All news about PHP

After suffering through an inordinate number of “Whats in Your Wallet” commercials, I decided to share a few key components of my toolkit. No they do not involve faries, princesses, dragons or wierd looking centaur things. Anyhow, at the top of my chest of tools is:

• Fiddler: when dealing with modern applications with significant amounts of remote requests (aka AJAX) having a tool that can enumerate and expose these is oftentimes key to tell a developer why some component is failing. Some of my co-workers think it is magic, but I just call it Fiddler. It is one of the three reasons I ever open Internet Explorer these days (other two being SharePoint and our time sheets).
• m0n0wall: QA is an oft-overlooked, but crucial component of delivering solid, stable applications. m0n0wall is a BSD-based firewall/router/edge device that lets one create relatively complex networks with good front-end security. External stakeholders can view the applications as they live, while external developers can gain secured access to the boxes using PPPTP VPNs.
• Virtual Server: There is a lot of hype, and many outstanding questions, surrounding virtualization in production. But insofar as development goes, virtualization is a godsend. Just the ability to backup and restore the entire state of a machine by a simple copy-paste operations—as opposed to using Ghost or tweaking things by hand—can save days of your professional life.
• SecretServer: so you have a mess of development networks, and you have a mess of virtual servers, leaving you with a mess of passwords. Now, you can have one rather insecure spreadsheet containing this information. Or you can use this wonderful product to store all of these things in a secure, centralized and accessible store.
• NtBackup: Having data of any sort without having backup is about as good as not having data at all. While I will not claim that the builtin Windows backup utilities are the be-all, end-all of backup solutions, they are reasonably effective and quite available. Now the actual backup is kind of immaterial unless it is shipped offsite somehow which leads us to . . .
• FTP.exe: When used with the –s switch to load a command file, this utility will let you upload just about anything to a remote server to complete the backup operation.

So, what is in your toolkit that should be in mine?

After suffering through an inordinate number of “Whats in Your Wallet” commercials, I decided to share a few key components of my toolkit. No they do not involve faries, princesses, dragons or wierd looking centaur things. Anyhow, at the top of my chest of tools is:

• Fiddler: when dealing with modern applications with significant amounts of remote requests (aka AJAX) having a tool that can enumerate and expose these is oftentimes key to tell a developer why some component is failing. Some of my co-workers think it is magic, but I just call it Fiddler. It is one of the three reasons I ever open Internet Explorer these days (other two being SharePoint and our time sheets).
• m0n0wall: QA is an oft-overlooked, but crucial component of delivering solid, stable applications. m0n0wall is a BSD-based firewall/router/edge device that lets one create relatively complex networks with good front-end security. External stakeholders can view the applications as they live, while external developers can gain secured access to the boxes using PPPTP VPNs.
• Virtual Server: There is a lot of hype, and many outstanding questions, surrounding virtualization in production. But insofar as development goes, virtualization is a godsend. Just the ability to backup and restore the entire state of a machine by a simple copy-paste operations—as opposed to using Ghost or tweaking things by hand—can save days of your professional life.
• SecretServer: so you have a mess of development networks, and you have a mess of virtual servers, leaving you with a mess of passwords. Now, you can have one rather insecure spreadsheet containing this information. Or you can use this wonderful product to store all of these things in a secure, centralized and accessible store.
• NtBackup: Having data of any sort without having backup is about as good as not having data at all. While I will not claim that the builtin Windows backup utilities are the be-all, end-all of backup solutions, they are reasonably effective and quite available. Now the actual backup is kind of immaterial unless it is shipped offsite somehow which leads us to . . .
• FTP.exe: When used with the –s switch to load a command file, this utility will let you upload just about anything to a remote server to complete the backup operation.

So, what is in your toolkit that should be in mine?

This article provided by sitepoint.com.

The Internet Super Hero blog has posted some new tests using the mysqlnd driver for PHP and shows you how it’s all done for you to follow along at home.

PHP extensions can test their userland (PHP) functionality using so called phpt Tests. phpt Tests consist of several parts with their main part being regular PHP code to test PHP. On the website of the PHP Quality Assurance Team you can find a documentation of the phpt Tests syntax on the page Writing Tests, if your are interested in the details. Most extensions contain a tests/ subdirectory in the PHP source code to ship the tests together with C code of the extensions. So do ext/mysql and ext/mysqli.

They show the testing structure they used and some of the stats they found from their runs. The rest of the post is dedicated to how it was all set up:

implemented as phpt Tests
which need new settings
Using runtests.php to run the tests
Failing tests
Useful runtests.php options and features

They also briefly mention what a typical set of test results are (for the time the post was made).

Fernando Bassani has posted an alternative to using globals in your scripts creating global objects with the help of the Registry design pattern.

For a long time, the programming good practices tell us to avoid globals. In fact, this is a point of a large criticism in languages such as PHP. A nice solution to our global’s needs is the Registry design pattern. With it, we can have a repository with the data that has to be accessible, removing them from the global scope.

Included in the post is all the code you’ll need to get it to work. It uses a Singleton to grab the latest object and allows you to store values and define namespaces to keep data separate.

While frameworks seem to be popping out of the woodwork, Mike Willbanks has noticed something lacking a good ecommerce framework that helps the developer do simple things like work with shopping carts or connect with payment APIs.

So here is my question, besides the really shitty shopping cart objects out there is there any true components for a framework that utilizes this functionality? I say shitty shopping cart objects because just about every single open source PHP shopping cart has some of the worst design aspects I have ever seen.

His complaint is that most of the shopping cart software out there is really just procedural (or bad) code shoved into classes and called good. He suggests a more patterned approach maybe using a Factory on top of a base abstract model.

From The Bakery today, there’s a new tutorial that steps you through the process of getting the Eclipse software set up and working happily with a CakePHP installation.

So you’re on a noob on the quest for painless PHP development? You’ve started using Cake and now you’re considering the Eclipse Integrated Development Environment. These are two great first steps. All you need now is a little help getting to know Eclipse and configuring it for maximum effect with CakePHP. This tutorial gathers lots of information already out there, adds a bit of my own, and puts in all in one place.

They work through the installation, how to define a workspace for your project and getting the bake command to work directly from the local software.

In the wake of this year’s OSCON, Cal Evans has posted his PHPcentric wrapup over on the Zend Developer Zone:

The echoes from the last OSCON parties haven’t even stopped reverberating though the halls as the next convention moves in. The vendors are all long gone and the attendees are all shoved in tiny seats on their express flight back to the real world. Let’s take a quick look over our shoulder at the party that was OSCON ‘07 before answering the call of the road and heading off to the next event.

Some of his items of note included the PHP tutorials (specifically the PHP and MySQL Best Practices from Luke Welling and Laura Thomson) and the many talks including one given by Andi Gutmans covering the Zend Framework and its role in a mashup involving Yahoo’s Term Extractor and Flickr.

Secunia.com reports that multiple vulnerabilities have been found in the Joomla! content management system:

Some vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to conduct session fixation attacks, crosssite scripting attacks or HTTP response splitting attacks.

The issues are marked as less critical but users should still update to the latest version to avoid these issues:

Certain unspecified input passed in com_search, com_content and mod_login is not properly sanitised before being returned to a user
Input passed to the url parameter is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers.
An error exists in the handling of sessions and can be exploited to hijack another user’s session by tricking the user into logging in after following a specially crafted link.

See the original advisory post here.