Wednesday 20th November 2013 Top Tips for PHP Beginners
Learning a new programming language can be a huge undertaking, and learning PHP is no exception. Not only do you have to learn the actual syntax and structure, but there are a number of different subtleties unique to any language, and PHP has its fair share. There are some best practices that you should get in the habit of applying to your work, so you don't have to come back later and break yourself of any bad habits. This is by no means a complete list, but it's a good starting point for PHP beginners.
First and foremost, use the latest version of PHP. This might seem like a no-brainer to everyone, but it's surprising how many people are still using outdated versions of PHP. Just make sure that you check with your hosting provider that they're willing to support the version you use. While all hosts should be supporting PHP 5 by now, they may not be supporting the latest subversion (5.5 at the time of writing)
Next, familiarise yourself with the PHP manual. Another one that might seem like a no-brainer, but most programmers learn from a 'Teach Yourself' guide or similar online tutorial system, and some have never touched the PHP manual in their lives. Give it a shot, and you're almost guaranteed to learn something that was left out of your quick-start guide.
If you haven't already switched to one, try out an integrated development environment, or IDE for short. We recently posted about some of the most popular IDEs, but it's important to find one that feels comfortable to you, so test out some of the available options to find your personal favourite. The simplest improvements over a basic text editor can make you wonder how you ever coded without an IDE.
To save yourself a bunch of headaches while you're learning (and after), make sure you have enabled error reporting. It will save you a huge amount of time trying to sort through code that you're not really familiar with, and you'll be instantly thankful for it. Just make sure that you remember to turn it off before you launch, or your benign users will be confused and any malicious users may have a route into your system.
Finally, make sure you get into the habit of writing your PHP code as cleanly as possible from the beginning. Use naming conventions for your variables that actually mean something, because by the time you're finished your project you'll have lost track of the obscure names you gave to your incremental loops. Indent your code and use plenty of whitespace, which will make sorting through things infinitely simpler and faster, and will make it easier for other programmers to help you out if it turns out you need it.
Posted on November 20th 2013 at 08:53pm
Friday 15th November 2013 The Best PHP Development Environments
If you're like us older folks, you might have gotten your very first taste of web programming in the glorious, barebones simplicity of Notepad. While that was fine for coding basic HTML when it first hit computers around the world, the Internet ecosystem has developed so rapidly and dramatically that anyone still using Notepad today is at a major disadvantage. Fortunately, as the number of languages - and their complexity - expanded, so did the number of programs designed for developers. Today we'll look at a few of the different integrated development environment (IDE) options available for PHP developers that will make you forget coding in Notepad was ever even possible.
Next, we come to UltraEdit. One of the most venerable text editors/IDEs in the world, it was originally developed back in 1994, and has been going strong ever since. It offers an impressive featureset packed into a layout that is as complex or as simple as you want it to be, and if you ever code outside of PHP, it's ready to handle almost any language you care to use. While it doesn't have an integrated debugger, it's nevertheless a choice for many top PHP developers. The only downside is that it's not free, although you can test it out for 30 days before deciding whether you want to spend $80 on it.
If the idea of paying for an IDE bothers you, open source comes to the rescue yet again with the ever-popular NetBeans IDE. Easily our favourite from this list, NetBeans is a robust, full-service answer to all the paid products out there, complete with code highlighting, code collapsing, and all the other bells and whistles you didn't even know you needed until you use them. It currently supports the Zend and Symfony 1 & 2 frameworks, and even supports continuous integration via Jenkins Jobs for PHP Projects. The only downside we see is that it has yet to update to include PHP 5.5 support, but that's not a dealbreaker and surely will be released soon!
Posted on November 15th 2013 at 08:37pm
Tuesday 12th November 2013 How to Write Clean PHP Code
Anyone who's ever worked on an ad-hoc development team will tell you how frustrating it can be to have to deal with team members who write messy code. Even if you're working alone, there are huge advantages to taking just a little bit of extra time to keep your code clean and easily readable. You may be thinking to yourself, 'Sure, but I know my own code, what's the point?' The point is that while you're going to be able to revisit the code you wrote yesterday and understand it perfectly even if it's gibberish, how about code you wrote last year? Last month? After a marathon coding session, code you wrote last week might even have slipped your mind. If you ever plan on reusing anything you write, which is an excellent idea, taking the time to follow these tips will make it infinitely easier to do so.
The most important thing to do to help your future-self understand your code is to include quick comments at the beginning of each section. For more involved projects, take the time to make some notes about functions and classes - especially useful for later reuse.
Following the same principle of documentation, when you're debugging your code, don't delete sections of it that have problems, simply comment them out completely. This allows you to quickly test various iterations of your code snippets without having to re-do the same work over and over again, and lets you quickly revert to a previous version. Once you move into production, you can obviously remove the sections that have been commented out, but make sure you keep them around in your latest pre-build version.
