Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Ben Ramsey:
Introducing Ramsey/UUID
Apr 25, 2016 @ 10:52:14

In a new post to his site Ben Ramsey finally gets around to posting about a library of his that's not only already widely used but has already been around for a few years - his ramsey/uuid library for generating UUIDs.

It seems quite absurd for me to introduce ramsey/uuid, a library that saw its 1.0.0 release on July 19, 2012, and is now at version 3.4.1, having had 35 releases since its first, but what’s even more ludicrous is that I haven’t once blogged about this library. I mention it only in passing in my “Dates Are Hard” post. So, allow me to introduce you to perhaps a familiar face, an old friend, the ramsey/uuid library for PHP.

He starts with some of the original beginnings of the language back when Composer usage was just first taking off. He'd found other UUID implementations in PHP but none that rivaled the features found in library for other languages. He then briefly explains what a UUID is and what the RFC defines them as. He talks about the name change on the package (from the "Rhumsaa" namespace to "Ramsey") and an issue he received where UUIDs were colliding...as well as how he corrected it. He wraps up the post looking at some of what's coming for the library and what kind of improvements he'll be making in v3.4.1 and beyond.

tagged: ramsey uuid library introduction version opensource project rhumsaa improvement

Link: https://benramsey.com/blog/2016/04/ramsey-uuid/

Derick Rethans:
New MongoDB Drivers for PHP and HHVM: Cursor Behaviour
Mar 08, 2016 @ 11:52:14

Derick Rethans has posted the next part of his series looking at the new an improved MongoDB drivers for PHP in this post to his site. This time he focuses on the updates to cursor behavior from the previous versions.

We released a new version of the MongoDB driver for PHP (the mongodb extension) near the end of last year. In a previous blog post, I covered the back story of the how and why we undertook this effort. And in another post, I spoke about the architecture of the new driver. In this episode I will discuss changes in cursor behaviour.

I recently found the following comment added to the driver's documentation, on PHP.net, which read: "I noticed that ->sort is missing from the cursor. Seems like the old driver has more functionality."

The new driver certainly allows for sorting of results of queries, but no longer by calling the sort() method on the cursor object. This is because cursors are now created differently than in the old mongo extension.

He starts by talking about how the legacy driver handled its cursor functionality and when it actually performed the data lookup (hint: not until used). In the newer drivers the cursor request is made when the object is created. Because of this change, actions like "sort" and "skip" have to be sent as options on the query instead.

tagged: mongodb drivers hhvm cursor behavior difference version

Link: https://derickrethans.nl/new-drivers-part3-cursor.html

PHP.net:
PHP 5.6.18 & 5.5.32 Released
Feb 05, 2016 @ 09:49:31

On the main PHP.net site they've officially announced the release of the latest versions in the 5.6.x and 5.5.x series: PHP 5.6.18 and PHP 5.5.32.

The PHP development team announces the immediate availability of PHP [5.5.32 and 5.6.18]. This is a security release. Several security bugs were fixed in this release. All PHP [5.5 and 5.6] users are encouraged to upgrade to this version.

As always you can download this latest release from either the main downloads page or from windows.php.net for the Windows binaries. If you'd like to see exactly what was fixed in these releases, check out the full Changelog.

tagged: language version security bugfix upgrade

Link: http://php.net/archive/2016.php#id2016-02-04-3

Rasmus Lerdorf:
Upgrading PHP on the EdgeRouter Lite
Jan 26, 2016 @ 10:30:33

Rasmus Lerdorf has shared a post to his site detailing how he upgraded his EdgeRouter Lite router (hardware) to use PHP 7 for the uI handling and processing, upgrading it from the PHP 5.4 it came installed with.

After nearly 7 years of service I retired my Asus RT-16 router, which wasn't really a router, but a re-purposed wifi access point running AdvancedTomato. In its place I got a Ubiquiti EdgeRouter Lite. It is Debian-based and has a dual-core 500MHz 64-Bit MIPS CPU (Cavium Octeon+), 512M of ram and a 4G removable onboard USB stick for < $100. The router is completely open and, in fact, any advanced configuration has to be done from the command line. The Web UI has been improving, but there are still many things you can't do in it. In other words, exactly the type of device I prefer.

He made use of the open platform the router has to upgrade both the PHP installation and a bit of the web UI code to make things work happily with PHP 7. There's just three steps in his process:

  • Getting a Big-Endian MIPS64 build of PHP 7
  • Configuration (php.ini)
  • Fixing broken stuff

The "broken stuff" in this last item was only a few small changes that needed to be made to the web UI code for raw POST data fetching and session writes. He ends the post with a little summary of the performance post-changes and some about the opcode handling and memory use per request.

tagged: router edgerouter ui version language install upgrade configuration bigendian mips64 php7

Link: https://toys.lerdorf.com/archives/59-Upgrading-PHP-on-the-EdgeRouter-Lite.html

Laravel News:
Laravel Release Process
Jan 21, 2016 @ 09:22:33

On the Laravel News site they've posted about the framework release schedule for the next few minor version releases and the support levels each will include.

At Laracon 2013 in Washington D.C., Taylor announced the first official release cycle for the framework. [...] By having an official release cycle, it allows us as end users to plan around when we need to perform upgrades and also the dev team a way of knowing what is coming and when. Since this announcement all new releases have followed this schedule.

