info/php-the-right-way
1
0
Fork 0
mirror of https://github.com/codeguy/php-the-right-way.git synced 2025-08-06 05:57:26 +02:00
Code Issues Projects Releases Wiki Activity

Moving to Post structure.

Browse Source 
Lots of changes breaking out subsections into posts and programmatically generating ToC, main page content, and Back to Top links.
This commit is contained in:
Kris Jordan
2012-07-10 00:33:25 -04:00
parent 320be77911
commit dc1857b8fa
27 changed files with 335 additions and 326 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
_layouts/default.html
View File

@@ -31,47 +31,13 @@
<div class="build-date">Last Updated: {{ site.time }}</div>
<ul>
<li><a href="/#site-header">Welcome</a></li>
<li><a href="/#getting_started">Getting Started</a>
<ul>
<li><a href="/#use_the_current_stable_version_54">Use the Current Stable Version (5.4)</a></li>
<li><a href="/#builtin_web_server">Built-in Web Server</a></li>
<li><a href="/#mac_setup">Mac Setup</a></li>
<li><a href="/#windows_setup">Windows Setup</a></li>
</ul>
</li>
<li><a href="/#code_style_guide">Code Style Guide</a></li>
<li><a href="/#language_highlights">Language Highlights</a>
<ul>
<li><a href="/#programming_paradigms">Programming Paradigms</a></li>
<li><a href="/#namespaces">Namespaces</a></li>
<li><a href="/#standard_php_library">Standard PHP Library</a></li>
<li><a href="/#command_line_interface">Command Line Interface</a></li>
</ul>
</li>
<li><a href="/#dependency_management">Dependency Management</a>
<ul>
<li><a href="/#composer_and_packagist">Composer and Packagist</a></li>
<li><a href="/#pear">Pear</a></li>
</ul>
</li>
<li><a href="/#databases_and_pdo">Databases and PDO</a></li>
<li><a href="/#security">Security</a>
<ul>
<li><a href="/#web_application_security">Web Application Security</a></li>
<li><a href="/#password_hashing_with_bcrypt">Password Hashing with Bcrypt</a></li>
<li><a href="/#input_filtering_and_sanitizing">Input Filtering and Sanitizing</a></li>
</ul>
</li>
<li><a href="/#testing">Testing</a></li>
<li><a href="/#servers_and_deployment">Servers and Deployment</a>
<ul>
<li><a href="/#platform_as_a_service_paas">Platform as a Service (PaaS)</a></li>
<li><a href="/#virtual_or_dedicated_servers">Virtual or Dedicated Servers</a></li>
<li><a href="/#shared_servers">Shared Servers</a></li>
</ul>
</li>
<li><a href="/#libraries_and_frameworks">Libraries and Frameworks</a></li>
<li><a href="/#resources">Resources</a></li>
{% assign lastIsChild = false %}
{% for post in site.posts reversed %}
{% if post.isChild and lastIsChild != true %}<ul>{% endif %}
{% if lastIsChild and post.isChild != true %}</ul>{% endif %}
<li><a href="#{{ post.title | downcase | replace:' ','_' | replace:'(','' | replace:')','' | replace:'.','' | replace:'-','' }}">{{ post.title }}</a>
{% assign lastIsChild = post.isChild %}
{% endfor %}
</ul>
</nav>
<div class="site-content">

