Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Johannes Schlüter:
JSON Aggregation functions
Sep 16, 2016 @ 11:53:25

Johannes Schlüter has written up an article covering an interesting feature of the latest MySQL server release related to its JSON column handling: JSON Aggregation functions.

[The JSON datatype, functions and generated columns] combined allow building very powerful applications without committing to a fixed data structure on every part, but I was missing one thing a lot: Aggregation.

A topic I'm thinking a lot about is finding ways to select nested data. In MySQL we typically have two ways for this. Either one sends multiple queries to retrieve different nesting levels or one builds JOINs which tend to deliver repetitive responses.

He points out that one solution is the GROUP_CONCAT function, but the results of this can be difficult to work with and larger data may override the small memory space allowed. Instead he introduces two new functions in v8 to help with this nested data selection: JSON_ARRAYAGG and JSON_OBJECTAGG. He provides a brief example of the use of these two functions together to replace the "concat" handling from before.

tagged: mysql json function v8 release aggregation tutorial

Link: http://schlueters.de/blog/archives/183-MySQL-8.0-JSON-Aggregation-functions.html

Fabian Schmengler:
Using class_alias to maintain BC while moving/renaming classes
Sep 09, 2016 @ 11:55:12

In a post to his site Fabian Schmengler has shown how to use class_alias to prevent breakage while renaming or moving classes around in your application during refactoring.

Sometimes you want to rename a class or move it to a different namespace. But as soon as it is used anywhere outside the package, this is breaking backwards compatibility and should not be done lightheartedly.

Luckily there is a way in PHP to have both, the old class and the new class, while deprecating the old one: class_alias().

He then gets into the details of using this handy function to define the links between the files, necessary in two different places to prevent autoloading breakage. He also offers an alternative, making use of the "autoload.files" option in the Composer configuration (but this means adding each one to that list). He finishes the post by suggesting one more thing as you update your code: making it with an @deprecated annotation to help locate it later (and flag it in your IDE of choice).

tagged: classalias function maintain backwardscompatibility move rename class refactor

Link: https://www.schmengler-se.de/en/2016/09/php-using-class_alias-to-maintain-bc-while-move-rename-classes/

Freek Van der Herten:
Debugging collections
Jun 17, 2016 @ 09:47:42

Freek Van der Herten has a post to his site with a guide about debugging collections in Laravel applications. He quickly shows how to use the "macro" functionality to gather more insight into what's happening inside.

Lately I’ve been working a lot with collections in Laravel. If you’re not in the know: a collection is a sort of super charged array with a lot of powerful functions to transform the data inside it. The only thing I found a bit of a hassle is how to debug the various steps in a collection chain. Here’s how I improved the workflow.

He shows a simple collection setup with a chain of functions being applied to transform the data inside (ex: filter, map, sortBy). He was able to get a bit more information by using the dd helper Laravel provides but it's not the most "clean" way to just wrap the collection on it. Instead he proposes he use of a "macro" to call the dd function and keep it in the flow of the methods called on the collection (as ->dd()).

tagged: debug collection laravel dd helper function macro

Link: https://murze.be/2016/06/debugging-collections/

Loggly.com:
The Ultimate Guide - PHP Logging Basics
Dec 08, 2015 @ 11:34:32

Loggly, the online logging management service, has posted a guide that aims to help you get up to speed with logging in PHP starting from the basics out to more recent changes in PHP 7.

