But almost all the existing PHP books and online tutorials have been out of date for a long time, such that it is difficult to reflect the new features. With this practical guide, you'll learn how PHP has become a full-featured, have a basic understanding of PHP and want to bolster your skills, this is your book. If you have a basic understanding of PHP and want to bolster your skills, this is your book. Learn modern PHP features, such as namespaces.
|Language:||English, Spanish, Japanese|
|Genre:||Health & Fitness|
|ePub File Size:||19.38 MB|
|PDF File Size:||15.16 MB|
|Distribution:||Free* [*Sign up for free]|
Modern Russian Grammar Routledge Modern Grammars author Application Book Title: Expert PHP and MySQL; Book Subtitle: Application Expert. This is an excerpt of the book Modern PHP. The full book Assume we need to run a report and generate a PDF file with the results. This task. introduce you to the modern PHP programming language. virtual machine so you can run the example code in this book. a PDF report.
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together. If nothing happens, download GitHub Desktop and try again. If nothing happens, download Xcode and try again. If nothing happens, download the GitHub extension for Visual Studio and try again. Looking for a good read? Explore the books listed below and pick up one of these you will enjoy every chapter!
For example, MVC frameworks would generally provide a super object or base controller that other controllers must extend to gain access to its dependencies.
This is Inversion of Control, however, instead of loosening dependencies, this method simply moved them. Dependency Injection allows us to more elegantly solve this problem by only injecting the dependencies we need, when we need them, without the need for any hard coded dependencies at all.
The Single Responsibility Principle is about actors and high-level architecture. The largest benefit of this approach is that it enables improved code reusability. By designing our class to do just one thing, we can use or re-use it in any other program without changing it. Practically speaking, this means that we should write classes that implement and adhere to interfaces , then type-hint against those interfaces instead of specific classes.
The largest benefit of this approach is that we can very easily extend our code with support for something new without having to modify existing code, meaning that we can reduce QA time, and the risk for negative impact to the application is substantially reduced. We can deploy new code, faster, and with more confidence. The Liskov Substitution Principle is about subtyping and inheritance. For example, if we have a FileInterface interface which defines an embed method, and we have Audio and Video classes which both implement the embed method, then we can expect that the usage of the embed method will always do the thing that we intend.
If we later create a PDF class or a Gist class which implement the FileInterface interface, we will already know and understand what the embed method will do. The largest benefit of this approach is that we have the ability to build flexible and easily-configurable programs, because when we change one object of a type e.
For example, a Car or Bus class would be interested in a steeringWheel method, but a Motorcycle or Tricycle class would not. Conversely, a Motorcycle or Tricycle class would be interested in a handlebars method, but a Car or Bus class would not.
There is no need to have all of these types of vehicles implement support for both steeringWheel as well as handlebars , so we should break-apart the source interface. The Dependency Inversion Principle is about removing hard-links between discrete classes so that new functionality can be leveraged by passing a different class.
Do not depend on concretions. We can easily refactor the above example to follow this principle. There are several benefits to the Database class now depending on an interface rather than a concretion. Consider that we are working in a team and the adapter is being worked on by a colleague. In our first example, we would have to wait for said colleague to finish the adapter before we could properly mock it for our unit tests.
An even bigger benefit to this method is that our code is now much more scalable. If a year down the line we decide that we want to migrate to a different type of database, we can write an adapter that implements the original interface and injects that instead, no more refactoring would be required as we can ensure that the adapter follows the contract set by the interface.
The first thing you should understand about Dependency Injection Containers is that they are not the same thing as Dependency Injection. A container is a convenience utility that helps us implement Dependency Injection, however, they can be and often are misused to implement an anti-pattern, Service Location. Injecting a DI container as a Service Locator in to your classes arguably creates a harder dependency on the container than the dependency you are replacing.
It also makes your code much less transparent and ultimately harder to test. Most modern frameworks have their own Dependency Injection Container that allows you to wire your dependencies together through configuration. What this means in practice is that you can write application code that is as clean and de- coupled as the framework it is built on. Many times your PHP code will use a database to persist information. You have a few options to connect and interact with your database.
