Tuesday 29th October 2013 Google App Engine Now Supports PHP
For developers who are frustrated by the idea of having to maintain their own complete server setup just to test and deploy their PHP applications, the rise of cloud-based hosting services was a dream come true. Gone were the days of expensive hosting setups that didn't match needs, and along came pay-as-you-go pricing and usage models. While the venerable Amazon Web Services cloud offers a decent set of solutions, some developers were hoping for others, and along came the Google App Engine.
However since its original launch, Google App Engine has been limited in the languages it supports. Java and Python were supported from the beginning, but at long last Google has unveiled support for the PHP and Go development languages. PHP has finally moved into what Google terms the 'preview' phase of development, a sort of specialised beta release. In the past, developers had to jump through extra hoops to use the App Engine with PHP, placing their applications on a Google-approved whitelist before they could be fully deployed. With this latest status change, PHP hosting is now available to the general public without any additional headaches.
Though it sometimes has a history of recalling product launches that don't end up working, Google seems to be fully committed to supporting PHP, developing a comprehensive integration plugin for hosting Wordpress sites (which, of course, are entirely PHP-based) among other goodies. For those who want to develop online, the App Engine offers an editing interface similar to the Google Apps office-style suite, but it also allows developers who prefer to work offline to update code using JetBrain's PHPStorm IDE thanks to a simple plugin (grab it here
The best part of all? If you're not looking to launch enterprise-level development applications, you can use Google App Engine to host your PHP app completely free of charge. Simply by signing up, developers are entitled to 1 GB of storage, and are allotted enough CPU time and bandwidth to support an application that receives almost 5 million page views every month - yes, you read that right. If you suddenly decide you need more space for your app/site/whatever, additional space can be purchased at a ridiculously cheap $0.13/USD per gigabyte per month. That puts it well ahead of the Amazon Web Services offering, which requires an investment - and you can be sure that the Google App Engine will run your PHP code just as flawlessly as all their other services. Visit the site here, and login with your existing Google account: http://developers.google.com/appengine/
Thursday 24th October 2013 Securing Your PHP Application with a Custom Configuration File
When it comes to securing your PHP application against hackers and other types of malicious use, there are a number of different things to consider. We touched on a few of them previously, including what's probably the most important one: filtering all user input. We can't stress enough the importance of correctly validating all user input, including any input that comes in the form of file uploads. However, one of the most useful tools to secure your PHP code against malicious users is built right into the way PHP operates: the php.ini file.
The php.ini file is a customisable configuration file that is called when PHP loads which specifies a number of key settings for how PHP operates and executes your code. Because of this, it's also a great place to handle a couple of security vulnerabilities that are almost as crucial as controlling user input.
The first of these is the issue of error reporting. Obviously, when you're working in a test development environment, it's incredibly valuable to have your error reporting visible to help you quickly source any bugs in your code - but once you move out of the testing phase into a production environment, the data offered by error reporting can provide valuable clues to a hacker about potential vulnerabilities in your code. While you can try to ensure that doesn't happen by writing flawless code, there are a number of global parameters you can set in your php.ini file that will ensure your production code is safe from this issue. The first parameter, error_reporting, does exactly what it says on the tin, namely enabling error reporting at all, and should be set to E_ALL. The follow-up to this is the parameter display_errors, which should be 'off' once you move out of the testing phase. However, as you will probably want to ensure that any errors that do occur are logged, enable log_errors and specify the path using error_log. That's all there is to it!
The other important security vulnerability to prepare for is the type of attack known as session fixation. Essentially, this type of exploit tricks your code into accepting a session ID that has been faked by the malicious user. This can occur in a few different ways, but the methods for overcoming it can all sit in the php.ini file. A few different parameters are very useful: both session.use_cookies and session.use_only_cookies should be set to 1, which prevents GET parameters from setting your session ID. Session.use_trans_sid should be set to 0 to prevent session IDs from persisting, and as a final measure you should modify the name of the session parameter - session.name - away from the default "PHPSESSID" to something random.
These tips won't guarantee the perfect security of your code, but they can go a long way towards preventing the casually snooping hacker from easily breaking into your application and causing untold damages. Take the time to write technically exacting code, and you'll be rewarded by an app that flows smoothly and robustly!
Saturday 19th October 2013 PHP Productivity Tools
When it comes to working on large PHP projects, it's easy to suddenly find yourself bogged down by a few tasks that seem to appear repeatedly no matter how well-crafted your code is, namely testing, debugging, and deployment. Fortunately, there are many tools and utilities that have been released to help PHP developers overcome these frustrations and make the coding process as efficient as possible from start to finish. Here are a few of our favourites!