37
_posts/01-01-01-Getting-Started.md
View File

@@ -1,39 +1,2 @@
# Getting Started
## Use the Current Stable Version (5.4)
If you are just getting started with PHP make sure to start with the current stable release of [PHP 5.4][php-release]. PHP has made great strides adding powerful [new features](#language_highlights) over the last few years. Don't let the minor version number difference between 5.2 and 5.4 fool you, it represents _major_ improvements.
## Built-in web server
You can start learning PHP without the hassle of installing and configuring a full-fledged web server (PHP 5.4 required). To start the server, run the following from your terminal in your project's web root:
> php -S localhost:8000
* [Learn about the built-in, command line web server][cli-server]
[php-release]: http://www.php.net/downloads.php
[cli-server]: http://www.php.net/manual/en/features.commandline.webserver.php
## Mac Setup
OS X comes prepackaged with PHP. As of Mountain Lion, it is _not_ the current stable version of PHP, though. You can get the PHP executable through a number of Mac [package managers][mac-package-managers] or [compile it yourself][mac-compile] (if compiling, be sure to have Xcode installed, or Apple's substitute ["Command Line Tools for Xcode" downloadable from Apple's Mac Developer Center][apple-developer]). For a complete Apache, MySQL, and PHP installation check out [MAMP2][mamp-downloads].
[mac-package-managers]: http://www.php.net/manual/en/install.macosx.packages.php
[mac-compile]: http://www.php.net/manual/en/install.macosx.compile.php
[xcode-gcc-substitution]: https://github.com/kennethreitz/osx-gcc-installer
[apple-developer]: https://developer.apple.com/downloads
[mamp-downloads]: http://www.mamp.info/en/downloads/index.html
## Windows Setup
You can install PHP on windows from an install executable found on the official [PHP Downloads][php-downloads] page. For a complete Apache, MySQL, and PHP installation check out [WAMP][wamp-installer].
* [Read more about the official PHP Windows Installer][windows-installer]
[php-downloads]: http://www.php.net/downloads.php
[windows-installer]: http://www.php.net/manual/en/install.windows.installer.msi.php
[wamp-installer]: http://www.wampserver.com/
[Back to Top](#top){.top}

10
_posts/01-02-01-Use-the-Current-Stable-Version.md Normal file
View File

@@ -0,0 +1,10 @@
---
title: Use the Current Stable Version (5.4)
isChild: true
---
## Use the Current Stable Version (5.4)
If you are just getting started with PHP make sure to start with the current stable release of [PHP 5.4][php-release]. PHP has made great strides adding powerful [new features](#language_highlights) over the last few years. Don't let the minor version number difference between 5.2 and 5.4 fool you, it represents _major_ improvements.
[php-release]: http://www.php.net/downloads.php

14
_posts/01-03-01-Built-in-Web-Server.md Normal file
View File

@@ -0,0 +1,14 @@
---
title: Built-in Web Server
isChild: true
---
## Built-in web server
You can start learning PHP without the hassle of installing and configuring a full-fledged web server (PHP 5.4 required). To start the server, run the following from your terminal in your project's web root:
> php -S localhost:8000
* [Learn about the built-in, command line web server][cli-server]
[cli-server]: http://www.php.net/manual/en/features.commandline.webserver.php

13
_posts/01-04-01-Mac-Setup.md Normal file
View File

@@ -0,0 +1,13 @@
---
isChild: true
---
## Mac Setup
OS X comes prepackaged with PHP. As of Mountain Lion, it is _not_ the current stable version of PHP, though. You can get the PHP executable through a number of Mac [package managers][mac-package-managers] or [compile it yourself][mac-compile] (if compiling, be sure to have Xcode installed, or Apple's substitute ["Command Line Tools for Xcode" downloadable from Apple's Mac Developer Center][apple-developer]). For a complete Apache, MySQL, and PHP installation check out [MAMP2][mamp-downloads].
[mac-package-managers]: http://www.php.net/manual/en/install.macosx.packages.php
[mac-compile]: http://www.php.net/manual/en/install.macosx.compile.php
[xcode-gcc-substitution]: https://github.com/kennethreitz/osx-gcc-installer
[apple-developer]: https://developer.apple.com/downloads
[mamp-downloads]: http://www.mamp.info/en/downloads/index.html

13
_posts/01-05-01-Windows-Setup.md Normal file
View File

@@ -0,0 +1,13 @@
---
isChild: true
---
## Windows Setup
You can install PHP on windows from an install executable found on the official [PHP Downloads][php-downloads] page. For a complete Apache, MySQL, and PHP installation check out [WAMP][wamp-installer].
* [Read more about the official PHP Windows Installer][windows-installer]
[php-downloads]: http://www.php.net/downloads.php
[windows-installer]: http://www.php.net/manual/en/install.windows.installer.msi.php
[wamp-installer]: http://www.wampserver.com/

