Tuesday 26th November 2013 Great PHP Books Every Developer Should Own
Becoming a developer is a never-ending process. No matter how long you work at it, there are always things to learn, always new iterations of PHP to keep up on, and always a more elegant solution to a particular problem. One of the best ways to hone your skills, of course, is to get your fingers dirty doing actual coding in the trenches, but it's not the only way to expand your capabilities. Sometimes the only way to move forwards is by picking up some new knowledge from a new source, so we've put together a list of books that every PHP developer should own.
First on the list is from the venerable and respected O'Reilly series. Unimaginatively titled 'PHP Cookbook: Solutions and Examples for PHP Programmers', the content itself is nevertheless extremely elegant and well-put together. Aimed at both novice developers and more advanced pros, there's something for everyone here. Organized from the perspective of problem solving instead of a more traditionally structured approach, even advanced developers may find more elegant solutions to common programming problems. Make sure you grab the edition that's been updated for PHP5!
Next on the list is the also unimaginatively titled (noticing a trend here yet?) 'PHP and MySQL Web Development (4th Ed.) by Luke Welling and Laura Thomson. This book offers a more traditionally structured approach, covering everything from the basics of how PHP and MySQL interact conceptually to more concrete examples on how to deal with session management, email, and even PDFs and images. Famed for its clarity of writing and down-to-earth style, the 5th edition is slated for release in Spring of 2014 complete with updates for PHP 5.5.
Finally, for those of you who are already quite familiar with PHP, we reach 'PHP Objects, Patterns and Practice' by Matt Zandstra. It covers some of the additions from PHP 5.3, but doesn't seem to have an updated version. Regardless, it teaches best PHP practices from project design to build and implementation solutions, making it far more useful for the large-scale enterprise developer.
The trend in unimaginative names probably stems from the logical nature of the typical programming mind, but there is a certain charm in something that 'does what it says on the tin', as the saying goes. If these books still seem to daunting to you, you can test the PHP programming waters with some of the online tutorials we mentioned in our previous post. Enjoy!
Posted on November 26th 2013 at 07:25am
Saturday 23rd November 2013 Great Sites for Learning PHP
Learning a new programming language can be tough - especially when you're trying to learn it in the abstract. Once you've got the essentials down, the best way to keep learning - and to keep the learning interesting - is by getting your hands dirty with some simple projects. As your projects grow more and more complex, sometimes you'll find yourself grasping at straws while trying to figure out a portion of your project. Enter the great tutorial website, always ready to help you out with some of the trickier aspects of project development. With that in mind, we've put together a list of great sites that offer some of the best tutorials online. It's by no means an exhaustive list, but they're all great starting places.
The grandfather of them all is the venerable W3Schools
site. You may remember it from the hazy bygone days of learning HTML and CSS, but it's got great resources for many languages, and PHP is right up there with the rest of them. While its tutorials aren't as indepth as most of the other sites we'll look at, it has some great tutorials and sandboxes for experimenting with different PHP functions, which makes it great for beginners.
One of the newer - and better designed - sites for learning PHP can be found at the Code Academy
. It offers a set of 11 unique courses to take you from the very beginnings of PHP with a very hands-on approach, similar to the sandboxes offered by W3Schools but far more advanced. They don't delve as deeply as some of the other sites, but they're great for the basics.
Once you've shaken off the fear of unfamiliar new code and you're ready for something more advanced and intriguing, swing by PHPAcademy
. Their tutorial collection is comprised entirely of free videos which are nicely put together. The only downside is that they're relatively new, and are still building up a large repository of content. Regardless, they're definitely worth visiting to start getting your feet wet with some more interesting PHP projects.
Finally, if you've got a bit of money to throw at the learning process, it's worth checking out the resources offered by the ubiquitous
. They've got literally thousands of tutorials under their belts, and while they only offer a few for PHP, they cover all the major aspects of what you need to know to get comfortable with PHP, from working with MySQL to building basic Facebook applications. Their experience with teaching is obvious in every tutorial they host, and once you get hooked you'll want to start learning even more!
