diff --git a/_posts/07-01-01-Databases.md b/_posts/07-01-01-Databases.md index fbfef59..362e11f 100644 --- a/_posts/07-01-01-Databases.md +++ b/_posts/07-01-01-Databases.md @@ -13,94 +13,7 @@ Native drivers are great if you are only using _one_ database in your applicatio MySQL and a little bit of MSSQL, or you need to connect to an Oracle database, then you will not be able to use the same drivers. You'll need to learn a brand new API for each database — and that can get silly. -## MySQL Extension -The [mysql] extension for PHP is no longer in active development, and is [officially deprecated as of PHP 5.5.0] -[mysql_deprecated], meaning that it will be removed within the next few releases. If you are using any functions that -start with `mysql_*` such as `mysql_connect()` and `mysql_query()` in your applications then these will simply not be -available in later versions of PHP. This means you will be faced with a rewrite at some point down the line, so the -best option is to replace mysql usage with [mysqli] or [PDO] in your applications within your own development schedules -so you won't be rushed later on. - -**If you are starting from scratch then absolutely do not use the [mysql] extension: use the [MySQLi extension][mysqli], -or use [PDO].** - -* [PHP: Choosing an API for MySQL][mysql_api] -* [PDO Tutorial for MySQL Developers][pdo4mysql_devs] - -## PDO Extension - -[PDO] is a database connection abstraction library — built into PHP since 5.1.0 — that provides a common -interface to talk with many different databases. For example, you can use basically identical code to interface with -MySQL or SQLite: - -{% highlight php %} -query("SELECT some\_field FROM some\_table"); -$row = $statement->fetch(PDO::FETCH_ASSOC); -echo htmlentities($row['some_field']); - -// PDO + SQLite -$pdo = new PDO('sqlite:/path/db/foo.sqlite'); -$statement = $pdo->query("SELECT some\_field FROM some\_table"); -$row = $statement->fetch(PDO::FETCH_ASSOC); -echo htmlentities($row['some_field']); -{% endhighlight %} - -PDO will not translate your SQL queries or emulate missing features; it is purely for connecting to multiple types of -database with the same API. - -More importantly, `PDO` allows you to safely inject foreign input (e.g. IDs) into your SQL queries without worrying -about database SQL injection attacks. -This is possible using PDO statements and bound parameters. - -Let's assume a PHP script receives a numeric ID as a query parameter. This ID should be used to fetch a user record -from a database. This is the `wrong` way to do this: - -{% highlight php %} -query("SELECT name FROM users WHERE id = " . $_GET['id']); // <-- NO! -{% endhighlight %} - -This is terrible code. You are inserting a raw query parameter into a SQL query. This will get you hacked in a -heartbeat, using a practice called [SQL Injection]. Just imagine if a hacker passes in an inventive `id` parameter by -calling a URL like `http://domain.com/?id=1%3BDELETE+FROM+users`. This will set the `$_GET['id']` variable to `1;DELETE -FROM users` which will delete all of your users! Instead, you should sanitize the ID input using PDO bound parameters. - -{% highlight php %} -prepare('SELECT name FROM users WHERE id = :id'); -$stmt->bindParam(':id', $_GET['id'], PDO::PARAM_INT); // <-- Automatically sanitized by PDO -$stmt->execute(); -{% endhighlight %} - -This is correct code. It uses a bound parameter on a PDO statement. This escapes the foreign input ID before it is -introduced to the database preventing potential SQL injection attacks. - -* [Learn about PDO] - -You should also be aware that database connections use up resources and it was not unheard-of to have resources -exhausted if connections were not implicitly closed, however this was more common in other languages. Using PDO you can -implicitly close the connection by destroying the object by