Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Kevin Schroeder:
Configuring MySQL SSL in Magento
Sep 28, 2015 @ 09:24:34

Kevin Schroeder has a quick post to his site showing the Magento users out there how to configure the SSL connection to their MySQL database backend.

’ve been asked a few times now if there is a way to use encrypted MySQL connections in Magento. [...] The answer, to my surprise, is that there is no way of doing it out of the box.

[...] All database configurations are stored in the local.xml file and the XML specification does not allow numbers for XML node names. So no matter how you try to slice it it looks like getting the SSL settings into the Magento adapter will not work without a code change. The Internet seems to confirm this. But that doesn’t mean that it can’t be done. So I wrote a quick Magento adapter that allows you to pass in the constant values.

He walks you through the process of getting the adapter installed, configuring MySQL to allow for the SSL connections and the configuration change to make. He includes the XML you'll need to update, including the addition of a secure_driver_options to the XML to provide the necessary SSL connection information.

tagged: magento mysql adapter ssl connection configure database

Link: http://www.eschrade.com/page/configuring-mysql-ssl-in-magento/

Is your database password stored safely?
Sep 08, 2015 @ 11:48:18

The Fortrabbit blog has a post that want to help you store your database password securely and away from prying attacker eyes. While they use the example of a a database password, credentials for just about any other service could be protected the same way.

How do you protect your access data? Your sensitive secrets, basically anything your PHP application uses to authenticate or authorize with other services such as databases, caches, cloud storages, image resize services, transactional mail providers. All of them. Where do you put this — easily accessible while in development and secure for production?

They start by pointing out a few places where they should not be stored: in your code, in a version control system or in an environment variable (plain text). Instead, they suggest using a combination of a secret key that's configured in the application and encrypted versions of the values in environment variables. Some code is included showing how to set this up in a Laravel-based application, but the principle can be applied independent of the framework too with some other simple tools. They end the post with some links to other articles including a "considered harmful" piece reinforcing their methods.

tagged: credential protection password database tutorial encryption environment variable

Link: http://blog.fortrabbit.com/how-to-keep-a-secret

SitePoint PHP Blog:
Re-introducing PDO – the Right Way to Access Databases in PHP
Aug 25, 2015 @ 11:10:14

On the SitePoint PHP blog they have a post that "reintroduces PDO" or as they describe it, the "right way to access databases in PHP". The PDO functionality in PHP provides extra handling around database connections and queries as well as making it easier to connect to multiple types of databases with similar code.

PDO is the acronym of PHP Data Objects. As the name implies, this extension gives you the ability to interact with your database through objects. [...] PHP is rapidly growing, and it is moving toward becoming a better programming language. Usually, when this happens in a dynamic language, the language increases its strictness in order to allow programmers to write enterprise applications with peace of mind.

In case of PHP, better PHP means object-oriented PHP. This means the more you get to use objects, the better you can test your code, write reusable components, and, usually, increase your salary. Using PDO is the first step in making the database layer of your application object-oriented and reusable.

He starts by answering the question most ask about PDO versus mysql/mysqli by pointing out that PDO is more OOP friendly, it allows for parameter binding and the fact that the mysql extension is no longer supported. He shows how to check and ensure PDO is installed on your setup and, if not, how to add it in (for both linux and Windows systems). The tutorial then walks you through using PDO: making the connections to the server, running queries and returning the results. This includes a section on prepared statements and bound parameters and their benefits including SQL injection prevention.

tagged: pdo database access tutorial introduction prepared statements phpdataobjects

Link: http://www.sitepoint.com/re-introducing-pdo-the-right-way-to-access-databases-in-php/

Coding Geek:
How does a relational database work
Aug 19, 2015 @ 09:49:41

You may have been using relational databases in your PHP applications for a long time (PHP loves MySQL after all) but you might not have ever dug deep enough to understand how those databases work internally. In this detailed tutorial from Coding Geek they dive way in and cover everything from the basics out to complex sorting, management components and query handling.

