Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHP.net:
PHP 5.6.29 Released
Dec 09, 2016 @ 11:54:07

On the main PHP.net site there's an announcement about the release of the latest version in the PHP 5.6.x series - PHP 5.6.29:

The PHP development team announces the immediate availability of PHP 5.6.29. This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

Bugs fixed in this version include changes in the Opcache, OpenSSL, SOAP, SQLite3 Standard libraries. You can view the full list of changes in the Changelog and get the downloads from the usual place: the downloads page for the source packages and windows.php.net for the Windows binary downloads.

tagged: language release bugfix security php56

Link: http://php.net/index.php#id2016-12-08-2

SitePoint PHP Blog:
The Delicious Evils of PHP
Dec 07, 2016 @ 09:50:49

On the SitePoint PHP blog Christopher Pitt is back with another interesting article, this time talking about two "delicious evils of PHP" - the eval and exec functionality.

I want to look at two PHP functions: eval and exec. They’re so often thrown under the sensible-developers-never-use-these bus that I sometimes wonder how many awesome applications we miss out on.

Like every other function in the standard library, these have their uses. They can be abused. Their danger lies in the amount of flexibility and power they offer even the most novice of developers. Let me show you some of the ways I’ve seen these used, and then we can talk about safety precautions and moderation.

He then talks about some of the "interesting" things you can do with these two pieces of functionality including:

  • Dynamic Class Creation
  • [Creating] Domain Specific Languages
  • Parallelism (with exec)

He ends the post with some advice how to avoid issues with the topics he's mentioned and how to "stay safe" while still using these two dangerous pieces of functionality.

tagged: evils language eval exec dynamic class dsl parallelism tutorial safe

Link: https://www.sitepoint.com/the-delicious-evils-of-php/

PHP.net:
PHP 7.1.0 Released
Dec 02, 2016 @ 09:38:30

On the official PHP.net site they've announced the release of PHP 7.1.0, the latest major release of the PHP 7 series:

The PHP development team announces the immediate availability of PHP 7.1.0. This release is the first point release in the 7.x series.

PHP 7.1.0 comes with numerous improvements and new features such as

  • Nullable types
  • Void return type
  • Iterable pseudo-type
  • Class constant visibility modifiers
  • Square bracket syntax for list() and the ability to specify keys in list()
  • Catching multiple exceptions types

There's several more changes in this release as well including security updates, bugfixes and a host of new features. As always, you can download the source packages for this latest release directly from a PHP.net mirror or get the Windows binaries from the PHP for Windows site. You can find the full changelog of the release here and a migration guide here.

tagged: language release php71 major features improvements

Link: http://php.net/archive/2016.php#id2016-12-01-3

Shameer C:
PHP 7.1 - 8 New Features you need to know
Nov 30, 2016 @ 11:44:26

Shameer C has a new post to his site sharing some of the things you can look forward to in PHP 7.1, the next larger release of the PHP language. In it he details his "top eight" changes and updates he thinks you'll need to know about.

PHP 7.1, the new minor version of PHP will be released on December 1st, with a number of new features, changes, and bug fixes. While we wait for it's release, let's look at some of the awesome features in PHP 7.1.

His list includes updates like:

  • Iterable pseudo type
  • Square bracket syntax for list()
  • Class constant visibility
  • Void functions

He provides code examples for each of the items on his list and, as a bonus, provides a bit of information about using a Docker container for testing out PHP 7.1 without messing up your local install.

tagged: php71 features top8 list improvement language release

Link: https://blog.shameerc.com/2016/11/php-71-8-new-features-you-need-to-know

Alex Zorin:
Shimming PHP for Fun and Profit
Nov 28, 2016 @ 09:45:48

On his site recently Alex Zorin posted an article about shimming PHP for fun and profit making use of the runkit functionality to override some of the basic PHP handling.

I had spent a short amount of time profiling the application some months ago. By all indications, the framework upon which the site was built was doing something really stupid.

[...] For somebody who is comfortable finding and fixing hotspots like this, it sounds like a dream come true. Not so. A quick grep through the code indicated that that particular hotspot existed in at least a dozen different points in the code base. As my role in this scenario was an ops. engineer, touching the client’s codebase was a no-no.

He first looked into something he could add at the Zend Engine level itself but then veered more towards custom functionality that overrides some base64 handling in the language. There were some difficulties following this path so he shifted to another tactic - using runkit. He implemented this "monkey patching" solution using the runkit handling and integrated it into his client's installation reducing the load time by about 10 seconds on the largest, slowest request he could find. He also includes a link to the code if you're interested in seeing how he accomplished this optimization.

tagged: shim runkit language optimize base64 extension

Link: https://id-rsa.pub/post/shimming-php-for-fun-and-profit/

Paul Jones:
The PHP 7 “Request” Extension
Nov 23, 2016 @ 14:37:09

Paul Jones has a new post to his site introducing the "Request" extension he and John Boehr have worked up to make working with HTTP requests in PHP simpler.