Test and Debug
No matter how well your code is written, it needs to be tested properly and thoroughly before it can be deployed safely. One of the best testing frameworks is PHPUnit
, an extension of xUnit that lets you write testing code in PHP syntax and then automate the entire process. If command-line isn't really your style or you're looking for a front-end problem, we have also had great luck with an updated version of Firebug called FirePHP
, a Firefox extension that allows developers to sort through PHP errors in the browser. If you need something even more robust, consider XDebug, which is an open-source tool that lets you dig deep into your PHP code and optimise.
Build and Deploy
If you're working on a small project, it can be easy to manage the various code iterations and keep them all straight yourself. But for a larger PHP project that has multiple developers, it can become a necessity to implement some kind of version control software to help sort through the chaos and make sure everything plays nice. Git is easily the most popular version control solution, thanks in large part to the popular third-party website Github
, that offers hosting for various code repositories and helps track code branchings, team member contributions, and lets you roll back unwanted forkings.
For both large and small projects, there are a couple of hassles that never go away: formatting and documentation. The bane of all developers working in the zone, documentation is left out all too frequently, giving other devs (or your future self) some serious frustrations. Fortunately a simple tool called phpDocumentor
can use simple syntax to generate your user-friendly documentation for you! When you combine this with another handy tool called PHP_Beautifier
which neatly indents and formats your code, you can whip even the largest projects into visual shape with ease.
Thursday 17th October 2013 5 Great PHP Tutorials
When you're working on a new project, sometimes it can be frustrating to spend hours working on something, only to find out the next day that someone else has already completed very similar work and made the source code available. Nobody likes wasting time re-inventing the wheel, as anyone who's ever taken advantage of a PHP framework can tell you. With that spirit in mind, here are 5 great PHP tutorials from around the web that you can incorporate into your next project to make it as robust and efficient as possible.
1. In the past, we discussed using PHP caching to decrease the load times of your site, but only briefly touched on how to actually go about it. This tutorial gives a simple example, but those of you with some inspiration will be able to expand it to do whatever you want. http://papermashup.com/caching-dynamic-php-pages-easily/
2. If you're really hoping to optimise your site's load time, then you'll want to make sure that your files are as small as possible. The best method to do so is by compressing your CSS and JS files with Gzip, which can be done easily in PHP using this simple tutorial. http://papermashup.com/use-php-to-gzip-css-files/
5. Finally, to prevent the worst from happening in a SQL database crash which could cost you all your hard-won data, use this simple tutorial to create a PHP script to output your database to an XML file which can be reparsed to restore your database. http://davidwalsh.name/backup-database-xml-php
There you have it! These simple PHP tutorials can make a huge difference in the way your project development works, ensuring that your project be more secure and more efficient - and save you from spending time developing processes that others have already perfected.
Saturday 12th October 2013 Speed Up Your Site With Effective PHP Use
Even in the older days of the web, application developers could not afford to be ignorant of SEO practices - but in today's world, it's a vital skillset for maintaining relevancy. One of the most neglected aspects of SEO is page load time, and the way your PHP code is written can make a huge difference in the speed your users (and the Google search spiders) experience. Obviously, one of the most effective things to do is ensure you use a high-quality hosting provider, but this isn't always an option. Fortunately a couple of simple tips and tricks in PHP can make a huge difference in load times, so lets take a quick look at the most popular methods.
One of the most useful things you can do, especially when you're writing extensive code segments, is to employ a simple PHP caching system. This is especially helpful when there isn't a heavy amount of reparsing required for each user navigation step, as it lets you skip the reparsing step. If, for example, the user is navigating through a large number of database entries, simply dump the output from your first parse into an html file, and display that to the user when they revisit the same page in the same session. This can dramatically reduce the load on your server from numerous database queries, and can make a huge difference in your user experience.
Next, take a good long look at the external requests your site is making. A growing trend among websites is to pull lots of data from different sources - Twitter feeds, news stories, popular blog comments, etc - but it's important to not let this tendency get ahead of us. This is especially true when you're working on code for a Wordpress or similar-style blog, as the ease of incorporating PHP widgets can make some developers cram far too many requests onto a single page, dramatically increasing load time.
If you're feeling adventurous, it's possible to use PHP to compress your CSS and other files, but we'll save that for another post - you should be able to see a large difference in your load times just from these simple tips.
Tuesday 08th October 2013 Important Practices for Securing Your PHP Apps
For high-profile, mission-critical PHP applications, security is a paramount concern. Bad security solutions can compromise important servers and lead to the kind of privacy breaches that make news headlines. But for those of us writing more every-day PHP apps, security is still an important concern - especially for anyone who's new to the language. We'll take you through some basic considerations for securing your PHP applications, letting you rest a little bit easier once you finally put your app out into the wild.
