Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Benoit Schneider:
The main reasons we use Symfony for web application developments
Apr 16, 2018 @ 11:36:05

On his Medium.com site Benoit Schneider (CTO of Outsourcify) has a post sharing some of the reasons they made the choice to use Symfony for their web development needs.

At Outsourcify we work on projects of varying sizes, from small sites with a few pages to complex business applications. Depending on the case, we recommend different technical solutions (we do a lot of Javascript SPA and Wordpress also), but for the most complex cases, when we have to chose a technology to build large web applications that require several weeks or months of work for several web developers, Symfony is our framework of choice.

He starts with a bit of background on his own experiences with Symfony and why he chose it for his own needs early on. He then shares his thoughts around "why Symfony?" when there are many other major frameworks to choose from. He wraps up the post with a summary of some technical reasons to use the framework including the innovation it brings to the table and the robust ecosystem around it (and related products/tools).

tagged: symfony framework choice development opinion technology

Link: https://medium.com/@outsourcify/the-main-reasons-we-use-symfony-for-web-application-developments-6281d2a56390

Christoph Rumpel:
Content Security Policy 101
Mar 15, 2018 @ 09:52:43

In a new post to his site Christoph Rumpel shares an introduction to the use of Content Security policies to prevent client-side security issues in your applications. While his examples are more Laravel-specific, the concepts can be applied to just about any framework or home-grown solution.

As more and more services get digital these days, security has become a significant aspect of every application. Especially when it comes to third-party code, it is tough to guarantee safety. But in general, XSS and Code Injection is a big problem these days. Content Security Policy provides another layer of security that helps to detect and protect different attacks. Today, I will introduce this concept and its main features, as well as show real-world examples.

He starts with a general look at web application security vulnerabilities and, more specifically, cross-site scripting issues. These are the ones that a Content Security Policy (CSP) can help prevent. He then covers the basics of the CSP header and gets into the implementation. In his example he sets up the addition of the CSP header as a middleware so that it's included on every request. With the default header all resources are blocked so he walks through the process of restoring access to the scripts, fonts and styles his blog needs to work correctly.

With the basics covered he then gets into a few more advanced features of CSP policies such as nonces for resource identification, iframe handling and the submission of forms. The post ends with a recommendation of the Laravel CSP package for use in Laravel applications. If you're looking for something more framework agnostic you might want to look into ParagonIE's CSP Builder library.

tagged: contentsecuritypolicy csp beginner tutorial laravel middleware framework

Link: https://christoph-rumpel.com/2018/03/content-security-policy-101

Nathan Dench:
BrisPHP News - 1 March 2018
Mar 09, 2018 @ 12:19:26

On his "Tech Notes" blog Nathan Dench has put together a listing of some of the interesting things that happened in the first part of 2018 in the PHP community.

I organise the a post from Marcel Pociot about the GitHub statistics for various PHP projects
  • news around Symfony, Silex and Laravel
  • There's also a few other "random things" to finish off the post with links to other interesting articles, projects and tools.

    tagged: news community 2018 release feature github framework

    Link: https://ndench.github.io/brisphp/brisphp-news

    Algotech Solutions:
    Converting to another web framework: Basic apps in Symfony and Django
    Mar 08, 2018 @ 11:19:34

    On their Medium.com site Algotech Solutions has a post that does a side-by-side comparison of two web applications frameworks from two different languages: Symfony in PHP and Django in Python.

    Many times have I heard the following from a developer: “I am scared to change technologies”, “I am excited but I’m afraid it will be entirely different”, “I only know , I’ve never seen any code in my life!”. Sounds familiar? This article will show you that different web frameworks are not in fact that different.

    With the advent of open source software, modern frameworks have inspired each other in adding and improving features for easier and more efficient usage. I will try to explain the abstract notions under MVC Web frameworks and how you can easily implement them through any framework and programming language needed.

    The article then walks through the basic setup and creation of a web application in each, going through:

    • Installation
    • Generating the sample application (Jobeet)
    • Configuring the controllers and views
    • Creating the view output

    All of the code and command line calls are included in the post too. If finishes out with an overview of the similarities between the two frameworks and briefly mentions some of the differences (like when it comes to model handling).

    tagged: framework convert symfony python django similarities application tutorial

    Link: https://medium.com/algotech-solutions/converting-to-another-web-framework-basic-apps-in-symfony-and-django-f55332030c44

    Voices of the ElePHPant:
    It’s the Booze Talking - Frameworks
    Mar 07, 2018 @ 09:42:18

    The Voices of the ElePHPant podcast has posted their latest in their "It's the Booze Talking" series. In these shows host Cal Evans is joined by several members of the PHP community to discuss certain topics. In this latest show they talk about frameworks.

    Cal is joined by representatives for several popular PHP frameworks including Ryan Weaver (Symfony), Clark Everetts (Zend), Joe Ferguson (Laravel) and Rob Allen (Zend Framework, Slim). Other panel members include Cathy Evans, Kara Ferguson and Chris Tankersley. They talk about their own experience with frameworks in the PHP community, Composer, PHP the Right Way and several other topics.

    You can listen to this latest episode either using the in-page audio player or by downloading the mp3 directly. If you enjoy the show, be sure to subscribe to the feed and follow them on Twitter for updates on when the latest shows are released.

    tagged: itstheboozetalking voicesoftheelephpant framework panel discussion

    Link: https://voicesoftheelephpant.com/2018/03/07/booze-talking-frameworks/

    Symfony Blog:
    New in Symfony: Reproducible builds
    Feb 14, 2018 @ 11:16:52

    On the Symfony project blog there's an announcement posted about changes in the framework to allow for reproducible builds.

