News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Paul Jones:
Semantic Versioning and Public Interfaces
June 03, 2015 @ 09:16:33

Paul Jones has an interesting post to his site that makes the link between software versioning and public interfaces your code provides. He points out that, despite semantic versioning helping to define how to version your code, there's still some ambiguity about it and backwards compatibility.

Adherence to Semantic Versioning is just The Right Thing To Do, but it turns out you have to be extra-careful when modifying public interfaces to maintain backwards compatibility. This is obvious on reflection, but I never thought about it beforehand. Thanks to Hari KT for pointing it out. Why do you have to be extra-careful with interfaces and SemVer? [...] If we remove a public method, that's clearly a BC break. If we add a non-optional parameter to an existing public method, that's also clearly a BC break. [...] However, if we add a new public method to the concrete class, that is not a BC break. Likewise, changing the signature of an existing method to add an optional parameter is not a BC break either. [...] But what happens with an interface?

He suggests that changing current functionality (such as adding a non-optional parameter) is a backwards compatibility break but in an interface so is adding a new method. By adding a method you "break" the implementation someone already has, causing plenty of trouble for the users. He wonders about the right approach for making these updates, if it's creating a new interface or just extending the current one and having users migrate. He also includes a few update notes about abstract classes and how Symfony handles BC breaks too.

0 comments voice your opinion now!
versioning public interface backwardscompatibility break bc abstract symfony

Link: http://paul-m-jones.com/archives/6136

NetTuts.com:
Protecting Your Keys From GitHub
March 05, 2015 @ 12:03:05

On the NetTuts.com site there's a new post talking about protecting your keys when using a public site like GitHub. This relates to an easy thing to forget - removing hard-coded credentials from code before pushing it public.

In December 2014, Slashdot ran an alarming story Bots Scanning GitHub To Steal Amazon EC2 Keys, based on developer and blogger Andrew Hoffman's experience trying out Ruby on Rails on Amazon with AWS S3. He inadvertently committed an application.yml file with his AWS keys. [...] It's an easy mistake and most of us have probably done a similar thing at one point or another. And it's not just AWS keys that are at risk. As our use of cloud-based services increases, the expanding use of a broad variety of service API keys can be leveraged by hackers and spammers alike.

He goes through a solution he's found to help protect those credentials, in this case working with the configuration of a Yii framework-based application. He starts with a mention of .gitignore but points out that it could have unexpected results from "quirks" in its handling. He suggests a different option - using a configuration file that lives someplace outside of the main git directory and can be referenced directly from inside the application. He provides two kinds of examples: one using a PHP-based configuration and another based on an INI file. He finishes the post with a mention about WordPress plugins and the fact that they're (usually) stored in a database and open to exposure if a SQL injection vulnerability is found.

0 comments voice your opinion now!
github protect keys commit public exposure configuration file gitignore

Link: http://code.tutsplus.com/tutorials/protecting-your-keys-from-github--cms-23002

Matthew Setter:
The Path To The First PHP Conference Talk
February 24, 2015 @ 12:08:10

Matthew Setter was encouraged by some recent conversations and conference sessions about getting out into the PHP community and taking up presenting at conferences. In his latest post he talks about some of these conversations and his ideas moving forward.

[The PHP UK Conference 2015] was an especially meaningful conference for me, as the opening keynote, by @coderabbi, moved me to take more action, more serious, dedicated, and focused action than I've taken to date. [...] I sat there thinking "WOW, I'm really a part of the community". I also started thinking I want to contribute more, and build a profile just as big as his, and many of the others at the conference. So what to do?

He talks about the encouragement from others he's gotten to get up and present at a conference and the feedback he's gotten on his (unfortunately so far) rejected submissions. He's renewing his effort, though and has plans to document his progress via a "pseudo-journal" during his journey to hopefully serve as a guide to others wanting to share their knowledge with the community. He talks some about his plan moving forward and the work he's doing on the public speaking side to improve his skills.