The recommended option until PHP 5. Native drivers are great if you are only using one database in your application, but if, for example, you are using MySQL and a little bit of MSSQL, or you need to connect to an Oracle database, then you will not be able to use the same drivers.
The mysql extension for PHP is incredibly old and has been superseded by two other extensions:. Not only did development stop long ago on mysql , but it was deprecated as of PHP 5. To save digging into your php. Even if you are not using PHP 7. Not only is that a gross oversimplification, it misses out on the advantages that mysqli provides, such as parameter binding, which is also offered in PDO. More importantly, PDO allows you to safely inject foreign input e.
This is possible using PDO statements and bound parameters. This ID should be used to fetch a user record from a database. This is the wrong way to do this:. This is terrible code. You are inserting a raw query parameter into a SQL query. This will get you hacked in a heartbeat, using a practice called SQL Injection.
Just imagine if a hacker passes in an inventive id parameter by calling a URL like http: This is correct code. It uses a bound parameter on a PDO statement. This escapes the foreign input ID before it is introduced to the database preventing potential SQL injection attacks.
You should also be aware that database connections use up resources and it was not unheard-of to have resources exhausted if connections were not implicitly closed, however this was more common in other languages. Using PDO you can implicitly close the connection by destroying the object by ensuring all remaining references to it are deleted, i. When developers first start to learn PHP, they often end up mixing their database interaction up with their presentation logic, using code that might look like this:.
While there are many other solutions to doing this - depending on if you prefer OOP or functional programming - there must be some element of separation. That is a good start. Create a simple. This is essentially the same as what most modern frameworks are doing, albeit a little more manual. You might not need to do all of that every time, but mixing together too much presentation logic and database interaction can be a real problem if you ever want to unit-test your application.
PHPBridge has a great resource called Creating a Data Class which covers a very similar topic, and is great for developers just getting used to the concept of interacting with databases. Many frameworks provide their own abstraction layer which may or may not sit on top of PDO.
These will often emulate features for one database system that is missing from another by wrapping your queries in PHP methods, giving you actual database abstraction instead of just the connection abstraction that PDO provides. This will of course add a little overhead, but if you are building a portable application that needs to work with MySQL, PostgreSQL and SQLite then a little overhead will be worth it the sake of code cleanliness.
Some abstraction layers have been built using the PSR-0 or PSR-4 namespace standards so can be installed in any application you like:. Templates provide a convenient way of separating your controller and domain logic from your presentation logic.
The main benefit to using templates is the clear separation they create between the presentation logic and the rest of your application.
Templates have the sole responsibility of displaying formatted content. They are not responsible for data lookup, persistence or other more complex tasks. This leads to cleaner, more readable code which is especially helpful in a team environment where developers work on the server-side code controllers, models and designers work on the client-side code markup. Templates also improve the organization of presentation code.
This approach encourages code reuse where larger blocks of code are broken into smaller, reusable pieces, often called partials. For example, your site header and footer can each be defined as templates, which are then included before and after each page template.
Finally, depending on the library you use, templates can offer more security by automatically escaping user-generated content. Some libraries even offer sand-boxing, where template designers are only given access to white-listed variables and functions. They are a natural choice since PHP is actually a template language itself. This is beneficial to PHP developers as there is no new syntax to learn, they know the functions available to them, and their code editors already have PHP syntax highlighting and auto-completion built-in.
Further, plain PHP templates tend to be very fast as no compiling stage is required. Outside of frameworks, libraries like Plates or Aura.
View make working with plain PHP templates easier by offering modern template functionality such as inheritance, layouts and extensions. From automatic escaping, to inheritance and simplified control structures, compiled templates are designed to be easier to write, cleaner to read and safer to use.
Compiled templates can even be shared across different languages, Mustache being a good example of this. Since these templates must be compiled there is a slight performance hit, however this is very minimal when proper caching is used.