98
_posts/03-01-01-Language-Highlights.md
View File

@@ -1,99 +1 @@
# Language Highlights
## Programming Paradigms
PHP is a flexible, dynamic language that supports a variety of programming techniques. It has evolved dramatically over the years, notably adding a solid object-oriented model in PHP 5.0 (2004), anonymous functions and namespaces in PHP 5.3 (2009), and traits in PHP 5.4 (2012).
### Object-oriented Programming
* [Read about Object-oriented PHP][oop]
* [Read about Traits][traits]
### Functional Programming
* [Read about Anonymous functions][anonymous-functions]
* [Read about dynamically invoking functions with `call_user_func_array`][call-user-func-array]
### Meta Programming
* [Read about Magic Methods][magic-methods]
* [Read about Reflection][reflection]
## Namespaces
As mentioned above, the PHP community has a lot of developers creating lots of code. This means that one library's PHP code may use the same class name as another library. When both libraries are used in the same namespace, they collide and cause trouble.
_Namespaces_ solve this problem. As described in the PHP reference manual, namespaces may be compared to operating system directories that _namespace_ files; two files with the same name may co-exist in separate directories. Likewise, two PHP classes with the same name may co-exist in separate PHP namespaces. It's as simple as that.
It is important for you to namespace your code so that it may be used by other developers without fear of colliding with other libraries.
One recommended way to use namespaces is outlined in [PSR-0](psr0), which aims to provide a standard file, class and namespace convention to allow plug-and-play code.
* [Read about Namespaces][namespaces]
* [Read about PSR-0][psr0]
## Standard PHP Library
The Standard PHP Library (SPL) is packaged with PHP and provides a collection of classes and interfaces. It is made up primarily of commonly needed datastructure classes (stack, queue, heap, and so on), and iterators which can traverse over these datastructures or your own classes which implement SPL interfaces.
* [Read about the SPL][spl]
## Command Line Interface
PHP was created primarily to write web applications, but it's also useful for scripting command line interface (CLI) programs, too. Command line PHP programs can help you automate common tasks like testing, deployment, and application administrativia.
CLI PHP programs are powerful because you can use your app's code directly without having to create and secure a web GUI for it. Just be sure not to put your CLI PHP scripts in your public web root!
Try running PHP from your command line:
{% highlight bash %}
> php -i
{% endhighlight %}
The `-i` option will print your PHP configuration just like the [`phpinfo`][phpinfo] function. There are a number of other useful [command line options][cli-options], too.
Let's write a simple "Hello, $name" CLI program. To try it out, create a file named `hello.php`, as below.
{% highlight php %}
<?php
if($argc != 2) {
die("Usage: php hello.php [name].\n");
}
$name = $argv[1];
echo "Hello, $name\n";
{% endhighlight %}
PHP sets up two special variables based on the arguments your script is run with. [`$argc`][argc] is an integer variable containing the argument *count* and [`$argv`][argv] is an array variable containing each argument's *value*. The first argument is always the name of your PHP script file, in this case `hello.php`.
To run our script, above, from the command line:
{% highlight bash %}
> php hello.php
Usage: php hello.php [name]
> php hello.php world
Hello, world
{% endhighlight %}
* [Learn about running PHP from the command line][php-cli]
* [Learn about setting up Windows to run PHP from the command line][php-cli-windows]
[Back to Top](#top){.top}
[namespaces]: http://php.net/manual/en/language.namespaces.php
[psr0]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md
[oop]: http://www.php.net/manual/en/language.oop5.php
[spl]: http://php.net/manual/en/book.spl.php
[anonymous-functions]: http://www.php.net/manual/en/functions.anonymous.php
[magic-methods]: http://php.net/manual/en/language.oop5.magic.php
[reflection]: http://www.php.net/manual/en/intro.reflection.php
[traits]: http://www.php.net/traits
[call-user-func-array]: http://php.net/manual/en/function.call-user-func-array.php
[phpinfo]: http://php.net/manual/en/function.phpinfo.php
[cli-options]: http://www.php.net/manual/en/features.commandline.options.php
[argc]: http://php.net/manual/en/reserved.variables.argc.php
[argv]: http://php.net/manual/en/reserved.variables.argv.php
[php-cli]: http://php.net/manual/en/features.commandline.php
[php-cli-windows]: http://www.php.net/manual/en/install.windows.commandline.php

