Entries with the tag “php”

These entries are about PHP so they’re tagged with the “php” tag.

They’re likely coupled with other framework-related tags like the Laravel, Symfony or Zend Framework tags.

Run PHP Local Server Like live-server

Nov 19, 2023 macos php scripting

I’m a huge fan of the live-server package for running local HTML servers to test my HTML and Javascript code. What about if you want to run a local PHP server quickly to test something? That’s easy. But I tend to forget the exact command - so I came up with a ZSH-based solution.

Actions Should Not Have Tightly Coupled Input

Oct 12, 2023 laravel php programming

If you’re going to use an Action pattern for your application, be careful what you expect coming in as input. In fact, input should be loose and output should be tightly coupled. Let me explain…

Use PHPDoc in Laravel Blade files for autocomplete in PHPStorm

Oct 25, 2022 laravel php phpstorm

I love PHPStorm, but it can only do so much. Even with plugins like Laravel Idea, you may still have some missing features. One that I wish I had was autocomplete of models from collections or paginators in blade files. Well, turns out there’s an easy enough way to add this functionality for yourself.

Quick trick for Laravel requests saves tons of time

Sep 14, 2022 laravel php

I love Laravel request classes for validation. You should be using these whenever you can! But sometimes, writing the rules seems redundant between store and update. There’s a quick fix, though.

Be careful with prepareForValidation in Laravel

Sep 2, 2022 laravel php

The prepareForValidation() method is really useful in Laravel requests: it helps modify the incoming data so that validation might be easier. But you need to be careful that you implement it correctly and don’t mess up your data. Let me explain.

Do you even sprintf?

Jul 27, 2022 php

“Do you even lift, bro?!” What a way to ask if you work out while simultaneously insulting you. Well, maybe I shouldn’t have named this “do you even sprintf” but it really surprises me how many PHP devs forget about (or don’t even know about) this useful tool - and instead do some pretty icky looking string concatenation. Let’s take a look at what sprintf() can do for us.

Use Traits in Laravel in Policies

Jul 11, 2022 laravel php

I love using Policies in Laravel. A particularly useful feature is the interception of checks. But what if only some of our policies need that? That’s where we can judiciously use traits.

How to Break Down Laravel Unit Tests into Types

Jun 23, 2022 laravel php testing

What’s the difference between unit test, integration test, and a feature test? Which should you use for what type of test? Is it just preference or does performance factor in when using Laravel? Let me give you my take from over a decade of unit testing experience.

Add Interfaces to Laravel to Increase Code Readability and Verbosity

Jun 11, 2022 laravel php

There seems to be an endless debate: clearly written code doesn’t need comments vs comments are needed to explain code and give context. I can see both sides of this debate, but there is a middle ground. Let me show you one way.

Named function or anonymous function for PHP helper

Mar 11, 2022 php

The question is this: When creating a helper method in PHP, should you use a named function in the global scope, or an anonymous function assigned to a variable?

The State of Security of Laravel Apps in 2021

Jan 4, 2022 laravel php

The State of Security of Laravel Apps in 2021 is a whitepaper based on the quiz submissions from Laravel programmers.

Command to Quickly Show Config in Laravel

Dec 21, 2021 laravel php

What if you need to see your config quickly in Laravel from the command line? And you don’t want to use Tinker? Let me show you how I do it…

Capture and redirect all Laravel email

Dec 2, 2021 laravel php

First off, if you can use something like mailtrap I definitely recommend doing it. Mailtrap provides credentials and configuration so you can capture all of your email into a test inbox. But if that’s not possible, there is another option - and it has to do with Laravel’s mail events.

Publish Bugsnag's Laravel Configuration Only

Nov 14, 2021 laravel php

If you follow the instructions to customize the configuration of Bugsnag’s Laravel package, they’ll tell you to run vendor:publish. But this is not what I want.

How to Install a Composer package from a local zip

Nov 8, 2021 composer laravel php

I use Laravel Nova in a lot of my projects, but I’ve never liked the idea of storing the files in a local directory after download. Yes, you can use credentials for a Composer-based install, true, but I wanted something that didn’t require that. Turns out you can install packages like Laravel Nova from a zip file locally. Here’s how.

Do Not Use Laravel Tinker in Production

Oct 19, 2021 laravel php

I’ll say it again: do not install Laravel Tinker in production, and certainly do not use it. It’s a great tool to do work in your application, but only in test and development environments. That’s why I only install it in my require-dev section of my composer.json file.

Securing Laravel from Hackers

Aug 23, 2021 laravel php security

Laravel Hacker is no longer a brand. You can find my security work at MasteringLaravel.io/security

Laravel is a great framework that is pretty secure by default. However, configuration mistakes or coding errors can still leave your app open for attack. Where do you go for help?

PHP Class Constant Visibility

Apr 14, 2021 php
Since PHP 7.1, visibility has been supported on PHP class constants. Here’s a quick video about how these work and why you might want to use different visibilities.