While not for everyone, speaking at conferences is a great way to share experience, information and start conversations about new technology. If you've ever thought about making the move, follow Matthew's journey or check out these other articles to help you get started.

0 comments voice your opinion now!
first conference talk public speaking phpuk15 community

Link: http://www.matthewsetter.com/path-first-php-conference-talk/

Fabien Potencier:
The PHP Security Advisories Database
October 27, 2014 @ 11:54:48

Fabien Pontencier has made an official announcement about a move to make the PHP Security Database the Symfony project started over a year ago. In the announcement he talks about the move to (hopefully) make it more widely adopted - pulling it out from under the Symfony namespace and into the FriendsOfPHP organization.

A year and a half ago, I was very proud to announce a new initiative to create a database of known security vulnerabilities for projects using Composer. It has been a great success so far; many people extended the database with their own advisories. As of today, we have vulnerabilities for Doctrine, DomPdf, Laravel, SabreDav, Swiftmailer, Twig, Yii, Zend Framework, and of course Symfony (we also have entries for some Symfony bundles like UserBundle, RestBundle, and JsTranslationBundle.)

[...] Today, I've decided to get one step further and to clarify my intent with this database: I don't want the database to be controlled by me or SensioLabs, I want to help people find libraries they must upgrade now. That's the reason why I've added a LICENSE for the database, which is now into the public domain.

The database has already been moved over to the FriendsOfSymfony organization and is still functioning with the SensioLabs security checker. You can find more on the database and its contents in this GitHub project.

0 comments voice your opinion now!
security advisories database public domain friendsofphp

Link: http://fabien.potencier.org/article/74/the-php-security-advisories-database

Russell Walker:
Public properties, getters and setters, or magic?
September 26, 2013 @ 09:58:36

Russell Walker has a recent post to his site looking at different ways to work with class properties including using them as public properties or using getters and setters.

Opinion seems to be divided on whether it is good practice to use public properties in PHP classes, or whether to use getter and setter methods instead (and keep the properties private or protected). A sort of hybrid third option is to use the magic methods __get() and __set(). As always, there are advantages and disadvantages to each approach, so let's take a look at them.

He breaks the rest of the post up into three sections, each with a bit of a code example and the common advantages/disadvantages. It's a good overview of the three types and, in the end, it's mostly about what works for your applications. What's his favorite?

My choice then is to use public properties most of the time, but getters and setters for critical settings that I feel need stricter control, would benefit from lazy loading, or that I want to expose in an interface.
0 comments voice your opinion now!
class property getter setter magic public opinion

Link: http://russellscottwalker.blogspot.co.uk/2013/09/public-properties-getters-and-setters.html

Brandon Savage:
The Cardinal Sin Of Object Inheritance
September 09, 2013 @ 12:38:04

Brandon Savage talks about the "cardinal sin" of working with object inheritance in PHP applications - adding public methods to a class that extends/implements another.

I know I've committed this sin, and you probably have too. The sin of which I speak is a grave one, and it violates several well known and established principles of object oriented application development. What is this sin of which I speak? It is none other than the addition of new public methods to an object that extends or implements abstract class or application interface, in violation of both the Liskov Substitution Principle and the Dependency Inversion Principle.

He talks some about the Liskov Substitution Principle first, pointing out that adding those new methods makes the new object non-replaceable as the Liskov principle requires. As far as the Dependency Inversion Principle, the practice breaks it because you'd be depending on those new methods as concrete, not abstracted from the parent. He makes a few recommendations as far as ways to prevent violating these principles including using multiple interfaces or creating multiple abstract classes for different public APIs.

0 comments voice your opinion now!
object inheritance sin solid principle public method violation

Link: http://www.brandonsavage.net/the-cardinal-sin-of-object-inheritance/

Community News:
Day Camp 4 Developers - Public Speaking for Developers
March 19, 2013 @ 13:12:35

If you're a developer and have considered getting out there and sharing your knowledge (via public speaking) but don't know where to start, you should check out the latest Day Camp 4 Developers happening this Friday (March 22nd).