Clean is simple and informative. To stay informative, don't give your variables and functions bizarrely esoteric names. Even you will have a hard time keeping track of variables with ridiculous names - now was that variable you wanted to pass GERSFD, GARFVD or ARGFD? Use logical, descriptive names to keep things simple and easily understood for later.
Whitespace, whitespace, whitespace. Sorting through tens of thousands of lines of code is difficult enough without having to take the time to figure out where functions start and end. Your compiler will strip the whitespace during build anyways, so use it as a visual tool and make your own life easier. If you find yourself looking back over your own code or someone elses and getting frustrated trying to make heads or tails of it, you might want to consider using a PHP formatting tool just as PHP Formatter (http://beta.phpformatter.com/
) or something similar.
Posted on November 12th 2013 at 06:29pm
Thursday 07th November 2013 Do You Really Need a PHP Framework?
We've discussed various PHP frameworks in the past here, as they can be incredibly useful tools for developers. Instead of recreating entire libraries of code that already exist, making use of a framework can save you days or even weeks of coding - and if you choose the right one, they offer an incredible amount of stability and security. Numerous popular frameworks have huge communities behind them, constantly monitoring the code base, updating it regularly, and plugging security holes and other issues that would quickly become overwhelming for a single person.
However, because of their very nature, there are also some serious downsides to using a PHP framework. Due to their size and scope, they boast a huge learning curve, and the more complex the framework, the harder it is to get up to speed - it's almost like having to learn a new programming language within PHP. Once you've invested that much time into learning a framework, it can become very difficult to switch to an alternative framework if it turns out that another would be better suited to your next project.
While there is often added stability and security gained by using frameworks, the fact that they are almost ubiquitous means that the frameworks themselves are also a much more appealing target for hackers and other malicious users. If a vulnerability is found in a framework, it means that all sites and applications that use that framework are likely to share the vulnerability.
In order to stay on top of this danger, communities are constantly updating frameworks with new code and patching vulnerabilities, which sounds like an excellent way to handle the problem. However, frameworks inherently work the way other libraries do, which means that they have to be embedded directly into your build or code repository. So while they are being updated to ensure security, you then must turn around and update your own implementation of the framework to ensure it's using the latest version.
The value you'll derive from a framework really depends on how you code and the types of projects you work on. If you're working on smaller scale projects, you will probably end up with your own segments of code that can be recycled for various future projects, much in the same way as a framework operates, but without all the tedious issues and unnecessary features that can make working with a framework a hassle. However, if you're regularly working on large scale projects that require the pinnacle of stability and security, a well-chosen PHP framework can be your new best friend.
Posted on November 07th 2013 at 04:08pm
Tuesday 05th November 2013 Easily Reuse Your Own PHP Code Snippets
At this point in your PHP coding careers, you've probably all heard about the value of a framework - how popular they are, how robust they are, and how they can save you hours of time and effort. Of course, they can also add some hours of time and effort at the beginning, as you have their often steep learning curves to adjust to. But most of you likely started coding before you began to use frameworks, as they're generally better suited to large projects, and most devs don't start with large projects. Along the way, you probably found yourself coding similar functions and classes enough times that it finally clicked - you should be re-using bits of your old code! But that can be a huge pain, sorting through old files in an effort to lift out the useful bits, so we've put together a quick list of some useful tools that are designed to help you save and tag your code snippets to start building up a personal framework.
Most of the currently popular snippet storage tools are all web-based, meaning you can access them anywhere. The intended goal is to share them with the PHP developer community, but naturally you don't have to share if you don't want to.
Probably the most feature-packed is Gist, the snippet saver offered by the ever-popular Github. All the snippets posted are automatically treated as repositories, meaning they offer all the same benefits as a full Git codebase. They can easily be saved as private or public, although if you create too many it may become difficult to sort through them all.
Finally, for a slightly more well-designed version of Snipplr, you can try Snipt, which lets you go from reading this sending to storing your snippets in about 3 seconds. Tagging, descriptions, and private entries available, and if you get mad at the ads, you can opt to go for a Pro account to save your eyes the hassle.
One last entry that deserves a special mention is FastFox, which you can think of as a time-saver for inserting regularly used expressions. It lets you define text-based shortcuts which are automatically converted into larger pieces of text. If you find yourself using a piece of code repeatedly, you can quickly set up a shortcut for it and save yourself a huge amount of time. While it's available for PC and Mac, it's unfortunately not open source, so you'll be shelling out $20 for it - but a free trial is available from their website to help you make up your mind.