While it does have exceptions and more of the core is starting to use them when working with objects, most of PHP itself will try to keep processing regardless of what happens, unless a fatal error occurs. This is only a notice error, and PHP will happily carry on. The only real difference is that Python will freak out over any small thing, so that developers can be super sure any potential issue or edge-case is caught, whereas PHP will keep on processing unless something extreme happens, at which point it will throw an error and report it.
PHP has several levels of error severity. The three most common types of messages are errors, notices and warnings. Notices are advisory messages caused by code that may or may not cause problems during the execution of the script, execution is not halted. Warnings are non-fatal errors, execution of the script will not be halted. These messages are used to suggest changes to your code to help ensure best interoperability and forward compatibility with upcoming versions of PHP.
You can also control whether or not errors are displayed to the screen good for development or hidden, and logged good for production. For more information on this check out the Error Reporting section. Without the error control operator, this expression could create a PHP Notice: Undefined variable: Undefined index: This might seem like a good idea, but there are a few undesirable tradeoffs. PHP handles expressions using an in a less performant way than expressions without an.
Secondly, the error control operator completely swallows the error. The error is not displayed, and the error is not sent to the error log. For example, our code above could be rewritten like this:. One instance where error suppression might make sense is where fopen fails to find a file to load. You could check for the existence of the file before you try to load it, but if the file is deleted after the check and before the fopen which might sound impossible, but it can happen then fopen will return false and throw an error.
This is potentially something PHP should resolve, but is one case where error suppression might seem like the only valid solution.
However, Xdebug has an xdebug. You can set this via your php. Use scream with care, and as a temporary debugging tool. This is a common practice implemented by a large number of modern frameworks such as Symfony and Laravel. In debug mode or dev mode both of these frameworks will display a nice and clean stack trace. There are also some packages available for better error and exception handling and reporting. Like Whoops!
By throwing errors as exceptions in development you can handle them better than the usual result, and if you see an exception during development you can wrap it in a catch statement with specific instructions on how to handle the situation. Each exception you catch instantly makes your application that little bit more robust. More information on this and details on how to use ErrorException with error handling can be found at ErrorException Class. Exceptions are a standard part of most popular programming languages, but they are often overlooked by PHP programmers.
Languages like Ruby are extremely Exception heavy, so whenever something goes wrong such as a HTTP request failing, or a DB query goes wrong, or even if an image asset could not be found, Ruby or the gems being used will throw an exception to the screen meaning you instantly know there is a mistake.
The problem here is that you have to go looking for a mistake and check the docs to see what the error method is for this class, instead of having it made extremely obvious. Another problem is when classes automatically throw an error to the screen and exit the process. When you do this you stop another developer from being able to dynamically handle that error.
Exceptions should be thrown to make a developer aware of an error; they then can choose how to handle this. The generic Exception class provides very little debugging context for the developer; however, to remedy this, it is possible to create a specialized Exception type by sub-classing the generic Exception class:.
This means you can add multiple catch blocks and handle different Exceptions differently. This can lead to the creation of a lot of custom Exceptions, some of which could have been avoided using the SPL Exceptions provided in the SPL extension. It is very important for every PHP developer to learn the basics of web application security , which can be broken down into a handful of broad topics:.
There are bad people ready and willing to exploit your web application. This is a must read for the security-conscious developer. Survive The Deep End: Eventually everyone builds a PHP application that relies on user login. Usernames and passwords are stored in a database and later used to authenticate users upon login. It is important that you properly hash passwords before storing them. Hashing and encrypting are two very different things that often get confused.
Hashing is an irreversible, one-way function. This produces a fixed-length string that cannot be feasibly reversed. This means you can compare a hash against another to determine if they both came from the same source string, but you cannot determine the original string.
If passwords are not hashed and your database is accessed by an unauthorized third-party, all user accounts are now compromised. Unlike hashing, encryption is reversible provided you have the key. Encryption is useful in other areas, but is a poor strategy for securely storing passwords. Passwords should also be individually salted by adding a random string to each password before hashing. Hashing and salting are vital as often users use the same password for multiple services and password quality can be poor.
