Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Derick Rethans:
Xdebug 2.3: Moar var_dump()
Feb 27, 2015 @ 09:58:40

Derick Rethans has a new post to his site starting a series of posts about the new features of Xdebug 2.3. In this new post he talks about an improvement that's been made to the output provided by var_dump with more information than before.

One of the new features relates to one of the first things that I added in the original Xdebug: making the var_dump() output "pretty". Xdebug replaces PHP's standard var_dump() function with its own version, as long as the xdebug.overload_var_dump setting is not set to 0. [...] Xdebug 2.3 enhances the overloading of var_dump() with the inclusion of the file name and line number where var_dump() is called at. This has been a long standing feature request.

He provides a few sample screenshots comparing the old and new output formats and mentions another handy setting, xdebug.file_link_format, that makes the resulting filename a link in a browser and lets you customize the format.

tagged: xdebug vardump overload file path information output improvement release

Link: http://derickrethans.nl/xdebug-2.3-overload-vardump.html

Stephan Hochdörfer:
Running PHPUnit via Phing on HHVM
Feb 26, 2015 @ 09:16:58

Stephan Hochdörfer has a quick post showing how he has PHPunit up and working on an HHVM instance. His problem was that the tests were actually executing using the "php" binary, not the HHVM one.

For quite some time we run the unit tests for our libs and tools against PHP and HHVM, at least that is what I thought up to now. As it turns out I missed a minor detail. [...] What happens now is that Phing is executed via HHVM but PHPUnit will still be executed via the PHP binary because the PHPUnit shell script will look for the php binary in the PATH configuration. Since we run HHVM side-by-side with PHP on our Jenkins build nodes I was not able to point /usr/bin/php to /usr/bin/hhvm - which would be the easiest and cleanest solution. I

He shares the workaround he created, creating a symbolic link between the hhvm and php binaries and then executing the Phing task to run the tests. This is being run via Jenkins and uses it's "WORKSPACE" as a container so the main "php" binary isn't overwritten.

tagged: hhvm phpunit test unittest execute binary path jenkins phing task

Link: https://blog.bitexpert.de/blog/running-phpunit-via-phing-on-hhvm/

Stephan Hochdörfer:
Defining Phing Tasks in PSR-0 style
Jan 23, 2015 @ 10:42:49

In his latest post Stephan Hochdörfer shows you how to define Phing tasks according to the PSR-0 autoloading format. Phing is a PHP-based automation tool that uses an XML configuration to execute a series of tasks.

Before anybody complains: I know that "as of 2014-10-21 PSR-0 has been marked as deprecated. PSR-4 is now recommended as an alternative." - Anyway I still think this little gem makes sense to be shared because a lot of people are probably not aware of it. I recently found out by accident that it is possible pass a task name in PSR-0 style to the "taskdef" task. In the old days you had to use the Java-like dot-style notation like this and also define the classpath to make sure the class could be loaded correct! This is ok if the task resides in the same project. If the task is located in a dependent package loaded via Composer this can get ugly.

The post is quick but provides two very handy code examples, one showing the old "dot notation" version and the other showing how to make use of the autoloader. The trick is in the classname value and using the full namespace/class name rather than the dot notation.

tagged: phing build task psr0 classname path autoload

Link: http://blog.bitexpert.de/blog/defining-phing-tasks-in-psr-0-style/

Derick Rethans:
Dead Code
Jun 18, 2014 @ 10:49:56

In his latest post Derick Rethans talks about something that plagues every project, PHP or otherwise, after its grown to a large enough size: dead code. He's been asked why his Xdebug tool finds this code in places where people don't expect, so he figured he'd answer it once and for all.

The explanation for this is rather simple. Xdebug checks code coverage by adding hooks into certain opcodes. Opcodes are the building blocks of oparrays. PHP converts each element in your script - main body, method, function - to oparrays when it parses them. The PHP engine then executes those oparrays by running some code for each opcode. Opcodes are generated, but they are not optimised. Which means that it does not remove opcodes that can not be executed.

He gets down to the opcode level and shows some output from vld on how things are being executed (and what's not). Using a simple "foo" function example, he shows the execution flow and how the "branches" of executions work through the code. In his case, the "dead code" marker is coming from the line with a closing brace from an "if" statement. He points out that it entirely depends on the lines executed as to what is marked as "dead code".

tagged: dead code xdebug path flow branch vld

Link: http://derickrethans.nl/dead-code.html

Data Structures for PHP Devs: Graphs
Aug 01, 2013 @ 09:52:34

PHPMaster.com has posted the fourth article in their "Data Structures for PHP Devs" series today, this time with a focus on graphs. He introduces some of the basic concepts behind them and covers two common problems that can be solved by them.

n one of my previous articles I introduced you to the tree data structure. Now I’d like to explore a related structure – the graph. Graphs have a number of real-world applications, such as network optimization, traffic routing, and social network analysis. Google’s PageRank, Facebook’s Graph Search, and Amazon’s and NetFlix’s recommendations are some examples of graph-driven applications. In this article I’ll explore two common problems in which graphs are used – the Least Number of Hops and Shortest-Path problems.

