Anna Filina has posted her own addendum to a top ten list of common PHP programmer mistakes, adding seven more of her own.

I was recently asked by one of my readers to give feedback on the following article he read: 10 Most Common PHP Mistakes. It is well written and very thorough. Most of the tips are specific to PHP, others are about web programming in general or database performance. It's a very good read. I was also asked to contribute to this list, so here are 7 more tips.

Her list of seven touches on topics like caching, allowing SQL injection, disabling error reporting and ignoring accessibility. She also includes some configuration settings, code and links to other tools/resources to help provide information on preventing these other mistakes.

The php[architect] site has a new tutorial posted giving you a step by step guide to sending HTML email with the combination of Drupal 7, Webform and Mandrill (the mail service by Mailchimp).

By default, Drupal is configured to send out plain text emails. For many developers, plain text email is sufficient and preferable to HTML email. HTML email is still, in this day and age, not guaranteed to render the same across email clients, more likely to be labeled as spam, and requires a significant amount of testing to make sure it works. Still, a minimally styled HTML message can be easier for recipients to read and help reinforce your brand/design (if you don't depend on images to do so). In this article, we'll look at the modules to install and configure to enable HTML emails and, specifically, how to change the default Webform email template to send submissions as HTML.

The tutorial comes in four different sections, each with plenty of description and some code to make it happen:

• Set up your site to send email
• Allow outgoing email to use HTML
• Formatting Outgoing Email
• Send Webform Submission as HTML Emails

The SitePoint PHP blog continues their series of tutorials showing how to authentication your users against various social networks. In the previous post they covered connecting to Google+ and in this latest post they move on to two other popular social networks: Facebook and Twitter.

In the previous parts of this series, we created our initial interfaces, set up our Google+ login functionality and talked about how we can merge our accounts together. In this article, we will integrate Twitter and Facebook within our application. You will see a lot of similarities with the Google+ article, so if you could follow that one easily, you won't have much trouble with this one. If you haven't read that article yet, I suggest you read it first before continuing this article.

He starts off with the Twitter authentication, creating a new "SocialLogin" object type for it and defining the three required properties it needs to connect. Code is included to make the OAuth connection, pass along the callback URL and forward on the user to the Twitter site for approval. Code is also included to store the data about the Twitter user in your application. Next up is Facebook. The connection is very similar to the others with only a slight difference in the data that's required. You can find the full code for the tutorial so far in this Github repository.

The NetTuts.com site has a new tutorial posted today sharing some tips about working with sensitive data in your applications and steps to secure it.

In my previous article, I showed you how to protect your server from attacks and malicious software. This part will focus completely on the third layer of security - your application itself. So here, I will show you techniques that you can use to protect your application from attacks and intrusions.

There's three main topics covered here, each with a few subpoints and some code examples:

• Using a Database
• Use a Salt When Hashing
• POSIX: Drop Privileges When You Don't Need Them

In his latest post Phil Sturgeon makes a request of the PHP community - to "send PSR-0 to to Standards Farm in the Sky". Or, to put it another way, deprecate it in favor of the more recent autoloader handling of PSR-4.

This article attempts to convince you that deprecating the PSR-0 auto-loading standard in favor of the PSR-4 auto-loading standard is not only a good idea, but a problemless wonderland of happy benefits, in the hope that when I try to get this done on the FIG mailing list, people will be happy about it instead of sad or rage-mode. [...] I believe it was talked about as an alternative at the time because we knew that the PHP community would drop their collective bricks if we tried to pull PSR-0 out from under them, right as they were just slowly getting used to using it.

He covers a few different topics and his opinions on each including the "hate" for PSR-0 (for wanting to get rid of it) and why it should even be considered for deprecation in the first place. He also reminds readers that he's advocating the deprecation of PSR-0, not the removal of it as a standard. It can still exist and be used but it will no longer be the "moving forward" method of autoloading (in favor of PSR-4). He also comments on the large user base out there on PHP <=5.2 that wouldn't be able to make the update to PSR-4 and a suggestion to projects wanting to encourage the migration.

• justimmo/php-sdk (1.0.6) PHP-SDK for the JUSTIMMO API
  
  
• econic/mobilant (0.2.0) Utility class for the mobilant sms service
  
  
• jeremykendall/php-domain-parser (1.4.1) Public Suffix List based URL parsing implemented in PHP.
  
  
• wegnermedia/presenter (0.1.0)
  
  
• ebussola/adwords-reports (1.2.3) Adwords Reports
  
  
• endroid/symfony-application (1.6.11) Endroid Symfony Application
  
  
• konstantin-kuklin/assetic-static-gzip-bundle (1.0.2, 1.0.1, 1.0.0) Provide static gzip compression for css,js files via AsseticBundle
  
  
• byscripts/static-entity (2.1.1) Provide some kind of static entities
  
  
• t1st3/t1st3-assets (0.15.3) Assets used for T1st3's projects
  
  
• zoopcommerce/gateway-module (2.0.0) Zend Framework 2 module that extends zoop's Shard Module with authentication services
  
  
• theantichris/simple-plugin-framework (v3.0.0) A simple framework for creating WordPress plugins.
  
  
• zoopcommerce/gomi-module (2.0.0) Zend Framework 2 Module that provides user management for zoop's Shard
  
  
• techdivision/rewritemodule (0.6.1) A simple rewrite module for PHP based web servers.
  