Posted on November 23rd 2013 at 12:05am
Wednesday 20th November 2013 Top Tips for PHP Beginners
Learning a new programming language can be a huge undertaking, and learning PHP is no exception. Not only do you have to learn the actual syntax and structure, but there are a number of different subtleties unique to any language, and PHP has its fair share. There are some best practices that you should get in the habit of applying to your work, so you don't have to come back later and break yourself of any bad habits. This is by no means a complete list, but it's a good starting point for PHP beginners.
First and foremost, use the latest version of PHP. This might seem like a no-brainer to everyone, but it's surprising how many people are still using outdated versions of PHP. Just make sure that you check with your hosting provider that they're willing to support the version you use. While all hosts should be supporting PHP 5 by now, they may not be supporting the latest subversion (5.5 at the time of writing)
Next, familiarise yourself with the PHP manual. Another one that might seem like a no-brainer, but most programmers learn from a 'Teach Yourself' guide or similar online tutorial system, and some have never touched the PHP manual in their lives. Give it a shot, and you're almost guaranteed to learn something that was left out of your quick-start guide.
If you haven't already switched to one, try out an integrated development environment, or IDE for short. We recently posted about some of the most popular IDEs, but it's important to find one that feels comfortable to you, so test out some of the available options to find your personal favourite. The simplest improvements over a basic text editor can make you wonder how you ever coded without an IDE.
To save yourself a bunch of headaches while you're learning (and after), make sure you have enabled error reporting. It will save you a huge amount of time trying to sort through code that you're not really familiar with, and you'll be instantly thankful for it. Just make sure that you remember to turn it off before you launch, or your benign users will be confused and any malicious users may have a route into your system.
Finally, make sure you get into the habit of writing your PHP code as cleanly as possible from the beginning. Use naming conventions for your variables that actually mean something, because by the time you're finished your project you'll have lost track of the obscure names you gave to your incremental loops. Indent your code and use plenty of whitespace, which will make sorting through things infinitely simpler and faster, and will make it easier for other programmers to help you out if it turns out you need it.
Posted on November 20th 2013 at 08:53pm
Friday 15th November 2013 The Best PHP Development Environments
If you're like us older folks, you might have gotten your very first taste of web programming in the glorious, barebones simplicity of Notepad. While that was fine for coding basic HTML when it first hit computers around the world, the Internet ecosystem has developed so rapidly and dramatically that anyone still using Notepad today is at a major disadvantage. Fortunately, as the number of languages - and their complexity - expanded, so did the number of programs designed for developers. Today we'll look at a few of the different integrated development environment (IDE) options available for PHP developers that will make you forget coding in Notepad was ever even possible.
Next, we come to UltraEdit. One of the most venerable text editors/IDEs in the world, it was originally developed back in 1994, and has been going strong ever since. It offers an impressive featureset packed into a layout that is as complex or as simple as you want it to be, and if you ever code outside of PHP, it's ready to handle almost any language you care to use. While it doesn't have an integrated debugger, it's nevertheless a choice for many top PHP developers. The only downside is that it's not free, although you can test it out for 30 days before deciding whether you want to spend $80 on it.
If the idea of paying for an IDE bothers you, open source comes to the rescue yet again with the ever-popular NetBeans IDE. Easily our favourite from this list, NetBeans is a robust, full-service answer to all the paid products out there, complete with code highlighting, code collapsing, and all the other bells and whistles you didn't even know you needed until you use them. It currently supports the Zend and Symfony 1 & 2 frameworks, and even supports continuous integration via Jenkins Jobs for PHP Projects. The only downside we see is that it has yet to update to include PHP 5.5 support, but that's not a dealbreaker and surely will be released soon!
Posted on November 15th 2013 at 08:37pm
Tuesday 12th November 2013 How to Write Clean PHP Code
Anyone who's ever worked on an ad-hoc development team will tell you how frustrating it can be to have to deal with team members who write messy code. Even if you're working alone, there are huge advantages to taking just a little bit of extra time to keep your code clean and easily readable. You may be thinking to yourself, 'Sure, but I know my own code, what's the point?' The point is that while you're going to be able to revisit the code you wrote yesterday and understand it perfectly even if it's gibberish, how about code you wrote last year? Last month? After a marathon coding session, code you wrote last week might even have slipped your mind. If you ever plan on reusing anything you write, which is an excellent idea, taking the time to follow these tips will make it infinitely easier to do so.