ensuring all remaining references to it are deleted, i.e. -set to NULL. If you don't do this explicitly, PHP will automatically close the connection when your script ends - -unless of course you are using persistent connections. - -* [Learn about PDO connections] - - -[mysql_deprecated]: http://php.net/migration55.deprecated -[mysql_api]: http://php.net/mysqlinfo.api.choosing -[pdo4mysql_devs]: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers -[SQL Injection]: http://wiki.hashphp.org/Validation -[Learn about PDO]: http://php.net/book.pdo -[Learn about PDO connections]: http://php.net/pdo.connections - -[pdo]: http://php.net/pdo -[mysql]: http://php.net/mysql [mysqli]: http://php.net/mysqli [pgsql]: http://php.net/pgsql [mssql]: http://php.net/mssql diff --git a/_posts/07-02-01-Databases_MySQL.md b/_posts/07-02-01-Databases_MySQL.md new file mode 100644 index 0000000..362cd88 --- /dev/null +++ b/_posts/07-02-01-Databases_MySQL.md @@ -0,0 +1,28 @@ +--- +isChild: true +title: MySQL Extension +anchor: mysql_extension +--- + +## MySQL Extension {#mysql_extension_title} + +The [mysql] extension for PHP is no longer in active development, and is [officially deprecated as of PHP 5.5.0] +[mysql_deprecated], meaning that it will be removed within the next few releases. If you are using any functions that +start with `mysql_*` such as `mysql_connect()` and `mysql_query()` in your applications then these will simply not be +available in later versions of PHP. This means you will be faced with a rewrite at some point down the line, so the +best option is to replace mysql usage with [mysqli] or [PDO] in your applications within your own development schedules +so you won't be rushed later on. + +**If you are starting from scratch then absolutely do not use the [mysql] extension: use the [MySQLi extension][mysqli], +or use [PDO].** + +* [PHP: Choosing an API for MySQL][mysql_api] +* [PDO Tutorial for MySQL Developers][pdo4mysql_devs] + + +[mysql]: http://php.net/mysql +[mysql_deprecated]: http://php.net/migration55.deprecated +[mysqli]: http://php.net/mysqli +[pdo]: http://php.net/pdo +[mysql_api]: http://php.net/mysqlinfo.api.choosing +[pdo4mysql_devs]: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers diff --git a/_posts/07-03-01-Databases_PDO.md b/_posts/07-03-01-Databases_PDO.md new file mode 100644 index 0000000..739b605 --- /dev/null +++ b/_posts/07-03-01-Databases_PDO.md @@ -0,0 +1,74 @@ +--- +isChild: true +title: PDO Extension +anchor: pdo_extension +--- + +## PDO Extension {#pdo_extension_title} + +[PDO] is a database connection abstraction library — built into PHP since 5.1.0 — that provides a common +interface to talk with many different databases. For example, you can use basically identical code to interface with +MySQL or SQLite: + +{% highlight php %} +query("SELECT some\_field FROM some\_table"); +$row = $statement->fetch(PDO::FETCH_ASSOC); +echo htmlentities($row['some_field']); + +// PDO + SQLite +$pdo = new PDO('sqlite:/path/db/foo.sqlite'); +$statement = $pdo->query("SELECT some\_field FROM some\_table"); +$row = $statement->fetch(PDO::FETCH_ASSOC); +echo htmlentities($row['some_field']); +{% endhighlight %} + +PDO will not translate your SQL queries or emulate missing features; it is purely for connecting to multiple types of +database with the same API. + +More importantly, `PDO` allows you to safely inject foreign input (e.g. IDs) into your SQL queries without worrying +about database SQL injection attacks. +This is possible using PDO statements and bound parameters. + +Let's assume a PHP script receives a numeric ID as a query parameter. This ID should be used to fetch a user record +from a database. This is the `wrong` way to do this: + +{% highlight php %} +query("SELECT name FROM users WHERE id = " . $_GET['id']); // <-- NO! +{% endhighlight %} + +This is terrible code. You are