30
_posts/03-02-01-Programming-Paradigms.md Normal file
View File

@@ -0,0 +1,30 @@
---
isChild: true
---
## Programming Paradigms
PHP is a flexible, dynamic language that supports a variety of programming techniques. It has evolved dramatically over the years, notably adding a solid object-oriented model in PHP 5.0 (2004), anonymous functions and namespaces in PHP 5.3 (2009), and traits in PHP 5.4 (2012).
### Object-oriented Programming
* [Read about Object-oriented PHP][oop]
* [Read about Traits][traits]
### Functional Programming
* [Read about Anonymous functions][anonymous-functions]
* [Read about dynamically invoking functions with `call_user_func_array`][call-user-func-array]
### Meta Programming
* [Read about Magic Methods][magic-methods]
* [Read about Reflection][reflection]
[namespaces]: http://php.net/manual/en/language.namespaces.php
[oop]: http://www.php.net/manual/en/language.oop5.php
[anonymous-functions]: http://www.php.net/manual/en/functions.anonymous.php
[magic-methods]: http://php.net/manual/en/language.oop5.magic.php
[reflection]: http://www.php.net/manual/en/intro.reflection.php
[traits]: http://www.php.net/traits
[call-user-func-array]: http://php.net/manual/en/function.call-user-func-array.php

19
_posts/03-03-01-Namespaces.md Normal file
View File

@@ -0,0 +1,19 @@
---
isChild: true
---
## Namespaces
As mentioned above, the PHP community has a lot of developers creating lots of code. This means that one library's PHP code may use the same class name as another library. When both libraries are used in the same namespace, they collide and cause trouble.
_Namespaces_ solve this problem. As described in the PHP reference manual, namespaces may be compared to operating system directories that _namespace_ files; two files with the same name may co-exist in separate directories. Likewise, two PHP classes with the same name may co-exist in separate PHP namespaces. It's as simple as that.
It is important for you to namespace your code so that it may be used by other developers without fear of colliding with other libraries.
One recommended way to use namespaces is outlined in [PSR-0](psr0), which aims to provide a standard file, class and namespace convention to allow plug-and-play code.
* [Read about Namespaces][namespaces]
* [Read about PSR-0][psr0]
[namespaces]: http://php.net/manual/en/language.namespaces.php
[psr0]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md

12
_posts/03-04-01-Standard-PHP-Library.md Normal file
View File

@@ -0,0 +1,12 @@
---
title: Standard PHP Library
isChild: true
---
## Standard PHP Library
The Standard PHP Library (SPL) is packaged with PHP and provides a collection of classes and interfaces. It is made up primarily of commonly needed datastructure classes (stack, queue, heap, and so on), and iterators which can traverse over these datastructures or your own classes which implement SPL interfaces.
* [Read about the SPL][spl]
[spl]: http://php.net/manual/en/book.spl.php

50
_posts/03-05-01-Command-Line-Interface.md Normal file
View File

@@ -0,0 +1,50 @@
---
isChild: true
---
## Command Line Interface
PHP was created primarily to write web applications, but it's also useful for scripting command line interface (CLI) programs, too. Command line PHP programs can help you automate common tasks like testing, deployment, and application administrativia.
CLI PHP programs are powerful because you can use your app's code directly without having to create and secure a web GUI for it. Just be sure not to put your CLI PHP scripts in your public web root!
Try running PHP from your command line:
{% highlight bash %}
> php -i
{% endhighlight %}
The `-i` option will print your PHP configuration just like the [`phpinfo`][phpinfo] function. There are a number of other useful [command line options][cli-options], too.
Let's write a simple "Hello, $name" CLI program. To try it out, create a file named `hello.php`, as below.
{% highlight php %}
<?php
if($argc != 2) {
die("Usage: php hello.php [name].\n");
}
$name = $argv[1];
echo "Hello, $name\n";
{% endhighlight %}
PHP sets up two special variables based on the arguments your script is run with. [`$argc`][argc] is an integer variable containing the argument *count* and [`$argv`][argv] is an array variable containing each argument's *value*. The first argument is always the name of your PHP script file, in this case `hello.php`.
To run our script, above, from the command line:
{% highlight bash %}
> php hello.php
Usage: php hello.php [name]
> php hello.php world
Hello, world
{% endhighlight %}
* [Learn about running PHP from the command line][php-cli]
* [Learn about setting up Windows to run PHP from the command line][php-cli-windows]
[phpinfo]: http://php.net/manual/en/function.phpinfo.php
[cli-options]: http://www.php.net/manual/en/features.commandline.options.php
[argc]: http://php.net/manual/en/reserved.variables.argc.php
[argv]: http://php.net/manual/en/reserved.variables.argv.php
[php-cli]: http://php.net/manual/en/features.commandline.php
[php-cli-windows]: http://www.php.net/manual/en/install.windows.commandline.php