Additionally, you should use a specialized password hashing algoithm rather than fast, general-purpose cryptographic hash function e. The short list of acceptable password hashing algorithms as of June to use are:.
In PHP 5.
It will be updated in the future to support more algorithms as needed though. Below we hash a string, and then check the hash against a new string. Never ever ever trust foreign input introduced to your PHP code. Always sanitize and validate foreign input before using it in code.
Foreign input can be anything: Remember, foreign input is not limited to form data submitted by the user.
Uploaded and downloaded files, session values, cookie data, and data from third-party web services are foreign input, too. While foreign data can be stored, combined, and accessed later, it is still foreign input. Every time you process, output, concatenate, or include data in your code, ask yourself if the data is filtered properly and can it be trusted. Data may be filtered differently based on its purpose. Another example is passing options to be executed on the command line.
One last example is accepting foreign input to determine a file to load from the filesystem. This can be exploited by changing the filename to a file path. When you use bound parameters with PDO , it will sanitize the input for you. This is very hard to do and many avoid it by using other more restricted formatting like Markdown or BBCode, although whitelisting libraries like HTML Purifier exists for this reason. It is dangerous to unserialize data from users or other untrusted sources.
You should therefore avoid unserializing untrusted data. Validation ensures that foreign input is what you expect.
For example, you may want to validate an email address, a phone number, or age when processing a registration submission. When creating configuration files for your applications, best practices recommend that one of the following methods be followed:. As of PHP 5. This is only included as a warning for anyone in the process of upgrading a legacy application. This can easily lead to security issues as your application cannot effectively tell where the data is coming from.
For example: Error logging can be useful in finding the problem spots in your application, but it can also expose information about the structure of your application to the outside world. To effectively protect your application from issues that could be caused by the output of these messages, you need to configure your server differently in development versus production live.
To show every possible error during development , configure the following settings in your php. Passing in the value -1 will show every possible error, even when new levels and constants are added in future PHP versions.
What does this mean? In terms of reporting every possible error in version 5. To hide errors on your production environment, configure your php. With these settings in production, errors will still be logged to the error logs for the web server, but will not be shown to the user. For more information on these settings, see the PHP manual:.
Writing automated tests for your PHP code is considered a best practice and can lead to well-built applications.
Automated tests are a great tool for making sure your application does not break when you are making changes or adding new functionality and should not be ignored. Test-driven development TDD is a software development process that relies on the repetition of a very short development cycle: Unit Testing is a programming approach to ensure functions, classes and methods are working as expected, from the point you build them all the way through the development cycle.
By checking values going in and out of various functions and methods, you can make sure the internal logic is working correctly. When you create a class or function you should create a unit test for each behavior it must have. At a very basic level you should make sure it errors if you send it bad arguments and make sure it works if you send it valid arguments. This will help ensure that when you make changes to this class or function later on in the development cycle that the old functionality continues to work as expected.
The other use for unit tests is contributing to open source. If you can write a test that shows broken functionality i. If you run a project which accepts pull requests then you should suggest this as a requirement. PHPUnit is the de-facto testing framework for writing unit tests for PHP applications, but there are several alternatives.
It occurs after unit testing and before validation testing. Integration testing takes as its input modules that have been unit tested, groups them in larger aggregates, applies tests defined in an integration test plan to those aggregates, and delivers as its output the integrated system ready for system testing. Many of the same tools that can be used for unit testing can be used for integration testing as many of the same principles are used. Sometimes also known as acceptance testing, functional testing consists of using tools to create automated tests that actually use your application instead of just verifying that individual units of code are behaving correctly and that individual units can speak to each other correctly.
These tools typically work using real data and simulating actual users of the application. With StoryBDD, you write human-readable stories that describe the behavior of your application. These stories can then be run as actual tests against your application. With SpecBDD, you write specifications that describe how your actual code should behave. Instead of testing a function or method, you are describing how that function or method should behave.