inserting a raw query parameter into a SQL query. This will get you hacked in a +heartbeat, using a practice called [SQL Injection]. Just imagine if a hacker passes in an inventive `id` parameter by +calling a URL like `http://domain.com/?id=1%3BDELETE+FROM+users`. This will set the `$_GET['id']` variable to `1;DELETE +FROM users` which will delete all of your users! Instead, you should sanitize the ID input using PDO bound parameters. + +{% highlight php %} +prepare('SELECT name FROM users WHERE id = :id'); +$stmt->bindParam(':id', $_GET['id'], PDO::PARAM_INT); // <-- Automatically sanitized by PDO +$stmt->execute(); +{% endhighlight %} + +This is correct code. It uses a bound parameter on a PDO statement. This escapes the foreign input ID before it is +introduced to the database preventing potential SQL injection attacks. + +* [Learn about PDO] + +You should also be aware that database connections use up resources and it was not unheard-of to have resources +exhausted if connections were not implicitly closed, however this was more common in other languages. Using PDO you can +implicitly close the connection by destroying the object by ensuring all remaining references to it are deleted, i.e. +set to NULL. If you don't do this explicitly, PHP will automatically close the connection when your script ends - +unless of course you are using persistent connections. + +* [Learn about PDO connections] + + +[pdo]: http://php.net/pdo +[SQL Injection]: http://wiki.hashphp.org/Validation +[Learn about PDO]: http://php.net/book.pdo +[Learn about PDO connections]: http://php.net/pdo.connections diff --git a/_posts/07-02-01-Interacting-via-Code.md b/_posts/07-04-01-Interacting-via-Code.md similarity index 98% rename from _posts/07-02-01-Interacting-via-Code.md rename to _posts/07-04-01-Interacting-via-Code.md index 63fc8b0..0c2107d 100644 --- a/_posts/07-02-01-Interacting-via-Code.md +++ b/_posts/07-04-01-Interacting-via-Code.md @@ -42,7 +42,7 @@ That is a good start. Put those two items in two different files and you've got Create a class to place that method in and you have a "Model". Create a simple `.php` file to put the presentation logic in and you have a "View", which is very nearly [MVC] - a common OOP architecture for most -[frameworks](/#frameworks_title). +[frameworks](/#frameworks). **foo.php** diff --git a/_posts/07-03-01-Abstraction-Layers.md b/_posts/07-05-01-Abstraction-Layers.md similarity index 100% rename from _posts/07-03-01-Abstraction-Layers.md rename to _posts/07-05-01-Abstraction-Layers.md diff --git a/_posts/08-04-01-Compiled-Templates.md b/_posts/08-04-01-Compiled-Templates.md index 5aac5f7..80c7ec8 100644 --- a/_posts/08-04-01-Compiled-Templates.md +++ b/_posts/08-04-01-Compiled-Templates.md @@ -3,7 +3,7 @@ isChild: true anchor: compiled_templates --- -## Compiled Templates {#compiled_templates} +## Compiled Templates {#compiled_templates_title} While PHP has evolved into a mature, object oriented language, it [hasn't improved much][article_templating_engines] as a templating language. Compiled templates, like [Twig] or [Smarty]*, fill this void by offering a new syntax that has diff --git a/_posts/15-01-01-Documenting.md b/_posts/15-01-01-Documenting.md new file mode 100644 index 0000000..ea009bd --- /dev/null +++ b/_posts/15-01-01-Documenting.md @@ -0,0 +1,6 @@ +--- +anchor: documenting +title: Documenting your Code +--- + +# Documenting your Code {#documenting_title} diff --git a/_posts/15-01-01-Resources.md b/_posts/15-01-01-Resources.md deleted file mode 100644 index 3e38840..0000000 --- a/_posts/15-01-01-Resources.