When it comes to relational databases, I can’t help thinking that something is missing. They’re used everywhere. [...] you can google by yourself “how does a relational database work” to see how few results there are. [...] Are relational databases too old and too boring to be explained outside of university courses, research papers and books?

As a developer, I HATE using something I don’t understand. And, if databases have been used for 40 years, there must be a reason. [...] Over the years, I’ve spent hundreds of hours to really understand these weird black boxes I use every day. Relational Databases are very interesting because they’re based on useful and reusable concepts. If understanding a database interests you but you’ve never had the time or the will to dig into this wide subject, you should like this article.

He covers a wide range of topics during the post:

  • O(1)) vs O(n2) (or how data sets are handled based on size)
  • Array, Tree and Hash table
  • Global overview (structure of the database system and its pieces)
  • Query manager
  • Statistics (and optimizing storage of the data)
  • Data manager
  • Deadlock
  • Logging

Each of these topics comes with a lot of explanation, examples of how the internals are functioning as well as diagrams to help make a bit more sense. If you've ever really wanted to know how that database you use functions, this is definitely the article to check out.

tagged: relational database indepth concepts lowlevel highlevel query optimization transaction buffer

Link: http://coding-geek.com/how-databases-work/

Coding.bmail.net Blog:
Advanced logging system in PHP for careful developers
Aug 05, 2015 @ 12:19:51

On the Coding.bmail.net blog they've posted a guide to what they've called an advanced logging system in PHP for careful developers - essentially a logging system that's as "error proof" as possible and that works with as little user exposure as possible.

Being aware of all the activity and problems under the hood is essential when running big websites with lots of users, many features and, as it is usual in such cases, weak spots that must not be left untracked.

In order to be the first in knowing when errors or other events of interest happen we need a well designed logs manager. My code will provide such a feature, for PHP based websites.

They briefly outline how the complete setup will work, failing back to email if the database connection isn' available and logging based on environment. It also includes error levels and, on development only, a method for showing the errors being logged. While a good bit of this functionality could be handled by something like Monolog they do include some additional features like the email fallback, output of the errors in development mode and custom error/exception handlers.

tagged: logging advanced system custom database email environment tutorial

Link: http://coding.bmain.net/tutorials/php/advanced_logging_system_in_php_for_careful_developers

Michelangelo van Dam:
Speeding up database calls with PDO and iterators
Jul 27, 2015 @ 08:45:28

In a post to his site Michelangelo van Dam shows you how to speed up database calls with PDO and iterators in a "no framework" environment.

When you review lots of code, you often wonder why things were written the way they were. Especially when making expensive calls to a database, I still see things that could and should be improved.

When working with a framework, mostly these database calls are optimized for the developer and abstract the complex logic to improve and optimize the retrieval and usage of data. But then developers need to build something without a framework and end up using the basics of PHP in a sub-optimal way.

He points out some of the common issues with a simple approach using just PDO and simple arrays including performance issues. Instead he recommends the use of iterators that wrap a PDO connection and allow for much simpler fetching and iteration of the found results. He includes code examples for a base iterator instance and a way to extend it to get the customized results. He also includes a few benchmarks showing the difference between a foreach loop and this iterator method.

tagged: database pdo iterator foreach benchmark compare

Link: http://www.dragonbe.com/2015/07/speeding-up-database-calls-with-pdo-and.html

Are ORMs Inherently Limiting?
Jul 09, 2015 @ 11:43:37

On the /r/php subreddit on Reddit.com, TheSkilletHead wonders if ORMs are inherently limiting in PHP development. Their main point is that, in abstracting and simplifying the interface the developer has to work with, some of the power of the complex database handling is lost.

I don't feel like I'm asking too much from an ORM. I'm not asking for the ORM to manage database-side functions. I'm not asking it to manage database-side variables. I'm not asking it support every type of INSERT (like INSERT DELAYED). I'm OK that it doesn't support LOAD DATA INFILE. I'm even OK with the overhead. However, when I look up why Doctrine doesn't support UPDATE ... JOIN and the response is "it's too different across database engines", then I'm a bit disappointed because that seems to be why one would use an ORM in the first place. [...] Can an ORM be a useful tool to abstract the database or is it just a crutch for people who can't be bothered to learn SQL?