    Reproducible builds are a set of software development practices that create "a verifiable path from human readable source code to the binary code used by computers". In other words, if you don't change the source code, the compilation result should always be exactly the same.

    Explained more simply in the case of Symfony: if you build the container and warm up the cache of the same unchanged application multiple times, the result should always be the same.

    The post talks about the idea of "reproducible builds" and how they should be "completely deterministic" where the end result is always the same (no random data, no auto-generates date/times). A few changes were required to the framework to ensure these builds were possible. The post lists out these updates and links to the bug reports for each.

    tagged: symfony project framework reproducible builds

    Link: http://symfony.com/blog/new-in-symfony-reproducible-builds

    Symfony Blog:
    New Core Team Member, Security Team Leader
    Jan 29, 2018 @ 11:25:03

    On the Symfony blog the project has made an announcement about a new addition to the Symfony team to help handle security issues around the framework: Michael Cullum

    Handling security issues responsibly and transparently is key to the success of any Open-Source project. Symfony is no exception. We documented the process of our security management policy a long time ago.

    [...] Today, I'm very happy and proud to announce that we are getting to the next level. Michael Cullum accepted to join the Symfony Core Team to lead the security team. He will be responsible for managing the security process.

    Michael is the secretary of the PHP-FIG group, represents the PHPBB project and is a heavy user of the Symfony framework. Having Michael on the team means that there will be a central point of contact and someone whose primary role is ensuring the safety and security of the overall project and framework.

    tagged: core security team member michaelcullum symfony project framework

    Link: http://symfony.com/blog/new-core-team-member-security-team-leader

    ZFort.com:
    The Mexican Standoff of PHP Frameworks
    Jan 26, 2018 @ 12:24:09

    On the ZFort.com blog there's a new post that talks about the "Mexican standoff" between PHP frameworks, covering some of the background behind some of the more popular ones and some of the main differences between them.

    PHP is one of the most widely known and potent programming languages used today. However, despite the popularity of PHP, there are many businesses using PHP without making use of a quality PHP framework. This approach slows production time and increases costs. A PHP framework is advantageous because it provides you with modules and codebase to help structure and accelerate the web development process.

    [...] For CEOs, CTOs, product owners and those in the tech industry, choosing the right PHP framework can help cut production time and costs. However, every PHP framework is unique. [...] Given the wealth of PHP frameworks available, it is important to conduct solid research in order to find the platform that’s right for you. [We'll] take a look at three of the most popular PHP frameworks (Symfony, Laravel and Yii) and break down which is the best, and why.

    The article then goes on to cover three of the more widely used frameworks:

    • Symfony
    • Laravel
    • Yii Framework

    For each the author covers some of the origins of the framework and some of the things that it's best at. Following these there's a section that briefly compares them and how approachable they are for developers new to frameworks. While they all have their strengths the author recommends Symfony as the framework with "the most long term potential" over the others.

    tagged: framework comparison symfony laravel yii opinion

    Link: https://www.zfort.com/blog/php-frameworks-standoff/

    Zen of Coding:
    PHP MVC Frameworks Preview of 2018 (Phalcon 3, Symfony 4, Laravel 5.x and Others)
    Jan 05, 2018 @ 13:58:48

    On the Zen of Coding site they've posted a look forward at versions of several popular frameworks coming in 2018. Their list includes Phalcon 3, Symfony 4 and Laravel 5.x.

    It’s that time of the year again, when we take a look at the world of PHP MVC frameworks. We get ready for the trends of 2018 and plan our roadmaps. Also, we’ll take a quick detour to look at some seagues in the areas beyond PHP MVC.

    Web development changes year over year, if not faster. MVC has been a revolutionary paradigm for modern web apps. It helped millions of developers build awesome applications and launch exciting startups.

    The post includes a Google Trends chart showing the popularity of searches for various frameworks with Laravel, Symfony and CodeIgniter taking the top three spots overall. It then starts with a high level view of some of the recent changes and trends in several of the frameworks, moving into more detail for each (and some of "the rest" including CakePHP, Zend Framework and Yii. It then discusses microservices, how they relate to MVC and the continuing importance of backend functionality.

    tagged: laravel symfony phalcon 2018 preview framework microservices mvc

    Link: http://www.zenofcoding.com/2017/12/31/php-mvc-frameworks-preview-of-2018-phalcon-3-symfony-4-laravel-5-x-and-others/

    Nwanze Franklin:
    Deep dive into middlewares in Laravel
    Dec 14, 2017 @ 12:46:48

    Nwanze Franklin has posted a tutorial to the Dev.to site sharing a deep dive into middlewares in Laravel. Middleware is a powerful tool that can allow you to work with the request and response objects in your application in a more reproducible and contained manner.

    What is a Laravel middleware? It is a feature in Laravel which provides a mechanism for filtering HTTP requests entering your application. This allows you to hook into Laravel request processing work flow to perform some kind of logic that decides how your application works.

    What would you use middleware for? Protecting your routes, setting headers on HTTP responses, logging requests to your application, sanitizing incoming parameters, enable site-wide maintenance mode [and] manipulating responses generated by your application.

    The tutorial then starts in on the code, showing how to create a custom middleware and the code that's generated by the artisan command. It covers the differences between global and route middleware, how to register a middleware and assigning it to a route. It ends with a look at using parameters in middleware and how to access them from the controller.

    tagged: middleware laravel tutorial introduction framework route global

    Link: https://dev.to/franko4don/deep-dive-into-middlewares-in-laravel-doo