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -anchor: resources ---- - -# Resources {#resources_title} - -## From the Source - -* [PHP Website](http://php.net/) -* [PHP Documentation](http://php.net/docs.php) - -## People to Follow - -* [Rasmus Lerdorf](http://twitter.com/rasmus) -* [Fabien Potencier](http://twitter.com/fabpot) -* [Derick Rethans](http://twitter.com/derickr) -* [Chris Shiflett](http://twitter.com/shiflett) -* [Sebastian Bergmann](http://twitter.com/s_bergmann) -* [Matthew Weier O'Phinney](http://twitter.com/mwop) -* [Pádraic Brady](http://twitter.com/padraicb) -* [Anthony Ferrara](http://twitter.com/ircmaxell) -* [Nikita Popov](http://twitter.com/nikita_ppv) - -## Mentoring - -* [phpmentoring.org](http://phpmentoring.org/) - Formal, peer to peer mentoring in the PHP community. - -## PHP PaaS Providers - -* [PagodaBox](https://pagodabox.com/) -* [AppFog](https://appfog.com/) -* [Heroku](https://devcenter.heroku.com/categories/php) -* [fortrabbit](http://fortrabbit.com/) -* [Engine Yard Cloud](https://www.engineyard.com/products/cloud) -* [Red Hat OpenShift Platform](http://openshift.com) -* [dotCloud](http://docs.dotcloud.com/services/php/) -* [AWS Elastic Beanstalk](http://aws.amazon.com/elasticbeanstalk/) -* [cloudControl](https://www.cloudcontrol.com/) -* [Windows Azure](http://www.windowsazure.com/) -* [Google App Engine](https://developers.google.com/appengine/docs/php/gettingstarted/) -* [Jelastic](http://jelastic.com/) diff --git a/_posts/17-01-01-PHPDoc.md b/_posts/15-02-01-PHPDoc.md similarity index 97% rename from _posts/17-01-01-PHPDoc.md rename to _posts/15-02-01-PHPDoc.md index 6bbce12..cfbc758 100644 --- a/_posts/17-01-01-PHPDoc.md +++ b/_posts/15-02-01-PHPDoc.md @@ -1,8 +1,10 @@ --- -anchor: phpdoc +isChild: true +title: PHPDoc +anchor: phpdoc --- -# PHPDoc {#phpdoc} +## PHPDoc {#phpdoc_title} PHPDoc is an informal standard for commenting PHP code. There are a *lot* of different [tags] available. The full list of tags and examples can be found at the [PHPDoc manual]. diff --git a/_posts/16-01-01-Community.md b/_posts/16-01-01-Community.md deleted file mode 100644 index cfb8b4f..0000000 --- a/_posts/16-01-01-Community.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -anchor: community ---- - -# Community {#community_title} - -The PHP community is as diverse as it is large, and its members are ready and willing to support new PHP programmers. -Consider joining your local PHP user group (PUG) or attending larger PHP conferences to learn more about the best -practices shown here. You can hang out on IRC in the #phpc channel on [irc.freenode.com][php-irc] and follow the -[@phpc][phpc-twitter] twitter account. Get out there, meet new developers, learn new topics, and above all, make new -friends! Other community resources include the Google+ PHP [Programmer community][php-programmers-gplus] and -[StackOverflow][php-so]. - -[Read the Official PHP Events Calendar][php-calendar] - -## PHP User Groups - -If you live in a larger city, odds are there's a PHP user group nearby. Although there's not yet an official list of -PUGs, you can easily find your local PUG by searching on [Google][google], [Meetup.com][meetup] or [PHP.ug][php-ug]. If -you live in a smaller town, there may not be a local PUG; if that's the case, start one! - -Special mention should be made of two global user groups: [NomadPHP] and [PHPWomen]. [NomadPHP] offers twice monthly -online user group meetings with presentations by some of the top speakers in the PHP community. -[PHPWomen] is a non-exclusive user group originally targeted towards the women in the PHP world. Membership is open to -everyone who supports a more diverse community. PHPWomen provide a network for support, mentorship and education, and -generally promote the creating of a "female friendly" and professional atmosphere. - -[Read about User Groups on the PHP Wiki][php-wiki] - -## PHP Conferences - -The PHP community also hosts larger regional and national conferences in many countries around the world. Well-known -members of the PHP community usually speak at these larger events, so it's a great opportunity to