Wednesday 04th December 2013 The Importance of Keeping PHP Up to Date
PHP is a robust and flexible language, used almost everywhere on the web in one form or another - and, increasingly, it's being used in many non-standard environments. As we grow into the so-called Internet of Things - the holy grail of web connectivity where every device we own is integrated into a network - the places PHP can be found are often extremely surprising to the unexpecting user. Never before has this been more highlighted than by a new piece of malware that was identified in the last two weeks by security firm Symantec.
Capitalising on a by-now ancient PHP bug, the malware is a worm known as Linux.Darlloz has currently only been infected Intel x86-based systems, but security researchers warn that there are variants of the worms code that are designed for chip architectures that are most commonly found in consumer-grade routers, IP security cameras, and even television set-top boxes, which are not typically devices that are targeted by malware attacks. While there have been no recorded incidents of any of these devices being infected 'in the wild', the possibility exists that the current operational structure will change.
This serves to highlight the importance of working with up to date versions of PHP, and ensuring that if you or your company are responsible for working with devices that contain web interfaces, as most devices in the Internet of Things do for control and configuration purposes, it's absolutely crucial to roll out properly timed security updates. The particular flaw exploited by the Linux.Darlloz worm is only found in PHP versions 5.4.1 and earlier ; the patch for the flaw was implemented as far back as May 3rd of 2012.
It doesn't take much time to ensure that your current development environments are running the latest version of PHP - a quick version check and an update to your binaries is all it takes. It's possible that you may have to make some updates to any projects that are currently in the works, and if you've got any deployed projects they should be updated to patch any security flaws, but the benefits of the added stability and security far outweigh the hassles involved in staying updated. Even if you're not ready to adopt the latest bleeding edge version, at least try to stay with a version that was released in the current year.
Posted on December 04th 2013 at 03:29am
Saturday 30th November 2013 The History of PHP
Over the course of this blog, we've covered a pretty wide range of topics relating to PHP. Learning, security, frameworks, best practices for build and launch, and even good ways to keep your code clean and reuse well-written snippets. There's one point that we've neglected to mention, though: the history of PHP itself. Even the acronym itself was something of a mystery, so we decided to take a quick trip down memory lane and discover how PHP came to be the powerhouse of a language that it is today.
PHP was originally developed as part of another language, known as PHP/FI, by Rasmus Lerdorf all the way back in 1994 in the very earliest days of the World Wide Web (it was so long ago that people were still actually calling it by its full name). Lerdorf had published his resume online, and wanted to ensure that he could track how many visits the resume had received. He had written some CGI (common gateway interface) scripts in Perl to handle this, but thanks to performance considerations he rewrote the scripts in C, and for good measure, incorporated the ability to interact with databases and web forms. This was the rather clunkily named PHP/FI, which, when released to the public in 1995, extended out into the name (wait for it…. big reveal time!) Personal Homepage Tools version 1.0. Hopefully that build-up wasn't overdone, but it's sometimes good to remember that the language that powers some of our most incredible dynamic web apps originally started out as a product of one guy working on his website.
A couple of years passed, and two other programmers, Zeev Suraski and Andi Gutmans began collaborating on the beginnings of what would be PHP 3, rewriting the parser from the short-lived PHP 2 and launching it in 1998. Shortly thereafter, they created the Zend Engine by rewriting core aspects of PHP, and PHP's place in the web world was cemented for good in 2000 with the release of PHP 4. In 2004, the first iteration of PHP 5 was launched, and since then major updates have been scarce on the ground, as here we are almost 10 years later working with PHP 5.5 which was just released earlier in 2013.
Excitingly enough, PHP 6 is currently under development. This next major update was originally slated for a release in March 2010, but, as is often the case in massive development projects, the release date has been continually pushed back as various setbacks change the estimates of time investment.
