Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Easy Laravel Book:
How Laravel 5 Prevents SQL Injection, CSRF, and XSS
Jul 23, 2015 @ 16:05:15

Jason Gilmore has posted an article to the Easy Laravel Book site with a bit more detail about how the framework prevents some common security issues including SQL injection and cross-site request forgery.

A reader recently e-mailed me and asked about Laravel 5’s native security features. While I talk about various security-related matters throughout the book, this information isn’t consolidated into any particular chapter and so I thought it would be useful to do so in a single blog post. Laravel helps to secure your web application by protecting against three serious security risks: SQL injection, cross-site request forgery, and cross-site scripting.

He goes through each of the types and talks about the built-in functionality Laravel includes to protect against each one. A bit of code is tossed in when needed to help clarify the point too. Fortunately for the user, a good bit of the technical pieces of these protections are behind the scenes and don't need much effort to use.

tagged: laravel5 sqlinjection csrf xss prevention framework tools

Link: http://www.easylaravelbook.com/blog/2015/07/22/how-laravel-5-prevents-sql-injection-cross-site-request-forgery-and-cross-site-scripting/

ServerGrove Blog:
Linters for PHP projects
Jun 03, 2015 @ 12:34:53

In a new post to the ServerGrove blog they look at linting tools for various circumstances including standard PHP, Twig templates and Composer configuration.

Today’s projects are built up from dozens of different components, configuration files, third-party libraries, tests, build scripts, etc. And even if you have the greatest test suite, bad things can happen sometimes. It’s important to catch bugs as early as possible, and syntax validators can be a great (and easy) addition to your continuous integration system. You would be surprised at how many problems are caused by syntax errors. At ServerGrove, we see these kind of problems with our clients almost every day.

Their list shows you how to lint (syntax check) several different types of content:

  • standard PHP code
  • Twig templates
  • Composer configuration
  • XML files
  • Bash scripts
  • JSON files
  • YAML files

Some of them use tools that already come built-in (like PHP's "-l" or Twig's "twig:lint") but others require the use of external software such as xmllint or melody. Command examples are also included for each.

tagged: lint project types twig bash composer xml json yaml tools

Link: http://blog.servergrove.com/2015/06/02/linters-php-projects/

Sound of Symfony Podcast:
Episode 7 - Talking about tools
Apr 20, 2015 @ 11:52:19

The Sound of Symfony podcast has returned with a new episode (#7) where they talk about tools and catch up on some of the news they missed while they were out.

In this much delayed episode we discuss the huge backlog of news that we've missed, we talk to Benjamin Eberlei about development tools, and we talk about the upcoming Symfony conferences. Next episode will be released on May 17th.

You can listen to this latest episode either through the in-page audio player or by downloading the mp3. If you enjoy the show be sure to subscribe to their feed to get the latest shows as they're released.

tagged: soundofsymfony podcast ep7 tools benjamineberlei symfony

Link: http://www.soundofsymfony.com/episode/episode-7/

Developer Drive:
40+ tools for writing better PHP
Apr 01, 2015 @ 10:56:43

The Developer Drive site has posted their top 40+ list of libraries and tools that can help developers write better PHP. Their selections range from templating libraries to request handling and even testing tools.

There are scads of PHP tools available over the internet for php developers, but finding an appropriate PHP tool is quite an arduous task and demands effort and time. Today we’ve collected 45 handy PHP development tools for developers.

Included in their list are tools such as:

Several of the libraries can be installed via Composer (another tool in their list) but other items are stand-alone software that would need to be set up outside of the application.

tagged: tools list top40 libraries software testing template framework ide server

Link: http://www.developerdrive.com/2015/03/40-tools-for-writing-better-php/

ServerGrove Blog:
Security tools for PHP projects
Mar 23, 2015 @ 12:19:13

On the ServerGrove blog there's a new post looking at some of the currently available PHP security tools you can use to help keep your applications safe.

Security is getting more and more important, and the PHP community has been doing great improvements in this topic during the last few years. From better configuration settings to provide some level of security by default to frameworks providing functionality to avoid common attacks such as XSS, CSRF or SQL injection. [...] Well, any piece of software can have bugs, and obviously open source projects are not an exception. The good point is that security researchers, once they find a vulnerability, it is reported and added to a database of known vulnerabilities. We basically need to find a way to avoid using code with known vulnerabilities, and there are some interesting tools out there to help us.

They list four tools that focus on different areas of the security of your application to help provide good basic coverage:

One thing to note, these are all automated tools so they shouldn't be relied upon exclusively to ensure the security of your application. Testing and evaluation of the codebase with these and other testing tools should always be done as well.

tagged: security tools list checker advisories roave composer iniscan versionscan

Link: http://blog.servergrove.com/2015/03/23/security-tools-php-projects/

Loosely Coupled:
Episode 19: How We Work
Feb 13, 2015 @ 09:45:50

The Loosely Coupled podcast has posted their latest episode today - Episode #19, How We Work. Join hosts Jeff Carouth and Matt Frost as they talk about work life, personal life and what tools, processes and techniques they've used during their careers to get the job done.