Posted on November 05th 2013 at 08:46pm
Friday 01st November 2013 Top PHP-based E-commerce Solutions
Every developer loves to be working on complex projects that tax their skillset, require in-depth thought and elegant solutions to difficult problems. Sadly, there aren't always enough of those to go around, and paying the bills can mean taking on some more mundane development projects. One good money-making option for PHP programmers involves the development of e-commerce sites. It's not exactly glamorous, but there are always going to be new businesses starting up that need websites and existing businesses hoping to upgrade to something newer or more effective, creating a never-ending stream of potential clients.
Even as you choose a PHP framework to avoid having to reinvent the wheel, there's no sense in trying to code a shopping cart from scratch when there are so many excellent PHP-based carts available for free. Let's take a look a few of the top contenders for the crown, and hopefully save you the hassle of having to create your own.
One of the most popular free shopping carts is from Magento, a company that is owned by eBay. While Magento offers pay-per-use versions of their software, the 'Magento Community Edition
' is a free cart that is completely open source. Running on any Linux/Windows/Unix-based Apache server with PHP 5.2.13 or newer, it has a great range of flexibility right 'out of the box'. This flexibility can be extended dramatically thanks to the robust and wide-ranging community that exists around it in the form of Magentoconnect, a marketplace for plugins and extensions. Some require purchase, but there are a number of free extensions available as well.
Another popular and completely open source solution comes in the form of osCommerce Online Merchant
. It is one of the oldest open source shopping cart solutions, having been around for over 12 years as of this writing. As a result, it's been through quite a number of iterations, and worked out all the kinks and security issues that sometimes plague newer pieces of software. It also features an add-on marketplace, except unlike Magento, all of its add-on features are completely free of charge. It also has more lenient server requirements, only requiring PHP 4 or newer (although 5 or newer is recommended).
Finally, we come to what is arguably the most complicated entrant, Zen Cart
. While free and open-source like the other two options, Zen Cart has a more complex learning curve. On the flip side, however, it also offers a huge range of features that are sometimes glossed over in others. It's geared more towards developers with a solid PHP grounding, while the first two options attempt to be more user-friendly for non-coders. Interestingly, they claim to user-friendly, but the general experience requires more than the casual knowledge they suggest. The rich native featureset is also expandable by a range of plugins, though not quite as extensive as the assortment offered by osCommerce or Magento.
Look at each of the three closely, and decide for yourself which works best with your particular style - one of them is sure to fit the bill - and no matter what, the price is right.
Posted on November 01st 2013 at 01:35pm
Tuesday 29th October 2013 Google App Engine Now Supports PHP
For developers who are frustrated by the idea of having to maintain their own complete server setup just to test and deploy their PHP applications, the rise of cloud-based hosting services was a dream come true. Gone were the days of expensive hosting setups that didn't match needs, and along came pay-as-you-go pricing and usage models. While the venerable Amazon Web Services cloud offers a decent set of solutions, some developers were hoping for others, and along came the Google App Engine.
However since its original launch, Google App Engine has been limited in the languages it supports. Java and Python were supported from the beginning, but at long last Google has unveiled support for the PHP and Go development languages. PHP has finally moved into what Google terms the 'preview' phase of development, a sort of specialised beta release. In the past, developers had to jump through extra hoops to use the App Engine with PHP, placing their applications on a Google-approved whitelist before they could be fully deployed. With this latest status change, PHP hosting is now available to the general public without any additional headaches.
Though it sometimes has a history of recalling product launches that don't end up working, Google seems to be fully committed to supporting PHP, developing a comprehensive integration plugin for hosting Wordpress sites (which, of course, are entirely PHP-based) among other goodies. For those who want to develop online, the App Engine offers an editing interface similar to the Google Apps office-style suite, but it also allows developers who prefer to work offline to update code using JetBrain's PHPStorm IDE thanks to a simple plugin (grab it here
The best part of all? If you're not looking to launch enterprise-level development applications, you can use Google App Engine to host your PHP app completely free of charge. Simply by signing up, developers are entitled to 1 GB of storage, and are allotted enough CPU time and bandwidth to support an application that receives almost 5 million page views every month - yes, you read that right. If you suddenly decide you need more space for your app/site/whatever, additional space can be purchased at a ridiculously cheap $0.13/USD per gigabyte per month. That puts it well ahead of the Amazon Web Services offering, which requires an investment - and you can be sure that the Google App Engine will run your PHP code just as flawlessly as all their other services. Visit the site here, and login with your existing Google account: http://developers.google.com/appengine/
Thursday 24th October 2013 Securing Your PHP Application with a Custom Configuration File
When it comes to securing your PHP application against hackers and other types of malicious use, there are a number of different things to consider. We touched on a few of them previously, including what's probably the most important one: filtering all user input. We can't stress enough the importance of correctly validating all user input, including any input that comes in the form of file uploads. However, one of the most useful tools to secure your PHP code against malicious users is built right into the way PHP operates: the php.ini file.
The php.ini file is a customisable configuration file that is called when PHP loads which specifies a number of key settings for how PHP operates and executes your code. Because of this, it's also a great place to handle a couple of security vulnerabilities that are almost as crucial as controlling user input.