  
• anh/content-block-bundle (v0.1.5, v0.1.4) Content block bundle
  
  
• c33s/menu-bundle (v0.9.14) routing-based menu system for symfony2
  
  
• happyr/google-analytics-bundle (3.0.1) The Google Analytics Bundle lets you send data (like event tracking) to Google.
  
  
• imsamurai/cakephp-google-chart (1.0.0) Helps draw google charts
  
  
• zoopcommerce/shard-module (4.0.0) Zend Framework 2 Module for Shard
  
  
• spiffy/spiffy-application (1.0.0-alpha) SpiffyApplication is an application built using SpiffyFramework.
  
  
• kohkimakimoto/earray (v2.0.0) EArray is a small PHP class to provide convenient ways to access a PHP Array.
  
  
• zoopcommerce/shard (5.0.0) Add new behaviours to Doctrine Mongo ODM Documents
  
  
• anh/tied-content-bundle (v2.0.0) Tied content bundle
  
  
• sergeylukin/multisort-php (0.1.0) Sort n-dimensional arrays
  
  
• netzmacht/contao-form-helper (0.2.1) Library for supporting customized Contao form rendering
  
  
• ideea/async-event-dispatcher (v1.0) Async send/receive events
  
  
• data-dog/php-ga (v1.2.1) "ga.js in PHP" - Implementation of a generic server-side Google Analytics client in PHP that implements nearly every parameter and tracking feature of the original GA Javascript client.
  
  
• earlhickey/pg-mailchimp (1.0) ZF2 module for MailChimp 2.0 API
  
  
• figo/figo (1.1.3) API wrapper for figo Connect.
  
  
• zhuravljov/yii2-debug (v1.3) Yii debug toolbar
  
  
• jandrabek/nette-mailpanel (3.2) MailPanel is extension for Nette Framework which captures sent e-mails in development mode and shows them from debugger bar.
  
  
• graham-campbell/navigation (v0.4.0-alpha) Navigation Is A Navigation Bar Generator For Laravel 4.2+
  
  
• ruudk/payment-multisafepay-bundle (1.0.5) A Symfony2 Bundle that provides access to the MultiSafepay API. Based on JMSPaymentCoreBundle.
  
  
• esteit/catalol-api-client (1.3.0) FPC client
  
  
• ruudk/payment-mollie-bundle (3.0.1) A Symfony2 Bundle that provides access to the Mollie API. Based on JMSPaymentCoreBundle.
  
  
• payum/payum-yii-extension (0.9.1) Rich payment solutions for Yii framework. Paypal, payex, authorize.net, be2bill, omnipay, recurring paymens, instant notifications and many more
  
  
• data-dog/php-nsq (0.1.0) NSQ publisher for PHP
  
  
• ministryofjustice/opg-core-public-domain-model (0.21.3) Domain model for the OPG Core project
  
  

• XML_XRD 0.3.1
  
  
• Net_WebFinger 0.4.0
  
  

There's a good conversation happening over on Reddit today about what constitutes the "PHP community" and how it can be defined. JordanLeDoux wonders if those who just write PHP are included in that group as well.

One conversation was with a dev who hates PHP because (mostly) they work with code that was written by some non-PHP dev who was asked to write it. The other was with /u/krakjoe from the PHP internals team, where I was commenting on a sentiment that sometimes finds its way into the internals mailing list: if you want a real programming language, then go use one. In both cases, I made the assertion that most people who utilize PHP or edit a script aren't actually part of the PHP community. [...] How can someone that is functionally isolated from any other person working in PHP be part of the PHP community?

Responses to the post are, for the most part, encouraging suggesting that

• There's not a single "PHP community" but many smaller ones
• sub-communitiies can revolve around technology or a product
• The different definitions of community
• The broad range of skills that "PHP developers" are known to have

Check out the full post for more opinions and share your own!

Lorna Mitchell has a quick post to her site today showing you how to link up Travis-CI and phing to execute the phing build on the Travis-CI service.

We've started using Travis CI on one of my projects to run some build processes to check that everything looks good before we merge/deploy code. One thing I ran into quite quickly was that I wanted to install phing in order to use the build scripts we already have and use elsewhere, but that it isn't provided by default by Travis CI.

To get it all cooperating, she uses the "before_install" settings/functionality Travis provides to use PEAR to discover and install phing. Then in the "script" section, the build can call the phing executable without problems. She does point out one "magic" kind of thing that rehashes the Travis environment and lets to know phing exists: the...well..."rehash" configuration setting.

In his latest post Paul Jones comes back to his proposed application structure, the idea of Action-Domain-Responder, and answers some questions about where content negotiation happens and routing.

While talking about Action-Domain-Responder on the Crafting Code Tour, one of the common questions I got was: "Where does content negotiation happen?" My response was always: "Where does it happen in Model-View-Controller?" That opened up a discussion on how content negotiation is a tricky bit that can go in different places, depending on how you want the concerns separated, and is not a problem specific to ADR.

He goes on and tries to answer the question a bit better, pointing out that "it's a problem for everyone" isn't really good enough to take action on. He works through the different pieces of the ADR pattern, trying to reason out where the right fit is. He suggests a "first filter" on the Controller level, more specifically at the Router level. That's not to say that the Router needs to know about content handling, but it does need to know how to pass that information on.