Friday 22nd November 2013 Great Sites for Learning PHP
Learning a new programming language can be tough - especially when you're trying to learn it in the abstract. Once you've got the essentials down, the best way to keep learning - and to keep the learning interesting - is by getting your hands dirty with some simple projects. As your projects grow more and more complex, sometimes you'll find yourself grasping at straws while trying to figure out a portion of your project. Enter the great tutorial website, always ready to help you out with some of the trickier aspects of project development. With that in mind, we've put together a list of great sites that offer some of the best tutorials online. It's by no means an exhaustive list, but they're all great starting places.
The grandfather of them all is the venerable W3Schools
site. You may remember it from the hazy bygone days of learning HTML and CSS, but it's got great resources for many languages, and PHP is right up there with the rest of them. While its tutorials aren't as indepth as most of the other sites we'll look at, it has some great tutorials and sandboxes for experimenting with different PHP functions, which makes it great for beginners.
One of the newer - and better designed - sites for learning PHP can be found at the Code Academy
. It offers a set of 11 unique courses to take you from the very beginnings of PHP with a very hands-on approach, similar to the sandboxes offered by W3Schools but far more advanced. They don't delve as deeply as some of the other sites, but they're great for the basics.
Once you've shaken off the fear of unfamiliar new code and you're ready for something more advanced and intriguing, swing by PHPAcademy. Their tutorial collection is comprised entirely of free videos which are nicely put together. The only downside is that they're relatively new, and are still building up a large repository of content. Regardless, they're definitely worth visiting to start getting your feet wet with some more interesting PHP projects.
Finally, if you've got a bit of money to throw at the learning process, it's worth checking out the resources offered by the ubiquitous
. They've got literally thousands of tutorials under their belts, and while they only offer a few for PHP, they cover all the major aspects of what you need to know to get comfortable with PHP, from working with MySQL to building basic Facebook applications. Their experience with teaching is obvious in every tutorial they host, and once you get hooked you'll want to start learning even more!
Posted on November 22nd 2013 at 11:05pm
Wednesday 20th November 2013 Top Tips for PHP Beginners
Learning a new programming language can be a huge undertaking, and learning PHP is no exception. Not only do you have to learn the actual syntax and structure, but there are a number of different subtleties unique to any language, and PHP has its fair share. There are some best practices that you should get in the habit of applying to your work, so you don't have to come back later and break yourself of any bad habits. This is by no means a complete list, but it's a good starting point for PHP beginners.
First and foremost, use the latest version of PHP. This might seem like a no-brainer to everyone, but it's surprising how many people are still using outdated versions of PHP. Just make sure that you check with your hosting provider that they're willing to support the version you use. While all hosts should be supporting PHP 5 by now, they may not be supporting the latest subversion (5.5 at the time of writing)
Next, familiarise yourself with the PHP manual. Another one that might seem like a no-brainer, but most programmers learn from a 'Teach Yourself' guide or similar online tutorial system, and some have never touched the PHP manual in their lives. Give it a shot, and you're almost guaranteed to learn something that was left out of your quick-start guide.
If you haven't already switched to one, try out an integrated development environment, or IDE for short. We recently posted about some of the most popular IDEs, but it's important to find one that feels comfortable to you, so test out some of the available options to find your personal favourite. The simplest improvements over a basic text editor can make you wonder how you ever coded without an IDE.
To save yourself a bunch of headaches while you're learning (and after), make sure you have enabled error reporting. It will save you a huge amount of time trying to sort through code that you're not really familiar with, and you'll be instantly thankful for it. Just make sure that you remember to turn it off before you launch, or your benign users will be confused and any malicious users may have a route into your system.
Finally, make sure you get into the habit of writing your PHP code as cleanly as possible from the beginning. Use naming conventions for your variables that actually mean something, because by the time you're finished your project you'll have lost track of the obscure names you gave to your incremental loops. Indent your code and use plenty of whitespace, which will make sorting through things infinitely simpler and faster, and will make it easier for other programmers to help you out if it turns out you need it.
Posted on November 20th 2013 at 07:53pm
Tuesday 12th November 2013 How to Write Clean PHP Code
Anyone who's ever worked on an ad-hoc development team will tell you how frustrating it can be to have to deal with team members who write messy code. Even if you're working alone, there are huge advantages to taking just a little bit of extra time to keep your code clean and easily readable. You may be thinking to yourself, 'Sure, but I know my own code, what's the point?' The point is that while you're going to be able to revisit the code you wrote yesterday and understand it perfectly even if it's gibberish, how about code you wrote last year? Last month? After a marathon coding session, code you wrote last week might even have slipped your mind. If you ever plan on reusing anything you write, which is an excellent idea, taking the time to follow these tips will make it infinitely easier to do so.
