Planetaki Planet PHP

Site News: Blast from the Past - One Year Ago in PHP

2012-02-09T13:58:26Z

Here's what was popular in the PHP community one year ago today:

ical

2012-02-09T13:58:27Z

Package:

ical

Summary:

Create a calendar file of events in ICAL format

Groups:

PHP 5, Time and Date

Author:

Floyd Resler

Description:

This class can create a calendar file of events in ICAL format...

Read more at http://www.phpclasses.org/package/7337-PHP-Create-a-calendar-file-of-events-in-ICAL-format.html

Ibuildings techPortal: DPC Radio: Implementing OAuth

2012-02-08T21:39:06Z

On the Ibuildings techPortal today they've posted the latest in their DPC Radio series of podcasts as recorded at last year's Dutch PHP Conference. In this new episode they share Lorna Mitchell's talk "Implementing OAuth".

With Twitter moving its API to OAuth the idea of using tokens rather than passwords for authentication went mainstream. Many explanations of OAuth make it seem complicated whereas in reality the "OAuth Dance" is a series of simple steps executed in sequence. This talk covers consuming and providing OAuth services, includes implementation examples, and is recommended for all technical leads, architects, and integration specialists.

You can listen to this latest episode either via the in-page player or by downloading the mp3. You can follow along with the presentation in her slides.

Artur Ejsmont's Blog: A few words on bugs and software quality

2012-02-08T21:39:07Z

In this new post to his blog Artur Ejsmont shares some of his thoughts on bugs and how they can effect the quality of your software. He touches on topics like handling bug reports, how random code changes effect them and how effective a code review can be.

From time to time I see bugs in the code and I start thinking "really? is it possible that no one noticed that bug before? am i the first person to see this code?". I thought it might be worth writing a little post on what helps me to deal with bugs and software quality in general and what are the common pitfalls in developer's thought process. Although it is not a very extensive post i hope it may inspire some developers to try new approaches.

Other topics he offers for consideration involve the fact that bugs will never fix themselves (they might disappear in a refactor though), that the bug is almost never in the language/data source's code and how automated (unit) testing can help to find new bugs before they're released to the users.

Developer Drive: Building a PHP Ad Tracker: Data Object Design and Coding

2012-02-08T21:39:07Z

Continuing on from the first part of their tutorial series about creating a simple ad tracker for your web application, Developer Drive is back with part two, a more in-depth look at the actual object design and code.

In our last PHP Ad Tracker lesson, we constructed the database tables for our ad banner application. Now we are ready to construct the data object that will hold the variables and functions that will display, add, edit and delete the data in those tables.

They cover each of the variables they'll be using with a summary of what they're used for as well as the various functions to be defined and what they'll return. Following this, they get into the actual development - creating an "ads" class and defining the methods to get the current ad count, get the number of clients and pull the actual client/ad data.

Refulz.com: CakePHP evolves to 2.0

2012-02-08T21:39:07Z

On the Refulz.com blog there's a new post looking at some of the new features in CakePHP 2.0 including its use of lazy loading, the CakeEmail library and the new class loader.

With CakePHP 2.0, they have dropped support for PHP 4 and have refactored the library code to make it strictly complaint with PHP 5.2+. Modeled on Ruby on Rails (RoR), CakePHP is a tough competition to Zend framework, Symfony and CodeIgniter.

Besides the topics mentioned above, he also goes into the details of the new CakeRequest and CakeResponse models (to access information about teh current request/response). Summaries of all of the new functionality are provided along with some sample code where needed to illustrate.

Ed Finkler's Blog: The MicroPHP Follow-up FAQ

2012-02-08T21:39:07Z

Following up from his (now infamous) MicroPHP manifesto, Ed Finkler has this new post to his blog answering some of the common questions he's gotten about his beliefs.

My previous post, The MicroPHP Manifesto, resulted in much excitement. In between fits of rage and crying, I found some time to answer folks questions, and also discuss the topic on the /dev/hell podcast with my cohost Chris Hartjes. To summarize and address some of the common questions, I felt I should write a small FAQ.

Questions asked so far include:

So you think full-stack frameworks suck?
You need a large framework to enforce best practices!
You should check out my microframework!
How do you choose what gets listed in the MicroPHP code collection?
Why do you hate Rush?

If you have a question you don't see listed, drop him a note and he'll add to the post with more answers.

Rob Allen's Blog: One-to-Many Joins with Zend_Db_Table_Select

2012-02-08T21:39:07Z

Rob Allen has a tip for the Zend Framework users out there using the Zend_Db module to connect to their database resources - how to do a one to many join with the help of Zend_Db_Table_Select (easier than it sounds).

Let's say that you want to set up a one-to-many relationship between two tables: Artists and Albums because you've refactored my ZF1 tutorial. [...] Assuming you're using Zend_Db_Table, the easiest way is to turn off the integrity check and do a join in a mapper or table method.