Posted on November 30th 2013 at 12:44am
Tuesday 26th November 2013 Great PHP Books Every Developer Should Own
Becoming a developer is a never-ending process. No matter how long you work at it, there are always things to learn, always new iterations of PHP to keep up on, and always a more elegant solution to a particular problem. One of the best ways to hone your skills, of course, is to get your fingers dirty doing actual coding in the trenches, but it's not the only way to expand your capabilities. Sometimes the only way to move forwards is by picking up some new knowledge from a new source, so we've put together a list of books that every PHP developer should own.
First on the list is from the venerable and respected O'Reilly series. Unimaginatively titled 'PHP Cookbook: Solutions and Examples for PHP Programmers', the content itself is nevertheless extremely elegant and well-put together. Aimed at both novice developers and more advanced pros, there's something for everyone here. Organized from the perspective of problem solving instead of a more traditionally structured approach, even advanced developers may find more elegant solutions to common programming problems. Make sure you grab the edition that's been updated for PHP5!
Next on the list is the also unimaginatively titled (noticing a trend here yet?) 'PHP and MySQL Web Development (4th Ed.) by Luke Welling and Laura Thomson. This book offers a more traditionally structured approach, covering everything from the basics of how PHP and MySQL interact conceptually to more concrete examples on how to deal with session management, email, and even PDFs and images. Famed for its clarity of writing and down-to-earth style, the 5th edition is slated for release in Spring of 2014 complete with updates for PHP 5.5.
Finally, for those of you who are already quite familiar with PHP, we reach 'PHP Objects, Patterns and Practice' by Matt Zandstra. It covers some of the additions from PHP 5.3, but doesn't seem to have an updated version. Regardless, it teaches best PHP practices from project design to build and implementation solutions, making it far more useful for the large-scale enterprise developer.
The trend in unimaginative names probably stems from the logical nature of the typical programming mind, but there is a certain charm in something that 'does what it says on the tin', as the saying goes. If these books still seem to daunting to you, you can test the PHP programming waters with some of the online tutorials we mentioned in our previous post. Enjoy!
Posted on November 26th 2013 at 07:25am
Saturday 23rd November 2013 Great Sites for Learning PHP
Learning a new programming language can be tough - especially when you're trying to learn it in the abstract. Once you've got the essentials down, the best way to keep learning - and to keep the learning interesting - is by getting your hands dirty with some simple projects. As your projects grow more and more complex, sometimes you'll find yourself grasping at straws while trying to figure out a portion of your project. Enter the great tutorial website, always ready to help you out with some of the trickier aspects of project development. With that in mind, we've put together a list of great sites that offer some of the best tutorials online. It's by no means an exhaustive list, but they're all great starting places.
The grandfather of them all is the venerable W3Schools
site. You may remember it from the hazy bygone days of learning HTML and CSS, but it's got great resources for many languages, and PHP is right up there with the rest of them. While its tutorials aren't as indepth as most of the other sites we'll look at, it has some great tutorials and sandboxes for experimenting with different PHP functions, which makes it great for beginners.
One of the newer - and better designed - sites for learning PHP can be found at the Code Academy
. It offers a set of 11 unique courses to take you from the very beginnings of PHP with a very hands-on approach, similar to the sandboxes offered by W3Schools but far more advanced. They don't delve as deeply as some of the other sites, but they're great for the basics.
Once you've shaken off the fear of unfamiliar new code and you're ready for something more advanced and intriguing, swing by PHPAcademy
. Their tutorial collection is comprised entirely of free videos which are nicely put together. The only downside is that they're relatively new, and are still building up a large repository of content. Regardless, they're definitely worth visiting to start getting your feet wet with some more interesting PHP projects.
Finally, if you've got a bit of money to throw at the learning process, it's worth checking out the resources offered by the ubiquitous
. They've got literally thousands of tutorials under their belts, and while they only offer a few for PHP, they cover all the major aspects of what you need to know to get comfortable with PHP, from working with MySQL to building basic Facebook applications. Their experience with teaching is obvious in every tutorial they host, and once you get hooked you'll want to start learning even more!
