Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

UserSnap Blog:
A Practical Guide to Building Fast Web Applications in the Cloud
Aug 14, 2015 @ 10:44:58

On the UserSnap blog Luciano Mammino has provided a guide to building fast applications in the cloud using PHP and several tools and techniques. He offers a list of six rules to follow to make building the applications fast (and fast applications).

In this post Luciano highlighted some of the most common principles you should consider while building high performing web applications (specifically on the backend part). The following concepts discussed here can be applied to any language and framework. Though this post will cover some concrete examples, design patterns and tools that are mostly used in the PHP ecosystem.

His list of rules includes tips like:

  • Avoid premature optimization
  • Defer the work you don’t need to do immediately
  • Use cache when you can
  • Prepare your app for horizontal scalability when possible

Each point comes with a paragraph or two of explanation as to why it's an issue to watch out for and some tips to help prevent it as well as tools that can help.

tagged: guide practical fast application top6 tips tools

Link: http://usersnap.com/blog/building-web-applications-cloud/

SitePoint PHP Blog:
The State of Accessibility in PHP Tools
Aug 03, 2015 @ 11:19:21

On the SitePoint PHP blog Parham Doustdar has posted a look at accessibility in PHP tools or how easy they make it for those with disabilities (such as his own blindness) to do their development work.

Usually when I tell people that I’m blind, many people ask me how I can use the computer. “Is someone reading you my messages?” I remember someone asking. Many people imagine that I have this super-nifty speech recognition software that I can just talk to, and it would do anything, even write code. Imagine dictating code to a speech recognition system! [...] I gave an answer on Quora, to someone who had asked How does a visually impaired computer programmer do programming? I recommend you go through that answer to have a better context on what I’ll be talking about in this post.

He starts with a look at how visually impaired people could normally use a computer using screen readers, interaction with the software (all through the keyboard) and some things that just can't be done with this setup. He covers some of the issues screen readers have when parsing web applications and links to the WebAIM articles page for more information there. He then gets into the IDE comparison covering essential, assistance and supplementary features as well as community engagement around accessibility issues. He compares:

  • PHPStorm
  • SublimeText
  • NetBeans
  • Eclipse-based IDEs (Zend Studio, Eclipse PDT)
  • Notepad++

Unfortunately, most of the software on his list received a rating of "zero" on the scale with the exception of Notepad++, though it still has places it falls flat.

tagged: accessibility tools blind programming ide comparison screenreader

Link: http://www.sitepoint.com/the-state-of-accessibility-in-php-tools/

Easy Laravel Book:
How Laravel 5 Prevents SQL Injection, CSRF, and XSS
Jul 23, 2015 @ 16:05:15

Jason Gilmore has posted an article to the Easy Laravel Book site with a bit more detail about how the framework prevents some common security issues including SQL injection and cross-site request forgery.

A reader recently e-mailed me and asked about Laravel 5’s native security features. While I talk about various security-related matters throughout the book, this information isn’t consolidated into any particular chapter and so I thought it would be useful to do so in a single blog post. Laravel helps to secure your web application by protecting against three serious security risks: SQL injection, cross-site request forgery, and cross-site scripting.

He goes through each of the types and talks about the built-in functionality Laravel includes to protect against each one. A bit of code is tossed in when needed to help clarify the point too. Fortunately for the user, a good bit of the technical pieces of these protections are behind the scenes and don't need much effort to use.

tagged: laravel5 sqlinjection csrf xss prevention framework tools

Link: http://www.easylaravelbook.com/blog/2015/07/22/how-laravel-5-prevents-sql-injection-cross-site-request-forgery-and-cross-site-scripting/

ServerGrove Blog:
Linters for PHP projects
Jun 03, 2015 @ 12:34:53

In a new post to the ServerGrove blog they look at linting tools for various circumstances including standard PHP, Twig templates and Composer configuration.

Today’s projects are built up from dozens of different components, configuration files, third-party libraries, tests, build scripts, etc. And even if you have the greatest test suite, bad things can happen sometimes. It’s important to catch bugs as early as possible, and syntax validators can be a great (and easy) addition to your continuous integration system. You would be surprised at how many problems are caused by syntax errors. At ServerGrove, we see these kind of problems with our clients almost every day.

Their list shows you how to lint (syntax check) several different types of content:

  • standard PHP code
  • Twig templates
  • Composer configuration
  • XML files
  • Bash scripts
  • JSON files
  • YAML files

Some of them use tools that already come built-in (like PHP's "-l" or Twig's "twig:lint") but others require the use of external software such as xmllint or melody. Command examples are also included for each.

tagged: lint project types twig bash composer xml json yaml tools

Link: http://blog.servergrove.com/2015/06/02/linters-php-projects/

Sound of Symfony Podcast:
Episode 7 - Talking about tools
Apr 20, 2015 @ 11:52:19

The Sound of Symfony podcast has returned with a new episode (#7) where they talk about tools and catch up on some of the news they missed while they were out.

In this much delayed episode we discuss the huge backlog of news that we've missed, we talk to Benjamin Eberlei about development tools, and we talk about the upcoming Symfony conferences. Next episode will be released on May 17th.

You can listen to this latest episode either through the in-page audio player or by downloading the mp3. If you enjoy the show be sure to subscribe to their feed to get the latest shows as they're released.

tagged: soundofsymfony podcast ep7 tools benjamineberlei symfony

Link: http://www.soundofsymfony.com/episode/episode-7/

Developer Drive:
40+ tools for writing better PHP
Apr 01, 2015 @ 10:56:43

The Developer Drive site has posted their top 40+ list of libraries and tools that can help developers write better PHP. Their selections range from templating libraries to request handling and even testing tools.