The Importance of ToDo Tests

Mar 22, 2021 php phpunit testing

I’m not a huge fan of todo comments in code because I think they’re mainly forgotten. However, I don’t have the same opinion for PHPUnit tests. Let’s talk about why - and how to easily add them in your code.

Illustrating Why Fillable and Validated Matter in Laravel

Feb 22, 2021 laravel php security

When given a choice of methods and ways to do something, it might not be clear which way is the best. As programmers, we tend to pick the easiest, then. However, the easiest can have security implications. Let me illustrate why we should use more stringent controls in a Laravel project.

Do Not Calculate Answers to Your Unit Tests

Feb 8, 2021 php phpunit testing

Since you’re a programmer, you’re always looking for ways to be a bit more efficient. Because of this, it can be easy to fall into the trap of being too programatic, too calculation-heavy in your unit tests. But, this isn’t a test then - its just another block of quite fallible code. Let’s talk about why and show what to do instead.

Finding Slow Tests in PHPUnit 9

Jan 4, 2021 php phpunit testing

When your unit test suite gets larger, it can take quite a long time. One of the many ways to speed this up is to hunt down and fix slow tests. Let’s use PHPUnit’s test listeners to do just that.

PHPUnit Code Coverage Can Help While Writing Tests

Dec 28, 2020 php phpunit testing

It’s great to run code coverage at the very end before you push your changes. This gives you some idea what’s tested and what’s not. But you don’t have to wait till the end; code coverage can help you all throughout writing your test suite, too.

Host PHPUnit Code Coverage Image in Your Repo

Dec 15, 2020 git php testing

I’m a sucker for those little badges at the top of the README files in Github repos. I know you can get them from external services, but could I host my own? Let’s find out.

Stop Using Assert Database Has in Laravel

Apr 24, 2020 laravel php phpunit testing

Please stop using assertDatabaseHas in Laravel. There are many reasons why this is bad, and there are better options available. Let’s find out why.

Reasons Why Not to Use Doctrine with Laravel

Nov 16, 2019 laravel php

Currently, there are two pretty common packages for interacting with your database: Eloquent and Doctrine. Eloquent is part of Laravel and Doctrine, while used often on its own, is usually referenced with Symfony. If you’ve come to read this article, you’re probably versed in Doctrine and wondering why you can’t just - or shouldn’t just - use it with your new Laravel project.

Stop Using Sqlite in Laravel Unit Tests

Nov 6, 2019 php testing

tldr; Using Sqlite in Laravel (or most PHP apps) for unit testing causes false positives in unit tests. Things that work will not work when you move to production and use a different db like MySQL. Instead, spin up a test database that is the same tech and engine as your application will be.

Remember to Review Your Package Code for Security

Aug 12, 2019 laravel php security

Open source software is wonderful for many reasons. One of the best is we can see and inspect the software for vulnerabilities. But, far too many people actually do this. Let me demonstrate, using a Laravel package, how this lack of review might backfire and cause you grief.

Test Coverage is Not as Good of a Metric as You Think

Jun 9, 2019 php phpunit testing

There are a lot of debates about trying to achieve test coverage of 100%. Some people swear you need to do this. Others say, get 80% or more… the rest doesn’t matter. Each side has strong arguments.

Filter User Input Before Validation in Laravel

Jun 6, 2019 laravel php

Sometimes it makes sense to filter user input before it goes to validation. If you’re using controller-based validation in Laravel, this is pretty easy. But, if you’re doing your validation in request classes, your approach needs to be different.

SPA No Framework, API No Database

Jun 3, 2019 javascript jekyll php

The average webpage seems to contain tons of bloat and increase in size - and this is no good. I decided that I wanted to create a proof-of-concept website that would act like a single page application that didn’t require a framework like Vue or React. I only need to support the latest evergreen browsers.

Two Gotchas in Laravel Unit Testing

May 20, 2019 laravel php phpunit

There’s a struggle to balance the easy-to-use Laravel helpers and functions with very verbose, complicated methods in unit tests. As I’ve been relying on Laravel’s way of doing testing more, I’ve ran into a couple of gotchas that I should share.

What Version of Laravel is This?

Apr 29, 2019 composer laravel php

There are tons of ways to answer this question each with its own benefits. Let’s check out a few.

The Many Ways to Remove a Composer Package

Apr 22, 2019 composer php

Turns out there’s a few different mechanisms to remove a package from your composer project. It’s important to understand what each method does and what its side effects are.

Laravel 5 Middleware that Requires JSON

Mar 18, 2019 laravel php

Laravel has a built in request helper called wantsJson() that determines if the request is requesting JSON with the Accept: application/json header. But, what if you want to only accept JSON responses? I set up a Laravel middleware that rejects anything that isn’t JSON.

Composer Security Concerns with Create Project

Jan 21, 2019 composer php security

One of the lesser known pieces of functionality from Composer is the ability to create a project from skeleton/scaffolding. This ability allows you to create a project structure, directory, files and requirements based on the suggested setup from the project maintainer. A common installation mechanism of Laravel uses this functionality. (Even I use it to save time and set up my own custom configuration for new project skeletons.)

