Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Laravel News:
Checking the Code Complexity of your App
Jan 11, 2017 @ 11:52:58

On the Laravel News site there's an article posted showing you how to determine the complexity of your application using the phploc tool from Sebastian Bergmann.

Yesterday, Taylor made a post comparing the code complexity between Laravel and other frameworks. The tool he used to generate these reports is called phploc and it’s very easy to run on your own code base.

I decided as a means of comparison I would run that on the codebase for this site and just see what the results are.

The tutorial walks you through the installation of the tool (as a globally installed Composer package), how to execute it and what the results look like. These results include a lot of data including:

  • Average Class Length
  • Average Complexity per LLOC
  • (Use of) Global Constants
  • (Number of) Namespaces

phploc is useful for getting the overall numbers but he wanted something a bit more specific. For that he chose the PhpMetrics package that allows for deeper introspection into files and classes in your code to locate the complexity and find spots for refactoring.

tagged: code complexity tool phploc phpmetrics example composer tutorial

Link: https://laravel-news.com/code-complexity-tools

Medium.com:
Framework Code Complexity Comparison
Jan 10, 2017 @ 11:29:30

On Medium.com Taylor Otwell, lead developer and creator of the Laravel framework, has posted some results about framework code complexity based on his own research and information gathering.

Last week as I was refactoring and cleaning Laravel for the 5.4 release, Graham Campbell showed me some code complexity statistics for the framework. I decided to compare this against some other PHP frameworks to see how Laravel stacks up.

[...] I was pleased to see Laravel has the lowest average method complexity of any of the frameworks measured. In addition, Laravel does not contain any method longer than 13 lines of code. [...] The primary goal of this comparison is to compare how I personally write code vs. how other projects are writing code. All project’s measured have a large enough sample size of pure, first-party code to accurately measure that.

He then shares the cyclomatic complexity numbers for several different (and popular) frameworks in the PHP ecosystem:

  • Laravel
  • Symfony
  • Zend Framework
  • Cake
  • Slim

He also compares just the Eloquent ORM and the Doctrine ORM components. For each he provides stats like: lines of code, average method complexity and percentage of methods that are non-static. The results are interesting but most are pretty much expected (like the Slim microframework being lowest on several of the statistics mostly due to its size).

tagged: code complexity framework comparison laravel taylorotwell

Link: https://medium.com/@taylorotwell/measuring-code-complexity-64356da605f9#.j719oq8ue

TutsPlus.com:
Building Your Startup: Security Basics
Dec 20, 2016 @ 11:55:58

The TutsPlus.com site has continued their "Building Your Startup" tutorial series with this latest article covering the "security basics" you'll need to adequately protect your application. This tutorial touches on both the server-level and code-level security aspects.

In today's episode, we'll dive into the basics of web server security. I'll cover securing the Linux VPS running Meeting Planner and some basic Yii security. In the next episode, I'll dive more into programmatic Yii application security.

The article starts off with the server side of things, introducing hosting options, keeping the server updated, configuring SSH for logins, setting up a firewall and SSL. With that solid base in place, it then starts on the code side covering the built-in functionality used to secure the backend and frontend functionality.

tagged: tutorial series yii2 startup security basics server code

Link: https://code.tutsplus.com/tutorials/building-your-startup-security-basics--cms-26702

Leonid Mamchenkov:
Quick and easy introduction into PHP Mess Detector (PHPMD)
Dec 13, 2016 @ 10:07:54

Leonid Mamchenkov has posted a "quick and easy introduction" to PHPMD, the "PHP mess detector" tool. PHPMD automatically scans your code looking for potential issues including "suboptimal code, overcomplicated expressions and unused parameters, methods, properties".

PHP Mess Detector is yet another one of those tools that help to keep the code base manageable and clean. Here is how you can jump right in. It’s super easy. It only takes 6 steps.

He gives an example of it in use on a CakePHP plugin showing the process to install, execute and view the report it provides. He looks in detail at one of the issues it found, an unused local variable, and how he fixed the issue and pushed the result back to the main repository. He finishes up with some suggestions about ways to run the tool, integrating it into your automated workflow and using it on other Open Source projects to find "low hanging" issues to fix and contribute back.

tagged: phpmd mess detector tool automation introduction tutorial code quality

Link: http://mamchenkov.net/wordpress/2016/12/12/quick-and-easy-introduction-into-php-mess-detector-phpmd/

Medium.com:
The Three Pillars of Static Analysis in PHP
Dec 12, 2016 @ 13:06:03

In this post over on Medium.com Ond?ej Mirtes looks at what he calls the "Three Pillars of Static Analysis in PHP" - three kinds of testing you can do to catch errors "at rest" in your codebase.

My credo is that everything that can be automated should be automated. Computers are really good at repeating tedious tasks and they don’t usually make mistakes while us squishy humans are defined by making mistakes everywhere we go.

[...] In the following article, I’d like to introduce three tools that will help you to find errors and inconsistencies in your codebase. If your build integrating these tools finishes successfully, you can be pretty sure your application is in a good shape.

His list of three tools covers checking for:

He covers some of the things the last option verifies and links to another introductory article about the tool to help you get started.

tagged: static analysis pillars lint codesniffer phpstan code

Link: https://medium.com/@ondrejmirtes/three-pillars-of-static-analysis-in-php-f3f5d7bfd61b#.etoa1rfkq

Christian Mackerprang:
How terrible code gets written by perfectly sane people
Nov 30, 2016 @ 12:16:26

Christian Mackerprang has an interesting post to his site sharing some of his thoughts about why terrible code gets written by sane people - developers that know what they're doing but, for other reasons, write code that's a mess of anti-patterns and inconsistency.

What I discovered after some months working there [on a legacy Python project], was that the authors were actually an experienced group of senior developers with good technical skills. What could lead a team of competent developers to produce and actually deliver something like this? What I’ve come up is a list. These are some bad habits that even experienced teams can get into which will severely affect your end product, more than any static code checker or development methodology could rescue it from.

His list of reasons covers six of the reasons he sees for the "good people, bad code" situation happening:

  • Giving excessive importance to estimates
  • Giving no importance to project knowledge
  • Focusing on poor metrics such as “issues closed” or “commits per day”
  • Assuming that good process fixes bad people
  • Ignoring proven practices such as code reviews and unit testing
  • Hiring developers with no “people” skills

For each item in the list he briefly covers why it's a bad thing for your engineering group and references to other sources on good suggestions to fix the situation.

tagged: terrible code sane people opinion reasons

Link: http://chrismm.com/blog/how-terrible-code-gets-written-by-perfectly-sane-people/

QaFoo Blog:
Using Traits With PHPUnit
Nov 29, 2016 @ 12:26:19

The QaFoo site has a new post showing an interesting practice that could be used in your PHPUnit tests to provide additional functionality without the need for complicated inheritance - the use of traits.

As we already wrote that "Code Reuse By Inheritance" has lots of problems and we consider it a code smell. You should always aim to use Dependency Injection, most likely Constructor Injection. But with test cases in PHPUnit we cannot do this because we have no control about how and when our test cases are created. There are a similar problem in other frameworks, like we discussed in "Object Lifecycle Control". We also blogged about traits as a Code Smell, but let me show and explain why they might be fine to use in your test cases.

They provide an example of where the use of traits might be acceptable starting with a simple test case to check the login behavior with an invalid password. This uses an "is a" inheritance relationship with a parent test class with setUp/tearDown method. This refactored a bit to make use of traits to provide common login functionality based on methods in a trait. The post wraps up talking about traits as a "code smell" despite them seemingly making the test code cleaner, mostly that it limits the ability to change functionality by simply changing the associated code.

tagged: traits phpunit tests code smell example tutorial

Link: https://qafoo.com/blog/092_using_traits_with_phpunit.html

Zend Developer Zone:
Scheduling ElePHPants (DateTime math is HARD)
Nov 18, 2016 @ 12:49:38

On the Zend Developer Zone there's a new post talking about scheduling in applications ("scheduling elePHPants") including both library recommendations and advice about code reuse.

It was while I was creating the 100th or so cronjob to do some very similar to the other 99 that I thought, “Hey! Why not just put all this in a database and check it once a minute instead?” [...] It would be so much easier to deal with in PHP. Also, cron does not scale well at all either in performance or management.

The problem is that cron is an elegant solution for “Do this at that time” type of problems. Every solution I came up with was basically re-creating cron. That in itself isn’t a bad thing, but the logic involved in doing what cron does is mind-melting.

[...] Then it hit me, I am probably not the first person that has had this need. There have probably been other people who needed to implement “Do this at that time” within a PHP application. So I started looking around. What I found was encouraging.

The author then mentions several packages that he went through searching for the right solution to his problem, noting that while Laravel-based solutions seemed nice, they wouldn't work with his framework choice (Slim). He decided on the cron-expression package, finding it to be the best fit for the project's needs.

I had spent countless hours trying to create the solution myself. [...] I got so lost in solving the problem, I forgot to look to see if someone had already solved it. [...] After I finally came to my senses, I tweeted that out to remind myself to “Use the Source”.
tagged: schedule task cron experience package code reuse datetime

Link: https://devzone.zend.com/7418/scheduling-elephpants-datetime-math-is-hard/

Andreas Creten:
Does code need to be perfect?
Nov 11, 2016 @ 09:55:57

On his Medium.com blog Andreas Creten has written up a post that tries to answer the question "Does code need to be perfect?" As developers we have a drive to take pride in our work and want it to be the best code possible. However, that can lead to some bad practices...

In the past months I have asked myself a lot why we always strive to write perfect code. Picking up coding again for an internal project made me realise our team (and probably a large part of the rest of the software development world) spend a lot of time on writing perfectly formatted, ordered, patterned and tested code. But is this really necessary?

[...] The engineers want to write perfect code using the latest techniques, make sure that the code is well documented so they can fully understand how everything works and that it has tests so they can easily update things later. Product owners on the other hand just want things to be done, fast and cheap, so they can ship new features or convince new clients. How can you make these conflicting views work together?

He offers a few different suggestions for those developers wanting to craft the perfect codebase including coding for "now" not the future and the fact that "perfect code" just doesn't exist. He offers some suggestions for dealing with that "non-perfect code" you come across in your codebase, when starting from scratch makes sense and thinking about how "perfect" the code needs to be at the outset.

tagged: perfect code opinion development practices

Link: https://medium.com/we-are-madewithlove/does-code-need-to-be-perfect-a53f36ad7163#.jdqre42fu

Exakat.io Blog:
Automatically Enforcing Coding Reference For PHP
Nov 10, 2016 @ 09:42:07

On the Exakat.io blog there's a post continuing on from a "dos and donts" article about programmer practices. In this new post cover some of the rules in a bit more detail from the original article.

Last week, I ran into ‘PHP Dos and Don’ts aka Programmers I Don’t Like‘ on reddit’s PHP group. It features a list of 11 points that the author hates finding in PHP code. [...] The most interesting point is that coding references are used to asses code. They may very well be automated, thanks to static analysis. I thought it was a good challenge for Exakat.

The list covers several of the rules in the list, providing a brief explanation (and a bit of how it relates back to PHP) including:

  • Unnecessary casting
  • Extra bracket and braces
  • Lack of coding standard
  • Too many nested if statements

He ends the post with a bit of detail about how the Exakat service is checking for these "failures" in it's newer "RadwellCode" report. He even gives the scores of some of the more well-known and used PHP projects including the Zend Framework (v1.12), WordPress, Composer and even Exakat itself.

tagged: enforce coding reference exakat code staticanalysis tool oliverradwell

Link: https://www.exakat.io/enforcing-coding-reference/