Have you ever needed to give a presentation to your local user group? Do you need to present a topic to your team? Have you ever wanted to speak at a technical conference? If you answered yes to at least one of those questions then we are presenting Day Camp 4 Developers #5: Public Speaking for Developers just for you. We have selected 4 presenters that we feel are great at presenting technical topics. Each of them is a developer, each of them has a history of public speaking, and each of them has agreed to share what they have learned over the years.

This edition includes talks from some of the top well-known PHP community speakers:

  • Laura Thomson of Mozilla
  • Lorna Jane Mitchell
  • Elizabeth Naramore from Github
  • Keith Casey of Twilio

It's an online day-long event so you can participate from wherever you're at. You can still pick up tickets for the event from the main site - $40 USD for a single ticket, $100 USD for an "office party"

0 comments voice your opinion now!
daycamp4developers public speaking day event online event


Josh Adell's Blog:
GetSet Methods vs. Public Properties
March 05, 2012 @ 09:50:21

Josh Adell has a new post to his blog talking about a debate between developers over which is the better method - using public properties or getters and setters to work with values on your objects.

I was recently having a debate with a coworker over the utility of writing getter and setter methods for protected properties of classes. On the one hand, having getters and setters seems like additional boilerplate and programming overhead for very little gain. On the other hand, exposing the value properties of a class seems like bad encapsulation and will overall lead to code that is more difficult to maintain. I come down firmly on the get/set method side of the fence.

In his opinion, the getter/setter method provides an explicit interface to the class that describes what it can do and how you can work with it. He gives code examples, comparing the two methods - simple setting of properties on one object and using get*/set* methods on the other. He brings up the point that, if ever in the future you wanted to handle the data for a property differently, say always make it an array or object. He also points out that this still doesn't prevent the setting of new properties directly, so he uses the magic __get and __set to deal with that.

0 comments voice your opinion now!
getter setter public property debate example


PHPBuilder.com:
Talking to Facebook's Social Graph with PHP
November 21, 2011 @ 11:26:54

On PHPBuilder.com there's a recent post showing you how to connect your application with Facebook's graph API and grabbing the current user's public profile information.

In recent years, [Facebook's] influence has dramatically grown thanks to the Facebook Platform, a set of APIs which third-parties can use to create or extend applications which tightly integrate with Facebook.com's features and users. [...] PHP-minded developers are particularly fortunate, as the Facebook PHP SDK doesn't only provide users a powerful solution for interacting with the social graph, but because it's actively maintained by the Facebook development team is often the first of several available APIs to offer the latest features and bug fixes.

He points out the github repostory for grabbing the Facebook SDK, the information you'd get (at a minimum) from the API and the sort of detail you can expect from a user logged into your application. Sample code is included for this last example.

0 comments voice your opinion now!
facebook social graph api tutorial public information


DZone.com:
Assetic JavaScript and CSS files management
August 05, 2011 @ 09:19:26

On DZone.com today Giorgio Sironi introduces you to Assetic, an asset management tool that helps you keep things organized and easily requested by your application.

Assetic is a PHP library for managing the deployment of your assets: JavaScript, CSS and other resources which will be requested by the browser. The library has been created by Kris Wallsmith from OpenSky, an e-shop where many of the active members of the PHP community work, or worked (see Jonathan Wage/Doctrine 1 and Bulat Shakirzyanov/Imagine.)

Giorgio compares it to the more traditional method (putting them in a public folder) and how Assetic gives you an advantage over this setup. The main feature of the tool is to bundle all of your assets into one file that is then sent to the browser and interpreted there reducing the need for HTTP calls to request multiple files. An example is included showing the creation of an asset collection and the output of the files all combined into one string.

1 comment voice your opinion now!
assetic asset management css javascript public organize



Community Events

Don't see your event here?
Let us know!


interview laravel list project podcast community example programming application introduction php7 composer framework part2 series symfony opinion yii2 api language

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework