News Feed
Jobs Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint.com:
Best Practice for Code Examples
August 14, 2013 @ 10:29:55

If you've ever thought about including code examples in your (blog/site/etc) posts and were wondering how to least frustrate your site's visitors, check out these suggestions from one of SitePoint's UX authors, James Edwards.

The majority of articles about web development include code examples, and across the web we see great variation in how they're formatted and presented. But a lot of them are not very good - because the code is badly formatted, hard to read, or can't be copied-and-pasted without unwanted junk. So in this article I'd like to take a hard look at code examples, to investigate the common problems they have, and try to establish some best practice for how they should be done.

He talks first about the whole point of including code examples in a post and five basic principles for what they should be like:

  • Code examples should use good semantic markup.
  • Tabs in code should not be converted to spaces.
  • Code should have basic syntax highlighting.
  • Code examples can have horizontal scrolling, but shouldn't have vertical scrolling.
  • Code examples should have line numbers, which are not included in text selection.

There's some examples of code markup included as well as some CSS rules you can drop in to help follow his suggestions.

0 comments voice your opinion now!
bestpractice code sample ux example

Link: http://www.sitepoint.com/best-practice-for-code-examples

Phil Sturgeon:
Building a Decent API
July 16, 2013 @ 09:32:46

Phil Sturgeon has posted a set of best practices he follows when building out new APIs. It covers a wide range of topics at a high level, but it's a good checklist to get you started.

PHP developers are increasingly moving over to API development, as are a lot of server-side developers. It's a trend thats been happening for the last few years and it's getting to the point where everyone and their dog are putting articles showing off how to build "awesome" API's. Unfortunately most of these are either woefully inadequate or are promoting bad practices.

His recommendations include:

  • Use the URI sparingly, and correctly
  • Resources are EVERYTHING
  • Authentication
  • Background all the things
  • Version your API like an adult

Each item in his list has some points to back it up and provide a bit more detail on what it's all about.

0 comments voice your opinion now!
api development recommendations list bestpractice

Link: http://philsturgeon.co.uk/blog/2013/07/building-a-decent-api

NetTuts.com:
How to Write Testable and Maintainable Code in PHP
May 16, 2013 @ 11:53:18

NetTuts.com has a new tutorial posted suggesting a few ways you can make testable and maintainable code in PHP applications.

Frameworks provide a tool for rapid application development, but often accrue technical debt as rapidly as they allow you to create functionality. Technical debt is created when maintainability isn't a purposeful focus of the developer. Future changes and debugging become costly, due to a lack of unit testing and structure. Here's how to begin structuring your code to achieve testability and maintainability - and save you time.

There's a few concepts they cover in the tutorial including DRY (don't repeat yourself), working with dependency injection and actually writing the tests with PHPUnit. They start with a bit of code that needs some work and use the tests to help refactor it into something that can be easily mocked (using Mockery).

0 comments voice your opinion now!
testable maintainable code tutorial bestpractice mock object

Link: http://net.tutsplus.com/tutorials/php/how-to-write-testable-and-maintainable-code-in-php

Reddit.com:
Login Security (Best Practices Recommendations)
August 14, 2012 @ 12:20:08

On Reddit.com there's a good conversation going on in the PHP category about login security and best practices surrounding it.

So I was handed an ancient project which was up to me to fix / improve. About a week later I am about done but there is 1 thing I left...Login security. As it is now, it's just md5(password) that's saved in the database. Better then nothing, but far from good enough. My plan was to have a constant pepper in the class which handles the logins, then do something like crypt(pepper . $password) to store it, since that should generate a random salt and is slower then sha1 / md5 / etc. I feel this should be save enough, do any of you have any ideas on how to improve it (without non-standard extensions)?

There's lots of comments so far and a lot of them are following along the same lines - use a better method of encryption, something like crypt with Blowfish or something similar as well as some hashing (like HMAC).

0 comments voice your opinion now!
security password hash encrypt bestpractice discussion


PHPMaster.com:
PHPMaster Security Roundup
July 18, 2012 @ 09:22:07

Security has become more of a hot topic in the PHP community recently and PHPMaster.com has pulled together a list of resources you can read up on to get some great ideas for securing your application.

The unfortunate truth of the matter is there's no excuse for [the LinkedIn, Yahoo!, eHarmony and Last.fm] leaks; they would not have been possible if simple, well-known security precautions were taken. Are you protecting yourself and your applications by guarding against SQL-injection attacks? Are you filtering and validating user input? Are you properly hashing user passwords? I hope so! If not, read some of the security-focused articles PHPMaster has published throughout the past year and apply these best practices to your code today!

Articles in their list include:

Check out the rest of the post for links to other great articles.

0 comments voice your opinion now!
security list article resource bestpractice


Jonas Hovgaard's Blog:
How I stopped writing awesome code
June 14, 2012 @ 11:55:21

In this recent post to his blog Jonas Hovgaard talks about how he "stopped writing awesome code" by dropping a few things from his usual development practices - like unit tests and interfaces.