Keep Data Migrations Separate from Database Migration

Jan 7, 2019 laravel mysql php

By now, you’ve probably written many database migrations in Laravel. But, then something else happens. Perhaps your business model changed, your data attributes changed or you’re just refactoring to a stronger architecture. Doesn’t matter which, you’re going to need to convert and migrate some data.

Techniques to Battle Expensive PHP Constructors

Dec 31, 2018 php

Whether you’ve made the class yourself or you’re using a pre-made SDK, there are times when the construction of an object might be expensive. Expense, in this case, pertains to memory, time, CPU cycles, basically anything that is above baseline.

HTTP Only Cookies Aren't Perfectly Secure

Dec 10, 2018 javascript php security

When you’re creating cookies on your server side application, it’s good security practice to flag the cookie as HTTP Only. This way, it instructs the browser that it should sandbox this cookie from the client side scripts. It still will send it between client and server on each subsequent request, but javascript can’t access it directly.

PHPUnit Runs Data Provider Before Setup

Dec 3, 2018 php phpunit testing

I started noticing a disturbing trend on one of my projects: developers were doing too much logic in the setup and data provider methods of their PHPUnit tests. However, before we could address this, a “limitation” popped up which helped them kick this habit.

Better failing tests with Mockery::on()

Oct 15, 2018 mockery php testing

In an earlier post titled Use $this->fail() with Mockery::on(), I explained the challenges of debugging a failing test with the closure passed to Mockery::on(). Instead of returning false, I opted to use $this->fail() - which seemed like a good idea at the time. After all, I was doing my test, then failing with a useful bit of information. (Previous to this, it would just say that you don’t have a matching handler for this assertion, which was really confusing).

Tools You Need for Measuring Everything and Anything

Sep 18, 2018 misc-web mysql php programming

Measurement is important. Metrics, while not sexy, are concrete to a good business strategy. When you bring a problem to your superiors, they’re going to want to know what is your measurement, what metrics did you use to determine this is a problem. With tasks I’ve given developers, I’ve always said “show me the metrics that your fix is better” versus just looking at the code.

Quick Honey Pots in Laravel

Aug 18, 2018 laravel php

When someone breaches the security of a web app, sometimes it’s not discovered to weeks or months later. There are a number of tools that specialize in intrusion detection, but they may be costly or difficult to set up. Another idea is to use a canary in the coal mine or a honey pot. Here we’ll talk about the concept and then demonstrate some easy and quick methods.

Adding CSV Responses to Laravel Using Macros

Aug 3, 2018 laravel php

Laravel has a lot of the most common functionality built into the framework. However, decisions need to be made to balance the needs of the majority of use cases with the stability and agility that programmers need. No one really wants a bloated library. Because of this, you might find that you need functionality that is not directly built into Laravel. When I started working with Laravel-based CSV responses, this was the case. (This article is based on Laravel 5.6.)

Understand the Tech Before Getting a Package

Jun 13, 2018 javascript php programming

How often have you heard this phrase?

Get All iMessage Attachments

Jun 4, 2018 macos php

The other day I was looking for an image from one of my iMessage chats. When you browse through the attachments on the iPhone, it takes forever to scroll through them. At one point, I kept having the iMessage app crash as well (I think I was maybe 400 or 500 images into the history). Turns out, if you have your iMessage and iCloud accounts configured properly on your Mac, you’ll have duplicate copies of all the attachments (for at least the messages you haven’t deleted) on your Mac as well.

Laravel 5.4 API/Request Validate Boolean

Nov 17, 2017 laravel php

For some API work in Laravel, I wanted to validate that the incoming request parameter was a boolean value. At first I tried using the built in boolean slug validator but it didn’t accept all of the ‘boolean’ values I wanted to use. (Also there were weird scenarios where string values of false were triggering as true - like what I wrote about here.

Validate Request Parameter Not Present in Laravel 5.4

Nov 17, 2017 laravel php

You can make use of guarded or fillable attributes in Eloquent models in Laravel to help control what values you might allow to be updated via your API. But, I wanted to go a step further and actually stop certain values from being passed in. You could go pretty wild with this and try to block everything, but that’s not what I did. I made this validator.

Quick Snippet to Verify All Object Properties are Not Empty

Nov 16, 2017 php

If you check out array_filter without a callback, you’ll notice that it will basically check each array key to make sure it doesn’t equal false. If you have an object, you get call of the properties as an array using get_object_vars. This quick snippet will allow you to look at an object and verify each property is non-false (or non-empty).

For Performance, Skip Generating Hashes in Laravel Factories

Nov 15, 2017 laravel php

This isn’t a one-size-fits-all suggestion, but it’s a start to help you think about how you actually interact with factories in Laravel. They are used for test data, and are ran very often, multiple times in a row. You don’t need as much random information as you need. (In fact, a lot of times I see people overusing Faker even.)