In this episode Jeff and Matt explore how they go about organizing their work life and our personal lives. They cover the idea of how the process evolves depending on your environment and even your personal inclinations. In 2011, Jeff wrote a blog post about the tools he used back then and realized that it has changed a little but for the most part works for him. They cover some pitfalls of processes that require tickets/stories to be broken down into parts where developers cannot understand what they’re doing or why, and how they’ve learned over time to get to that information. They also talked about learning how to be professionals and defend against situations that would impact your work or your code in negative ways. Finally they touch on Matt’s work scheduling experiment which is inspired by the Makers Schedule versus the Managers Schedule and how it has helped him be more productive.

You can listen to this latest episode either by using the in-page audio player or by downloading the episode directly and listening at your leisure. Be sure to subscribe to their feed or follow them on Twitter for the latest updates and show announcements.

tagged: looselycoupled podcast ep19 work advice tools pitfalls process professional

Link: http://looselycoupled.info/blog/2015/02/12/episode-19-how-we-work/

SitePoint PHP Blog:
PHP Tips, Resources and Best Practices for 2015
Jan 05, 2015 @ 09:59:18

The SitePoint PHP blog has shared a list of their suggestions of the best tips, resources and best practices for 2015. This includes tips about your environments, tools and techniques you can use to improve your everyday work.

PHP has had many reputations over the years, but being insecure as a language never really was one of them. The core team, all its faults notwithstanding, is rather quick in pouncing on all security matters, and updating PHP to the latest version will often allay all worries. But the end users, such as we are, tend to mess things up. We don’t update, we use outdated packages or packages with holes in them we’re not aware of, we use ancient extensions… we expose ourselves to risk in some truly creative ways.

Some of the things mentioned include:

  • Keeping your PHP up to date
  • Adopt HTTPS
  • Secure your PHP
  • Stay on the Right Way
  • Avoid Bad Packages
  • Dodge common mistakes
  • Use Virtualization

Each section comes with a description and plenty of links to point you in a good direction and get you started off right for 2015.

tagged: bestpractice tips resources list 2015 tools

Link: http://www.sitepoint.com/php-tips-resources-best-practices-2015/

Acquia Blog:
The Future of PHP is Shared Power Tools
Oct 17, 2014 @ 09:06:42

On the Acquia blog there's a recent post from Ryan Weaver from KnpLabs, well known for his contributions to the Symfony2 framework. In his post he suggests that the future of PHP is "shared power tools", less around the monolithic frameworks or installable software and more about the combinations of small pieces of code doing exactly what they need and nothing more.

[Things like Drupal, Joomla and WordPress are] painstakingly thought about and solved the same problems from scratch. And despite that, the results were incredible. How? Because they leveraged the sheer size and passion of their respective PHP communities. But it makes me wonder: what crazy things could we build if we worked together? Fortunately, we're on our way to finding that out. The PHP world is transforming and the individual armies and empires are blurring together.

He talks about how PHP developers should stop fighting the same battles and start working together using existing libraries to solve problems. He points out that applications, even the big names, are becoming more and more modular. Even Drupal has recently made the move to include Symfony packages for some of its functionality (other examples are given too). He also talks about "developer experience" in using these tools, what Symfony is doing to help it and how building on these and other components is essentially "standing on the shoulders of giants" to solve problems easier, faster and with better quality code.

tagged: acquia blog ryanweaver shared tools package library symfony2

Link: https://www.acquia.com/blog/future-php-shared-power-tools

SitePoint PHP Blog:
8 Must Have PHP Quality Assurance Tools
Jun 25, 2014 @ 09:22:42

The SitePoint PHP blog has a new post today with what it calls the eight must- have PHP QA tools to ensure the overall quality of your codebase. These tools cover everything from unit testing out to ensuring code standards are met.

The [QA Tools] site is a simple list of interesting tools that can help you properly test your application, while also analyzing it and producing interesting data for you to look at. This post will be little more than a re-iteration of some of those tools with added information, use cases and advice about them – however, we’re open to expanding this list with other QA tools you throw our way that get plenty of votes in the comments below or seem interesting and/or useful enough.

Their list of eight covers a wide range of QA needs:

  • PHPUnit
  • Behat
  • vfsStream
  • PHPLOC
  • PHP Mess Detector
  • PHP CodeSniffer
  • Dead Code Detector
  • Copy Paste Detector

For each there's a brief description and some of the commands you'll need to get it installed. Configuring them for your environment is a bit out of the scope of the article, though, so you'll have to pick that up on your own.

tagged: list eight qualityassurance tools install summary

Link: http://www.sitepoint.com/8-must-have-php-quality-assurance-tools/

Reddit.com:
PHP devs -What are your 'must have' tools and apps?
Jun 23, 2014 @ 12:54:45

If you're a PHP developer and are looking for some new tools to "up your game" and improve your development life, check out this new post to /r/php on Reddit.com. Developers of all kinds have shared tools they've found useful in their own development (and maybe you can too).

In other words, what tools make your development life easier and why? Can be anything from database design to FTP clients to workflow planners. Which tools can you just not live without?

Among the many tools on the list are things like:

  • PHP CodeSniffer
  • PHPUnit
  • IDEs like PHPStorm, Netbeans and editors like Sublime Text
  • Git
  • Composer
  • Vagrant/VirtualBox
  • Xdebug
  • Redis
  • Behat

Check out the full post for the complete (and growing) list.

tagged: musthave tools applications opinion reddit

Link: http://www.reddit.com/r/PHP/comments/28r11n/php_devs_what_are_your_must_have_tools_and_apps/