The most important thing to do to help your future-self understand your code is to include quick comments at the beginning of each section. For more involved projects, take the time to make some notes about functions and classes - especially useful for later reuse.
Following the same principle of documentation, when you're debugging your code, don't delete sections of it that have problems, simply comment them out completely. This allows you to quickly test various iterations of your code snippets without having to re-do the same work over and over again, and lets you quickly revert to a previous version. Once you move into production, you can obviously remove the sections that have been commented out, but make sure you keep them around in your latest pre-build version.
Clean is simple and informative. To stay informative, don't give your variables and functions bizarrely esoteric names. Even you will have a hard time keeping track of variables with ridiculous names - now was that variable you wanted to pass GERSFD, GARFVD or ARGFD? Use logical, descriptive names to keep things simple and easily understood for later.
Whitespace, whitespace, whitespace. Sorting through tens of thousands of lines of code is difficult enough without having to take the time to figure out where functions start and end. Your compiler will strip the whitespace during build anyways, so use it as a visual tool and make your own life easier. If you find yourself looking back over your own code or someone elses and getting frustrated trying to make heads or tails of it, you might want to consider using a PHP formatting tool just as PHP Formatter (http://beta.phpformatter.com/
) or something similar.
Posted on November 12th 2013 at 05:29pm
Thursday 07th November 2013 Do You Really Need a PHP Framework?
We've discussed various PHP frameworks in the past here, as they can be incredibly useful tools for developers. Instead of recreating entire libraries of code that already exist, making use of a framework can save you days or even weeks of coding - and if you choose the right one, they offer an incredible amount of stability and security. Numerous popular frameworks have huge communities behind them, constantly monitoring the code base, updating it regularly, and plugging security holes and other issues that would quickly become overwhelming for a single person.
However, because of their very nature, there are also some serious downsides to using a PHP framework. Due to their size and scope, they boast a huge learning curve, and the more complex the framework, the harder it is to get up to speed - it's almost like having to learn a new programming language within PHP. Once you've invested that much time into learning a framework, it can become very difficult to switch to an alternative framework if it turns out that another would be better suited to your next project.
While there is often added stability and security gained by using frameworks, the fact that they are almost ubiquitous means that the frameworks themselves are also a much more appealing target for hackers and other malicious users. If a vulnerability is found in a framework, it means that all sites and applications that use that framework are likely to share the vulnerability.
In order to stay on top of this danger, communities are constantly updating frameworks with new code and patching vulnerabilities, which sounds like an excellent way to handle the problem. However, frameworks inherently work the way other libraries do, which means that they have to be embedded directly into your build or code repository. So while they are being updated to ensure security, you then must turn around and update your own implementation of the framework to ensure it's using the latest version.
The value you'll derive from a framework really depends on how you code and the types of projects you work on. If you're working on smaller scale projects, you will probably end up with your own segments of code that can be recycled for various future projects, much in the same way as a framework operates, but without all the tedious issues and unnecessary features that can make working with a framework a hassle. However, if you're regularly working on large scale projects that require the pinnacle of stability and security, a well-chosen PHP framework can be your new best friend.
Posted on November 07th 2013 at 03:08pm
Tuesday 05th November 2013 Easily Reuse Your Own PHP Code Snippets
At this point in your PHP coding careers, you've probably all heard about the value of a framework - how popular they are, how robust they are, and how they can save you hours of time and effort. Of course, they can also add some hours of time and effort at the beginning, as you have their often steep learning curves to adjust to. But most of you likely started coding before you began to use frameworks, as they're generally better suited to large projects, and most devs don't start with large projects. Along the way, you probably found yourself coding similar functions and classes enough times that it finally clicked - you should be re-using bits of your old code! But that can be a huge pain, sorting through old files in an effort to lift out the useful bits, so we've put together a quick list of some useful tools that are designed to help you save and tag your code snippets to start building up a personal framework.
Most of the currently popular snippet storage tools are all web-based, meaning you can access them anywhere. The intended goal is to share them with the PHP developer community, but naturally you don't have to share if you don't want to.
Probably the most feature-packed is Gist, the snippet saver offered by the ever-popular Github. All the snippets posted are automatically treated as repositories, meaning they offer all the same benefits as a full Git codebase. They can easily be saved as private or public, although if you create too many it may become difficult to sort through them all.
Finally, for a slightly more well-designed version of Snipplr, you can try Snipt, which lets you go from reading this sending to storing your snippets in about 3 seconds. Tagging, descriptions, and private entries available, and if you get mad at the ads, you can opt to go for a Pro account to save your eyes the hassle.
One last entry that deserves a special mention is FastFox, which you can think of as a time-saver for inserting regularly used expressions. It lets you define text-based shortcuts which are automatically converted into larger pieces of text. If you find yourself using a piece of code repeatedly, you can quickly set up a shortcut for it and save yourself a huge amount of time. While it's available for PC and Mac, it's unfortunately not open source, so you'll be shelling out $20 for it - but a free trial is available from their website to help you make up your mind.
Posted on November 05th 2013 at 07:46pm
Thursday 24th October 2013 Securing Your PHP Application with a Custom Configuration File
When it comes to securing your PHP application against hackers and other types of malicious use, there are a number of different things to consider. We touched on a few of them previously, including what's probably the most important one: filtering all user input. We can't stress enough the importance of correctly validating all user input, including any input that comes in the form of file uploads. However, one of the most useful tools to secure your PHP code against malicious users is built right into the way PHP operates: the php.ini file.
The php.ini file is a customisable configuration file that is called when PHP loads which specifies a number of key settings for how PHP operates and executes your code. Because of this, it's also a great place to handle a couple of security vulnerabilities that are almost as crucial as controlling user input.
The first of these is the issue of error reporting. Obviously, when you're working in a test development environment, it's incredibly valuable to have your error reporting visible to help you quickly source any bugs in your code - but once you move out of the testing phase into a production environment, the data offered by error reporting can provide valuable clues to a hacker about potential vulnerabilities in your code. While you can try to ensure that doesn't happen by writing flawless code, there are a number of global parameters you can set in your php.ini file that will ensure your production code is safe from this issue. The first parameter, error_reporting, does exactly what it says on the tin, namely enabling error reporting at all, and should be set to E_ALL. The follow-up to this is the parameter display_errors, which should be 'off' once you move out of the testing phase. However, as you will probably want to ensure that any errors that do occur are logged, enable log_errors and specify the path using error_log. That's all there is to it!
The other important security vulnerability to prepare for is the type of attack known as session fixation. Essentially, this type of exploit tricks your code into accepting a session ID that has been faked by the malicious user. This can occur in a few different ways, but the methods for overcoming it can all sit in the php.ini file. A few different parameters are very useful: both session.use_cookies and session.use_only_cookies should be set to 1, which prevents GET parameters from setting your session ID. Session.use_trans_sid should be set to 0 to prevent session IDs from persisting, and as a final measure you should modify the name of the session parameter - session.name - away from the default "PHPSESSID" to something random.
These tips won't guarantee the perfect security of your code, but they can go a long way towards preventing the casually snooping hacker from easily breaking into your application and causing untold damages. Take the time to write technically exacting code, and you'll be rewarded by an app that flows smoothly and robustly!
Saturday 19th October 2013 PHP Productivity Tools
When it comes to working on large PHP projects, it's easy to suddenly find yourself bogged down by a few tasks that seem to appear repeatedly no matter how well-crafted your code is, namely testing, debugging, and deployment. Fortunately, there are many tools and utilities that have been released to help PHP developers overcome these frustrations and make the coding process as efficient as possible from start to finish. Here are a few of our favourites!
Test and Debug
No matter how well your code is written, it needs to be tested properly and thoroughly before it can be deployed safely. One of the best testing frameworks is PHPUnit
, an extension of xUnit that lets you write testing code in PHP syntax and then automate the entire process. If command-line isn't really your style or you're looking for a front-end problem, we have also had great luck with an updated version of Firebug called FirePHP
, a Firefox extension that allows developers to sort through PHP errors in the browser. If you need something even more robust, consider XDebug, which is an open-source tool that lets you dig deep into your PHP code and optimise.
Build and Deploy
If you're working on a small project, it can be easy to manage the various code iterations and keep them all straight yourself. But for a larger PHP project that has multiple developers, it can become a necessity to implement some kind of version control software to help sort through the chaos and make sure everything plays nice. Git is easily the most popular version control solution, thanks in large part to the popular third-party website Github
, that offers hosting for various code repositories and helps track code branchings, team member contributions, and lets you roll back unwanted forkings.