Posted on November 23rd 2013 at 12:05am
Wednesday 20th November 2013 Top Tips for PHP Beginners
Learning a new programming language can be a huge undertaking, and learning PHP is no exception. Not only do you have to learn the actual syntax and structure, but there are a number of different subtleties unique to any language, and PHP has its fair share. There are some best practices that you should get in the habit of applying to your work, so you don't have to come back later and break yourself of any bad habits. This is by no means a complete list, but it's a good starting point for PHP beginners.
First and foremost, use the latest version of PHP. This might seem like a no-brainer to everyone, but it's surprising how many people are still using outdated versions of PHP. Just make sure that you check with your hosting provider that they're willing to support the version you use. While all hosts should be supporting PHP 5 by now, they may not be supporting the latest subversion (5.5 at the time of writing)
Next, familiarise yourself with the PHP manual. Another one that might seem like a no-brainer, but most programmers learn from a 'Teach Yourself' guide or similar online tutorial system, and some have never touched the PHP manual in their lives. Give it a shot, and you're almost guaranteed to learn something that was left out of your quick-start guide.
If you haven't already switched to one, try out an integrated development environment, or IDE for short. We recently posted about some of the most popular IDEs, but it's important to find one that feels comfortable to you, so test out some of the available options to find your personal favourite. The simplest improvements over a basic text editor can make you wonder how you ever coded without an IDE.
To save yourself a bunch of headaches while you're learning (and after), make sure you have enabled error reporting. It will save you a huge amount of time trying to sort through code that you're not really familiar with, and you'll be instantly thankful for it. Just make sure that you remember to turn it off before you launch, or your benign users will be confused and any malicious users may have a route into your system.
Finally, make sure you get into the habit of writing your PHP code as cleanly as possible from the beginning. Use naming conventions for your variables that actually mean something, because by the time you're finished your project you'll have lost track of the obscure names you gave to your incremental loops. Indent your code and use plenty of whitespace, which will make sorting through things infinitely simpler and faster, and will make it easier for other programmers to help you out if it turns out you need it.
Posted on November 20th 2013 at 08:53pm
Friday 15th November 2013 The Best PHP Development Environments
If you're like us older folks, you might have gotten your very first taste of web programming in the glorious, barebones simplicity of Notepad. While that was fine for coding basic HTML when it first hit computers around the world, the Internet ecosystem has developed so rapidly and dramatically that anyone still using Notepad today is at a major disadvantage. Fortunately, as the number of languages - and their complexity - expanded, so did the number of programs designed for developers. Today we'll look at a few of the different integrated development environment (IDE) options available for PHP developers that will make you forget coding in Notepad was ever even possible.
Next, we come to UltraEdit. One of the most venerable text editors/IDEs in the world, it was originally developed back in 1994, and has been going strong ever since. It offers an impressive featureset packed into a layout that is as complex or as simple as you want it to be, and if you ever code outside of PHP, it's ready to handle almost any language you care to use. While it doesn't have an integrated debugger, it's nevertheless a choice for many top PHP developers. The only downside is that it's not free, although you can test it out for 30 days before deciding whether you want to spend $80 on it.
If the idea of paying for an IDE bothers you, open source comes to the rescue yet again with the ever-popular NetBeans IDE. Easily our favourite from this list, NetBeans is a robust, full-service answer to all the paid products out there, complete with code highlighting, code collapsing, and all the other bells and whistles you didn't even know you needed until you use them. It currently supports the Zend and Symfony 1 & 2 frameworks, and even supports continuous integration via Jenkins Jobs for PHP Projects. The only downside we see is that it has yet to update to include PHP 5.5 support, but that's not a dealbreaker and surely will be released soon!