The most important thing to do to help your future-self understand your code is to include quick comments at the beginning of each section. For more involved projects, take the time to make some notes about functions and classes - especially useful for later reuse.
Following the same principle of documentation, when you're debugging your code, don't delete sections of it that have problems, simply comment them out completely. This allows you to quickly test various iterations of your code snippets without having to re-do the same work over and over again, and lets you quickly revert to a previous version. Once you move into production, you can obviously remove the sections that have been commented out, but make sure you keep them around in your latest pre-build version.
Clean is simple and informative. To stay informative, don't give your variables and functions bizarrely esoteric names. Even you will have a hard time keeping track of variables with ridiculous names - now was that variable you wanted to pass GERSFD, GARFVD or ARGFD? Use logical, descriptive names to keep things simple and easily understood for later.
Whitespace, whitespace, whitespace. Sorting through tens of thousands of lines of code is difficult enough without having to take the time to figure out where functions start and end. Your compiler will strip the whitespace during build anyways, so use it as a visual tool and make your own life easier. If you find yourself looking back over your own code or someone elses and getting frustrated trying to make heads or tails of it, you might want to consider using a PHP formatting tool just as PHP Formatter (http://beta.phpformatter.com/
) or something similar.
Posted on November 12th 2013 at 06:29pm
Thursday 07th November 2013 Do You Really Need a PHP Framework?
We've discussed various PHP frameworks in the past here, as they can be incredibly useful tools for developers. Instead of recreating entire libraries of code that already exist, making use of a framework can save you days or even weeks of coding - and if you choose the right one, they offer an incredible amount of stability and security. Numerous popular frameworks have huge communities behind them, constantly monitoring the code base, updating it regularly, and plugging security holes and other issues that would quickly become overwhelming for a single person.
However, because of their very nature, there are also some serious downsides to using a PHP framework. Due to their size and scope, they boast a huge learning curve, and the more complex the framework, the harder it is to get up to speed - it's almost like having to learn a new programming language within PHP. Once you've invested that much time into learning a framework, it can become very difficult to switch to an alternative framework if it turns out that another would be better suited to your next project.
While there is often added stability and security gained by using frameworks, the fact that they are almost ubiquitous means that the frameworks themselves are also a much more appealing target for hackers and other malicious users. If a vulnerability is found in a framework, it means that all sites and applications that use that framework are likely to share the vulnerability.
In order to stay on top of this danger, communities are constantly updating frameworks with new code and patching vulnerabilities, which sounds like an excellent way to handle the problem. However, frameworks inherently work the way other libraries do, which means that they have to be embedded directly into your build or code repository. So while they are being updated to ensure security, you then must turn around and update your own implementation of the framework to ensure it's using the latest version.
The value you'll derive from a framework really depends on how you code and the types of projects you work on. If you're working on smaller scale projects, you will probably end up with your own segments of code that can be recycled for various future projects, much in the same way as a framework operates, but without all the tedious issues and unnecessary features that can make working with a framework a hassle. However, if you're regularly working on large scale projects that require the pinnacle of stability and security, a well-chosen PHP framework can be your new best friend.
Posted on November 07th 2013 at 04:08pm
Tuesday 05th November 2013 Easily Reuse Your Own PHP Code Snippets
At this point in your PHP coding careers, you've probably all heard about the value of a framework - how popular they are, how robust they are, and how they can save you hours of time and effort. Of course, they can also add some hours of time and effort at the beginning, as you have their often steep learning curves to adjust to. But most of you likely started coding before you began to use frameworks, as they're generally better suited to large projects, and most devs don't start with large projects. Along the way, you probably found yourself coding similar functions and classes enough times that it finally clicked - you should be re-using bits of your old code! But that can be a huge pain, sorting through old files in an effort to lift out the useful bits, so we've put together a quick list of some useful tools that are designed to help you save and tag your code snippets to start building up a personal framework.