He explains graphs mathematically, describing them as a set of relationships between nodes and the "lines" that connect them. There's other things involved including directions and weight, but there's not too much detail on those. Instead he gets right into the problems. First is the "Least Number of Hops" and second the "Find the Shortest Path", each with some explanation and sample code of their implementation.

tagged: data structure graph tutorial least hops shortest path

Link: http://phpmaster.com/data-structures-4

Anthony Ferrara:
Is Autoloading A Good Solution?
Jul 20, 2012 @ 15:56:30

In his most recent post Anthony Ferrara takes a look at autoloading - mostly asking the question of whether the problems it has really outweigh the benefits.

The real problem that autoloaders solve is to load dependencies. [...] The normal logic that's used to justify autoloading over manual dependency loading in production is that it only loads the classes you need. Therefore you save the parsing costs of classes that you don't need. But surely that additional run-time loading has costs. So I decided to setup a test to see how expensive that additional run-time loading costs us, and to prove whether or not autoloading is worth it in production.

He gives an example of the two methods - using the spl_autoload_register method to define a loader and loading them with a defined file path instead. He found the autoloading version slower than the hard-coded (by quite a bit) but how, when the number of files is reduced, the performance gets much closer. He also briefly looks at two other pieces of file-related functionality: file_exists and require_once.

tagged: autoload solution performance static path fileexists requireonce


Sean Coates' Blog:
Use `env`
May 21, 2012 @ 11:58:34

Sean Coates has posted a reminder for PHP developers (and really anyone executing command-line scripts) to use "env" instead of hard-coding the path to the PHP interpreter.

These [support] scripts often run PHP in Gimme Bar land, and we make extensive use of the shebang syntax that uses common Unix practice of putting #!/path/to/interpreter at the beginning of our command-line code. Clearly, this is nothing special -lots of people do exactly this same thing with PHP scripts. One thing I have noticed, though, is that many developers of PHP scripts are not aware of the common Unix(y) environment helper, env.

The "env" alias makes use of your currently defined include path to track down a PHP binary to use to execute the script. Since there's only a "best practices" approach to places to put PHP on a server, the "env" usage makes your script more portable and it's one less thing to remember to change.

If you distribute a PHP application that has command-line scripts and shebang lines, I encourage you to adopt the practice of making your shebang line "#!/usr/bin/env php". Note that this doesn't just apply to PHP of course, but I've seen a definite lack of env in the PHP world.
tagged: env environment include path find executable shebang


Henrik Bjørnskov' Blog:
Symfony2: Quick tip for your security configuration
Dec 27, 2011 @ 08:40:45

Henrik Bjørnskov has a quick new post with a security tip for those using the Symfony2 framework in its configuration.

Earlier when playing around with the Security component and SecurityBundle i found that for all paths you can specify a route name and the component will match it when check for the request paths.

Setting this up in your configuration gives you more control over the paths that are matched as well as more flexibility in defining them. He includes a note about a change you might have to make to the SecurityBundle's code to get the "check_path" part working correctly. You can find out more about the SecurityBundle's integration in this blog post from Pablo Bandin.

tagged: symfony2 framework security bundle checkpath path


Josh Adell's Blog:
Path finding with Neo4j
Jun 28, 2011 @ 12:38:01

In a follow up to his previous post on using Neo4j with PHP, Josh Adell looks in a bit more detail about how to find paths in the data via a REST interface to the database.

The thing that makes graphing databases useful is the ability to find relationship paths from one node to another. There are many algorithms for finding paths efficiently, depending on the use case.

He includes some code showing the REST request (made via this client) to fetch these street-based relationships. He then creates a little sample script that provides driving directions from one intersection to another with a "findPathsTo" call. He modifies it a bit later on to use the Dijkstra algorithm.

tagged: path find neo4j graph database tutorial rest client


File Path Injection in PHP <= 5.3.6 File Update (CVE 2011-2202)
Jun 21, 2011 @ 08:44:02

On DZone.com's PHP on Windows section today Krzysztof Kotowicz has a new post talking about a file path injection exploit in PHP versions lower than 5.3.6.

Since the thing went public before new PHP version has been released, I present full details of the latest PHP vulnerability I reported - together with some sweet demo exploit. The issue was found with fuzzing being part of my recent file upload research. And I still have some more to show in the future :)

The issue, described in more detail here on bugs.php.net (as of the time of this post, unfortunately unavailable) and his code to reproduce the issue is here. Due to a bug in the code that should strip down the upload to just the filename, certain kinds of file paths can make it through. The real problem comes in when an application blindly uses this filename to write to, possibly overwriting important files. You can see a screenshot of it in action here.

tagged: file path injection bug filename