Posted on November 15th 2013 at 08:37pm
Tuesday 12th November 2013 How to Write Clean PHP Code
Anyone who's ever worked on an ad-hoc development team will tell you how frustrating it can be to have to deal with team members who write messy code. Even if you're working alone, there are huge advantages to taking just a little bit of extra time to keep your code clean and easily readable. You may be thinking to yourself, 'Sure, but I know my own code, what's the point?' The point is that while you're going to be able to revisit the code you wrote yesterday and understand it perfectly even if it's gibberish, how about code you wrote last year? Last month? After a marathon coding session, code you wrote last week might even have slipped your mind. If you ever plan on reusing anything you write, which is an excellent idea, taking the time to follow these tips will make it infinitely easier to do so.
The most important thing to do to help your future-self understand your code is to include quick comments at the beginning of each section. For more involved projects, take the time to make some notes about functions and classes - especially useful for later reuse.
Following the same principle of documentation, when you're debugging your code, don't delete sections of it that have problems, simply comment them out completely. This allows you to quickly test various iterations of your code snippets without having to re-do the same work over and over again, and lets you quickly revert to a previous version. Once you move into production, you can obviously remove the sections that have been commented out, but make sure you keep them around in your latest pre-build version.
Clean is simple and informative. To stay informative, don't give your variables and functions bizarrely esoteric names. Even you will have a hard time keeping track of variables with ridiculous names - now was that variable you wanted to pass GERSFD, GARFVD or ARGFD? Use logical, descriptive names to keep things simple and easily understood for later.
Whitespace, whitespace, whitespace. Sorting through tens of thousands of lines of code is difficult enough without having to take the time to figure out where functions start and end. Your compiler will strip the whitespace during build anyways, so use it as a visual tool and make your own life easier. If you find yourself looking back over your own code or someone elses and getting frustrated trying to make heads or tails of it, you might want to consider using a PHP formatting tool just as PHP Formatter (http://beta.phpformatter.com/
) or something similar.
Posted on November 12th 2013 at 06:29pm
Thursday 07th November 2013 Do You Really Need a PHP Framework?
We've discussed various PHP frameworks in the past here, as they can be incredibly useful tools for developers. Instead of recreating entire libraries of code that already exist, making use of a framework can save you days or even weeks of coding - and if you choose the right one, they offer an incredible amount of stability and security. Numerous popular frameworks have huge communities behind them, constantly monitoring the code base, updating it regularly, and plugging security holes and other issues that would quickly become overwhelming for a single person.
However, because of their very nature, there are also some serious downsides to using a PHP framework. Due to their size and scope, they boast a huge learning curve, and the more complex the framework, the harder it is to get up to speed - it's almost like having to learn a new programming language within PHP. Once you've invested that much time into learning a framework, it can become very difficult to switch to an alternative framework if it turns out that another would be better suited to your next project.
While there is often added stability and security gained by using frameworks, the fact that they are almost ubiquitous means that the frameworks themselves are also a much more appealing target for hackers and other malicious users. If a vulnerability is found in a framework, it means that all sites and applications that use that framework are likely to share the vulnerability.
In order to stay on top of this danger, communities are constantly updating frameworks with new code and patching vulnerabilities, which sounds like an excellent way to handle the problem. However, frameworks inherently work the way other libraries do, which means that they have to be embedded directly into your build or code repository. So while they are being updated to ensure security, you then must turn around and update your own implementation of the framework to ensure it's using the latest version.
The value you'll derive from a framework really depends on how you code and the types of projects you work on. If you're working on smaller scale projects, you will probably end up with your own segments of code that can be recycled for various future projects, much in the same way as a framework operates, but without all the tedious issues and unnecessary features that can make working with a framework a hassle. However, if you're regularly working on large scale projects that require the pinnacle of stability and security, a well-chosen PHP framework can be your new best friend.
Posted on November 07th 2013 at 04:08pm
Tuesday 05th November 2013 Easily Reuse Your Own PHP Code Snippets
At this point in your PHP coding careers, you've probably all heard about the value of a framework - how popular they are, how robust they are, and how they can save you hours of time and effort. Of course, they can also add some hours of time and effort at the beginning, as you have their often steep learning curves to adjust to. But most of you likely started coding before you began to use frameworks, as they're generally better suited to large projects, and most devs don't start with large projects. Along the way, you probably found yourself coding similar functions and classes enough times that it finally clicked - you should be re-using bits of your old code! But that can be a huge pain, sorting through old files in an effort to lift out the useful bits, so we've put together a quick list of some useful tools that are designed to help you save and tag your code snippets to start building up a personal framework.