Most of the currently popular snippet storage tools are all web-based, meaning you can access them anywhere. The intended goal is to share them with the PHP developer community, but naturally you don't have to share if you don't want to.
Probably the most feature-packed is Gist, the snippet saver offered by the ever-popular Github. All the snippets posted are automatically treated as repositories, meaning they offer all the same benefits as a full Git codebase. They can easily be saved as private or public, although if you create too many it may become difficult to sort through them all.
Finally, for a slightly more well-designed version of Snipplr, you can try Snipt, which lets you go from reading this sending to storing your snippets in about 3 seconds. Tagging, descriptions, and private entries available, and if you get mad at the ads, you can opt to go for a Pro account to save your eyes the hassle.
One last entry that deserves a special mention is FastFox, which you can think of as a time-saver for inserting regularly used expressions. It lets you define text-based shortcuts which are automatically converted into larger pieces of text. If you find yourself using a piece of code repeatedly, you can quickly set up a shortcut for it and save yourself a huge amount of time. While it's available for PC and Mac, it's unfortunately not open source, so you'll be shelling out $20 for it - but a free trial is available from their website to help you make up your mind.
Posted on November 05th 2013 at 08:46pm
Friday 01st November 2013 Top PHP-based E-commerce Solutions
Every developer loves to be working on complex projects that tax their skillset, require in-depth thought and elegant solutions to difficult problems. Sadly, there aren't always enough of those to go around, and paying the bills can mean taking on some more mundane development projects. One good money-making option for PHP programmers involves the development of e-commerce sites. It's not exactly glamorous, but there are always going to be new businesses starting up that need websites and existing businesses hoping to upgrade to something newer or more effective, creating a never-ending stream of potential clients.
Even as you choose a PHP framework to avoid having to reinvent the wheel, there's no sense in trying to code a shopping cart from scratch when there are so many excellent PHP-based carts available for free. Let's take a look a few of the top contenders for the crown, and hopefully save you the hassle of having to create your own.
One of the most popular free shopping carts is from Magento, a company that is owned by eBay. While Magento offers pay-per-use versions of their software, the 'Magento Community Edition
' is a free cart that is completely open source. Running on any Linux/Windows/Unix-based Apache server with PHP 5.2.13 or newer, it has a great range of flexibility right 'out of the box'. This flexibility can be extended dramatically thanks to the robust and wide-ranging community that exists around it in the form of Magentoconnect, a marketplace for plugins and extensions. Some require purchase, but there are a number of free extensions available as well.
Another popular and completely open source solution comes in the form of osCommerce Online Merchant
. It is one of the oldest open source shopping cart solutions, having been around for over 12 years as of this writing. As a result, it's been through quite a number of iterations, and worked out all the kinks and security issues that sometimes plague newer pieces of software. It also features an add-on marketplace, except unlike Magento, all of its add-on features are completely free of charge. It also has more lenient server requirements, only requiring PHP 4 or newer (although 5 or newer is recommended).
Finally, we come to what is arguably the most complicated entrant, Zen Cart
. While free and open-source like the other two options, Zen Cart has a more complex learning curve. On the flip side, however, it also offers a huge range of features that are sometimes glossed over in others. It's geared more towards developers with a solid PHP grounding, while the first two options attempt to be more user-friendly for non-coders. Interestingly, they claim to user-friendly, but the general experience requires more than the casual knowledge they suggest. The rich native featureset is also expandable by a range of plugins, though not quite as extensive as the assortment offered by osCommerce or Magento.
Look at each of the three closely, and decide for yourself which works best with your particular style - one of them is sure to fit the bill - and no matter what, the price is right.