If writing awesome code is using all the best practices I can find, writing interfaces, unit tests and using top notch IoC containers to control my repositories and services all over my application's different layers - Then I'm not writing awesome code at all! I've been that guy, the one writing the awesome code, but I stopped. I'm not awesome any more. Instead, I'm productive, I'm so damn productive!

He talks about how not writing unit tests (which "customers don't care about") gave him extra time to work on other code and how not using things like interfaces, ORMs and how he follows DRY, but only so far.

My personal result of doing all of this is productivity and better products. I can't tell if I did it all wrong, and that's why I'm writing better code now, but I truly believe that I'm not alone. In fact I think that most of us regular web developers, tend to do the same "mistakes" as I did.

The post has turned into flame bait and has pulled in lots of comments discussing his decisions and other sympathetic souls that feel the same way he does about some of the complexity of the "best practices" promoted in development today.

0 comments voice your opinion now!
opinion development practices bestpractice unittest interface orm dry


PHPMaster.com:
Input Validation Using Filter Functions
June 01, 2012 @ 15:53:28

On PHPMaster.com today there's a good tutorial that gives you some methods to do one of the most important things in any application - validating input. Their examples show how to use some of PHP's own filter functions to accomplish this.

Filter functions in PHP might not be sexy, but they can improve the stability, security, and even maintainability of your code if you learn how to use them correctly. In this article I'll explain why input validation is important, why using PHPs built-in functions for performing input validation is important, and then throw together some examples (namely using filter_input() and filter_var()), discuss some potential pitfalls, and finish with a nice, juicy call to action.

He talks about why validation is important to protect your application (and users) from malicious things like cross-site scripting. He emphasizes the use of PHP's own filter methods because they are established and, well, included in the language - no additional libraries needed. Example code is included showing how to use them to filter email addresses and check that something is an integer.

You can find out more about these functions on their manual pages: filter_input, filter_var.

0 comments voice your opinion now!
input validation filter tutorial bestpractice filtervar filterinput


Seth May's Blog:
The 5 Ws of Data Validation - Part 1
April 26, 2012 @ 11:14:03

With a reminder about the best practice of always validating your data, Seth May has this new post about the "Five Ws" of validation - why, when, where and who.

As web developers, the applications you write are complex data processing engines. They try and convince your users to enter good, meaningful data and to respond in solid, predictable ways based on what was entered. Robust data validation will allow the rest of you application to work effectively. [...] Data is scrutinized in various ways to make sure that it adheres to basic restrictions and to fundamental properties. It's no good receiving a sandwich when you expect a car.

The questions he answers are:

  • Why is Data Validation Important?
  • Where Should I be Validating Data?
  • When Should My Data Be Validated?
  • Who is Responsible for Validation?
  • How Do I Validate My Data? (yes, there's a "w" in there!)
In the real world data is ugly, crazy, and untrustworthy. Your only hope to taming the data beast is to diligently, methodically validate your data.
0 comments voice your opinion now!
data validation series five w reason bestpractice


BinaryTides.com:
40+ Techniques to enhance your php code (3 Part Series)
April 11, 2012 @ 09:52:57

On the BinaryTides blog there's a series of posts that share some tips and suggestions aimed at helping you and your code be the best they can be - things to enhance your application (including suggestions not just about code but also about environment and development practices).

The three posts in the series include tips like:

  • Maintain debugging environment in your application
  • Collect all output at one place , and output at one shot to the browser
  • Set the correct character encoding for a mysql connection
  • Do not gzip output in your application , make apache do that
  • Don't check submit button value to check form submission
  • Process arrays quickly with array_map
  • Avoid direct SQL query , abstract it
  • Never set error_reporting to 0
  • Make a portable function for executing shell commands

Obviously, not all of these will apply in all situations, but they're an interesting list. Most will come with good explanations and code samples when appropriate.

0 comments voice your opinion now!
technique enhance list suggestion bestpractice


Lars Tesmer's Blog:
What My Co-Workers and I Learned When Trying to Write Unit Tests for PHPUnit
September 09, 2011 @ 11:56:04

Lars Tesmer and his coworkers have been working on improving their development skills lately, specifically related to unit testing. In his latest post he shares some of what they've discovered along the way.

The plan was to try and write as many tests as we could for the Constraint classes PHPUnit uses to implement its assertions. [...] Well, our plan didn't work out that way, we didn't really succeed in writing a considerable amount of unit tests. However, it still was a valuable experience, as it turned out the unit tests of the Constraints are a good example of how not to unit test.

He includes three of the major points they came across in their practice development:

  • Don't use one single test case class to test several different classes
  • Name your tests well
  • Avoid to test more than one behaviour in one single test

For each, there's a summary answering the "why" question behind them including an example test (testConstraintIsType) that shows a bad, multiple assertion practice that should be avoided if possible.

0 comments voice your opinion now!
unittest phpunit recommendations opinion bestpractice



Community Events











Don't see your event here?
Let us know!


release code framework install overview opinion component symfony2 application example hack language composer facebook introduction package podcast unittest security hhvm

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework