Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Freek Lijten:
Sane defaults over Exceptions
Jan 18, 2017 @ 10:19:13

In a new post to his site Free Litjen talks about defensive programming and the part that sane default handling plays when dealing with exceptions that might pop up.

With over half a million visitors a week and lots of scrapers, bots and other stuff visiting, these exceptions and fatal errors clog up logging quite a bit. Not to the point that we can't handle the volume, but it generates false positives in monitoring channels and it is something we do not want to act upon anyway.

So while I'm happy to see some defensive programming I would be even happier if exceptional situations would be silently resolved to default situations.

The post starts with a quote about defensive programming and how, despite it not being an ideal use, many applications had been seen using exceptions to handle errors and messaging. He proposes another methodology where a set of default values are used instead of just failing on any error hit with the input. The idea has merit but it can also lead to other frustrations like hidden errors in testing and situations where an exception makes more sense than a default.

tagged: sane default value exception error handling defensive programming

Link: http://www.freeklijten.nl/2017/01/04/Sane-defaults-over-Exceptions

Rob Allen:
Overriding the built-in Twig date filter
Dec 16, 2014 @ 09:45:31

In his latest post Rob Allen shows a way you can override the default Twig date filter with your own custom Date extension handling.

In one project that I'm working on, I'm using Twig and needed to format a date received from an API. The date string received is of the style "YYYYMMDD", however date produced an unexpected output. [...] This surprised me. Then I thought about it some more and realised that the date filter is treating my date string as a unix timestamp. I investigated and discovered the problem in twig_date_converter.

He includes some example code you'll need to create the custom renderer. As part of the internals of how Twig formats the date currently is internal and can't be changed, he opted to override the extension itself. As a result, the call to the filter is exactly the same as before, the output results are just formatted more correctly.

tagged: twig override default date filter custom extension

Link: http://akrabat.com/php/overriding-the-built-in-twig-date-filter/

Timezones, the Right Way
Dec 14, 2012 @ 10:17:21

On the Websanova.com site there's a recent post about doing timezones the right way when working with them in PHP and storing them in your (MySQL) database.

Timezones are actually a very trivial concept but they seem to be overlooked and over complicated. [...] Rather than storing a timezone with each date it’s better to just accept a standard time to store all your dates with, thus doing the conversion to that standard time before storing the value in the database. It doesn’t really matter what time we store it as, but it’s generally a good idea to just use UTC+00:00.

They talk a little about what the UTC timezone is for those that may not know and show how to set it as the default timezone for your PHP application (with date_default_timezone_set or updating your php.ini). They also include the MySQL configuration option to set its default timezone and and example SELECT statement for extracting the data back out.

tagged: timezone mysql database utc datetime default


Community News:
Orchestra Now Offers PHP 5.4 Instances
Oct 04, 2012 @ 09:48:11

Engine Yard/Orchestra, a PHP platform-as-a-service (PaaS) provider has announced the release of PHP 5.4 as a part of their cloud offerings:

We’re pleased to announce the general availability of PHP 5.4 for Orchestra PHP Cloud. We are committed to keeping your apps running on the latest and greatest version of PHP. After careful lab testing, we’ll upgrade your apps as newer versions of PHP become available. What if you’re still using PHP 5.3? Don’t worry, Orchestra PHP Cloud will continue to maintain its PHP 5.3 stack. You will be able to choose which version of PHP you would like to use when you launch a new app.

The default when you set up a new application will now be PHP 5.4, so be sure you're paying attention on setup if you need something else. You can find out more about the Orchestra PaaS on the Engine Yard site and try it out for free to see how your app performs.

tagged: engineyard orchestra upgrade version instance default


Pádraic Brady:
PHP Security: Default Vulnerabilities, Security Omissions & Framing Programmer
Aug 27, 2012 @ 10:05:13

In this new post (and this related article) Pádraic Brady shares some of his opinions about default security languages should provide and the Secure by Design principles.

Odd though it may seem, this principle explains some of PHP’s greatest security weaknesses. PHP does not explicitly use Secure By Design as a guiding principle when executing features. I’m sure its in the back of developers’ minds just as I’m sure it has influenced many if their design decisions, however there are issues when you consider how PHP has influenced the security practices of PHP programmers. The result of not following Secure By Design is that all applications and libraries written in PHP can inherit a number of security vulnerabilities, hereafter referred to as “By-Default Vulnerabilities”.

He focuses on what he sees as a responsibility of those creating the language to either default to a more secure architecture or provide information as to why their choices could cause problems. In the extended version of the post, he talks about some specific issues that the language has including SSL/TLS misconfiguration, openings for XML entity injection attacks and limited native filtering for cross-site scripting.

tagged: security default vulnerabilities responsibility developer securebydesign


Type Hinting in PHP
Mar 05, 2012 @ 13:19:24

On PHPMaster.com today there's a new tutorial posted about using type hinting in your PHP applications to restrict the values passed into your methods.

Since PHP 5 you can use type hinting to specify the expected data type of an argument in a function declaration. When you call the function, PHP will check whether or not the arguments are of the specified type. If not, the run-time will raise an error and execution will be halted.

Included in the post are code examples showing how to define custom types in a function definition and what happens if you pass the wrong type in. Also mentioned is one of the main limitations to hinting - the fact that it can't be used on default PHP variable types.

tagged: type hint example method default


Derek Allard's Blog:
Modifying the default CodeIgniter Calendar template for fun and profit
Dec 24, 2010 @ 11:09:33

Derek Allard has a quick post for the CodeIgniter users out there with some styling you can use on the default CI calendar.

A project I’m working on needs a monthly calendar. Naturally, I’m using CodeIgniter as the base of it. [...] My needs were something more akin to the interface iCal provides; broad, spacious, subtle. Obviously, the default is just an unstyled base that CI provides as a starting grounds. The Calendar library documentation provides some insight into how we can start changing this up.

He talks about the settings he needed to change including the "day_type" setting and template that specifies the CSS classes to use. Add in the CSS and you'll end up with something like this. You can download the example files too.

tagged: default codeigniter framework template css style calendar


Zend Developer Zone:
Chaining language with default route
Aug 12, 2010 @ 10:47:01

On the Zend Developer Zone there's a new post talking about including language information in your Zend Framework application's default route in a cleaner manner.

There are several ways how to include language id in default route of Zend Framework. However, generally you end up with the solution not quite elegant and likely not totally trouble-free. I have seen people overwriting the default route by new one which mimics module route with additional language id. There is no need to throw the default module route away to do this. To get it right chain the plain language route with default route.

He gives code examples of the routing code to put in your bootstrap that uses the Zend_Controller_Router_Route_Chain and a plugin to handle the language checking and routing handling.

tagged: default route zendframework plugin


Emran Hasan' Blog:
Changing the default controller naming convention in CodeIgniter
Sep 21, 2009 @ 09:43:09

Emran Hasan has a quick new post to his blog today looking at how you can change the default controller naming scheme that the CodeIgniter framework uses (to prevent things like naming conflicts and the like).

CodeIgniter is one of my favorite framework and I often use it for developing application quickly. Although it is very flexible in most cases, I find its naming convention to be strict. Many times I have faced this problem when my controller’s class name and a model/library's class names are the same – a Fatal error is inevitable.

His method involves extending the core CI_Router class to change the _validate_request method to change the location and the naming convention (from Users to UsersController) for the default controller settings. Code for the update is included.

tagged: codeigniter naming controller default tutorial


Terry Chay's Blog:
How much does a date() cost?
May 07, 2009 @ 11:18:28

In a new post to his blog Terry Chay looks at the real cost of a (call to) date() - the PHP function that can parse either the current or an inputted timestamp out into the date format you specify.

One of the fringe benefits of open sources an existing code base is that you have an opportunity to setting error_reporting on E_ALL | E_STRICT or perhaps rather just to 2147483647. When you do that you find small problems with your code base you missed the first time you sloppily wrote it. In my case, I noticed that date() was throwing strict errors.

Due to his resulting request to test the error (after submitting a ticket to fix the server's php.ini settings), he went about trying to test and see what the real impact of working with the date function was by developing his own simple benchmarking script. It runs through five different tests some with a default timezone set and some not. His results found that doing it in the script versus on the server's config didn't make much of a difference so he corrected the issue with a quick ini_set (or a date_default_timezone_set).

tagged: date timezone default benchmark iniset datedefaulttimezoneset