Posted on November 01st 2013 at 01:35pm
Tuesday 29th October 2013 Google App Engine Now Supports PHP
For developers who are frustrated by the idea of having to maintain their own complete server setup just to test and deploy their PHP applications, the rise of cloud-based hosting services was a dream come true. Gone were the days of expensive hosting setups that didn't match needs, and along came pay-as-you-go pricing and usage models. While the venerable Amazon Web Services cloud offers a decent set of solutions, some developers were hoping for others, and along came the Google App Engine.
However since its original launch, Google App Engine has been limited in the languages it supports. Java and Python were supported from the beginning, but at long last Google has unveiled support for the PHP and Go development languages. PHP has finally moved into what Google terms the 'preview' phase of development, a sort of specialised beta release. In the past, developers had to jump through extra hoops to use the App Engine with PHP, placing their applications on a Google-approved whitelist before they could be fully deployed. With this latest status change, PHP hosting is now available to the general public without any additional headaches.
Though it sometimes has a history of recalling product launches that don't end up working, Google seems to be fully committed to supporting PHP, developing a comprehensive integration plugin for hosting Wordpress sites (which, of course, are entirely PHP-based) among other goodies. For those who want to develop online, the App Engine offers an editing interface similar to the Google Apps office-style suite, but it also allows developers who prefer to work offline to update code using JetBrain's PHPStorm IDE thanks to a simple plugin (grab it here
The best part of all? If you're not looking to launch enterprise-level development applications, you can use Google App Engine to host your PHP app completely free of charge. Simply by signing up, developers are entitled to 1 GB of storage, and are allotted enough CPU time and bandwidth to support an application that receives almost 5 million page views every month - yes, you read that right. If you suddenly decide you need more space for your app/site/whatever, additional space can be purchased at a ridiculously cheap $0.13/USD per gigabyte per month. That puts it well ahead of the Amazon Web Services offering, which requires an investment - and you can be sure that the Google App Engine will run your PHP code just as flawlessly as all their other services. Visit the site here, and login with your existing Google account: http://developers.google.com/appengine/
Thursday 24th October 2013 Securing Your PHP Application with a Custom Configuration File
When it comes to securing your PHP application against hackers and other types of malicious use, there are a number of different things to consider. We touched on a few of them previously, including what's probably the most important one: filtering all user input. We can't stress enough the importance of correctly validating all user input, including any input that comes in the form of file uploads. However, one of the most useful tools to secure your PHP code against malicious users is built right into the way PHP operates: the php.ini file.
The php.ini file is a customisable configuration file that is called when PHP loads which specifies a number of key settings for how PHP operates and executes your code. Because of this, it's also a great place to handle a couple of security vulnerabilities that are almost as crucial as controlling user input.
The first of these is the issue of error reporting. Obviously, when you're working in a test development environment, it's incredibly valuable to have your error reporting visible to help you quickly source any bugs in your code - but once you move out of the testing phase into a production environment, the data offered by error reporting can provide valuable clues to a hacker about potential vulnerabilities in your code. While you can try to ensure that doesn't happen by writing flawless code, there are a number of global parameters you can set in your php.ini file that will ensure your production code is safe from this issue. The first parameter, error_reporting, does exactly what it says on the tin, namely enabling error reporting at all, and should be set to E_ALL. The follow-up to this is the parameter display_errors, which should be 'off' once you move out of the testing phase. However, as you will probably want to ensure that any errors that do occur are logged, enable log_errors and specify the path using error_log. That's all there is to it!
The other important security vulnerability to prepare for is the type of attack known as session fixation. Essentially, this type of exploit tricks your code into accepting a session ID that has been faked by the malicious user. This can occur in a few different ways, but the methods for overcoming it can all sit in the php.ini file. A few different parameters are very useful: both session.use_cookies and session.use_only_cookies should be set to 1, which prevents GET parameters from setting your session ID. Session.use_trans_sid should be set to 0 to prevent session IDs from persisting, and as a final measure you should modify the name of the session parameter - session.name - away from the default "PHPSESSID" to something random.
These tips won't guarantee the perfect security of your code, but they can go a long way towards preventing the casually snooping hacker from easily breaking into your application and causing untold damages. Take the time to write technically exacting code, and you'll be rewarded by an app that flows smoothly and robustly!