup] or [PHP.ug][php-ug]. If you live in a smaller town, there may not be a local PUG; if that's the case, start one!
If you live in a larger city, odds are there's a PHP user group nearby. Although there's not yet an official list of
PUGs, you can easily find your local PUG by searching on [Google][google], [Meetup.com][meetup] or [PHP.ug][php-ug]. If
you live in a smaller town, there may not be a local PUG; if that's the case, start one!
Special mention should be made of two global user groups: [NomadPHP] and [PHPWomen]. [NomadPHP] offers twice monthly
online user group meetings with presentations by some of the top speakers in the PHP community.
@@ -22,7 +29,9 @@ generally promote the creating of a "female friendly" and professional atmospher
## PHP Conferences
The PHP community also hosts larger regional and national conferences in many countries around the world. Well-known members of the PHP community usually speak at these larger events, so it's a great opportunity to learn directly from industry leaders.
The PHP community also hosts larger regional and national conferences in many countries around the world. Well-known
members of the PHP community usually speak at these larger events, so it's a great opportunity to learn directly from
industry leaders.
[Find a PHP Conference][php-conf]

27
_posts/17-01-01-PHPDoc.md
View File

@@ -4,7 +4,8 @@ anchor: phpdoc
# PHPDoc {#phpdoc}
PHPDoc is an informal standard for commenting PHP code. There are a *lot* of different [tags](http://www.phpdoc.org/docs/latest/references/phpdoc/tags/index.html) available. The full list of tags and examples can be found at the [PHPDoc manual](http://www.phpdoc.org/docs/latest/index.html).
PHPDoc is an informal standard for commenting PHP code. There are a *lot* of different [tags] available. The full list
of tags and examples can be found at the [PHPDoc manual].
Below is an example of how you might document a class with a few methods;
@@ -56,8 +57,26 @@ class DateTimeHelper
}
{% endhighlight %}
The documentation for the class as a whole firstly has the [@author](http://www.phpdoc.org/docs/latest/references/phpdoc/tags/author.html) tag, this tag is used to document the author of the code and can be repeated for documenting several authors. Secondly is the [@link](http://www.phpdoc.org/docs/latest/references/phpdoc/tags/link.html) tag, used to link to a website indicating a relationship between the website and the code. Thirdly it has the [@package](http://www.phpdoc.org/docs/latest/references/phpdoc/tags/package.html) tag, used to categorize the code.
The documentation for the class as a whole firstly has the [@author] tag, this tag is used to document the author of
the code and can be repeated for documenting several authors. Secondly is the [@link] tag, used to link to a website
indicating a relationship between the website and the code. Thirdly it has the [@package] tag, used to categorize the
code.
Inside the class, the first method has an [@param](http://www.phpdoc.org/docs/latest/references/phpdoc/tags/param.html) tag documenting the type, name and description of the parameter being passed to the method. Additionally it has the [@return](http://www.phpdoc.org/docs/latest/references/phpdoc/tags/return.html) and [@throws](http://www.phpdoc.org/docs/latest/references/phpdoc/tags/throws.html) tags for documenting the return type, and any exceptions that could be throw respectively.
Inside the class, the first method has an [@param] tag documenting the type, name and description of the parameter
being passed to the method. Additionally it has the [@return] and [@throws] tags for documenting the return type, and
any exceptions that could be throw respectively.
The second and third methods are very similar and have a single [@param](http://www.phpdoc.org/docs/latest/references/phpdoc/tags/param.html) tag as did the first method. The import difference between the second and third method is doc block is the inclusion/exclusion of the [@return](http://www.phpdoc.org/docs/latest/references/phpdoc/tags/return.html) tag. `@return void` explicitly informs us that there is no return, historically omitting the `@return void` statement also results in the same (no return) action.
The second and third methods are very similar and have a single [@param] tag as did the first method. The import
difference between the second and third method is doc block is the inclusion/exclusion of the [@return] tag.
`@return void` explicitly informs us that there is no return, historically omitting the `@return void` statement also
results in the same (no return) action.
[tags]: http://www.phpdoc.org/docs/latest/references/phpdoc/tags/index.html
[PHPDoc manual]: http://www.phpdoc.org/docs/latest/index.html
[@author]: http://www.phpdoc.org/docs/latest/references/phpdoc/tags/author.html
[@link]: http://www.phpdoc.org/docs/latest/references/phpdoc/tags/link.html
[@package]: http://www.phpdoc.org/docs/latest/references/phpdoc/tags/package.html
[@param]: http://www.phpdoc.org/docs/latest/references/phpdoc/tags/param.html
[@return]: http://www.phpdoc.org/docs/latest/references/phpdoc/tags/return.html
[@throws]: http://www.phpdoc.org/docs/latest/references/phpdoc/tags/throws.html