This guide explores the basics of logging in PHP, where to find PHP logs, and how these logs help you more effectively troubleshoot problems and monitor your PHP application. There are a couple of different elements you’ll want to consider logging: errors emitted by the PHP engine itself when a core function fails or if code can’t be parsed, custom errors that your application triggers, usually caused by missing or incorrect user input and activities in your application that you may want to analyze at a later time, such as recording when a user account is updated or content in a CMS is updated

They start with a look at the configuration settings you can change to modify how and what your application logs. They also mention run-time configuration changes and the default error log locations (file-based). From there they get into some of the basic, built-in logging functions and the format of the logs they write. The next section talks about application error logs (logs based on failures in PHP itself) and an example of writing logs with JSON instead of plain text. The post ends with a look at exception handling and logging for base, custom and SPL exception types, pointing out the change in PHP 7 around the Throwable interface.

tagged: logging basics application custom tutorial function introduction configuration

Link: https://www.loggly.com/ultimate-guide/php-logging-basics/

David Sklar:
Fixing Broken UTF-8
Aug 27, 2015 @ 10:48:29

David Sklar has a post to his site showing you how to fix broken UTF-8 characters in content being passed through the normal string functions.

When working on the i18n bits of Learning PHP 7, I had a problem. My example showing how plain string functions such as strtolower() and strtoupper() mangle multibyte UTF-8 characters was making the book formatting/rendering pipeline barf. The processing tools are expecing nicely formatted, valid, UTF-8 encoded HTMLBook files. It didn’t like the mangled invalid UTF-8 characters in my example output.

To fix this, I wrote the following function to replace invalid UTF-8 sequences with the Unicode Replacement Character (U+FFFD).

He includes the code for this method that walks through the string, character by character, and checks the bytes it contains to see how it needs to be translated. There's plenty of comments in it too, explaining what it's doing as it goes along.

tagged: fix broken utf8 character function example unicode replacement

Link: http://www.sklar.com/php/2015/08/25/fixing-broken-utf8/

MyTechBuilder.com:
Optional Value Control-flows in PHP using Traits and Magic-methods
Jun 18, 2015 @ 09:44:02

The MyBuilderTech.com site has a new tutorial posted talking about the use of traits and magic methods for optional value handling.

Recently I have been interested in experimenting with different ways to handle optional values. Their are many examples that exist demonstrating the use of the Maybe/Optional structure within the PHP landscape. I would instead like to focus my attention on only looking into the concept of 'orElse', which I have found to be a prominent control-flow whilst using these types of value. Typically, in an imperative mind-set we are accustom to evaluating a value, and based on its existence - defined as falsely in this regard - follow a different course of action, and by-way result.

He gives an example of where a value is checked for null and something else happens when it is. This is a common practice in PHP development, but he's more interested in other ways of handling. The first of these ways is with traits. His example shows an "OrElse" trait that can be used to perform the same evaluation but does some extra magic based on the method name called (his example is "findByIdOrElse"). If the trait method isn't for you, he also offers another possible solution around the use of composition. In this case he uses the same trait but makes it a part of its own class that's then given the object to work with (his "repository").

The post ends with one more "bonus" method for handling optional values - a simple function ("_or") that evaluates the arguments given and returns the first that's "truthy".

tagged: optional value control flow trait magicmethod function truthy

Link: http://tech.mybuilder.com/optional-value-control-flows-in-php-using-traits-and-magic-methods/

Simon Holywell:
Memoization or function cache
May 18, 2015 @ 11:09:17

Simon Holywell's latest post shares an interesting feature of PHP's static function handling that lets you cache the results of a function call to improve performance.

A little known feature of PHP’s static keyword is that it allows for memoization or function caching. This is a process whereby a functions heavy lifting can be cached so that subsequent calls are faster. It is possible to store any value in a memoized way such as arrays or even objects. This is done without any external side effects - that is to say that the code calling the function will require no changes to support memoization.

He includes an example of this in action, showing the use of a "static" keyword on a variable over two function calls. He goes through and explains how it works and the flow of the simple function. He builds this up a bit and shows the same functionality in the handling (and parsing) of a JSON document. He then gets more into the "real world" usage of this kind of static handling, pointing out that it can be very useful for caching without the need for an external service (like memcache or redis). His final example shows the caching of a function call using the same method and dependent on the arguments provided.

tagged: function cache static example tutorial memoization

Link: https://www.simonholywell.com/post/2015/05/memoization-or-function-cache/

Anthony Ferrara:
Security Issue: Combining Bcrypt With Other Hash Functions
Mar 13, 2015 @ 09:32:02

Anthony Ferrara has a new post today looking at a potential security issue in PHP applications when using bcrypt with encryption and other hashing functions. His findings have to do with some research he did on long passwords and denial of service attacks they might lead to.

