Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Andrew Embler:
Automated Dependency Injection Using Containers
Mar 13, 2018 @ 11:58:42

In a previous post to his site Andrew Embler provided a "concrete guide to dependency injection", a method to help make code easier to test and more flexible/maintainable. In this latest post he continues the series and moves to the next topic: dependency injection containers.

I recently posted about dependency injection, a guide that I hope was easy to read and understand. It's a topic that's confusing, due in no small part to its name. As I mention there, the same term defines the simple process of externally providing instance variables to a class as it does to the Container object's magical auto-instantiation of object (which also "injects dependencies.")

I'd like to talk a bit more about that. Now that we understand the term "Dependency Injection" (which is simply providing classes to classes through a constructor or a setter), let's talk about how we might make this a little less onerous.

He starts with an example from the concrete5 project where a class would require three object instances each time it would be created. Fortunately the software includes a make command that does some of this work for you. It makes use of a dependency injection container behind the scenes to get the instances it needs. He then covers cascading dependencies, some special logic for class creation and how to "get fancy with it" by defining custom logic when an instance is created.

tagged: dependency injection container concrete5 instance tutorial

Link: http://andrewembler.com/2018/03/automated-dependency-injection-using-containers

Andrew Embler:
A Concrete Guide to Dependency Injection
Mar 05, 2018 @ 13:54:48

In a new post to his site Andrew Embler provides a concrete guide to dependency injection, a look at some of the foundational principles behind dependency injection, some problems and how they could be resolved.

As we develop concrete5, we are very conscious about keeping the code base modern, so that we don't have to go through a massive, painful rewrite like we did with version 5.7. This means that we're frequently deep in the weeds, applying new concepts and functionality to new and old code alike.

[...] Here, we're going to talk about Dependency Injection. There are numerous tutorials, blog posts and Stack Overflow questions, regarding Dependency Injection – but there's always room for some more.

He starts with a look at the "old days" where dependencies were created inside of the class methods as needed and not shared. He then covers some of the problems with this approach and how a move to dependency injection (DI) can help. In his example a database object instance is created inside of the method each time it's' needed. The move to DI helps to resolve those issues by passing in the database instance instead. He finishes the post trying to clear up some of the terminology confusions around DI and briefly mentions containers (dependency injection containers) and the role they play.

tagged: dependency injection tutorial introduction guide

Link: http://andrewembler.com/2018/03/concrete-guide-dependency-injection

Nikola Poša:
Factory as a Service
Feb 19, 2018 @ 10:53:16

In a post to his site Nikola Poša looks at a method that can be used to provide a slightly different object from a dependency injection container based on other criteria: making use of a factory as a service.

Dependency Injection Containers are a great invention - when used the right way, they allow us to keep our factories and assembly logic of services outside the core business logic of our application.

By default, a service created is shared, meaning that exactly the same instance will be returned whenever service is retrieved from a container. This is a desired behaviour in most of the cases. [...] Yet certain use cases may require services to be created conditionally during runtime, such as for example based on the value of a parameter resolved from the current request.

He first covers some of the anti-patterns that could be used to resolve this issue: a setter method on the returned object, using a service manager or creating a static factory instead. He offers a solution to the problem that makes use of a factory inside of the DI container. This factory then uses configuration values from the container to set up the object and return it.

tagged: factory service dependency injection tutorial database connection

Link: https://blog.nikolaposa.in.rs/2018/02/16/factory-as-a-service/

Nikola Poša:
Using DIC the right way
Sep 05, 2017 @ 10:24:31

In a new post to his site Nikola Poša looks at dependency injection containers and shares what he thinks is the right way to use them in your applications.

DIC stands for Dependency Injection Container, which is a tool that manages the construction and wiring up of application services. It closely relates to the letter "D" of a SOLID acronym - Dependency Inversion Principle and is employed to facilitate adhering to the principle.

By their nature, DI Containers are also Service Locator implementations, design pattern that is the exact opposite to Dependency Injection. Because of that, DI Container is a double-edged sword which can mislead you if not used wisely, and ironically bring your code into a state in which there is no dependency injection at all.

He starts off by talking about two kinds of code in an application: core versus assembly. In this case "core" code is the piece of the application that are then used by "assembly" code to make things happen. He suggests that the DIC shouldn't leak into the core and should be put behind a separation between the core code and assembly code. He includes some sample code illustrating what he means and the idea of splitting out the DIC configuration to help that layer clean.

tagged: dependency injection container tutorial core assembly code abstraction leak

Link: http://blog.nikolaposa.in.rs/2017/09/03/using-dic-the-right-way/

BitExpert Blog:
Why using code as DI config is a win!
Jul 26, 2017 @ 10:58:21

In a post to the bitExpert.de site Stephan Hochdörfer explains why he thinks that using code over configuration in a DI container is a better approach than static configuration definitions.

In my recent talk on introducing Disco - the DI container with the damn coolest name(tm) - I talk about why I believe that using XML or any other non-code configuration (YAML, JSON, ...) is not a good idea. This stirred some twitter discussion recently which led to this blog post.

Just for the record, for a very long time I was part of the XML camp - just browse my collection of old talks to see for yourself. I praised XML a lot as being the only true DI configuration format.

He then goes through some of the main issues he sees with using something like XML for the dependency container's configuration:

  • An XML editor won't give you code-completion for PHP classes or methods.
  • Refactoring won't work properly in an XML configuration file.
  • An XML editor is not capable of doing proper type checks.
  • XML is just too verbose.