75
_posts/04-01-01-Dependency-Management.md
View File

@@ -1,78 +1,3 @@
# Dependency Management
There are a ton of PHP libraries, frameworks, and components to choose from. Your project will likely use several of them — these are project dependencies. Until recently, PHP did not have a good way to manage these project dependencies. Even if you managed them manually, you still had to worry about autoloaders. No more.
## Composer and Packagist
Composer is a **brilliant** dependency manager for PHP. List your project's dependencies in a `composer.json` file and, with a few simple commands, Composer will automatically download your project's dependencies and setup autoloading for you.
There are already a lot of PHP libraries that are compatible with Composer, ready to be used in your project. These "packages" are listed on [Packagist][1], the official repository for Composer-compatible PHP libraries.
### How to Install Composer
You can install Composer locally (in your current working directory; though this is no longer recommended) or globally (e.g. /usr/local/bin). Let's assume you want to install Composer locally. From your project's root directory:
> curl -s http://getcomposer.org/installer | php
This will download `composer.phar` (a PHP binary archive). You can run this with `php` to manage your project dependencies. <strong>Please Note:</strong> If you pipe downloaded code directly into an interpreter, please read the code online first to confirm it is safe.
### How to Install Composer (manually)
Manually installing composer is an advanced technique; however, there are various reasons why a developer might prefer this method vs. using the interactive installation routine. The interactive installation checks your PHP installation to ensure that:
- a sufficient version of PHP is being used
- `.phar` files can be executed correctly
- certain directory permissions are sufficient
- certain problematic extensions are not loaded
- certain `php.ini` settings are set
Since a manual installation performs none of these checks, you have to decide whether the trade-off is worth it for you. As such, below is how to obtain Composer manually:
> curl -s http://getcomposer.org/composer.phar -o $HOME/local/bin/composer ; chmod +x $HOME/local/bin/composer
`$HOME/local/bin` (or a directory of your choice) should be in your `$PATH` environment variable. This will result in a `composer` command being available.
When you come across documentation that states to run Composer as `php composer.phar install`, you can substitute that with:
> composer install
### How to Define and Install Dependencies
First, create a `composer.json` file in the same directory as `composer.phar`. Here's an example that lists [Twig][2] as a project dependency.
{% highlight json %}
{
"require": {
"twig/twig": ">=1.8.0,<2.0-dev"
}
}
{% endhighlight %}
Next, run this command from your project root directory.
{% highlight bash %}
> php composer.phar install
{% endhighlight %}
This will download and install the project dependencies into a `vendors/` directory. Next, add this line to your application's primary PHP file; this will tell PHP to use Composer's autoloader for your project dependencies.
{% highlight php %}
<?php
require 'vendor/autoload.php';
{% endhighlight %}
Now you can use your project dependencies, and they'll be autoloaded on demand.
## PEAR
Another veteran package manager that many PHP developers enjoy is [PEAR][3]. It behaves much the same way, and is also worth researching for your projects.
* [Learn about Composer][4]
* [Learn about PEAR][3]
[Back to Top](#top){.top}
[1]: http://packagist.org/
[2]: http://twig.sensiolabs.org
[3]: http://pear.php.net/
[4]: http://getcomposer.org/doc/00-intro.md