The other day, I was directed at an interesting question on StackOverflow asking if password_verify() was safe against DoS attacks using extremely long passwords. Many hashing algorithms depend on the amount of data fed into them, which affects their runtime. This can lead to a DoS attack where an attacker can provide an exceedingly long password and tie up computer resources. It's a really good question to ask of Bcrypt (and password_hash). As you may know, Bcrypt is limited to 72 character passwords. So on the surface it looks like it shouldn't be vulnerable. But I chose to dig in further to be sure. What I found surprised me.

To find out exactly how things are processed he gets down into the C code behind the PHP functionality in the crypt function. He discovers something interesting about the way it determines the length of the input password. It loops over the key, taking one byte at a time but resetting when it comes across a null byte. While this method is safe in itself, he points out the real issue - using pre-hashing before the bcrypt password checking to, possibly, allow for longer passwords.

The problem is that this method could lead to those null bytes and cause issues with the password checking, especially if opting for the use of raw data. He includes a simple script to illustrate this problem, finding a few collisions for his made up key and "random looking" password. Thankfully, he includes a method for checking to ensure the hash doesn't contain a null byte. He points out that not all hashing combinations are at risk and suggests a few alternatives that can keep your application 100% safe.

The underlying problem is that combining cryptographic operators that weren't designed to be combined can be disastrous. Is it possible to do so safely? Yes. Is it a good idea to do it? No. This particular case is just one example where combining operations can be exceedingly dangerous.
tagged: bcrypt hash function combination issue crypt null byte

Link: http://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html

Julien Pauli:
On PHP function calls
Jan 22, 2015 @ 09:58:39

Julien Pauli has a new post today sharing an interesting function optimization he found using the Blackfire execution profiler.

This blog post is a technical explanation of a PHP optimization found with BlackFire profiler into a PHP script. The related post is located here : http://blog.blackfire.io/owncloud.html

He found that a replacement of a call to strlen with an isset optimized the script by about 20%. It's not typical though, he explains. He points out that the optimization worked so well because the call was part of a loop. He gets into some of the "under the covers" details of why this speed boost happens and even includes the op code output showing the difference. He then starts getting deep into the internal code for PHP and walks through each step made in the evaluation of a string's length. He finishes the post looking at isset (not technically a function) and how it handles its data checking. He also includes information about opcode caching and how to best maximize its impact.

tagged: function call strlen loop isset internals opcode cache performance

Link: http://jpauli.github.io/2015/01/22/on-php-function-calls.html

Joe Watkins:
Mocking PHP
Jan 19, 2015 @ 12:23:39

In his latest post Joe Watkins talks about mocking PHP. No, not making fun of the language but rather mocking internal PHP functions and methods as a part of unit testing your application.

I work on a vast PHP code base, it is 3M LOC of PHP alone. It's somewhere between legacy and modern, work is ongoing. [...] When I joined the current project there were many many tests, they relied upon the kind of unholy magic that runkit allows you to perform, for the most part this worked okay for a while. However, runkit inexplicably caused many of the tests to fault, either at shutdown, or at random.

[...] So we were in a bit of a jam, I've always found runkit to be quite awkward, and now I'm staring its source code in the face knowing it represents a road block to my goal of running the latest stable versions of PHP, with the first decent optimizer that ever existed for Zend. I tackled the problem with code, code which I was allowed by my gracious employer to open source (the uopz extension).

He goes on to talk about what the actual root problem he was trying to solve was (dodging code with built-in functions), the "obvious" way to solve it using runkit or the more modern solution that uses the uopz extension. He provides an example of it in use mocking the fopen function with a "uopz_function" wrapper.

tagged: mock internal method function extension uopz unittest

Link: http://blog.krakjoe.ninja/2015/01/mocking-php.html