learn directly from -industry leaders. - -[Find a PHP Conference][php-conf] - -[php-calendar]: http://php.net/cal.php -[google]: https://www.google.com/search?q=php+user+group+near+me -[meetup]: http://www.meetup.com/find/ -[php-ug]: http://php.ug/ -[NomadPHP]: https://nomadphp.com/ -[PHPWomen]: http://phpwomen.org/ -[php-wiki]: https://wiki.php.net/usergroups -[php-conf]: http://php.net/conferences/index.php -[phpc-twitter]: https://twitter.com/phpc -[php-programmers-gplus]: https://plus.google.com/u/0/communities/104245651975268426012 -[php-irc]: http://webchat.freenode.net/?channels=phpc -[php-so]: http://stackoverflow.com/questions/tagged/php diff --git a/_posts/16-01-01-Resources.md b/_posts/16-01-01-Resources.md new file mode 100644 index 0000000..7747724 --- /dev/null +++ b/_posts/16-01-01-Resources.md @@ -0,0 +1,5 @@ +--- +anchor: resources +--- + +# Resources {#resources_title} diff --git a/_posts/16-02-01-From-the-Source.md b/_posts/16-02-01-From-the-Source.md new file mode 100644 index 0000000..473798e --- /dev/null +++ b/_posts/16-02-01-From-the-Source.md @@ -0,0 +1,9 @@ +--- +isChild: true +anchor: from_the_source +--- + +## From the Source {#from_the_source_title} + +* [PHP Website](http://php.net/) +* [PHP Documentation](http://php.net/docs.php) diff --git a/_posts/16-03-01-People-to-Follow.md b/_posts/16-03-01-People-to-Follow.md new file mode 100644 index 0000000..7a692cc --- /dev/null +++ b/_posts/16-03-01-People-to-Follow.md @@ -0,0 +1,16 @@ +--- +isChild: true +anchor: people_to_follow +--- + +## People to Follow {#people_to_follow_title} + +* [Rasmus Lerdorf](http://twitter.com/rasmus) +* [Fabien Potencier](http://twitter.com/fabpot) +* [Derick Rethans](http://twitter.com/derickr) +* [Chris Shiflett](http://twitter.com/shiflett) +* [Sebastian Bergmann](http://twitter.com/s_bergmann) +* [Matthew Weier O'Phinney](http://twitter.com/mwop) +* [Pádraic Brady](http://twitter.com/padraicb) +* [Anthony Ferrara](http://twitter.com/ircmaxell) +* [Nikita Popov](http://twitter.com/nikita_ppv) diff --git a/_posts/16-04-01-Mentoring.md b/_posts/16-04-01-Mentoring.md new file mode 100644 index 0000000..1d7ddc1 --- /dev/null +++ b/_posts/16-04-01-Mentoring.md @@ -0,0 +1,8 @@ +--- +isChild: true +anchor: mentoring +--- + +## Mentoring {#mentoring_title} + +* [phpmentoring.org](http://phpmentoring.org/) - Formal, peer to peer mentoring in the PHP community. diff --git a/_posts/16-05-01-PHP-PaaS-Providers.md b/_posts/16-05-01-PHP-PaaS-Providers.md new file mode 100644 index 0000000..8f57dcc --- /dev/null +++ b/_posts/16-05-01-PHP-PaaS-Providers.md @@ -0,0 +1,19 @@ +--- +isChild: true +anchor: php_paas_providers +--- + +## PHP PaaS Providers {#php_paas_providers_title} + +* [PagodaBox](https://pagodabox.com/) +* [AppFog](https://appfog.com/) +* [Heroku](https://devcenter.heroku.com/categories/php) +* [fortrabbit](http://fortrabbit.com/) +* [Engine Yard Cloud](https://www.engineyard.com/products/cloud) +* [Red Hat OpenShift Platform](http://openshift.com) +* [dotCloud](http://docs.dotcloud.com/services/php/) +* [AWS Elastic Beanstalk](http://aws.amazon.com/elasticbeanstalk/) +* [cloudControl](https://www.cloudcontrol.com/) +* [Windows Azure](http://www.windowsazure.com/) +* [Google App Engine](https://developers.google.com/appengine/docs/php/gettingstarted/) +* [Jelastic](http://jelastic.com/) diff --git a/_posts/15-02-01-Frameworks.md b/_posts/16-06-01-Frameworks.md similarity index 98% rename from _posts/15-02-01-Frameworks.md rename to _posts/16-06-01-Frameworks.md index b744124..63c27b2 100644 --- a/_posts/15-02-01-Frameworks.md +++ b/_posts/16-06-01-Frameworks.md @@ -1,6 +1,6 @@ --- isChild: true -anchor: frameworks +anchor: frameworks --- ## Frameworks {#frameworks_title} diff --git a/_posts/15-03-01-Components.md b/_posts/16-07-01-Components.md similarity index 98% rename from _posts/15-03-01-Components.md