He includes a few lines of source to illustrate, calling the "setIntegrityCheck" value to "false" to tell ZF not to worry about the additional join value over to the artists table. The result is a new column value with the artist's name instead of just the ID.

Gonzalo Ayuso's Blog: How to protect from SQL Injection with PHP

2012-02-08T21:39:07Z

In a recent post to his blog, Gonzalo Ayuso shares a few tips on preventing SQL injection attacks on your applications.

Security is a part of our work as developers. We need to ensure our applications against malicious attacks. SQL Injection is one of the most common possible attacks. Basically SQL Injection is one kind of attack that happens when someone injects SQL statements in our application. You can find a lot of info about SQL Injection attack. Basically you need to follow the security golden rule: "Filter input, Escape output".

He advocates the use of the PDO abstraction layer to filter out a lot of the issues. Using its prepared statements, you can easily strip out things that just adding slashes to user input wouldn't prevent. He also includes a reminder about database permissions - allowing only certain users the ability to, for example, delete can help provide one more level of security (in other words, don't use a "super user" in production).

Community News: Latest Releases from PHPClasses.org

2012-02-08T13:07:05Z

OpenGraph Reader with Template Output

2012-02-08T13:07:06Z

Package:

OpenGraph Reader with Template Output

Summary:

Extract and display OpenGraph data in Web pages

Groups:

HTML, PHP 5, Social Networking, Web services

Author:

Hensel Hartmann

Description:

This class can extract and display OpenGraph data in Web pages...

Read more at http://www.phpclasses.org/package/7345-PHP-Extract-and-display-OpenGraph-data-in-Web-pages.html

Kurt Payne's Blog: User register_tick_function to profile your code

2012-02-07T20:46:39Z

Kurt Payne has a new post to his blog showing how to use register_tick_function with a callback to help benchmark and profile your application to find its pain spots.

A profiler gives you the ability to trace the performance of your code through every function call and create an overview of your system's performance over a certain time period and helps you make intelligent decisions about where to look for problems. [...] But what if you're in an environment where you can't install [the xdebug or xhprof] extension? Luckily, php has a built-in function called register_tick_function that gives you a way to hook in to every user function that's called. With this, you can write a profiler yourself.

A bit of sample code illustrates his method - it defines a "do_profile" function and assigns it with the register_tick_function call. This function generates a debug backtrace and echos out the function path it took to get to that spot (output is included). He provides code for a bit more useful profiling and points out that it could easily be graphed to help visualize the problems. Also included are a few caveats to watch out for when using this method of profiling.

Chris Hartjes' Blog: How Not to Suck at PHP

2012-02-09T13:58:26Z

In this recent post to his blog, Chris Hartjes answers his request for a "rant topic" by responding to a question about "how to not suck at PHP" (from Travis Northcutt).

I thought about this question for a while and have some thoughts on what it really means to know how to not suck at building things using PHP. In my never even remotely humble opinion I think the key is to understand what PHP is really good at.

He talks about how PHP had the early-adoption advantage at first with Apache, but how things have changed so much since then. Now, he proposes, PHP's popularity and usefulness is based on what it can do as a language without messing with frameworks at all. He's worried that, once someone picks up a framework, it'll become so ingrained that they won't know what "plain old PHP" can do (or how to work with it).

So my advice to Travis is that he should worry about learning to use PHP like glue and correctly identify the problems he is trying to solve NOW instead of worrying about the problems he might have to solve later. There will be time to fix your problems. Some of those will be solved by using tools that are not written in PHP, but PHP can still glue them together.

PHPMaster.com: Under the Hood of Yii's Component Architecture, Part 2

2012-02-08T21:39:07Z

Following up on their previous look at the component architecture of the Yii framework, PHPMaster has posted this new tutorial showing how the framework allows you to do some event-based programming.

An application event is something that occurs which might be of interest to other bits of code. A standard event in most GUI applications would be a "click" event, but the sky's the limit and what events you define is really up to you. [...] The details can be provided by application-specific modules allowing you to keep individual requirements separate from your reusable code. Events allow you to attach a potentially unlimited amount of functionality without changing your core modules and components.

In his example, he shows how to create an event handler that is triggered when the user registers on the site. This event (CEvent) is then registered with the system and is attached via a call in the controller's "init" method.

Learning JavaScript - Chris Shiflett

2012-02-07T20:46:41Z

One of my goals this year is to acquire new skills, so I've decided to start by learning JavaScript. As was the case when I learned html and CSS, it's a tricky endeavor, because I'm not exactly a beginner, and most stuff is geared toward beginners, which can make learning so inefficient that I lose my motivation.