The first of these is the issue of error reporting. Obviously, when you're working in a test development environment, it's incredibly valuable to have your error reporting visible to help you quickly source any bugs in your code - but once you move out of the testing phase into a production environment, the data offered by error reporting can provide valuable clues to a hacker about potential vulnerabilities in your code. While you can try to ensure that doesn't happen by writing flawless code, there are a number of global parameters you can set in your php.ini file that will ensure your production code is safe from this issue. The first parameter, error_reporting, does exactly what it says on the tin, namely enabling error reporting at all, and should be set to E_ALL. The follow-up to this is the parameter display_errors, which should be 'off' once you move out of the testing phase. However, as you will probably want to ensure that any errors that do occur are logged, enable log_errors and specify the path using error_log. That's all there is to it!
The other important security vulnerability to prepare for is the type of attack known as session fixation. Essentially, this type of exploit tricks your code into accepting a session ID that has been faked by the malicious user. This can occur in a few different ways, but the methods for overcoming it can all sit in the php.ini file. A few different parameters are very useful: both session.use_cookies and session.use_only_cookies should be set to 1, which prevents GET parameters from setting your session ID. Session.use_trans_sid should be set to 0 to prevent session IDs from persisting, and as a final measure you should modify the name of the session parameter - session.name - away from the default "PHPSESSID" to something random.
These tips won't guarantee the perfect security of your code, but they can go a long way towards preventing the casually snooping hacker from easily breaking into your application and causing untold damages. Take the time to write technically exacting code, and you'll be rewarded by an app that flows smoothly and robustly!
Saturday 19th October 2013 PHP Productivity Tools
When it comes to working on large PHP projects, it's easy to suddenly find yourself bogged down by a few tasks that seem to appear repeatedly no matter how well-crafted your code is, namely testing, debugging, and deployment. Fortunately, there are many tools and utilities that have been released to help PHP developers overcome these frustrations and make the coding process as efficient as possible from start to finish. Here are a few of our favourites!
Test and Debug
No matter how well your code is written, it needs to be tested properly and thoroughly before it can be deployed safely. One of the best testing frameworks is PHPUnit
, an extension of xUnit that lets you write testing code in PHP syntax and then automate the entire process. If command-line isn't really your style or you're looking for a front-end problem, we have also had great luck with an updated version of Firebug called FirePHP
, a Firefox extension that allows developers to sort through PHP errors in the browser. If you need something even more robust, consider XDebug, which is an open-source tool that lets you dig deep into your PHP code and optimise.
Build and Deploy
If you're working on a small project, it can be easy to manage the various code iterations and keep them all straight yourself. But for a larger PHP project that has multiple developers, it can become a necessity to implement some kind of version control software to help sort through the chaos and make sure everything plays nice. Git is easily the most popular version control solution, thanks in large part to the popular third-party website Github
, that offers hosting for various code repositories and helps track code branchings, team member contributions, and lets you roll back unwanted forkings.
For both large and small projects, there are a couple of hassles that never go away: formatting and documentation. The bane of all developers working in the zone, documentation is left out all too frequently, giving other devs (or your future self) some serious frustrations. Fortunately a simple tool called phpDocumentor
can use simple syntax to generate your user-friendly documentation for you! When you combine this with another handy tool called PHP_Beautifier
which neatly indents and formats your code, you can whip even the largest projects into visual shape with ease.
Thursday 17th October 2013 5 Great PHP Tutorials
When you're working on a new project, sometimes it can be frustrating to spend hours working on something, only to find out the next day that someone else has already completed very similar work and made the source code available. Nobody likes wasting time re-inventing the wheel, as anyone who's ever taken advantage of a PHP framework can tell you. With that spirit in mind, here are 5 great PHP tutorials from around the web that you can incorporate into your next project to make it as robust and efficient as possible.
1. In the past, we discussed using PHP caching to decrease the load times of your site, but only briefly touched on how to actually go about it. This tutorial gives a simple example, but those of you with some inspiration will be able to expand it to do whatever you want. http://papermashup.com/caching-dynamic-php-pages-easily/
2. If you're really hoping to optimise your site's load time, then you'll want to make sure that your files are as small as possible. The best method to do so is by compressing your CSS and JS files with Gzip, which can be done easily in PHP using this simple tutorial. http://papermashup.com/use-php-to-gzip-css-files/
5. Finally, to prevent the worst from happening in a SQL database crash which could cost you all your hard-won data, use this simple tutorial to create a PHP script to output your database to an XML file which can be reparsed to restore your database. http://davidwalsh.name/backup-database-xml-php
There you have it! These simple PHP tutorials can make a huge difference in the way your project development works, ensuring that your project be more secure and more efficient - and save you from spending time developing processes that others have already perfected.