70
_posts/04-02-01-Composer-and-Packagist.md Normal file
View File

@@ -0,0 +1,70 @@
---
isChild: true
---
## Composer and Packagist
Composer is a **brilliant** dependency manager for PHP. List your project's dependencies in a `composer.json` file and, with a few simple commands, Composer will automatically download your project's dependencies and setup autoloading for you.
There are already a lot of PHP libraries that are compatible with Composer, ready to be used in your project. These "packages" are listed on [Packagist][1], the official repository for Composer-compatible PHP libraries.
### How to Install Composer
You can install Composer locally (in your current working directory; though this is no longer recommended) or globally (e.g. /usr/local/bin). Let's assume you want to install Composer locally. From your project's root directory:
> curl -s http://getcomposer.org/installer | php
This will download `composer.phar` (a PHP binary archive). You can run this with `php` to manage your project dependencies. <strong>Please Note:</strong> If you pipe downloaded code directly into an interpreter, please read the code online first to confirm it is safe.
### How to Install Composer (manually)
Manually installing composer is an advanced technique; however, there are various reasons why a developer might prefer this method vs. using the interactive installation routine. The interactive installation checks your PHP installation to ensure that:
- a sufficient version of PHP is being used
- `.phar` files can be executed correctly
- certain directory permissions are sufficient
- certain problematic extensions are not loaded
- certain `php.ini` settings are set
Since a manual installation performs none of these checks, you have to decide whether the trade-off is worth it for you. As such, below is how to obtain Composer manually:
> curl -s http://getcomposer.org/composer.phar -o $HOME/local/bin/composer ; chmod +x $HOME/local/bin/composer
`$HOME/local/bin` (or a directory of your choice) should be in your `$PATH` environment variable. This will result in a `composer` command being available.
When you come across documentation that states to run Composer as `php composer.phar install`, you can substitute that with:
> composer install
### How to Define and Install Dependencies
First, create a `composer.json` file in the same directory as `composer.phar`. Here's an example that lists [Twig][2] as a project dependency.
{% highlight json %}
{
"require": {
"twig/twig": ">=1.8.0,<2.0-dev"
}
}
{% endhighlight %}
Next, run this command from your project root directory.
{% highlight bash %}
> php composer.phar install
{% endhighlight %}
This will download and install the project dependencies into a `vendors/` directory. Next, add this line to your application's primary PHP file; this will tell PHP to use Composer's autoloader for your project dependencies.
{% highlight php %}
<?php
require 'vendor/autoload.php';
{% endhighlight %}
Now you can use your project dependencies, and they'll be autoloaded on demand.
* [Learn about Composer][3]
[1]: http://packagist.org/
[2]: http://twig.sensiolabs.org
[3]: http://getcomposer.org/doc/00-intro.md

9
_posts/04-03-01-PEAR.md Normal file
View File

@@ -0,0 +1,9 @@
---
isChild: true
---
## PEAR
Another veteran package manager that many PHP developers enjoy is [PEAR][1]. It behaves much the same way, and is also worth researching for your projects. [Learn about PEAR][1].
[1]: http://pear.php.net/

2
_posts/05-01-01-Databases-and-PDO.md
View File

@@ -29,8 +29,6 @@ This is correct code. It uses a bound parameter on a PDO statement. This escapes
* [ZF2 Db][4]
* [ZF1 Db][3]
[Back to Top](#top){.top}
[1]: http://www.php.net/manual/en/book.pdo.php
[2]: http://www.doctrine-project.org/projects/dbal.html
[3]: http://framework.zend.com/manual/en/zend.db.html

42
_posts/06-01-01-Security.md
View File

@@ -1,43 +1 @@
# Security
## Web Application Security
There are bad people ready and willing to exploit your web application. It is important that you
take necessary precautions to harden your web application's security. Luckily, the fine folks at [The Open Web Application Security Project][1] (OWASP) have compiled a comprehensive list of known security issues and methods to protect yourself against them. This is a must read for the security-conscious developer.
* [Read the OWASP Security Guide][2]
[1]: https://www.owasp.org/
[2]: https://www.owasp.org/index.php/Guide_Table_of_Contents
## Password Hashing with Bcrypt
Eventually everyone builds a PHP application that relies on user login. Usernames and (hashed) passwords are stored in a database and later used to authenticate users upon login.
It is important that you properly _hash_ passwords that are stored in a database. If passwords are not hashed, and your database is hacked or accessed by an unauthorized third-party, all user accounts are now compromised.
**Hash passwords with Bcrypt**. It's super simple, and (for all intents and purposes) Bcrypt makes it impossible for someone to reverse-engineer the plain-text version of a password should the database be compromised.
There are several Bcrypt libraries for PHP that you may use.
* [Read "How to Safely Store a Password" by Coda Hale][3]
* [Use Bcrypt with PHPAss][4] (odd name, I know)
[3]: http://codahale.com/how-to-safely-store-a-password/
[4]: http://www.openwall.com/phpass/
## Input Filtering and Sanitizing
Never ever (ever) trust foreign input introduced to your PHP code. That leads to dark and dangerous places. Instead, always filter foreign input before you use it in your code.
PHP provides the `filter_var` and `filter_input` functions to help you do this. These two functions can sanitize text, verify formats (e.g. email addresses), and escape characters.
For example, if you accept code from an HTML form, you'll want to use `filter_input` before inserting the input into a database or inserting the input into an HTML response.
* [Learn about `filter_var`][5]
* [Learn about `filter_input`][6]
[5]: http://php.net/manual/en/function.filter-var.php
[6]: http://www.php.net/manual/en/function.filter-input.php
[Back to Top](#top){.top}