There are scads of PHP tools available over the internet for php developers, but finding an appropriate PHP tool is quite an arduous task and demands effort and time. Today we’ve collected 45 handy PHP development tools for developers.

Included in their list are tools such as:

Several of the libraries can be installed via Composer (another tool in their list) but other items are stand-alone software that would need to be set up outside of the application.

tagged: tools list top40 libraries software testing template framework ide server

Link: http://www.developerdrive.com/2015/03/40-tools-for-writing-better-php/

ServerGrove Blog:
Security tools for PHP projects
Mar 23, 2015 @ 12:19:13

On the ServerGrove blog there's a new post looking at some of the currently available PHP security tools you can use to help keep your applications safe.

Security is getting more and more important, and the PHP community has been doing great improvements in this topic during the last few years. From better configuration settings to provide some level of security by default to frameworks providing functionality to avoid common attacks such as XSS, CSRF or SQL injection. [...] Well, any piece of software can have bugs, and obviously open source projects are not an exception. The good point is that security researchers, once they find a vulnerability, it is reported and added to a database of known vulnerabilities. We basically need to find a way to avoid using code with known vulnerabilities, and there are some interesting tools out there to help us.

They list four tools that focus on different areas of the security of your application to help provide good basic coverage:

One thing to note, these are all automated tools so they shouldn't be relied upon exclusively to ensure the security of your application. Testing and evaluation of the codebase with these and other testing tools should always be done as well.

tagged: security tools list checker advisories roave composer iniscan versionscan

Link: http://blog.servergrove.com/2015/03/23/security-tools-php-projects/

Loosely Coupled:
Episode 19: How We Work
Feb 13, 2015 @ 09:45:50

The Loosely Coupled podcast has posted their latest episode today - Episode #19, How We Work. Join hosts Jeff Carouth and Matt Frost as they talk about work life, personal life and what tools, processes and techniques they've used during their careers to get the job done.

In this episode Jeff and Matt explore how they go about organizing their work life and our personal lives. They cover the idea of how the process evolves depending on your environment and even your personal inclinations. In 2011, Jeff wrote a blog post about the tools he used back then and realized that it has changed a little but for the most part works for him. They cover some pitfalls of processes that require tickets/stories to be broken down into parts where developers cannot understand what they’re doing or why, and how they’ve learned over time to get to that information. They also talked about learning how to be professionals and defend against situations that would impact your work or your code in negative ways. Finally they touch on Matt’s work scheduling experiment which is inspired by the Makers Schedule versus the Managers Schedule and how it has helped him be more productive.

You can listen to this latest episode either by using the in-page audio player or by downloading the episode directly and listening at your leisure. Be sure to subscribe to their feed or follow them on Twitter for the latest updates and show announcements.

tagged: looselycoupled podcast ep19 work advice tools pitfalls process professional

Link: http://looselycoupled.info/blog/2015/02/12/episode-19-how-we-work/

SitePoint PHP Blog:
PHP Tips, Resources and Best Practices for 2015
Jan 05, 2015 @ 09:59:18

The SitePoint PHP blog has shared a list of their suggestions of the best tips, resources and best practices for 2015. This includes tips about your environments, tools and techniques you can use to improve your everyday work.

PHP has had many reputations over the years, but being insecure as a language never really was one of them. The core team, all its faults notwithstanding, is rather quick in pouncing on all security matters, and updating PHP to the latest version will often allay all worries. But the end users, such as we are, tend to mess things up. We don’t update, we use outdated packages or packages with holes in them we’re not aware of, we use ancient extensions… we expose ourselves to risk in some truly creative ways.

Some of the things mentioned include:

  • Keeping your PHP up to date
  • Adopt HTTPS
  • Secure your PHP
  • Stay on the Right Way
  • Avoid Bad Packages
  • Dodge common mistakes
  • Use Virtualization

Each section comes with a description and plenty of links to point you in a good direction and get you started off right for 2015.

tagged: bestpractice tips resources list 2015 tools

Link: http://www.sitepoint.com/php-tips-resources-best-practices-2015/

Acquia Blog:
The Future of PHP is Shared Power Tools
Oct 17, 2014 @ 09:06:42

On the Acquia blog there's a recent post from Ryan Weaver from KnpLabs, well known for his contributions to the Symfony2 framework. In his post he suggests that the future of PHP is "shared power tools", less around the monolithic frameworks or installable software and more about the combinations of small pieces of code doing exactly what they need and nothing more.

[Things like Drupal, Joomla and WordPress are] painstakingly thought about and solved the same problems from scratch. And despite that, the results were incredible. How? Because they leveraged the sheer size and passion of their respective PHP communities. But it makes me wonder: what crazy things could we build if we worked together? Fortunately, we're on our way to finding that out. The PHP world is transforming and the individual armies and empires are blurring together.

He talks about how PHP developers should stop fighting the same battles and start working together using existing libraries to solve problems. He points out that applications, even the big names, are becoming more and more modular. Even Drupal has recently made the move to include Symfony packages for some of its functionality (other examples are given too). He also talks about "developer experience" in using these tools, what Symfony is doing to help it and how building on these and other components is essentially "standing on the shoulders of giants" to solve problems easier, faster and with better quality code.

tagged: acquia blog ryanweaver shared tools package library symfony2

Link: https://www.acquia.com/blog/future-php-shared-power-tools