This framework is inspired by the RSpec project for Ruby. Besides individual testing and behavior driven frameworks, there are also a number of generic frameworks and helper libraries useful for any preferred approach taken. PaaS provides the system and network architecture necessary to run PHP applications on the web. Recently PaaS has become a popular method for deploying, hosting, and scaling PHP applications of all sizes.
It uses less memory than Apache and can better handle more concurrent requests. PHP and Apache have a long history together. Apache is wildly configurable and has many available modules to extend functionality.
It is a popular choice for shared servers and an easy setup for PHP frameworks and open source apps like WordPress. Unfortunately, Apache uses more resources than nginx by default and cannot handle as many visitors at the same time.
Apache has several possible configurations for running PHP. This configuration will be significantly more memory efficient and much faster but it is more work to set up. If you are running Apache 2. PHP has shared servers to thank for its popularity. Shared servers allow you and other developers to deploy websites to a single machine.
The upside to this is that it has become a cheap commodity. The downside is that you never know what kind of a ruckus your neighboring tenants are going to create; loading down the server or opening up security holes are the main concerns. If you find yourself doing manual database schema changes or running your tests manually before updating your files manually , think twice! With every additional manual task needed to deploy a new version of your app, the chances for potentially fatal mistakes increase.
Deployment tools can be described as a collection of scripts that handle common tasks of software deployment. Here are a few examples:. Phing can control your packaging, deployment or testing process from within a XML build file. Phing which is based on Apache Ant provides a rich set of tasks usually needed to install or update a web application and can be extended with additional custom tasks, written in PHP.
Capistrano is a system for intermediate-to-advanced programmers to execute commands in a structured, repeatable way on one or more remote machines. It is pre-configured for deploying Ruby on Rails applications, however you can successfully deploy PHP systems with it.
Successful use of Capistrano depends on a working knowledge of Ruby and Rake. Ansistrano is a couple of Ansible roles to easily manage the deployment process deploy and rollback for scripting applications such as PHP, Python and Ruby. Rocketeer gets its inspiration and philosophy from the Laravel framework. Its goal is to be fast, elegant and easy to use with smart defaults. It features multiple servers, multiple stages, atomic deploys and deployment can be performed in parallel.
Everything in the tool can be hot swapped or extended, and everything is written in PHP. Deployer is a deployment tool written in PHP. Features include running tasks in parallel, atomic deployment and keeping consistency between servers. It has support for multiple servers and environments, atomic deployment, and has some built in tasks that you can leverage for common tools and frameworks.
Managing and configuring servers can be a daunting task when faced with many servers.
They often integrate with the larger cloud hosting providers site Web Services, Heroku, DigitalOcean, etc for managing instances, which makes scaling an application a lot easier. Ansible is a tool that manages your infrastructure through YAML files.
There is an API for managing cloud instances and it can manage them through a dynamic inventory using certain tools. Puppet is a tool that has its own language and file types for managing servers and configurations. In the master-less mode you can push changes to your nodes. Chef is a powerful Ruby based system integration framework that you can build your whole server environment or virtual boxes with. Continuous Integration is a software development practice where members of a team integrate their work frequently, usually each person integrates at least daily — leading to multiple integrations per day.
Many teams find that this approach leads to significantly reduced integration problems and allows a team to develop cohesive software more rapidly. There are different ways to implement continuous integration for PHP. Travis CI has done a great job of making continuous integration a reality even for small projects. Travis CI is a hosted continuous integration service for the open source community.
Running your application on different environments in development and production can lead to strange bugs popping up when you go live. If you are developing on Windows and deploying to Linux or anything non-Windows or are developing in a team, you should consider using a virtual machine. This sounds tricky, but besides the widely known virtualization environments like VMware or VirtualBox, there are additional tools that may help you setting up a virtual environment in a few easy steps.
Vagrant helps you build your virtual boxes on top of the known virtual environments and will configure these environments based on a single configuration file. Vagrant creates folders for sharing your code between your host and your virtual machine, which means that you can create and edit your files on your host machine and then run the code inside your virtual machine.