Most of the currently popular snippet storage tools are all web-based, meaning you can access them anywhere. The intended goal is to share them with the PHP developer community, but naturally you don't have to share if you don't want to.
Probably the most feature-packed is Gist, the snippet saver offered by the ever-popular Github. All the snippets posted are automatically treated as repositories, meaning they offer all the same benefits as a full Git codebase. They can easily be saved as private or public, although if you create too many it may become difficult to sort through them all.
Finally, for a slightly more well-designed version of Snipplr, you can try Snipt, which lets you go from reading this sending to storing your snippets in about 3 seconds. Tagging, descriptions, and private entries available, and if you get mad at the ads, you can opt to go for a Pro account to save your eyes the hassle.
One last entry that deserves a special mention is FastFox, which you can think of as a time-saver for inserting regularly used expressions. It lets you define text-based shortcuts which are automatically converted into larger pieces of text. If you find yourself using a piece of code repeatedly, you can quickly set up a shortcut for it and save yourself a huge amount of time. While it's available for PC and Mac, it's unfortunately not open source, so you'll be shelling out $20 for it - but a free trial is available from their website to help you make up your mind.
Posted on November 05th 2013 at 08:46pm
Friday 01st November 2013 Top PHP-based E-commerce Solutions
Every developer loves to be working on complex projects that tax their skillset, require in-depth thought and elegant solutions to difficult problems. Sadly, there aren't always enough of those to go around, and paying the bills can mean taking on some more mundane development projects. One good money-making option for PHP programmers involves the development of e-commerce sites. It's not exactly glamorous, but there are always going to be new businesses starting up that need websites and existing businesses hoping to upgrade to something newer or more effective, creating a never-ending stream of potential clients.
Even as you choose a PHP framework to avoid having to reinvent the wheel, there's no sense in trying to code a shopping cart from scratch when there are so many excellent PHP-based carts available for free. Let's take a look a few of the top contenders for the crown, and hopefully save you the hassle of having to create your own.
One of the most popular free shopping carts is from Magento, a company that is owned by eBay. While Magento offers pay-per-use versions of their software, the 'Magento Community Edition
' is a free cart that is completely open source. Running on any Linux/Windows/Unix-based Apache server with PHP 5.2.13 or newer, it has a great range of flexibility right 'out of the box'. This flexibility can be extended dramatically thanks to the robust and wide-ranging community that exists around it in the form of Magentoconnect, a marketplace for plugins and extensions. Some require purchase, but there are a number of free extensions available as well.
Another popular and completely open source solution comes in the form of osCommerce Online Merchant
. It is one of the oldest open source shopping cart solutions, having been around for over 12 years as of this writing. As a result, it's been through quite a number of iterations, and worked out all the kinks and security issues that sometimes plague newer pieces of software. It also features an add-on marketplace, except unlike Magento, all of its add-on features are completely free of charge. It also has more lenient server requirements, only requiring PHP 4 or newer (although 5 or newer is recommended).
Finally, we come to what is arguably the most complicated entrant, Zen Cart
. While free and open-source like the other two options, Zen Cart has a more complex learning curve. On the flip side, however, it also offers a huge range of features that are sometimes glossed over in others. It's geared more towards developers with a solid PHP grounding, while the first two options attempt to be more user-friendly for non-coders. Interestingly, they claim to user-friendly, but the general experience requires more than the casual knowledge they suggest. The rich native featureset is also expandable by a range of plugins, though not quite as extensive as the assortment offered by osCommerce or Magento.
Look at each of the three closely, and decide for yourself which works best with your particular style - one of them is sure to fit the bill - and no matter what, the price is right.
Posted on November 01st 2013 at 01:35pm