For both large and small projects, there are a couple of hassles that never go away: formatting and documentation. The bane of all developers working in the zone, documentation is left out all too frequently, giving other devs (or your future self) some serious frustrations. Fortunately a simple tool called phpDocumentor
can use simple syntax to generate your user-friendly documentation for you! When you combine this with another handy tool called PHP_Beautifier
which neatly indents and formats your code, you can whip even the largest projects into visual shape with ease.
Thursday 17th October 2013 5 Great PHP Tutorials
When you're working on a new project, sometimes it can be frustrating to spend hours working on something, only to find out the next day that someone else has already completed very similar work and made the source code available. Nobody likes wasting time re-inventing the wheel, as anyone who's ever taken advantage of a PHP framework can tell you. With that spirit in mind, here are 5 great PHP tutorials from around the web that you can incorporate into your next project to make it as robust and efficient as possible.
1. In the past, we discussed using PHP caching to decrease the load times of your site, but only briefly touched on how to actually go about it. This tutorial gives a simple example, but those of you with some inspiration will be able to expand it to do whatever you want. http://papermashup.com/caching-dynamic-php-pages-easily/
2. If you're really hoping to optimise your site's load time, then you'll want to make sure that your files are as small as possible. The best method to do so is by compressing your CSS and JS files with Gzip, which can be done easily in PHP using this simple tutorial. http://papermashup.com/use-php-to-gzip-css-files/
5. Finally, to prevent the worst from happening in a SQL database crash which could cost you all your hard-won data, use this simple tutorial to create a PHP script to output your database to an XML file which can be reparsed to restore your database. http://davidwalsh.name/backup-database-xml-php
There you have it! These simple PHP tutorials can make a huge difference in the way your project development works, ensuring that your project be more secure and more efficient - and save you from spending time developing processes that others have already perfected.
Saturday 12th October 2013 Speed Up Your Site With Effective PHP Use
Even in the older days of the web, application developers could not afford to be ignorant of SEO practices - but in today's world, it's a vital skillset for maintaining relevancy. One of the most neglected aspects of SEO is page load time, and the way your PHP code is written can make a huge difference in the speed your users (and the Google search spiders) experience. Obviously, one of the most effective things to do is ensure you use a high-quality hosting provider, but this isn't always an option. Fortunately a couple of simple tips and tricks in PHP can make a huge difference in load times, so lets take a quick look at the most popular methods.
One of the most useful things you can do, especially when you're writing extensive code segments, is to employ a simple PHP caching system. This is especially helpful when there isn't a heavy amount of reparsing required for each user navigation step, as it lets you skip the reparsing step. If, for example, the user is navigating through a large number of database entries, simply dump the output from your first parse into an html file, and display that to the user when they revisit the same page in the same session. This can dramatically reduce the load on your server from numerous database queries, and can make a huge difference in your user experience.
Next, take a good long look at the external requests your site is making. A growing trend among websites is to pull lots of data from different sources - Twitter feeds, news stories, popular blog comments, etc - but it's important to not let this tendency get ahead of us. This is especially true when you're working on code for a Wordpress or similar-style blog, as the ease of incorporating PHP widgets can make some developers cram far too many requests onto a single page, dramatically increasing load time.
If you're feeling adventurous, it's possible to use PHP to compress your CSS and other files, but we'll save that for another post - you should be able to see a large difference in your load times just from these simple tips.
Tuesday 08th October 2013 Important Practices for Securing Your PHP Apps
For high-profile, mission-critical PHP applications, security is a paramount concern. Bad security solutions can compromise important servers and lead to the kind of privacy breaches that make news headlines. But for those of us writing more every-day PHP apps, security is still an important concern - especially for anyone who's new to the language. We'll take you through some basic considerations for securing your PHP applications, letting you rest a little bit easier once you finally put your app out into the wild.
Everything, naturally, comes back to the user, but sometimes vulnerabilities can be unintentionally exposed by a user and shared with a malicious one - which makes proper error handling critical for the integrity of your security. Many developers hate dealing with this particular aspect of development when trying to get their code out the door in a hurry, but it's far better to invest the time now than to try explaining why you cut corners.
Finally, another important concern is the way your include files are handled. PHP code routinely references other PHP files, often for database access or regularly repeated code segments, which can be inadvertently displayed to the user as plaintext if not properly named. Any extension other than .php may not be parsed properly by a browser, leaving your code vulnerable, so always use the correct extension. To be doubly-safe, store your includes in a folder that doesn't have user access permissions.
This is only the tip of the iceberg when it comes to PHP security, but you can save yourself from a good many problems by following these simple practices.