You’re tired of dealing with the $_GET, $_POST, etc. superglobals in your PHP 7 application. You wish $_FILES was easer to deal with. You’d prefer to wrap them all in an object to pass around to your class methods, so they’d be easier to test. [...] You could maybe adopt a framework, but why do that for your custom project? Just a pair of server-side request and response objects would make your life so much easer. Why can’t there be set of internal PHP classes for that?

Well, now there is. You can install the request extension from John Boehr and myself to get ServerRequest and ServerReponse objects as if PHP itself provided them.

He gives an example of using the extension to work with both the request and response (ServerRequest and ServerResponse). This includes cookie values, files handling, content length and much more. There's code examples showing it in use and a link to the repository for the extension where you can find out more.

tagged: request extension language serverrequest serverresponse

Link: http://paul-m-jones.com/archives/6416

Laravel News:
Laravel 5.4: JSON Based Language Files
Nov 22, 2016 @ 09:44:33

The Laravel News site has a new post today describing a feature of the upcoming Laravel 5.4 release: the ability to define language files with JSON formatted files.

One of the most wanted requests we receive at Laravel is introducing better support for multilingual web applications, there are already packages out there that add some nice functionality to Laravel for better handling of multilingual projects requirements, but one of the painful issues when building such applications is managing translation keys.

Previously the trans/trans_choice helper to reference the value defined in the PHP array from your language files by a key name. With this new functionality, a new __() helper method is defined that will look through the English translation file, locate the correct key and find the matching record in the requested language to return. They also show how to pass in some parameters into the translator and how to use it directly from Blade.

tagged: laravel json language file helper tutorial parameter blade

Link: https://laravel-news.com/2016/11/json-based-translations/

Jordi Boggiano:
PHP Versions Stats - 2016.2 Edition
Nov 18, 2016 @ 11:17:40

In his latest post Jordi Boggiano (of the Composer project) has released his PHP usage statistics for the second half of 2016 based on the information gathered during Composer installations.

It's stats o'clock! See 2014, 2015 and 2016.1 for previous similar posts.

A quick note on methodology, because all these stats are imperfect as they just sample some subset of the PHP user base. I look in the packagist.org logs of the last 28 days for Composer installs done by someone. Composer sends the PHP version it is running with in its User-Agent header, so I can use that to see which PHP versions people are using Composer with.

He compares them to the statistics from May 2016 showing some interesting but not unexpected changes, mostly in the growth of PHP 7+ versions. He shares a few of his own observations of the results and encourages library authors to start focusing on PHP 7 functionality rather than 5.5/5.6 compatibility. He also shares a secondary data set - the PHP versions that libraries require that, surprisingly, is moving a lot slower than the actual PHP version adoption.

tagged: version language statistics 2016 requirement composer install results

Link: https://seld.be/notes/php-versions-stats-2016-2-edition

Zend Developer Zone:
A Reverse Debugger for PHP…wait…WHAT?
Nov 16, 2016 @ 11:51:28

On the Zend Developer Zone they have a post talking about an interesting project - a reverse debugger for PHP making it simpler to step forward and backwards through breakpoints in your PHP code (instead of just forward).

Honestly, when I originally tweeted this out I really wasn’t 100% sure what it did. You never know when you see things like “reverse debugger”. It’s one of those “I understand the words separately…” type of things. Then I watched the short video. HO-LY CRAP! Seriously, it is exactly what it says, it allows you to step debug forward AND backwards. Well, almost. You have to record the session first and then you can step forwards and backwards. Still it is a powerful tool.

The project, Don'tBug, hooks directly into any IDE that supports XDebug (just about all of them) making it easy to integrate into your current workflow. You can see it in action in this video over on YouTube.

tagged: reverse debugger language tool dontbug project xdebug

Link: https://devzone.zend.com/7400/reverse-debugger-php-wait/

PHP.net:
PHP 5.6.28 Released
Nov 14, 2016 @ 12:12:58

The PHP.net site has posted the official announcement about the latest release in the PHP 5.6.x series: PHP 5.6.28:

The PHP development team announces the immediate availability of PHP 5.6.28. This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

Fixes included in this release relate to:

  • core language functionality
  • GD image manipulation
  • fixing an overflow in the IMAP functionality
  • a SQLite issue fetching an integer as a string

As always, you can get this latest release from either the main downloads page (for source packages) or windows.php.net for the Windows binaries. As a reminder, the active support for the PHP 5.6.x series will be ending at the end of 2016 (December 31st) so there's never been a better time to upgrade to PHP 7.

tagged: language release php56 security update download

Link: http://php.net/index.php#id2016-11-10-3