Recent Blog Posts
Blogs » PHP
Dynamically Typed
: PHP BlogDynamic global functions in PHP
Like many others, I prefer to use procedural PHP as a template language. While PHP’s syntax makes it a practical choice for this, there is a problem with embedding dynamic content. Most PHP applications produce HTML output, so you end up writing <?php echo htmlspecialchars($foo);?> a lot, using this technique. Or you forget it, and make your application prone to all sorts of nasty XSS attacks.
Apart from the annoyance of superfluous typing, there is a danger of getting lazy, seeing that <?php echo $foo;?> is remarkably shorter to type. In some situations, it won’t manifest itself as a problem either, since some content-types never contains HTML special characters (Numbers for example). This is particularly nasty, because errors in the view layer are notoriously hard to track down, and unlike SQL-injections — a similar problem — the consequences tend to hurt the users of a site, rather than the site directly.
KISS
Recently, I had a look at some code, written for CakePHP. My eye caught a function e, which is shorthand for echo. A single letter, regular function is undoubtedly the simplest way to extend PHP’s syntax. Thinking about it, it’s fairly obvious, but it just never occurred to me.
Well, the CakePHP …
Do less
So I got persuaded into blogging for Sitepoint and this is my first post. I’ll be writing mostly about PHP, since that’s my main area of competence, but will probably touch on related topics.
Anyway, in an attempt to not turn this into yet another “Hello World”, I figured I would reflect a bit on what’s special about PHP.
PHP doesn’t do stuff
It basically boils down to one thing; PHP doesn’t do stuff for you.
Taking a look at the hordes of extensions, which comes with PHP by default — or the overwhelming array of core functions — it may appear that PHP does an awful lot of things, but it doesn’t. Not really. This functionality is mostly passive; When you look at the language core, it makes very few assumptions about the application, you’re going to build. Instead, it supplies the tools to do so.
This is the tradition of open source. Linux is renowned for having a multitude of desktop environments, shell interpreters and whatnot. PHP follows the same organisation. It does have a one pivot point though; The language itself has only one official implementation. Well, two actually, but that’s hopefully going to be fixed eventually.
PHP doesn’t have a framework ..
These …
Win Cash for the best Facebook App!
Via digg: Our current feature article about developing for the Facebook Platform with PHP is extraordinarily timely, given the recent announcement from venture capital firm Bay Partners on Tuesday that they will be offering cash prizes for the best Facebook applications.
Dubbed the “AppFactory,” the program will grant awards of US$25,000 to $250,000 to Facebook developers using a fast-track approval process. The company hopes to make up to 50 such awards, Salil Deshpande, a partner at Bay Partners, told the E-Commerce Times.
Given that Facebook has just clocked 30 million members, there’s never been a better time to make your app even more social. Email your application for the AppFactory program to Bay Partners to be eligible.
Good and Bad PHP Code
The following is republished from the Tech Times #165.
When interviewing a PHP developer candidate for a job at SitePoint, there is one question that I almost always ask, because their answer tells me so much about the kind of programmer they are. Here’s the question: “In your mind, what are the differences between good PHP code and bad PHP code?”
The reason I like this question is because it tests more than just a candidate’s encyclopedic knowledge of PHP’s functions. Zend’s PHP certification does a good job of that (as does the test that Yahoo! issues to applicants for its PHP developer jobs, apparently).
Rather, the answer to this question tells me whether a PHP developer has, for example, experienced the pain of working with poorly-written code inherited from a careless predecessor, and whether he or she will go the extra mile to save the rest of the team from that same pain.
I don’t have a set notion of the perfect answer to the question, but I do know the kinds of things I’m hoping to hear. Just off the top of my head:
Good PHP code should be structured. Long chunks of code can be broken up into functions or methods that …
Faster PHP Apps - Profile Your Code with Xdebug
Object-oriented programming is well and truly in fashion, and PHP is no exception. So you’ve adopted the proper design patterns, built your site on the latest PHP framework, and have your database access abstracted so far that you’ve forgotten SQL.
What’s Going On?
When you first move towards object-oriented programming, the first thing you might notice is that you can give yourself a headache trying to follow the execution path through your code and the framework it’s built on.