For each item he provides a brief explanation and an example of XML where it helps to illustrate the point.

tagged: xml configuration code disco dependency injection container opinion

Link: https://blog.bitexpert.de/blog/why-using-code-as-di-config-is-a-win/

Paul Jones:
“Action Injection” As A Code Smell
May 17, 2017 @ 11:53:16

In this recent post to his site Paul Jones suggests that "action injection" in PHP applications should be considered a "code smell" (that is, a bad practice that could indicate that the controller class is doing too much).

Circumstance has conspired to put Action Injection discussions in front of me multiple times in the past few days. Having seen the approach several times before, I have come to think that if Action Injection is the answer, you might be asking the wrong question. I find it to be a code smell, one that indicates the system needs refactoring or reorganizing.

He first covers what "action injection" is and provides an example of how it would fit in with the use of a dependency injection container. He also points to some of the frameworks that currently support this functionality natively. With that defined, he then moves into the main idea of the post - that using functionality like this is a "code smell" that could signal something that is in need of refactoring. He then provides some suggestions on things to change and mental shifts in thinking about how your application is organized. He finishes by pointing to the Action-Domain-Responder pattern as a way of implementing this and how single-action controllers can help.

tagged: action injection code smell actiondomainresponder

Link: http://paul-m-jones.com/archives/6589

PHPBuilder.com:
Using Dependency Injection in PHP
Mar 03, 2017 @ 10:05:37

The PHPBuilder.com site has posted a tutorial talking about dependency injection in PHP applications covering not only the use of dependency injection (DI) containers but also constructor, setter, property and reflection based injection methods.

Dependency injection is a software design pattern that implements the inversion of a control concept for resolving dependencies. According to this concept, a class should not configure its dependencies statically, but should be configured from the outside.

A dependency is an object that can be used (a service) and an injection is the passing of a dependency to a dependent object (a client) that would use it. Passing the service to the client, rather than allowing a client to build or find the service, is the fundamental requirement of the pattern.

The tutorial starts out with a simple example of a set of classes that depend on each other through the creation of internal objects. They then show how the different types of dependency injection can help reduce these dependencies with brief descriptions and sample code for each. The final example, a dependency injection container, gives a quick example but also links to several package options you could pull into your application including Pimple, Aura.Di and PHP-DI.

tagged: dependency injection tutorial introduction setter constructor container property

Link: http://www.phpbuilder.com/articles/application-architecture/design/using-dependency-injection-in-php.html

Evonide.com:
How we broke PHP, hacked Pornhub and earned $20,000
Jul 25, 2016 @ 12:31:48

The PornHub.com site (definitely NSFW) is a high profile site that, as it turns out, uses PHP for a lot of its functionality. In this interesting article from the Evondie Security Research Group they show how they "broke PHP and hacked PornHub (and earned a $20k USD bug bounty in the process). Don't worry, the article itself is "safe for work" as it's only descriptions and code examples of how the hack was performed.

Pornhub’s bug bounty program and its relatively high rewards on Hackerone caught our attention. That’s why we have taken the perspective of an advanced attacker with the full intent to get as deep as possible into the system, focusing on one main goal: gaining remote code execution capabilities. Thus, we left no stone unturned and attacked what Pornhub is built upon: PHP.

The post then walks you, step-by-step, through the process they followed to discover the exploit. The main entry point was through PornHub's use of the unserialize function that included a flaw allowing for code execution when a specially crafted object was injected. With the help of this they were able to "leak" out of the PHP execution and inject custom C code to be executed in the local environment. This was, in turn, then used to execute a file_get_contents on the local /etc/password file and return its contents.

tagged: pornhub hack evonide serialize code injection security

Link: https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/

Matt Allan:
Understanding Dependency Injection Containers
Jul 18, 2016 @ 11:54:54

In this recent post to his site Matt Allan introduces a concept that's become an integral part of most major PHP frameworks and applications recently: dependency injection containers.

If you are writing modern PHP, you will run across dependency injection a lot. Basically all dependency injection means is that if an object needs something, you pass it in. So if you have a class [...] you would pass in (inject) the object it needs (the dependency) instead of instantiating it in the class. Dependency injection makes your code more flexible and easier to test. If you want to learn more about dependency injection in general, check out this summary in the PHP The Right Way guide.

He then breaks down the main concept, the container, and how it is usually used to store instances of various objects and other functionality. He includes the code to create a simple container, allowing for closures to be set to "entries" values. He also shows how to update the simple container to allow for singleton handling, creating an object once and returning it over and over (useful in some cases).

tagged: dependency injection container tutorial introduction

Link: http://mattallan.org/2016/dependency-injection-containers/

SitePoint PHP Blog:
Disco with Design Patterns: A Fresh Look at Dependency Injection
Jul 01, 2016 @ 11:26:44

On the SitePoint PHP blog there's a tutorial posted giving you a "fresh look at dependency injection" using the Disco library from bitExpert.

Dependency Injection is all about code reusability. It’s a design pattern aiming to make high-level code reusable, by separating the object creation / configuration from usage.

[...] Our very own Alejandro Gervasio has explained the DI concept fantastically, and Fabien Potencier also covered it in a series. There’s one drawback to this pattern, though: when the number of dependencies grows, many objects need to be created/configured before being passed into the dependent objects. [...] In this article, we’ll demonstrate the concept [of a dependency injection container] further with a newcomer in this field: Disco.

He starts with the installation of the library via Composer and starting up the built-in PHP web server for testing. With that up and running he shows you how to create an instance of the container and set up a sample service with the configuration in the docblock comments. The tutorial then talks about the service scopes, container parameters and shows it in action to create a simple controller handling frontend. There's a bit more about configuration, the container builder functionality and the creation of a response listener when routes are requested.

tagged: tutorial disco designpattern dependency injection di library

Link: https://www.sitepoint.com/disco-with-frameworks-and-design-patterns-a-fresh-look-at-dependency-injection/