13
_posts/06-02-01-Web-Application-Security.md Normal file
View File

@@ -0,0 +1,13 @@
---
isChild: true
---
## Web Application Security
There are bad people ready and willing to exploit your web application. It is important that you
take necessary precautions to harden your web application's security. Luckily, the fine folks at [The Open Web Application Security Project][1] (OWASP) have compiled a comprehensive list of known security issues and methods to protect yourself against them. This is a must read for the security-conscious developer.
* [Read the OWASP Security Guide][2]
[1]: https://www.owasp.org/
[2]: https://www.owasp.org/index.php/Guide_Table_of_Contents

19
_posts/06-03-01-Password-Hashing-with-Bcrypt.md Normal file
View File

@@ -0,0 +1,19 @@
---
isChild: true
---
## Password Hashing with Bcrypt
Eventually everyone builds a PHP application that relies on user login. Usernames and (hashed) passwords are stored in a database and later used to authenticate users upon login.
It is important that you properly _hash_ passwords that are stored in a database. If passwords are not hashed, and your database is hacked or accessed by an unauthorized third-party, all user accounts are now compromised.
**Hash passwords with Bcrypt**. It's super simple, and (for all intents and purposes) Bcrypt makes it impossible for someone to reverse-engineer the plain-text version of a password should the database be compromised.
There are several Bcrypt libraries for PHP that you may use.
* [Read "How to Safely Store a Password" by Coda Hale][3]
* [Use Bcrypt with PHPAss][4] (odd name, I know)
[3]: http://codahale.com/how-to-safely-store-a-password/
[4]: http://www.openwall.com/phpass/

17
_posts/06-04-01-Input-Filtering-and-Sanitizing.md Normal file
View File

@@ -0,0 +1,17 @@
---
isChild: true
---
## Input Filtering and Sanitizing
Never ever (ever) trust foreign input introduced to your PHP code. That leads to dark and dangerous places. Instead, always filter foreign input before you use it in your code.
PHP provides the `filter_var` and `filter_input` functions to help you do this. These two functions can sanitize text, verify formats (e.g. email addresses), and escape characters.
For example, if you accept code from an HTML form, you'll want to use `filter_input` before inserting the input into a database or inserting the input into an HTML response.
* [Learn about `filter_var`][5]
* [Learn about `filter_input`][6]
[5]: http://php.net/manual/en/function.filter-var.php
[6]: http://www.php.net/manual/en/function.filter-input.php

2
_posts/07-01-01-Testing.md
View File

@@ -9,5 +9,3 @@ Some common tools are:
* [PHPUnit](http://phpunit.de)
* [Behat](http://behat.org)
* [Selenium](http://seleniumhq.org/)
[Back to Top](#top){.top}

26
_posts/08-01-01-Servers-and-Deployment.md
View File

@@ -1,29 +1,3 @@
# Servers and Deployment
PHP applications can be deployed and run on production web servers in a number of ways.
## Platform as a Service (PaaS)
In recent years cloud platforms have become popular ways of deploying, hosting, and scaling PHP applications. These can be a great if you're learning PHP and don't have experience or interest in server admin work, too. You can find a list of [PHP PaaS "Platform as a Service" providers](#php_paas_providers) in our [resources section](#resources).
## Virtual or Dedicated Servers
If you are comfortable with systems administration, or are interested in learning it, virtual or dedicated servers give you complete control of your application's production environment.
### nginx and PHP-FPM
PHP, via PHP's built-in FastCGI Process Manager (FPM), pairs really nicely with [nginx](http://nginx.org), which is a lightweight, high-performance web server. It uses less memory than Apache and can better handle more concurrent requests. This is especially important on virtual servers that don't have much memory to spare. If you are working to put a new PHP app on its own server in production today, choose nginx and PHP-FPM.
* [Read more on nginx](http://nginx.org)
* [Read more on PHP-FPM](http://php.net/manual/en/install.fpm.php)
* [Read more on setting up nginx and PHP-FPM securely](https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/)
### Apache and PHP
PHP and Apache have a long history together. Apache is wildly configurable and allows sites to control their configurations dynamically, via `.htaccess` files, on a per-directory basis. This has made it a popular choice for shared servers and an easy setup for PHP frameworks and open source apps like WordPress. Unfortunately, Apache uses more resources than nginx and cannot handle as many visitors at the same time. If you are on your own virtual/dedicated server and do not need the configurability of Apache, choose nginx and PHP-FPM.
## Shared Servers
PHP has shared servers to thank for its popularity. It is hard to find a host without PHP installed, but be sure it's the latest version. Shared servers allow you and other developers to deploy websites to a single machine. The upside to this is that it has become a cheap commodity. The downside is that you never know what kind of a ruckus your neighboring tenants are going to create; loading down the server or opening up security holes are the main concerns. If your project's budget can afford to avoid shared servers you should.
[Back to Top](#top){.top}