I've decided to treat this effort just like I treat exercise, which is to focus on rhythm and consistency above all else. Don't break the chain. My days are packed, but I'm setting aside at least half an hour each day to do something related to learning JavaScript. As long as I hold myself to that and continue making progress, I'll be happy.

Why am I telling you this? One reason is to put myself on the hook, and another reason is so that I can share what I'm doing to learn JavaScript, in case you want to join me. (This also means those of you who have already been down this path can offer your sage advice.)

Since I've just started, I'm currently only using two sources:

Eloquent JavaScript: This not only seems like a good introduction, but it also offers interactive exercises, which I think is going to make a big difference.
Codecademy: As you can see, I've already gone through some of the courses on Codecademy. The quality seems to be hit or miss, but I like the concept and the platform, and it allows me to dedicate very little time and still feel like I've made some progress.

I also have a copy of JavaScript: The Good Parts that O'Reilly sent me back when they wanted Sean and I to write a similar book for PHP. I'm not sure if it's best used as a guide or a reference, though.

If you're a developer and don't already consider yourself a JavaScript expert, won't you join me?

NetTuts.com: Turbocharge your Website with Memcached

2012-02-08T21:39:07Z

On the NetTuts.com site there's a new tutorial showing you how to introduce the Memcached tool to your application - a quick and easy way to cache data and optimize performance.

Your latest PHP/MySQL website is finally online. And it's awesome. But it's not as fast as you want it to be, because of the many SQL queries running every time a page is generated. And above that, you have the feeling it will not scale well under heavy loads. And you are most likely right. In this tutorial, we will see how you can greatly improve your website's responsiveness [...] by implementing a cache layer between your code and your database. The good news is it is fairly easy, and can be done in a few minutes!

They help you get the memcached server installed (a one-liner in most linux distributions) and how to install the memcached extension using PECL. Code is included showing you how to connect to the server, store data into the cache based on a generated key and how to pull the same data back out.

Brandon Savage's Blog: New Rockville PHP Group

2012-02-08T21:39:07Z

If you're in the Montgomery County, Maryland area and are a PHP developer looking to reach out and meet others, you should check out this new post from Brandon Savage. He's trying to start up a user group in that area.

There are lots of active, vibrant developer groups in the DC area: DC PHP, Baltimore PHP, and the Frederick Web Tech group. The DC PHP Beverage Subgroup meets monthly in Northern Virginia. But in the middle between all these groups lies Montgomery County, Maryland. In that area live hundreds of developers who struggle to reach any of the developer groups in the area on a weeknight. It's time to build them something of their own.

His focus is the Montgomery County area so as not to directly take away from any of the other groups in the area people already attend. If you're interested in a group in that area, leave him a comment or hit him up on Twitter.

Voices of the ElePHPant: Interview with Elizabeth Naramore

2012-02-08T21:39:07Z

The Voices of the ElePHPant podcast has released their latest episode (one recorded a while back) - an interview with Elizabeth Naramore, a well-known PHP community member.

This episode was recorded in 2011. Elizabeth now works for Orchestra.io. It's still a fun interview though because...well, it's Elizabeth.

You can find her blog here and follow her on Twitter here. If you'd like to listen to this latest episode, you can either listen in-page or download the mp3 directly.

Community News: Latest PECL Releases for 02.07.2012

2012-02-08T21:39:07Z

Latest PECL Releases:

JavaScript Days - Meet the experts - Qafoo - PHP

2012-02-07T12:25:58Z

Qafoo is happy to announce the three day JavaScript event taking place in Cologne from 12. - 14. March 2012. Presented by "entwickler akademie" (PHP-Summit) and supported by Qafoo it will be an amazing event fully packed with expert knowledge for all your JavaScript needs.

Secure Get

2012-02-07T12:25:59Z

Package:

Secure Get

Summary:

Generate and validate URLs to prevent tampering

Groups:

PHP 5, Security, Validation

Author:

Gianluca Zanferrari

Description:

This class can generate and validate URLs to prevent tampering...

Read more at http://www.phpclasses.org/package/7336-PHP-Generate-and-validate-URLs-to-prevent-tampering.html

The MicroPHP Follow-up FAQ - Ed Finkler

2012-02-07T20:46:42Z

My previous post, The MicroPHP Manifesto, resulted in much excitement. In between fits of rage and crying, I found some time to answer folks questions, and also discuss the topic on the /dev/hell podcast with my cohost Chris Hartjes. To summarize and address some of the common questions, I felt I should write a small FAQ.

Got a question? Ask me. I’ll add additional entries here as things come up.

So you think full-stack frameworks suck?

No. I think sometimes they’re very appropriate. It depends on your needs: will the pros you get with library/component/framework X outweigh the negatives? If so, it’s probably a good choice. If not, it’s probably not.

You need a large framework to enforce best practices!

