Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
Can We Have Static Types in PHP without PHP 7 or HHVM?
Jul 26, 2016 @ 11:34:57

On the SitePoint PHP blog Younes Rafie asks the question "Can we have static types in PHP without PHP 7 or HHVM?" One of the main features introduced by both of these versions (or platforms) is the ability to type things strictly and enforce more correct data handling. Previously PHP has been a "lazy typing" language and would regularly shift the type of a variable depending on the immediate need. Obviously, this can lead to unpredictable behavior.

Now that PHP 7 has been out for a while with interesting features like error handling, null coalescing operator, scalar type declarations, etc., we often hear the people still stuck with PHP 5 saying it has a weak typing system, and that things quickly become unpredictable.

Even though this is partially true, PHP allows you to keep control of your application when you know what you’re doing.

They show how, through a series of examples, to add a bit of additional validation with exceptions to ensure the input is the correct type. However this can be a bit more time consuming and difficult to remember so the team at Box put together the augmented types extension that brings some of the static typing to PHP 5.x. They help you get it installed and working in your PHP installation and include an example of it in use with DocBlock-based type hints. The extension provides handling for the basic types as well as arrays, multiple arguments, default values and return types.

tagged: static types php7 hhvm extension augmented types tutorial

Link: https://www.sitepoint.com/can-we-have-static-types-in-php-without-php-7-or-hhvm/

Joseph Silber:
The new Closure::fromCallable() in PHP 7.1
Jul 26, 2016 @ 10:20:47

In a new post to his site Joseph Silber looks at a new feature that will be coming with the next release in the PHP 7.x series - PHP 7.1 - the ability to convert a callable type into an actual Closure instance.

With PHP 5.5 going EOL earlier this week and the PHP 7.1 beta expected later this month, now sounds like a good time to look into a neat little feature coming in 7.1: easily converting any callable into a proper Closure using the new Closure::fromCallable() method.

He starts with a quick refresher on what closures/callables are in PHP (or an introduction for those not already familiar) including a simple example with the reject handling on a Laravel collection. He then modifies the example to try to pass in a base PHP function. This doesn't work directly (as it's not technically "callable" how it's expecting) so he wraps the is_float in a closure instead. This is a bit of a hassle and not as reusable so he updates it for PHP 7.1 and uses the Closure::fromCallable handling to make it automatically. He follows this with another example use case: calling a private method with the array of object/method name from inside the class.

tagged: closure callable fromcallable php7 example introduction

Link: https://josephsilber.com/posts/2016/07/13/closure-from-callable-in-php-7-1

Michelangelo van Dam:
Compile PHP 7 on Mac OS X 10.11 "El Capitain"
Jul 19, 2016 @ 09:34:33

In a new post to his site Michelangelo van Dam has posted a guide to compiling PHP 7 on OSX "El Capitan", the latest release of the popular Apple operating system.

Apple has made a numerous changes to the way OS X (10.11) "El Capitain" uses open source elements like PHP and OpenSSL. Compiling PHP from source requires a bit more modifications.

This article is a follow-up on my previous post <a href='http://www.dragonbe.com/2015/12/installing-php-7-with-xdebug-apache-and.html">Installing PHP 7 with XDebug, Apache and MySQL on OS X Yosemite.

He then provides the commands and configuration information you'll need to get things up and running:

  • OpenSSL
  • PHP 7
  • Apache

The end result is a simple PHP 7 installation with plenty of features installed.

tagged: compile php7 mac osx elcapitan openssl apache

Link: http://www.dragonbe.com/2016/07/compile-php-7-on-mac-os-x-1011-el.html

Thijs Feryn:
What are Type Errors in PHP 7?
Jul 15, 2016 @ 09:58:19

In a new post to his site Thijs Feryn has shared an overview of the different types of type errors that can pop up in PHP 7. This includes both a text-based and video based versions depending on your preference.

PHP 7 has a concept called Type Errors. These errors are thrown on a type mismatch when interacting with functions. They can be caught just like exceptions. I created a video that explains the situation. This blog post goes into more detail and has some code examples.

The post gets into the details of the type errors including topics like:

  • new type hints that were introduced
  • how you can manually throw type errors
  • when PHP itself would throw the errors
  • type coercion

There's also a brief section about strict typing and how that changes what errors PHP might throw in your scripts.

tagged: type error php7 introduction overview video tutorial

Link: https://blog.feryn.eu/type-errors-php-7/

Paragon Initiative:
Securing a PHP Application in 2016: The Pocket Guide
Jul 11, 2016 @ 12:45:11

The Paragon Initiative has posted a new tutorial giving you a pocket guide version to securing your PHP application in 2016.

Please set aside most of what you've heard over the years; chances are, most of it just muddies the water. Security is not a product. Security is not a checklist. Security is not an absolute.

Security is a process. Security is an emergent property of a mature mindset in the face of risk.

Perfect security is not possible, but attackers do have budgets. If you raise the cost of attacking a system (your application or the networking infrastructure it depends on) so high that the entities that would be interested in defeating your security are incredibly unlikely to succeed, you'll be incredibly unlikely to be compromised.

The post talks about the "essence of security" and how most prevention methods don't even add much processing overhead or overall development time. He makes four recommendations of things to do in current and future development to help secure your applications:

  • Use PHP 7 in All New Development
  • Use HTTPS Everywhere
  • Use Security Headers
  • Use Trustworthy Reference Material

The post ends with a few other things to think about when building secure applications including raising the "cost" of attacking your system and keeping in mind that your platform may not be the attacker's "end game".

tagged: paragoninitiative secure application pocket guide top4 php7 https headers references

Link: https://paragonie.com/blog/2016/07/securing-php-application-in-2016-pocket-guide

PHP.net:
PHP 7.1.0 Alpha 3 Released
Jul 08, 2016 @ 12:57:39

The PHP development group has officially announced the release of the latest alpha in the PHP 7.1.x series: PHP 7.1.0 Alpha 3. This is a preview release and should not be used for production applications.

The PHP development team announces the immediate availability of PHP 7.1.0 Alpha 3. This release is the last alpha for 7.1.0. All users of PHP are encouraged to test this version carefully, and report any bugs and incompatibilities in the bug tracking system.

This release includes new features including an Iterable type, HTTP/2 server push support, creating closures from callables and more precise float values. You can see the full list of additions and changes in the NEWS and UPGRADING files. If you're interested in trying out this latest alpha, you can get the latest source release from here and the Windows binaries here.

tagged: language release alpha php7 preview development

Link: http://php.net/index.php#id2016-07-07-1

PHP.net:
PHP 7.1.0 Alpha 2 Released
Jun 28, 2016 @ 11:51:17

The PHP development group has officially released the latest alpha in the PHP 7.1.x series of releases. This is an alpha release and is not intended for production use.

The PHP development team announces the immediate availability of PHP 7.1.0 Alpha 2. This is the second alpha release for PHP 7.1.0. All users of PHP are encouraged to test this version carefully, and report any bugs and incompatibilities in the bug tracking system.

[...] For more information on the new features and other changes, you can read the NEWS file, or the UPGRADING file for a complete list of upgrading notes. These files can also be found in the release archive.

You can get this latest alpha release for testing on your own systems from the QA downloads page (for source) and the Windows QA site for the Windows binaries.

tagged: language release php7 alpha alpha2 preview

Link: http://php.net/index.php#id2016-06-24-1

PHP.net:
PHP 7.0.8, 5.6.23 & 5.5.37 Released
Jun 24, 2016 @ 12:15:55

The PHP development group has released the latest updates to all currently supported versions of PHP including several security fixes discovered. These latest versions are:

The PHP development team announces the immediate availability of PHP [5.5.37, 5.6.23 and 7.0.8]. This is a security release, several security bugs were fixed. All PHP [...] users are encouraged to upgrade to this version.

As always, you can get the latest source release as linked to from the main downloads page and the Windows binaries from the windows.php.net site. The full list of files can be found in the version's related Changelog.

tagged: language release bugfix security php55 php56 php7

Link: http://php.net/archive/2016.php#id2016-06-23-3

Three Devs & A Maybe:
Episode 97 - RFC Showdown for PHP 7.1 with Joe Watkins
May 12, 2016 @ 09:17:18

The Three Devs and a Maybe podcast has released their latest episode (#97) where hosts Michael Budd, Fraser Hart, Lewis Cains and Edd Mann are joined by internals developer Joe Watkins to talk about PHP RFCs targeted for PHP 7.1.

In this episode we are joined by Joe Watkins to discuss the many RFC’s that are in contention to be approved for PHP 7.1. We start off with a congratulations to Joe for his first PHP Release Manager position, highlighting what the role entails and how it is going. We then discuss the RFC process and how there has been a lot of activity over the past couple of weeks within this space.

The concept of ‘Null’ is the first group of RFC’s we discuss, followed by union/intersection types and the pipe operator. We then move on to chat about short closure syntax, functional interfaces and lexical scope within anonymous classes. Finally, we bring up the comparable RFC which has been around for many years and the benefits of having attributes within the language.

In the show notes they have links to all of the RFCs mentioned in the episode (there's lots of them) for your easy reference. You can listen to this latest episode either through the in-page audio player or by downloading the mp3 directly. If you enjoy the show, be sure to subscribe to their feed too.

tagged: threedevsandamaybe ep97 podcast joewatkins rfc php7 showdown

Link: http://threedevsandamaybe.com/rfc-showdown-for-php-7-1-with-joe-watkins/

Mark Baker:
In Search of an Anonymous Class Factory
May 03, 2016 @ 10:49:25

In a new post to his site Mark Baker take a look at anonymous classes, a new feature in PHP 7, and a challenge he took on to figure out how to apply traits to them at runtime.

One of the more interesting new features introduced to PHP with the arrival of version 7 is Anonymous Classes. [...] Then back in January (as I was waiting for my flight to the continent for PHPBenelux) I was intrigued by a request to find a way of dynamically applying Traits to a class at run-time. With time on my hands as I was sitting in the airport, I considered the problem.

His first idea was to build an anonymous class, extending the requested class that would come along with the traits/properties/functionality of the original class. He includes some of the code he tried to implement this solution and ultimately figured out that a factory would be a good approach to creating the structure. After doing some research he found a way to create the factory using some eval magic. However, this wasn't "the end of the story" as he found out some other interesting things about anonymous classes (such as the fact that they're linked to only one instance of a class, making them less reusable).

tagged: anonymous class php7 factory eval example

Link: https://markbakeruk.net/2016/05/03/in-search-of-an-anonymous-class-factory/