8
_posts/08-02-01-Platform-as-a-Service.md Normal file
View File

@@ -0,0 +1,8 @@
---
title: Platform as a Service (PaaS)
isChild: true
---
## Platform as a Service (PaaS)
In recent years cloud platforms have become popular ways of deploying, hosting, and scaling PHP applications. These can be a great if you're learning PHP and don't have experience or interest in server admin work, too. You can find a list of [PHP PaaS "Platform as a Service" providers](#php_paas_providers) in our [resources section](#resources).

19
_posts/08-03-01-Virtual-or-Dedicated-Servers.md Normal file
View File

@@ -0,0 +1,19 @@
---
isChild: true
---
## Virtual or Dedicated Servers
If you are comfortable with systems administration, or are interested in learning it, virtual or dedicated servers give you complete control of your application's production environment.
### nginx and PHP-FPM
PHP, via PHP's built-in FastCGI Process Manager (FPM), pairs really nicely with [nginx](http://nginx.org), which is a lightweight, high-performance web server. It uses less memory than Apache and can better handle more concurrent requests. This is especially important on virtual servers that don't have much memory to spare. If you are working to put a new PHP app on its own server in production today, choose nginx and PHP-FPM.
* [Read more on nginx](http://nginx.org)
* [Read more on PHP-FPM](http://php.net/manual/en/install.fpm.php)
* [Read more on setting up nginx and PHP-FPM securely](https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/)
### Apache and PHP
PHP and Apache have a long history together. Apache is wildly configurable and allows sites to control their configurations dynamically, via `.htaccess` files, on a per-directory basis. This has made it a popular choice for shared servers and an easy setup for PHP frameworks and open source apps like WordPress. Unfortunately, Apache uses more resources than nginx and cannot handle as many visitors at the same time. If you are on your own virtual/dedicated server and do not need the configurability of Apache, choose nginx and PHP-FPM.

7
_posts/08-04-01-Shared-Servers.md Normal file
View File

@@ -0,0 +1,7 @@
---
isChild: true
---
## Shared Servers
PHP has shared servers to thank for its popularity. It is hard to find a host without PHP installed, but be sure it's the latest version. Shared servers allow you and other developers to deploy websites to a single machine. The upside to this is that it has become a cheap commodity. The downside is that you never know what kind of a ruckus your neighboring tenants are going to create; loading down the server or opening up security holes are the main concerns. If your project's budget can afford to avoid shared servers you should.

1
_posts/09-01-01-Libraries-and-Frameworks.md
View File

@@ -26,4 +26,3 @@ _You do not need to use a framework for every project_. Sometimes, plain PHP is
* [MicroMVC](http://micromvc.com/)
* [Silex](http://silex.sensiolabs.org/)
* [Slim](http://www.slimframework.com/)

2
_posts/10-01-01-Resources.md
View File

@@ -23,5 +23,3 @@
* [AWS Elastic Beanstalk](http://aws.amazon.com/elasticbeanstalk/)
* [cloudControl](https://www.cloudcontrol.com/)
* [Windows Azure](http://www.windowsazure.com/)
[Back to Top](#top){.top}

5
index.html
View File

@@ -5,6 +5,11 @@ layout: default
{% capture welcome_content %}{% include welcome.md %}{% endcapture %}
{{ welcome_content|markdownify }}
{% capture backtotop %}[Back to Top](#top){.top}{% endcapture %}
{% for post in site.posts reversed %}
{% if post.isChild != true and loop.first != true %}
{{ backtotop|markdownify }}
{% endif %}
{{ post.content }}
{% endfor %}
{{ backtotop|markdownify }}