Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Matthieu Napoli:
Approaching coding style rationally
Nov 13, 2015 @ 11:51:07

In a post to his site Matthieu Napoli shares some of his thoughts about "code style rationality" including code formatting in general and some suggestions on one of the harder things in development - naming things.

Habits are sometimes making us blind. We think X looks prettier than Y but that’s just the habit speaking. In this article I’ll try to take a rational approach at coding style. That means leaving the “it looks ugly/better” at the door.

If at any point you feel like something “just doesn’t look good”, breath in, breath out, and try it! Nothing beats hands-on experience, not even some random article on the internet.

He looks at a few subjects specifically (there's way too many to cover them all in detail):

  • the use of trailing commas
  • alignment of values in docblock comments
  • keeping docblock comments minimal
  • using the "Interface" suffix
  • using the "Exception" suffix

He ends the post by reminding readers that the point is to think about code style logically and that no rules are written in stone.

tagged: code style formatting rational approach opinion comma docblock interface exception

Link: http://mnapoli.fr/approaching-coding-style-rationally/

Ken Guest:
Scan your code for old-style constructors using PHPUnit
Nov 06, 2015 @ 11:53:26

Ken Guest has a quick post on his site with a helpful hint for those updating older codebases. You can use PHPUnit & PHP_CodeSniffer to locate old constructors in the PHP4 format (constructors named after the classes).

There are less than seven days left until PHP 7 is released, which drops support for old-style constructors – the ones where a method is a constructor if it shares the same name as the class. You don’t want to spend too much time scrolling through codebases for that though do you? Better things to do, like watch videos of conference talks you’ve missed and such. Well, you’re in luck. If you use php_codesniffer (and if you don’t, well shame on you), you’ll be able to get a report of old-style constructors fairly quickly.

He includes examples of the commands you'll need to use to sniff out these older constructors, making use of the built-in "Squiz" coding standard and the "Generic.NamingConventions.ConstructorName" sniff but only on PHP files. He also shows how to alias it to a bash command and export the results to a CSV file.

tagged: scan code legacy constructor php4 php7 phpunit phpcodesniffer

Link: https://kenguest.wordpress.com/2015/11/06/scan-your-code-for-old-style-constructors-using-phpunit/

HHVM Blog:
LLVM Code Generation in HHVM
Oct 29, 2015 @ 12:08:22

In this post to the HHVM blog they answer a common question they get from the development community: why don't they use LLVM for code generation when compiling down the PHP.

The primary reason has always been that while LLVM is great at optimizing C, C++, Objective-C, and other similar statically-typed languages, PHP is dynamically typed. The kinds of optimizations that provide huge performance benefits for static languages tend to be less useful in dynamic languages, or at least overshadowed by all the dynamic dispatching that’s done based on runtime types. We knew that there was probably something to be gained from using LLVM as a backend, but there were many larger opportunities go after first.

They talk about the compilation pipeline HHVM uses and shows the difference between how it works versus how LLVM would integrate into the final steps. They also talk about the work put in to explore the use of LLVM IR and what kind of changes they had to make to support it. This includes updates to PHP function call handling, generalizing vasm and updates to the LLVM tool itself (with changes to location records, smashable calls and performance tweaks among others).

tagged: hhvm llvm code generation compilation changes updates support

Link: http://hhvm.com/blog/10205/llvm-code-generation-in-hhvm

QaFoo Blog:
Analyze the Quality Of Your PHP Code
Oct 23, 2015 @ 14:08:12

QaFoo has posted an announcement to their blog about a new tool they're offering to help developers better visualize the quality of their PHP code with a new visualization tool, the Quality Analyzer.

In code reviews we often browse metrics, source code and reported code issues together with our customers. This leads to discussions about the current state of the code and possible improvements. First we used a bunch of shells scripts for that. In a second step we developed a simple PHP (Open Source) application helping us to do the job. Now we did the third step and rewrote that application into a React based client side (Open Source) application.

They start with an overview of why they created the tool (an evolution of the older Code Review tool) and why it was split into a frontend/backend model to provide easier pipeline integration. They then introduce the functionality in the new tool, based on a D3.js interface. A few screenshots of the interface are also included to give you an idea of how it reports its findings and the dashboard providing an overview of the findings. You can try it out by grabbing it from the project's GitHub repository.

tagged: analyze quality code tool d3js visualize dashboard

Link: https://qafoo.com/blog/076_quality_analyzer.html

Community News:
Rogue Wave Software Acquires Zend
Oct 06, 2015 @ 14:57:39

Zend has posted a new press release about their acquisition by Rogue Wave Software, a company specializing in tools and services "making it easy to write, test, and run complex code."

Rogue Wave Software announced today that it has acquired Zend Technologies, the leader in end-to-end PHP web and mobile application development and deployment solutions. With 50 percent of the web workload running on PHP, including Magento, Drupal, and WordPress, Zend products drive PHP in the enterprise, from code creation through production deployment.

[...] “Today’s announcement expands Rogue Wave into PHP web and mobile application development, underscoring our goal to make developers heroes by accelerating their ability to create great code,” said Brian Pierce, CEO of Rogue Wave.

It's something that's definitely taken the PHP community by surprise and left many wondering what the future of the language my hold with Zend having been such a critical part of the engine that parses and executes the PHP code we write every day. Chris Tankersly has already shared some of his thoughts on the matter and why, as he puts it, this "doesn't matter" to PHP and it's community as much as some are thinking.

tagged: zend acquire roguewavesoftware roguewave company software tools code

Link: http://www.zend.com/en/resources/news-and-events/newsroom/press/3683_rogue-wave-software-acquires-enterprise-php-leader-zend-acquisition-broadens-enterprise-strength-across-top-five-development-languages

Stoyan Stefanov:
How to write unmaintainable PHP code
Sep 24, 2015 @ 10:35:38

Stoyan Stefanov has reposted an article he wrote for the PHP Advent (now Web Advent) site with a tongue-in-cheek look at how to write unmaintainable code in PHP applications.

With the unemployment rates lately being at the levels that they are, everybody realizes that job security is important. And what's the best way to keep a job but to be irreplaceable, one way or another. The simple truth is that if no one can maintain the code you write, you have a job for life. Writing unmaintainable code is a special skill that, strangely enough, seem to come quite naturally to certain developers. But for the rest of you, here are some tips and hints to get you started.

He humorously suggests poor practices in your development such as:

  • starting your new job by being vocal about "shifting paradigms" and "enterprise" code
  • making it impossible for someone to change one thing without effecting another
  • ban coding conventions
  • don't write unit tests
  • not use templating

...and more. It's a funny piece that has a good message behind it. It's a perfect example of what not to do in development (and what to avoid if you're not doing them currently). The interesting thing is that this was originally published in 2009 and just about all of the points in it are still valid today.

tagged: unmaintainable humorous code opinion funny phpadvent

Link: http://www.phpied.com/how-to-write-unmaintainable-php-code-2009/

Source Blog:
Good Code Runs on Good Communication
Sep 18, 2015 @ 11:10:27

On the Source blog there's a great post that reinforces something that all developers should keep in mind when developing their applications: good code runs on good communication. "Tech language" barriers can make this difficult, but this post gives you a few suggestions on places to start improving.

When I started the interactive team at the Sun Sentinel in 2013, I thought the biggest challenge would be the code. I was wrong. [...] It wasn’t always easy. When you need someone on your side, but they don’t speak the same tech language, it can be very difficult. Investing (not necessarily financially, but emotionally and mentally) in creating a space where teams can work better together is key. Here are some strategies for overcoming the language barrier to make collaboration smoother.

They recommend things like:

  • having face-to-face conversations to work out the best solutions
  • avoiding assumptions about skill levels
  • pausing to check and ensure everyone understands the current state of conversation
  • agreeing on common terms and naming

Finally, they make a recommendation that could make some of the developers out their cringe a bit: "document the madness". As they point out, having good documentation of not only the result of the work but also the process along the way can be crucial for future work and others not directly involved in the process to review.

tagged: good code communication opinion recommendation language conversation

Link: https://source.opennews.org/en-US/articles/code-runs-communication/

Christian Scheb:
Introducing Tombstones for PHP
Sep 17, 2015 @ 12:49:23

Christian Scheb has posted about an interesting idea in this article on his site - creating "tombstones" in your application to help you determine what code in your application is "dead".

Earlier this year I took over that project at my new company. [...] The repository was cluttered by many files, that could assumed to be dead code. Unfortunately, you never know. [...] The mission was clear: Cleaning up the project, without breaking things.

[...] I searched the web and came across that interesting concept of tombstones. If you haven’t heard of tombstones yet, I highly recommend this article and watching the video of David Schnepper’s ignite talk. A tombstone is basically an executable marker in your code (in the PHP world: a function call), which is placed in fragments of code, that you’ve assumed to be dead. Then, everything is deployed to production and, when a tombstone is invoked, it writes some data to a log. After a while, the logs will enable you to identify dead and undead code (called “Vampires”) in your project.

Not finding a good tool to help with this in an existing codebase, he created a library that makes it simpler to both mark the "tombstones" in your code and another to analyze the results. He includes an example of what the report might look like, showing both the used and unused bits of code where the tombstone code was placed.

tagged: tombstones dead code library analyzer marker

Link: http://www.christianscheb.de/archives/717

Phil Sturgeon:
Avoid Hardcoding HTTP Status Codes
Aug 17, 2015 @ 12:55:53

Phil Sturgeon has a post to his site with a good recommendation for those working with APIs and those "magic numbers" that are HTTP status codes - avoid hard coding them in your applications and tests.

A lot of things in programming are argued to death, but one subject where people almost unanimously agree is that magic numbers can be a pain in the ass, and they should be avoided whenever possible. Sadly when it comes to HTTP status codes, people keep on hardcoding them, and it leads to all sorts of confusion. [...] What is 409? If you answer without looking it up on Dash or HTTP Status Dogs then you are a machine.

He shows two implementations of this idea, one in Ruby and the other in Symfony, where the status code value is represented by a constant rather than by a number. The constant correlates to the HTTP status code (number) but the constant makes it easier to read and understand the code. He points out two libraries that can be substituted into your current testing to replace those hard coded values with more expressive versions: lukasoppermann/http-status and Teapot.

tagged: avoid hardcode http status code opinion expressive teapot httpstatus

Link: https://philsturgeon.uk/http/2015/08/16/avoid-hardcoding-http-status-codes/

Check Point Blog:
Finding Vulnerabilities in Core WordPress: A Bug Hunter’s Trilogy, Part I
Aug 06, 2015 @ 11:44:14

The Check Point blog has posted the first part of a series from one of their vulnerability researchers about finding security vulnerabilities in the core WordPress code (and some of the results along with CVE numbers).

In this series of blog posts, Check Point vulnerability researcher Netanel Rubin tells a story in three acts – describing his long path of discovered flaws and vulnerabilities in core WordPress, leading him from a read-only ‘Subscriber’ user, through creating, editing and deleting posts, and all the way to performing SQL injection and persistent XSS attacks on 20% of the popular web.

In this first part he focuses on the concept of "identity" in a WordPress application. He focused on the "roles and capabilities" functionality to find bypass methods in operations like editing and adding new posts. As he works through his process, code is included from the WordPress core showing where the issue(s) lie and what would be needed to exploit the issue.

tagged: bug hunt wordpress vulnerability core code part1 series checkpoint

Link: http://blog.checkpoint.com/2015/08/04/wordpress-vulnerabilities-1/