There's quite a few comments on the post already, most confirming his opinion that ORMs are limiting. Some, however, note that they don't have to be. There are some (like the CakePHP 3 ORM) that do have some more advanced features and are still easy to use. Despite this, most of the comments are about developers moving away from ORM use towards more specific, customized solutions that are a better fit for their needs and database systems.

tagged: orm limiting opinion database complexity doctrine

Link: https://www.reddit.com/r/PHP/comments/3cla9l/are_orms_inherently_limiting

David Lundgren:
SPL FileObject & LimitIterator
Jun 24, 2015 @ 08:04:24

In the latest post to his site David Lundgren takes a look at two pieces of PHP's SPL libraries - the FileObject and LimitIterator.

Over that last couple of weeks I've come to use the SPL far more than I have in the past. The SplFileObject for reading CSV files is far more convenient than the fgetcsv() function, and associated code needed for a CSV file. Using the LimitIterator allowed me to easily bypass the first row of the CSV, as they were headers and I knew the format of those headers.

He includes an example of using these two to read from a CSV file, processing the header information and each row following. He also gives another example of the LimitIterator handing the results of a database query, reducing the array set down to only the first twelve items. You can find out more about these two handy tools in their SPL documentation, FileObject and LimitIterator, as well as the rest of the SPL if you haven't looked into it before.

tagged: spl standardphplibrary fileobject limititerator csv database results

Link: http://davidscode.com/blog/2015/06/22/spl-fileobject-limititerator/

Using Laravel 5's Authentication Facade
May 19, 2015 @ 11:26:34

The NetTuts.com site has a new tutorial posted today sharing more information about the authentication facade in Laravel 5 and how to use it to implement simple, custom authentication handling.

Authentication is a part of almost all the web applications you work with. It's really boring to keep repeating all the boilerplate code in every project. Well, the good news is Laravel 5 rids you of this boredom by providing a ready-to-use authentication facade. All you need to do is configure and customize the authentication service provider to your project's needs. In this quick tip, I am going to show you exactly how to do that.

It's a seven step process to get things up and running (it sounds like a lot but all the code is provided):

  • Setting Up the Environment
  • Setting Up the Migrations
  • Configuring the Registrar Service
  • Updating the User Model
  • Updating the View
  • Securing Your Routes
  • Modifying the Default Authentication Routes

Each step includes the code needed and a brief summary of what's happening and how it effects the overall authentication setup. He also ends the post with a brief mention of the "password reset" email functionality and where the content for that email is located.

tagged: laravel5 authentication facade custom tutorial database

Link: http://code.tutsplus.com/tutorials/using-laravel-5s-authentication-facade--cms-23461

SitePoint PHP Blog:
Efficient User Timelines in a PHP Application with Neo4j
Apr 15, 2015 @ 12:41:25

In the latest post to the SitePoint PHP blog Christophe Willensen shows you how to use PHP and the Neo4j graph database to make efficient user timelines in your application. In this case, "timeline" should be thought of as something like a Twitter or Facebook status update feed.

Any social application you encounter nowadays features a timeline, showing statuses of your friends or followers generally in a descending order of time. Implementing such a feature has never been easy with common SQL or NoSQL databases. Complexity of queries, performance impacts increasing with the number of friends/followers and difficulties to evolve your social model are points that graph databases are eliminating. In this tutorial, we’re going to extend the demo application used by the two introduction articles about Neo4j and PHP.

He starts off with a look at how to model the timeline in the graph database, showing different methods to create the relationships: one a direct user-to-post and the other via a linked list. He goes through the initial setup of the codebase and the sample dataset to populate the Neo4j database. He then includes code samples showing how to get the latest feed items for a user and displaying the results in a simple template (Twig-based). He also shows how to get the latest posts for the timeline and how to add a new post.

tagged: tutorial neo4j database graph user timeline socialmedia

Link: http://www.sitepoint.com/efficient-user-timelines-php-application-neo4j/