Everything, naturally, comes back to the user, but sometimes vulnerabilities can be unintentionally exposed by a user and shared with a malicious one - which makes proper error handling critical for the integrity of your security. Many developers hate dealing with this particular aspect of development when trying to get their code out the door in a hurry, but it's far better to invest the time now than to try explaining why you cut corners.
Finally, another important concern is the way your include files are handled. PHP code routinely references other PHP files, often for database access or regularly repeated code segments, which can be inadvertently displayed to the user as plaintext if not properly named. Any extension other than .php may not be parsed properly by a browser, leaving your code vulnerable, so always use the correct extension. To be doubly-safe, store your includes in a folder that doesn't have user access permissions.
This is only the tip of the iceberg when it comes to PHP security, but you can save yourself from a good many problems by following these simple practices.
Thursday 03rd October 2013 Exploring Continuous Deployment
Following up on our recent project management tips post, today we're going to explore what some have termed the developer's holy grail, known as continuous deployment, continuous delivery or continuous integration. As the widespread adoption of the Internet accelerated, the demand for shorter and shorter turnaround times between planned featuresets and new releases also increased dramatically, and PHP development was no exception. This is what first sparked the Agile development style as a solution, and has lead to a number of successors since then, eventually culminating in the currently popular system we know as continuous deployment.
Essential what CD/CI means is that new features are rapidly and automatically integrated into your main codebase at a much higher frequency than traditional development styles, sometimes even as frequently as multiple times per day. For a PHP-based application in a highly competitive field, the advantages of constantly being on the cutting edge are obvious, but there are some basic requirements and some potentially dangerous pitfalls to be considered before diving into a CD/CI strategy.
First of all, the main idea behind continuous deployment is speed - which essentially means the automation of as much as possible. Automation is crucial, because wasting 16 dev-hours to push out a day's worth of development is hardly continuous. Proper automation begins with implementing software to handle revision control and integration of new elements, the most popular of which currently is Git (which works perfectly with Github, of course). Testing of new features should be as automated as possible, while being completely thorough - without being sure that your new code is flawless, there's no point in releasing it into the wild, as you'll just be hurting your project. This is the step that causes many developers to throw up their hands in disgust, as it optimally relies on clean, focused and disciplined coding and extensively customised test scripts. Last but not least, the final build process should be automated, allowing you to push new versions out the door with an absolute minimum of fuss. Cruise Control and Buildbot are two of the more popular examples of build software, but there are a large selection available.
While that may seem simple on screen, the successful implementation of these strategies can take months to accomplish - but if done correctly, the benefits are incredible. Your PHP application won't be ON the cutting edge, it will BE the cutting edge.
Tuesday 01st October 2013 Project Management Tips for the PHP Developer
Let's face it: in most development environments outside of the traditional corporate hierarchy, the PHP developer handling the highest-level aspects of development is essentially operating as a project manager, even when still doing actual PHP coding themselves. Occasionally even in a corporate situation, developers can suddenly find themselves thrust into a management role. In order to avoid having to bear the brunt of a failed project, there are few important things to consider that can put you ahead of the project management game.
One of the most important things to do as a project manager is to manage the expectations of both the client and your team members. Oftentimes, frustratingly, a development project can succeed in its design specifications but still be perceived as a failure by the client simply because there were unrealistic expectations about how the features in the final product would operate. With that in mind, there are a number of things to outline at the beginning of any project: what resources will be required both during development and deployment, what the users actually require, and the full featureset that the client hopes to include. This especially applies if there are management levels above you who don't ever work as developers on the project, as they can easily lose sight of the original design specs - especially over the course of a long-term project. Take the time to be actively aware of how stakeholders feel about the project throughout each development phase, and you'll likely be able to head off most major problems before they get unmanageable.
One of the other incredibly useful decisions you can make is to choose to operate in an agile development framework. Traditionally-structured projects, termed 'waterfall' projects, have a clearly-defined development phase that only outputs a testable product near the end of the project development cycle, and this can seriously delay the detection of many problems that would have been easily corrected earlier on. The 'agile' development structure, however, presents a testable product every two weeks (or any other regular interval). This heads off questions of progress, as each new featureset is testable as it is developed, allowing for the identification of potential problems or misunderstandings much earlier in the development process, when they can be corrected or improved upon with relative ease.
The final consideration for the PHP-developer-turned-project-manager is the insidious problem of 'scope creep'. Scope creep is more or less what it says - the gradual addition of features until the original structure of the project has been lost, and you suddenly find yourself 6 weeks late and well over budget. It can come from a number of different vectors, but is often the result of a combination of agile development and upper management/client testing. It highlights the necessity of having the entirety of the featureset spelled out well in advance of the commencement of work, in the clearest possible terms.