rename to _posts/16-07-01-Components.md index c8d80aa..2e57b91 100644 --- a/_posts/15-03-01-Components.md +++ b/_posts/16-07-01-Components.md @@ -1,6 +1,6 @@ --- isChild: true -anchor: components +anchor: components --- ## Components {#components_title} diff --git a/_posts/15-04-01-Books.md b/_posts/16-08-01-Books.md similarity index 99% rename from _posts/15-04-01-Books.md rename to _posts/16-08-01-Books.md index 32e3a6b..3af7d0c 100644 --- a/_posts/15-04-01-Books.md +++ b/_posts/16-08-01-Books.md @@ -1,6 +1,6 @@ --- isChild: true -anchor: books +anchor: books --- ## Books {#books_title} diff --git a/_posts/17-01-01-Community.md b/_posts/17-01-01-Community.md new file mode 100644 index 0000000..82be581 --- /dev/null +++ b/_posts/17-01-01-Community.md @@ -0,0 +1,21 @@ +--- +anchor: community +--- + +# Community {#community_title} + +The PHP community is as diverse as it is large, and its members are ready and willing to support new PHP programmers. +Consider joining your local PHP user group (PUG) or attending larger PHP conferences to learn more about the best +practices shown here. You can hang out on IRC in the #phpc channel on [irc.freenode.com][php-irc] and follow the +[@phpc][phpc-twitter] twitter account. Get out there, meet new developers, learn new topics, and above all, make new +friends! Other community resources include the Google+ PHP [Programmer community][php-programmers-gplus] and +[StackOverflow][php-so]. + +[Read the Official PHP Events Calendar][php-calendar] + + +[php-irc]: http://webchat.freenode.net/?channels=phpc +[phpc-twitter]: https://twitter.com/phpc +[php-programmers-gplus]: https://plus.google.com/u/0/communities/104245651975268426012 +[php-so]: http://stackoverflow.com/questions/tagged/php +[php-calendar]: http://php.net/cal.php diff --git a/_posts/17-02-01-User-Groups.md b/_posts/17-02-01-User-Groups.md new file mode 100644 index 0000000..48d8f83 --- /dev/null +++ b/_posts/17-02-01-User-Groups.md @@ -0,0 +1,25 @@ +--- +isChild: true +anchor: user_groups +--- + +## PHP User Groups {#user_groups_title} + +If you live in a larger city, odds are there's a PHP user group nearby. Although there's not yet an official list of +PUGs, you can easily find your local PUG by searching on [Google][google], [Meetup.com][meetup] or [PHP.ug][php-ug]. If +you live in a smaller town, there may not be a local PUG; if that's the case, start one! + +Special mention should be made of two global user groups: [NomadPHP] and [PHPWomen]. [NomadPHP] offers twice monthly +online user group meetings with presentations by some of the top speakers in the PHP community. +[PHPWomen] is a non-exclusive user group originally targeted towards the women in the PHP world. Membership is open to +everyone who supports a more diverse community. PHPWomen provide a network for support, mentorship and education, and +generally promote the creating of a "female friendly" and professional atmosphere. + +[Read about User Groups on the PHP Wiki][php-wiki] + +[google]: https://www.google.com/search?q=php+user+group+near+me +[meetup]: http://www.meetup.com/find/ +[php-ug]: http://php.ug/ +[NomadPHP]: https://nomadphp.com/ +[PHPWomen]: http://phpwomen.org/ +[php-wiki]: https://wiki.php.net/usergroups diff --git a/_posts/17-03-01-Conferences.md b/_posts/17-03-01-Conferences.md new file mode 100644 index 0000000..902f1ca --- /dev/null +++ b/_posts/17-03-01-Conferences.md @@ -0,0 +1,15 @@ +--- +isChild: true +anchor: conferences +--- + +## PHP Conferences {#conferences_title} + +The PHP community also hosts larger regional and national conferences in many countries around the world. Well-known +members of the PHP community usually speak at these larger events, so it's a great opportunity to learn directly from +industry leaders. + +[Find a PHP Conference][php-conf] + + +[php-conf]: http://php.net/conferences/index.php