Sometimes you do. My experience at FictiveKin has been that our small team is able to work faster, smarter, and more efficiently by minimizing the size of our PHP codebase and removing all unnecessary layers of abstraction. In some cases that meant not doing certain tasks in PHP anymore (almost all html generation was moved to the browser). In others, it meant ripping out a bunch of code and replacing it with a simpler solution that required far less boilerplate and replication. We still kept some code that had more dependencies than we’d like because the wins we get with it outweigh the downsides.

I’ve certainly seen situations where choosing a popular full-stack framework is a better idea. As teams get larger, enforcement of coding standards and not doing Dumb Shit becomes harder. Hiring and training engineers is usually easier with popular, full-stack frameworks. On the other hand, we’ve found that devs coming from non-PHP backgrounds liked how quickly they can be productive with simpler libraries and frameworks. Your mileage may vary.

So you’re saying we should write our own framework/libraries/components?

Good God no. There is lots of very good, well-written code out there that’s already solved the problem you’re facing. Most of the time I don’t want to try to solve an issue like oAuth request signing, because it makes my brain hurt and I’d rather focus on building stuff. So, I’ll look for an existing solution that fits my needs first. I sometimes choose to write something from scratch because the existing solutions (that I can find – discovery is a whole other issue) don’t fit well with my existing application structure, or I feel it will introduce more maintenance issues than I’m comfortable with.

You should check out my microframework!

Sure. Generally I think people should work on writing libraries/components, personally. We have plenty of framework choices. But this is PHP, so you have to write your own framework sometime.

Is “X” a microframework?

Long answer: I tend to believe that the reference implementation of “microframework” is Sinatra. Routing, request/response objects, sessions, maybe some hooks for template rendering. Generally I think the inclusion of an ORM is a clear sign of non-micro-ness.

Short answer: I don’t care, really – and you shouldn’t either. If it works for you, awesome.

How do you choose what gets listed in the MicroPHP code collection?

Generally I think about these things:

Does it try to solve one task, or a small set of closely related tasks?
Would it be easy to use with almost any existing code base?
Is the code as short as it can be, while still being clear and easy to follow?

None of these are hard and fast rules, though. I encourage people to share things with me they think others would find useful.

Why do you hate Rush?

I don’t. I like some of their songs, but don’t own any of their work. I also think they’re incredibly smart, talented musicians. My point was to suggest there are other valid approaches, not to reject complexity outright.

JavaScript Days 2012 - Bastian

2012-02-07T12:25:58Z

Packed with a huge number of workshops, hosted by well known speakers like Douglas Crockfort, Christian Johanson, Kore Nordmann or Thorsten Rinne the 1st Edition of the JavaScript Days in cologne already sounds like one of those 'need to be there' events. For those who act fast, the early bird period is still ongoing and open until next Saturday, 10th of February.

Content Security Policy update - Evert Pot

2012-02-07T12:25:58Z

A quick update about CSP. Browsers are well on their way to all adopt the specification.

An early draft was already adopted by Firefox 4, and I just found out that it's also working in Chrome, Safari and IE 10.

IE10 and FF are using the following header:

X-Content-Security-Policy: default-src 'self'

While Safari and Chrome use:

X-Webkit-CSP: default-src 'self'

When the specification is finalized, the X- will be dropped, and it will simply be 'Content-Security-Policy'.

A call for support

Hi Developers! Start implementing this feature! It's important for the future and security of the web. The web's biggest vulnerability, from what I understand, is still XSS, but if people start to properly implement CSP, XSS can effectively be a thing from the past.

So even if you don't want to risk using CSP on a production environment, at least consider adding the headers in your development environment. It will force you to write better code, by not embedding javascript directly into the html source. By considering this right now, you will also make it much easier if you do decide to adopt CSP at some point in the future.

I'm implementing CSP full-on in a new project, and one of the things I've noticed already is that some of the javascript we embed from 3rd parties use eval() and inline html events (onclick & friends). For the sake of security we will most likely decide to only use 3rd party code if they are indeed CSP-compatible.

Ben Selby's Blog: DocBlox Plugin For Sublime Text 2

2012-02-08T21:39:07Z

Ben Selby has released a Sublime Text 2 plugin for the popular PHP-based documentation generation project DocBlox.

It seems that the editor of the moment is Sublime Text 2 and sadly I have to tip my hat to Gary Rockett for showing it off to me one day.. Since that day, I've been a 100% convert. [...] So, I decided to peak into the PHPUnit [plugin from Stuart Herbert] to see if I could create a DocBlox Plugin. It turns out you have to write Plugins in Python, which is interesting, since I know very little python. There seemed to be enough code there to get me going, so I now have a working DocBlox Plugin.

The result is a plugin that, once installed gives you a new context menu option to "Generate documentation" for the selected file. The console shows the progress of the build. You can get the plugin from Package Control or by grabbing it from github directly.