PHPUnit Listener for Long Running Tests Update

Nov 15, 2017 php phpunit

I wrote instructions in 2011 to add a PHPUnit Listener to Watch for Long Running Tests which seem to be a bit out of date now. But, here’s a quick refresher:

Anonymous Self-Executing Functions in JavaScript and PHP

Nov 14, 2017 javascript php

I’ve used the anonymous self-executing paradigm a few times in JavaScript over the years. Something like this:

Laravel Pretty Print JSON Middleware

Nov 14, 2017 laravel php

For testing, I tend to use Postman - which gives you the option to view your API JSON responses in a preview mode (interactive), pretty and raw. But, the other day I heard someone saying sometimes they just want to invoke pretty print in their JSON responses without having to use an external tool and set up a whole environment.

Anatomy of a PHP Hack

Nov 7, 2017 php security

It’s hard to come up with a title for this - but - basically I found some rogue code the other day that I thought was pretty interesting. I was fixing a “hacked” website when I came across the source of the symptoms of the hack. One file had the following code in it:

Studly Words in Laravel

Oct 25, 2017 laravel php

In Laravel, the Support\Str class has a lot of useful methods for switching formats of strings between each other. I needed to take a hyphenated slug and change it to title case words. In Laravel land, I think this is referred to as “Studly” - because I found something very similar called Str::studly(). This converts underline or hyphenated words into a single string with capital letters. I wanted to not concatenate all of these.

The Evolution of PHP Programmers

Oct 17, 2017 misc-web php programming

I think around 2015, there was a big splash of good training online for PHP. Frameworks upgraded/changed, helped programmers write better code faster earlier than that. Before that, it was a lot of RTFM. So, before, in the earlier days (maybe somewhat still today), I think PHP developers did this:

Run A Single PHPUnit Test Only

Oct 11, 2017 php phpunit testing

Often times, I find myself targeting a single file with PHPUnit by specifying the file after the binary in the command line:

Use Dependency Injection in Laravel Console Commands

Sep 23, 2017 laravel php testing

It’s important to unit test your application code - even your console commands. So many times, I’ve seen people using the Artisan facade inside of console commands to either queue up new commands or call a different command. This makes it more difficult to unit test the application - you have to rely more on fakery (requiring you to reset your application each time then) and/or integration tests.

Why Use Private in Open Source Software

Sep 4, 2017 php programming

As a PHP programmer, I struggle to understand the reason for private methods and properties. Now, don’t get me wrong, I know the official explanation for them: “Use this to hide properties and methods from child classes” - but why? There have been a number of times when I’ve done stuff that is way more of a cluster-fnck because of private methods that I couldn’t slightly modify.

PHPUnit Stop On Failure

Aug 31, 2017 php phpunit

From time to time, I get thrown onto a project that has many, many errors in the unit tests. It can be hard to try to figure out what to fix first with so many errors on the screen. Sadly, I’ve had my scroll-back buffer filled many times.

Composer Dry Run

Aug 22, 2017 composer php

Just another case of RTFM I’m sure, but I was wondering how to preview the changes that will happen if I do a composer update on my current project. I wanted to get an idea of how many libraries would change so I could see if it would be a short or long project (potentially) to do a 3rd Party Library update. (I already hear you - and I agree - the number of files changing isn’t always indicative of how long the task to update your project’s dependencies will take. Shhh - quiet you.)

AssertSame vs AssertEqual in PHPUnit

Aug 15, 2017 php phpunit testing

When you’re testing inside of your PHPUnit test methods, you will use many assert-based methods. Two that are seemingly very similar are assertSame() and assertEqual()

Laravel Default Throttle Configuration and Common JWT Blacklist Vulnerable to Cache Attacks

Aug 7, 2017 laravel php security

One thing I like about Laravel is the amount of built-in functionality that is available. But when this functionality is left in default configuration (much like many default configuration items getting hacked), there can be consequences.

PHPUnit Test Helpers for Mockery and Non-Public Properties

Jul 12, 2017 php phpunit

I’ve written a few helpful methods and systems that help out my unit testing. There are many arguments for and against these tools (don’t test protected methods, don’t introduce global namespace methods, etc) - and those are discussions for another day - but perhaps these might help you out in the mean time.

PHPStorm File Watcher for Immediate Error Log Alerts

Jul 5, 2017 php phpstorm

When PHP errors happen, often times there is an error log. This might be in the PHP error log itself or in a log file. For example, in one of my Laravel projects, I have two log files, one for errors and one for info or debug level information.

Easily Test JSON Keys in Laravel API Response

Jun 27, 2017 laravel php phpunit

In my Laravel application, I have an end point that will retrieve a collection of Client models. I have many other unit tests that validate that my repository returns the proper clients when requested, that my client model is sound. My last test is a feature test checks that if I retrieve a list of clients from the end point there is proper pagination and client models exist. I don’t really need to test the exact values because I know this will work - from all my other tests.

Fun with Giant Integers in PHP

Jun 20, 2017 php

If you deal with integers, you validate them, right? You make sure they’re a valid integer? Well, what about the value 9223372036854775808? That’s right, that’s one more than the PHP_INT_MAX on a 64 bit system.

Use the $this->fail() method with Mockery::on()

Jun 11, 2017 mockery php testing

When you have a more complex assertion you need to make on the parameters of a mocked object, you might use the Mockery::on() method. It can be hard to tell how this fails, though, because if the assertion fails somewhere, the message is confusing - it basically says that there was no matching call to that method, which is technically correct.