The next thing you might notice is that your site isn’t any faster - in fact perhaps it’s slower than it was. Object-oriented programming generally aims to improve the quality, maintainability and reusability of code, but sometimes this comes at the price of some raw speed.
So we’ve got potentially slower code, and we can no longer just open up our simple PHP script and follow its execution from the top of the file to the bottom. How do we figure out exactly what’s going on inside?
Xdebug
Xdebug 2 (currently beta - I’m running 2.0.0RC3) is an indispensable PHP extension which provides various ways of debugging and analysing your code on your development server. Today, we’re interested in profiling information for PHP …
Markup Separation with Template IT
One of the more challenging things I’ve run into while doing PHP development is effectively separating presentation from program logic. In many projects, I felt I was doing a great job until I had to do a markup change and jump through a lot hurdles to make it happen. In my recent projects, I’ve starting using the HTML Template IT extension in PEAR, and its made things a lot easier.
The HTML Template IT extension provides a solid template system that allows complete separation of code and presentation. Rather than placing markup in your PHP files, the markup is contained within separate template files. Within the markup of these templates are variables that can be replaced by dynamic data when the template is parsed.
The real difference between PHP and Python
Posting in the full realization of the futility of doing so, there’s some PHP bashing (as usual) happening on reddit at the moment: PHP vs Python - the real difference, brought on by this mildly amusing image. While I can accept the points - technically it’s actually much harder in handle errors uniformly in PHP and the community is less rich in computer scientists than Python - the corresponding flame war on reddit manages to miss a different point, which is easiest expressed in code.
What’s the most significant difference between these two scripts?
<?php
$hits = 0;
printf (”Hits: %s\n”, $hits);
$hits++;
And a web.py controller (absolutely no criticism intended - picked it because I like it - discussion applies to pretty much anything non-CGI and, in fact, this is really nothing specific to Python either)…
#!/usr/bin/env python
import web
urls = ( ‘/.*’, ‘counter’ )
hits = 0
class counter:
def GET(self):
global hits
print “hits %s” % hits
hits += 1
if __name__ == “__main__”: web.run(urls, globals())
Depending on how you deploy the latter (i.e. not as a …
PHP Conference London 2007
It’s back! - just doing my bit to support the UK’s premiere PHP event. And hats off to them again for honest pricing - no inflation since last year if I remember right: £50 in advance or £75 on the day. Whether I’ll be able to get there is another story but I’d like to.
2007: The Year of OpenID (?)
A late but Happy New Year - recent silence related to starting new job at local.ch - more on that another time.
So let’s call this one the Year of OpenID - or at least the part up to March. OpenID is starting to gain traction as a solution to some (not all) online authentication problems.
While some good resources are starting to show up explaining how OpenID works, there’s a tendency towards either “here’s how to add to your blog - don’t ask difficult questions” or significant assumed knowledge. So it’s nice if you have someone around who can explain it directly, which is what happened last webtuesday, Cédric’s providing an OpenID Overview. As well as doing a great job of explaining key points of what OpenID is and is not, he also took a good stab at illustrating OpenID transactions in terms of the communication between the hosts involved, something that seems poorly documented online right now - images here.
One particular concern the talk raised regards the final redirect of an OpenID transaction, when a new account is being setup on the relying party (the site you want to register and log into) - step 6 here. As I’ve …
Rise of the Robots
Quick factual / historical note regarding Anonymizing RFI Attacks Through Google which Stefan and Ilia both referenced today.
As far as I know the notion of “programming” legitimate 3rd-party web spiders to attack other sites was first raised back in 2001 by Michal Zalewski (also wikipedia) in Against the System: Rise of the Robots.
Not that I’m hunting hacker-cred - ran into it via his book Silence on the Wire (which is a great read BTW - ever thought about how those Javascript key press events uniquely identify you?).
Sponsored Links
Logo Design, Web page Design and more!
- Custom logo designs created ‘just for you’.
- Pick the design you like best.
- Only pay if you’re satisfied with the result.
Want More Traffic?
Get up to five quotes from qualified SEO specialists, with no obligation!
Download sample chapters of any of our popular books.