Clients who like to operate in a 'hands-on' style often generate the most scope creep, but careful diplomacy can stop the situation in its tracks. While a certain amount of scope creep tends to be inevitable, and can actually be very beneficial to the client relationship, it's important to ensure that it doesn't get out of hand. With the careful application of these tips, you can prevent yourself from a managerial disaster, and focus on creating great PHP applications.
Friday 27th September 2013 The Importance of Protecting Your Code
Intellectual property theft is one of the largest dangers faced by digital professionals today, and programmers are no exception. Nobody wants to spend days, weeks or even months on a project only to have a competitor come along and steal their entire codebase as soon as it goes live.
One of the most popular examples of this crime in the modern era is the drama surrounding the rise of Facebook. The prototype social networking site now known as ConnectU alleged that Mark Zuckerberg, Facebook's founder and CEO, stole their entire codebase while working for them in the early 2000's. In a trial that lasted for years, ConnectU fought tooth and nail to try to get control of Facebook - and it's billion dollar assets - turned over to them. Eventually after an extensive legal battle, ConnectU and Facebook settled out-of-court for an undisclosed sum, rumoured to be somewhere in the neighbourhood of $65 million. While to most of us, a $65 million dollar payout would be cause to retire to a tropical island, imagine the billions of dollars they would have stood to make if their suit had been successful - or if their site had been the one to become the top social networking site in the world. As Facebook is written in PHP it is a fair assumption that ConnectU was also and protecting the code would have been easy with SourceGuardian!
Even if you're not working on the next Facebook, it is crucial to take the steps necessary to protect your code from unauthorised redistribution and reverse engineering. Aside from ensuring that your entire programming team is legally bound with an ironclad non-disclosure agreement, there are several other steps you can take to protect your code. One of the simplest and most effective methods is to run your code through an encrypter, also known as a code obfuscator. These programs take your normally written code, parse it, and convert it into a format that is easily machine-readable but completely incomprehensible to even the best human programmers. This ensures that nobody will be able to reverse engineer your masterpiece, no matter whether it's the next Facebook or just a small pet project you've been working on. Additionally, the better protection schemes will allow you to lock your code to only work from predetermined computers, preventing a situation such as the one between ConnectU and Facebook.
Don't take any chances when it comes to your valuable intellectual property. Take the time to protect your code, and you can be sure that you'll get everything you deserve from your hard work.
Posted on September 27th 2013 at 02:50pm
Monday 23rd September 2013 Benchmarking Your PHP Code Performance
When it comes to getting the most out of your PHP application, there's only so far that raw talent can take you. Most developers can benefit from a little external help when it comes to code optimisation, and even the best of the best can use a bit of help from time to time. The best way to ensure your code is executing as efficiently as possible in terms of resource usage is, naturally, by measuring the efficacy of each individual element and determining where any bottlenecks may exist.
The benchmarking of individual elements is also known as profiling, and there are number of tools around that can help you with the process, but today we're going to look at one of the most popular tools, called XHGui. XHGui is a fork of the XHProf tool that was originally created by Facebook, but it comes along with a much-improved GUI (as the name would suggest) as well as a number of other improvements. One of the most important improvements on XHProf are the changes in the way the final output is presented, making it handy for creating pretty deliverables for managers who are not - and have never been - developers.
Since you're doubtless comfortable working with Apache, we'll skip the details of how to install XHGui and focus on what it can do for you once you've got it up and running. Once you've populated it with some data (try comparing heavy site loads with more typical usage patterns), you'll see the breakdown of data for each request: the URL, timestamp, 'wall time' which represents the user's wait time, CPU time used, total memory used, and peak memory usage. You can then drill down even deeper into each request, which gives you more data than you are likely to ever need about each step in your program.
To start your benchmarking, put your application through its paces: run each of the functions you've coded, including all error trapping. Once you've built your initial dataset, you can begin to analyse the problem areas and begin to consider optimisation strategies. Often, the culprits behind slow execution times will be elements of the PHP framework you've chosen to develop in, but any particularly extreme offenders can often be replaced by custom code that does the specific job more effectively - this is just one of the inevitable trade-offs that come with developing using frameworks, and each will have their own specific quirks that need to be considered and corrected for.
If nothing immediately stands out as being the main bottleneck, look for related code elements that interact to create slowdowns and consider recoding them as a more cohesive unit. You can also reconsider any elements that may be better off handled asynchronously, or even reconsider their inclusion at all if they're non-essential. Ultimately, however, the main consideration has to be a balance between user experience, functionality, and execution time, and XHGui is your best friend when it comes to determining how to align that balance.
Posted on September 23rd 2013 at 05:24pm