A container is a building block which, in the simplest case, does one specific job, e. A typical LAMP application might have three containers: As with shared folders in Vagrant, you can leave your application files where they are and tell Docker where to find them.
You can generate containers from the command line see example below or, for ease of maintenance, build a docker-compose. After installing docker on your machine, you can start a web server with one command. This will initialize and launch your container. To stop and start it, simply run docker stop my-php-webserver and docker start my-php-webserver the other parameters are not needed again.
The command above shows a quick way to run a basic server. If in doubt, stick to the official repositiories.
The PHPDocker. PHP is pretty quick by itself, but bottlenecks can arise when you make remote connections, load files, etc. Thankfully, there are various tools available to speed up certain parts of your application, or reduce the number of times these various time-consuming tasks need to run. If the source code is unchanged, the opcodes will be the same, so this compilation step becomes a waste of CPU resources.
An opcode cache prevents redundant compilation by storing opcodes in memory and reusing them on successive calls. It will typically check signature or modification time of the file first, in case there have been any changes. Since PHP 5. There are times when it can be beneficial to cache individual objects in your code, such as with data that is expensive to get or database calls where the result is unlikely to change.
You can use object caching software to hold these pieces of data in memory for extremely fast access later on. If you save these items to a data store after you retrieve them, then pull them directly from the cache for following requests, you can gain a significant improvement in performance as well as reduce the load on your database servers.
The most commonly used memory object caching systems are APCu and memcached. APCu is an excellent choice for object caching, it includes a simple API for adding your own data to its memory cache and is very easy to setup and use.
Memcached on the other hand is installed as a separate service and can be accessed across the network, meaning that you can store objects in a hyper-fast data store in a central location and many different systems can pull from it. APCu data is not shared between your worker processes. First of all, we need to define those two similar concepts and other related things: Internationalization is when you organize your code so it can be adapted to different languages or regions without refactorings.
This action is usually done once - preferably, at the beginning of the project, or else you will probably need some huge changes in the source! Localization happens when you adapt the interface mainly by translating contents, based on the i18n work done before. It usually is done every time a new language or region needs support and is updated when new interface pieces are added, as they need to be available in all supported languages. Pluralization defines the rules required between distinct languages to interoperate strings containing numbers and counters.
For instance, in English when you have only one item, it is singular, and anything different from that is called plural; plural in this language is indicated by adding an S after some words, and sometimes changes parts of it.
In other languages, such as Russian or Serbian, there are two plural forms in addition to the singular - you may even find languages with a total of four, five or six forms, such as Slovenian, Irish or Arabic. This way is, however, hardly recommended for serious projects, as it poses some maintenance issues along the road - some might appear in the very beginning, such as pluralization.
The most classic way and often taken as reference for i18n and l10n is a Unix tool called gettext. It dates back to and is still a complete implementation for translating software. It is easy enough to get running, while still sporting powerful supporting tools. It is about Gettext we will be talking here. Also, to help you not get messy over the command-line, we will be presenting a great GUI application that can be used to easily update your l10n source Other tools There are common libraries used that support Gettext and other implementations of i18n.
Some of them may seem easier to install or sport additional features or i18n file formats. It uses array formats for message. Does not provide a message extractor, but does provide advanced message formatting via the intl extension including pluralized messages.
Implements a caching layer to save you from reading the filesystem every time. It also includes view helpers, and locale-aware input filters and validators. However, it has no message extractor.
Other frameworks also include i18n modules, but those are not available outside of their codebases: Laravel supports basic array files, has no automatic extractor but includes a lang helper for template files.
Yii supports array, Gettext, and database-based translation, and includes a messages extractor. It is backed by the Intl extension, available since PHP 5. If you decide to go for one of the libraries that provide no extractors, you may want to use the gettext formats, so you can use the original gettext toolchain including Poedit as described in the rest of the chapter. Gettext Installation You might need to install Gettext and the related PHP library by using your package manager, like apt-get or yum.