He talks briefly about the 5.1 release of the framework and how it changed up the flow by adding long term support (two years for bugfixes, three for security). He then outlines the release schedule from the 5.1 LTS release out to 5.5, the next LTS release. This is only a guideline for now and could possibly change in the future but at least it gives an idea of the schedule of things to come.

tagged: laravel framework release process schedule longtermsupport version

Link: https://laravel-news.com/2016/01/laravel-release-process/

Lorna Mitchell:
Relying on A Dev-Master Dependency in Composer
Dec 23, 2015 @ 10:52:51

In this post to her site Lorna Mitchell makes an interesting point about relying on libraries/packages that recommend using dev-master as the target of choice when installing via Composer. It started from a Tweet and lead to more discussion. She share some of that and more about her own thinking in this post.

If your project installation instructions recommend requiring dev-master in composer, I may need to reconsider my choice of package. [...] I got a few responses asking me to expand so I thought I would take the opportunity to write more than 140 characters on this topic.

She talks about the types of dependencies she prefers to add to her systems and how, usually, the code that lives in dev-master is not actually what's desired. It could be in any state after all - broken or correct. She points out three places where she'd see this kind of dependency as "okay" but points out that they are rarely seen in a mature project. She ends with a recommendation to users to look for dev-master entries in their own composer.json files and replace them with a release to prevent issues in the future.

tagged: devmaster composer dependency reliance version stable

Link: http://www.lornajane.net/posts/2015/relying-on-a-dev-master-dependency-in-composer

Laravel News:
Laravel 5.2 is released!
Dec 22, 2015 @ 11:12:47

The Laravel News site has posted about the release of Laravel 5.2, the next minor release in the 5.x series of the framework. Along with this release comes several new features and additions to current ones:

Laravel 5.2 is now officially released and available to everyone. This release features multiple authentication driver support, implicit model binding, simplified Eloquent global scopes, opt-in authentication scaffolding, middleware groups, rate limiting middleware, array validation improvements, and more.

He then gets into a bit of detail about these new features added including:

  • Auth Scaffolding
  • Implicit model binding
  • Laravel 5.2 Form Array Validation
  • Database Session Driver
  • Middleware Groups
  • Rate Limiting

There's brief code examples for each of the items (where needed) and links back to the documentation for more information on the feature's use.

tagged: laravel news release framework version v52

Link: https://laravel-news.com/2015/12/laravel-5-2-is-released/

Matt Stauffer:
Form array validation in Laravel 5.2
Dec 17, 2015 @ 11:23:35

Matt Stauffer has kicked off a new series on his blog about some of the new features in Laravel 5.2 and how to use them effectively. In this first part of the series he looks at form array validation and using it on more complex form submissions.

Form array validation simplifies the process of validating the somewhat abnormal shape of data HTML forms pass in when the array syntax is used. If you're not familiar with it, a common use case is when you allow a user to add multiple instances of the same type on one form.

[...] But how do we validate this? Prior to 5.2, it's a bunch of manual work. Now, Laravel understands this nesting structure and can validate against it uniquely.

He compares the new validation handling with a standard validator (for a single text string) and shows how a "dot" (period) notation can be used to define the more complex rules. You can even use asterisks for wildcard making at any level. Definitely a nice addition to the validation handling in the framework.

tagged: form validation array laravel5.2 version wildcard complex tutorial series part1

Link: https://mattstauffer.co/blog/form-array-validation-in-laravel-5-2

Zend Developer Zone:
On Security and PHP
Dec 14, 2015 @ 10:23:46

On the Zend Developer Zone Cal Evans has posted an article about a topic that's always hot in any development community - security. In his post, "On Security and PHP", he comments on some recent metrics reported by a larger application security company and provides a bit more realistic view into the world of PHP security (and some possible downfalls of their metrics).

Yet another consultant group has decided that their traffic stats are too low so they need to “shake things up a bit”. As usual, they picked PHP as the whipping boy. No, I am not going to link to them; too many people are already doing that unironically. [...] So we have a consulting group that has discovered that compiled languages have fewer security issues than dynamic languages. In other news, water is wet. This insight isn’t a revelation to anyone who has worked with a compiled language.

He also points out the leap they make between the PHP-related results to the two pieces of software that power a large part of the web, WordPress and Drupal. He mentions the recent installation statistics published by Jack Skinner and how, when it boils down to keeping the actual language secure, nothing is better than keeping things patched. Cal summarizes the current state of things (and where we should be heading) well:

We can all agree that PHP code used to be notoriously insecure due in part to it’s low point of entry, but so was the entire Internet. As we learn, we are writing better and more secure code. Sadly reports like the one highlighted here do nothing more than perpetuate old stereotypes. The truth is that yes, PHP code has flaws, much like Python code, node.js code, and Ruby code. We’ve got fewer this year than last, and hopefully, we will have fewer next year. We are getting better. Sadly, not all applications get better at the same rate. Some people just will not bother to patch old code. That is not a language problem, that is a people problem. (It doesn’t lessen the importance of the problem, but let’s at least properly identify it)
tagged: security zenddeveloperzone development language version

Link: http://devzone.zend.com/7052/on-security/

Symfony Blog:
Improving the Symfony Release Process
Dec 11, 2015 @ 10:49:10

On the Symfony blog there's a new post from Javier Eguiluz talking about improvements to the Symfony release process that will be starting with the 3.0.0 stable release (already release so already in place).

The Symfony Release Process is arguably one of the best selling points of the Symfony project. Thanks to our predictable and transparent process, companies can plan years in ahead their Symfony integration.

The recent launch of Symfony 2.8, which will be the last minor version of the 2.x branch, made us think about further tweaks in the release process. That's why during his past SymfonyCon Paris 2015 keynote, Fabien Potencier announced the new Symfony release process.

The main changes for the process are around how many minor versions will be published, standard vs long term support status of these releases and the timing of major/minor releases. With this schedule in place, it's projected that Symfony 4 will be released in November of 2017.

tagged: symfony release process improvement schedule minor major version

Link: http://symfony.com/blog/improving-the-symfony-release-process