Laravel Log Database Queries Based On Environment Variable

Jun 6, 2017 laravel php

A nice feature of Laravel is the ability to add a listener to the DB object’s events (or SQL queries). I’ve seen some people add this, then comment it out when it’s done, then un-comment it if they need it again. I don’t like that - I don’t want commented code in my files (also that’s why we have version control).

Issue 404 Not Found Middleware After Pagination Limit

Jun 1, 2017 laravel php

A pet-peeve of mine is pagination that doesn’t work properly. One that I ran into lately with Laravel is related to the pagination system it has built in. I was able to request pages that were larger than the last page with no discernible error. So, I decided to write a middleware to handle this issue for all of my content.

In PHP, False is Sometimes True

May 23, 2017 php

Sometimes it’s the little things that get you. This is more of just a reminder than anything else. One of the fun quirks (and I hesitate to call it a quirk because it’s technically working as defined) in PHP.

Use Anonymous Classes to Test Traits

May 11, 2017 php phpunit testing

I’m guilty of creating stub-like classes in my tests to unit test traits, sometimes. So, you end up with a special class inside your unit test file, perhaps at the bottom, that is empty but only extends the trait or something like that. This is not a good idea, but it was my only way that I could figure out how to unit-test traits separately - especially if they were made of protected methods.

PHP Interfaces Can Extend Multiple Interfaces

May 8, 2017 php

Every PHP programmer knows you can’t extend multiple classes with PHP. You can only do one - which is fine. In fact, if you need more shared code, make sure to focus on using traits instead.

Using Namespaces in Laravel Tinker

May 4, 2017 laravel php

I hate to admit it, but I do like Laravel’s Tinker package. Sometimes, just testing out your relationships on the command line before you go further is super helpful.

Fixing Laravel 5.4's Dependency on PHPUnit 5

Apr 14, 2017 laravel php phpunit testing

Normally, when I write unit tests, I don’t use Laravel’s facade and fakery methods. I do a lot of injection of services, but in one particular case, when working with the Queue system, I had to use the facade for faking the queue and asserting some jobs were pushed.

Laravel Command to Generate Swagger Documentation

Feb 20, 2017 laravel php

If you’re not using Swagger (or OpenAPI) yet to document your APIs, you should start. It’s pretty simple to get started - especially in PHP. I recommend using the swagger-php package - it’s pretty easy. Just use annotations, and then generate the Swagger definition when you’re done.

Get Better at Logging

Sep 27, 2016 misc-web php

Have you ever submitted a debug log for a piece of desktop software? I’m always enthralled at the sheer amount of information that is included in some of these error reports. It reminds me that I don’t do enough logging. As a matter of fact, I think most PHP developers don’t do enough logging.

How to Use the Same Method for Add/Update in a Doctrine App

Sep 13, 2016 php

I’m a huge fan of the service architecture paradigm - and that means that I use services in my controllers to handle persistence. I wanted to abstract the add and update methods from my services and put them into an abstract class. In addition, I didn’t want to have to specify the exact method - I just wanted to call save on the entity. Finally, I wanted to log it properly and verbosely.

Using Your Namespace for Optimum Readability

Sep 6, 2016 php

I love namespaces in PHP as much as the next programmer - but there’s always been something about namespaces in my own applications that bothered me. And that’s when I have similar or identical named services, forms, entities or models.

Doctrine Database Connection Fails in Gearman Worker

Aug 30, 2016 php

One of the things that was really bothering me when I first started using Gearman was my consistently failing doctrine database connection.

PHP Templating Languages Indicate a Problem Elsewhere

Aug 16, 2016 php

I can’t help but think a lot of PHP applications have a problem. These beautifully crafted, object oriented, highly engineered applications are still making one vital mistake. And that’s using one of the various templating libraries or languages that PHP has.

Short-hand PHP Dotenv instantiation

Aug 15, 2016 php

I’m a big fan of PHP DotEnv for creating my environment variables for my scripts. (It’s always a good thing to keep your passwords and credentials separate from your source code, according to OWASP).

Drupal Plugin with Github Updates

Jul 19, 2016 php

I’m all for coding standards and rigorous approval processes for software in app stores, I really am. However, I’m currently responsible for creating a number of different CMS plugins that all share some code. Unfortunately, that shared library will never follow the coding standards and requirements for all app stores - each has some differences. That’s why I created…

PHProblemLogger Filter Strategies

Jul 12, 2016 php

If you haven’t been following my twitter feed or my open source on github, you might not have seen that I recently released PHProblemLogger, an environment and run-time logger designed to help log everything during an error condition.

Password Complexity v2

Jun 14, 2016 php ux

Every year, they come out with a list of the top 20 most used passwords and it makes me wonder… how many users on any one of my websites are using those passwords?

Make the Reasons Overwhelming

May 16, 2016 business php

From a very young age, we’re told to brush our teeth regularly. We know we should, but it can be a struggle. The reasons to invest our important play-time aren’t always compelling. (If they were, why would some parents have to check to make sure the children had brushed their teeth before bed?)

What "type" are you?

May 9, 2016 php

When I went to a University for a Computer Science degree, a required class was Introduction to Java Programming. I remember the first thing the professor taught seemed very confusing at the time. I can still hear his voice very clearly: “So to begin with, we’ll type… string string equals new string.”

Sanity Check Values

May 5, 2016 php

When I was growing up, having chocolate milk was a huge treat. My mom would mix together some sugar and some dry cocoa powder into the glass and then slowly add milk. After some more vigorous stirring, I had my small glass of chocolate milk. It was quite the process, but it tasted great. Imagine my surprise when I found out that chocolate milk also came from the store pre-mixed!

Trust, But Verify

Apr 25, 2016 php

“Trust falls” are a team-building activity that some of my friends have had to endure. I’ve been threatened with this exercise a few times. But, I’ve never had to do it. Luckily, I’ve been able to convince my team members I will participate without having to test their bicep and shoulder strength. Or, perhaps I’m just not trusting enough. (I once worked at a place that had a few employees that were really good friends and would force-trust-fall on each other. When a group of colleagues were walking in a row, one would just throw himself backwards into the person behind him surprising them and shouting “trust fall!” This was the only “trust fall” that I was forced to participate in.)

WordPress Meetup Presentation

Apr 22, 2016 php wordpress

Here is a PDF download of the presentation I made at the Greater Milwaukee Area WordPress Meetup.

Filtering PHP

Apr 19, 2016 php

I like to think that I’m somewhat of a PHP purist. And, when I travel to user groups, one of my favorite talks to give is named “Tell Aaron What To Do.” Basically, the goal is to solve two problems I pose using plain HTML and PHP. Oh, and do it with core PHP, no frameworks, no libraries, just plain vanilla PHP. At the end, I’ll run a number of integration and security tests against the code the group has written to see if we were successful.

8 PHP Command Line Tips and Tricks Presentation

Apr 13, 2016 php
I just finished giving a talk at MKEPUG about 8 PHP Command Line Tips and Tricks. Normally I try to export my talks / slides into PDF. This time, my presentation was a little different - I used embedded video in KeyNote. So, I’ll provide the KeyNote file for download - sorry to those who don’t have KeyNote or a mac. :-/ 8 PHP Command Line Tips and Tricks KeyNote File

Take Care of Your Resources

Apr 6, 2016 php

I’m going to say something that I never thought I’d say in my life. In fact, I’m not sure that a single programmer has ever said this! Ready?

Coders be Confident, Not Cocky

Mar 28, 2016 business php

In the last decade or two, the US proliferation of low quality reality television shows has been unstoppable. “Big Brother” would be ashamed by some of his siblings. There are shows that follow famous people (although, I’m not entirely certain why some of them are famous), shows that involve the audience, shows that support nerds; basically anything you can imagine! I pretend I’m above this, I surely don’t fall into the category of people who sit at home and pine over “The Bachelor.” I normally flip the channel right past these shows.

Attention to Detail

Mar 21, 2016 php

Every leader has a particular methodology or key point they focus on. Whether it be a small detail, a general philosophy or a repeated phrase, you know that if you are near that leader, you will become very familiar with their demand. In my team, my demand is to pay attention to detail.

Commenting is More than Opinion

Mar 14, 2016 php

In an earlier column, I discussed the advantage of using longer and more verbose variable and method names. When you program using this more descriptive style, the code is easier to understand and more maintainable. However, a short and concise method with a revealing name may not always be sufficient when it comes to complex processes. To fill this gap, PHP has comments.

Array Key Accuracy

Mar 10, 2016 php

Bugs in code suck. It’s bad enough when you misspell a function or forget a semi-colon. That’s embarrassing and annoying. But what’s worse is when you write code that seems to work fine, is syntactically correct, yet still has a bug. You know you did it right, but somehow it’s also wrong. That’s not good. That makes me paranoid and second guess the rest of my work. That doesn’t help me be a Confident Coder at all.

Descriptive Naming Schemes

Mar 2, 2016 php

There are two reactions to reading a new section of code for the first time. Sadly, one of the most common seems to be of confusion, dismay, followed possibly by some sort of expletive (or many, depending on the length of the code). The other is one of the most beautiful reactions, the most flattering, the most sought after reaction: “Oh, that makes sense” or “That’s cool.”

First Confident Coder Column

Feb 22, 2016 php

Sweaty palms, a fast heart rate and an overwhelming sense of dread.

Two Quick Tips for Securing PHP Sessions

Feb 11, 2016 php security

Let’s talk a little bit about session fixation in PHP. Such a fun topic, right? Tons to get into here. But, let’s just touch the surface on two VERY SIMPLE things you can be doing now to make sure that your website is safe.

My MadMimi API PHP Library

Jan 29, 2016 php

At Small Shops United, we use MadMimi for our email list software. I took a look at the PHP libraries that were available and found them extremely out of date, lacking, and just plain not working in certain areas.

Composer-based Utility Installs vs Global Installs

May 11, 2015 composer php phpunit

I’m a huge fan of tools like PHPUnit. Or any other tool that will help my project carry on.

PHP PDF Viewer - Convert to Images and use HTML/JS

May 4, 2015 javascript jquery php

Well - I really couldn’t think of a good title - it’s really not catchy at all.

Should you unit test your dependency container?

I’ve been working with Pimple Dependency Injector lately, and I’ve come up with an interesting question.

Doctrine Error: Expected Plain Value

Mar 19, 2015 php

I’m so used to PHP’s liberal allowance for single and double quotes, that I forget that other languages and tool-sets don’t play that way. Case in point, my most recent error:

Getting variable values from nested twig / symfony custom template

Mar 12, 2015 php symfony

Today, I was working with a custom form themed symfony / twig project. The previous developer had developed a bootstrap based theme (yes, this is an older Symfony project at this moment - I think this is a bundled theme now). I was struggling with the block field_row item. Inside of this, there was a call to form_label passing in just the form view again. I was setting a custom label on the form_row() call in the main template, but nothing was happening.

Morning Motivational Email to Text

Dec 29, 2014 php

So I’m going to try this new thing - watch a motivational quick movie in the morning via youtube. I made a playlist of videos and have put the following code in cron for 5:30 every morning. It will send an email (which is actually email to txt on my phone) with a link to open the youtube player on my phone with a random item from my playlist. Hope you find it useful!

Treat Arrays Right: Iterating Properly

Dec 18, 2013 php

Oh, PHP - your love affair with arrays is like no other language. You can always tell if someone learned PHP first before all other programming languages. They think, design, and talk in arrays. Have a list? Make it an array. Have a heap? You mean array, right? Collection object? Naw, I’ve got an array right here.

Video post: Enterprise PHP through Design Patterns and Modularlization

Dec 13, 2013 php

I created this Udemy course a while ago - but unfortunately they said it was too short and the audio was too poor. In order to post the course, I’d need to add another 10 minutes of fluff and get a better microphone. I decided just to share with you.

Group Coding Results: Tech on Tap Version

Oct 16, 2013 php

I actually very much enjoy spreading “the word” on PHP. I go to a lot of conferences, and present a lot. One of the most interesting concepts I’ve developed lately, however, is not a presentation but more of a group coding session. This is how it goes…

WMCPA 2013: This Means That Presentation

Mar 14, 2013 php

This means that: how to translate between PHP and System-i lingo.

WMCPA: Intro to PHP Talk Presentation, Notes, Links

Mar 14, 2013 php

Just finished a talk at the Wisconsin Midrange Computer Professional Association and wanted to share the info. This particular talk was an introduction to PHP.

MidwestPHP 2013 Talk: Slides and Files

Mar 2, 2013 php

Finished presenting today at MidwestPHP 2013. My talk on Enterprise PHP Architecture through Design Patterns and Modularization went great - at least I hope!

Theoretical Thoughts on Data Object Validation

Jan 29, 2013 php programming

One of the things I struggle with is the validation of data objects. I submit that there is such a thing as a dumb data object and a validation domain object. The validation object could also be some sort of helper or a service I guess. But, the point is, that the main data object doesn’t have validation on it. It has coupled objects that provide that validation.

It is important to use die() after a header redirect - here's why

Jan 8, 2013 php security

I was doing some code challenge review for an open web developer position I have for my team, and I came across one piece of code that made me smile.

PHP can be easy, but it can be powerful, but either way, it is PHP

Dec 11, 2012 misc-web php

There are two things that really grate on me as a PHP developer. First, people claiming that PHP is not powerful. And second, those who don’t actually work in the language, but have similar disciplines, trying to teach it. Let me elaborate.

Duplicate request issued in ZF when using inline script/document.writeln in view

Nov 20, 2012 php zend-framework

This is a weird one… I had a form in the body of my page. Every time I would submit it, the csrf token would not match.

Services, Mappers, Models: Enterprise Thinking in PHP {presentation}

Oct 9, 2012 php programming

One thing I’m really passionate about is using PHP in enterprise situations. I obviously care about Design Patterns in PHP. I’ve also done a lot of technical review of other books about refactoring away from bad code.

The point of custom exceptions

Sep 25, 2012 php programming

I tend to want to use PHP Exceptions when I can. But, I don’t just leave them as is. I tend to have a large custom exception library. These exceptions extend the base Exception class in PHP - that’s about it.

ThatConference Slides

Aug 14, 2012 php

I’m currently at ThatConference here at the Kalahari Resort, in Wisconsin Dells.

Book Review: PHP Frameworks and Applications

Jul 24, 2012 php programming

I just finished glancing over Real-World Solutions for Developing High-Quality PHP Frameworks and Applications. I gotta say it…

DateTime: My new best friend

Jul 17, 2012 php

I have a new love affair… PHP’s DateTime object. I’m not sure when it started, but it’s going on strong now. If you haven’t taken a look at it, I invite you to run over there now and just look at the methods. If that isn’t enough, let me give you a bit of example code… see if this makes you really want to do it:

PHPUnit Mock Objects: Only Mock What You Need

May 8, 2012 php phpunit testing

I was looking at mock objects in PHPUnit the other day and started to get confused. When I asked for a Mock object, the entire object was a mock. In all actuality, it wasn’t so much a Mock of the object but a complete shell of it.

How to Quickly Mask a Credit Card Number

Jan 10, 2012 php programming

So, often I have to show a masked credit card on the screen. However, I really want to go the extra mile and show the user a secure, fully masked credit card number that still reflects their original card. For example, if their credit card number is only 15 numbers long, I shouldn’t show a 16 character long string. So, I’ve developed this code snippet:

Setting PHP Command Line Colors

Dec 14, 2011 php

I’m not entirely certain why this escaped me for so long, but it’s remarkably easy to set terminal colors with PHP.

Want to come work with me? Let's do some PHP!

Apr 29, 2011 misc-web php

I no longer work for LPi and do not know what job openings are available.

Do you like to be challenged, learn new things, and have a supportive team? Well, let’s chat a bit. I’m building a team and I’m looking for great PHP developers to join it.

PHP Doc for non declared properties in your class

Mar 8, 2011 misc-web php

You may find while working with projects like Zend Framework that you have a number of publicly available properties of your classes that are not defined and documented. They might be part of a getter/setter magic method or just purely dynamic. Well, using PHPDoc, there is a cool tag called property that helps. For example…

Excel won't handle UTF-8 in CSV? Force a different encoding in PHP

Dec 14, 2010 php programming

When generating a CSV file with PHP in the UTF-8 encoding, Microsoft Excel freaks out. It just doesn’t show the proper encoding. Thank you Microsoft! However, I did find a way to handle this encoding and make it compatible for Windows/Microsoft Excel.

Object Cache Class in PHP

Nov 16, 2010 php programming

While I’m infinitely happy that all uses of a class in PHP now are references, that’s just not good enough. Sometimes I want to use my newly created object in many different methods. I have two options. First, I could create it as a Singleton, and always call the instance getter. Or, I could use an object cache.

Easiest Form Token class to prevent CSRF

Oct 12, 2010 php security

So, if you’re not familiar with CSRF, check out this blog post about AJAX Security. Some of the steps talking about Cross Site Request Forgeries will help you understand the problem.

Modifying Clickheat to use your authentication

Sep 7, 2010 php

A nice free open source alternative to Crazy Egg is ClickHeat. One of my clients wanted this implemented but didn’t want to have to log in again using different criteria. I looked at the code and saw it was surprisingly easy to edit to allow a different authentication method. Let’s check it out:

How I test email recipients when I develop

Aug 31, 2010 misc-web php

When developing an application, there are usually various different environments that you run the code in. First is the development environment. Next, you have the QA or test environment, staging, and then live or production. It stands to reason that if you are using outgoing e-mail in your application, and your application is in production, it should send to the proper recipients. However, what do you do in testing and development?

Easy MCrypt encryption class

Aug 17, 2010 php security

For whatever reason, I can never remember the exact coding of MCrypt. And maybe that is a good thing - so I stop doing so much code duplication and start using a class I wrote. For this reason, I’ll save you the same frustrations and share how I do my encryption.

SimplePHPMailer: now with required fields

Aug 10, 2010 php
SimplePHPMailer - my open source plug-n-play emailing script for PHP newbs - has been updated. It now has required fields - no more blank submissions! Check it out here with the updated download link.

Hide Email Addresses while still using mailto: Header Redirect

Aug 3, 2010 php

Everyone I’ve spoken to recently no longer puts mailto:// links in their code for fear that the owner of that address will get more spam. However, there are still legitimate uses for a link like this. In order to foil very simple email parsing bots, I’ve come up with the following script.

Facebook Message System - in PHP

Jul 27, 2010 php

Update: I’ve gotten a lot of comments on this code. This was a simple proof of concept at the time when Facebook was creating messages like this. They no longer do it in this manner. I also am not supporting any updates to this code. Thanks for your interest!

So Facebook has been really cool in the way that they have designed and implemented some new paradigms in the electronic communication realm. However, one thing is a problem: they’re too smart. They have hired the best of the best - and have made that the norm. The rest of us are struggling to keep up.

Book Review: Expert PHP 5 Tools

Jun 30, 2010 php

Where was this book 4 years ago? Or even 2 years ago? (Uh - it was published in 4/2010… so… just in the author’s head apparently).

When uniqid is too slow in PHP

Jun 8, 2010 php

I just profiled some of my code and found out that the biggest chunk of my processing time was used by uniqid(). I use this to generate form tokens to prevent cross site request forgeries. On one page, I have 6 forms each with its own unique uniqid().

How to Log PHP Errors like a Pro

May 25, 2010 php

The error log can be fun to parse through and figure out what happened. Ok, so if you just read that and agreed, you need to move on. This is not for you. That’s not fun. However, you CAN make error gathering easier on yourself by including the right information in the error log. To top it off, you can present your users with something that is a bit more ‘friendly’ than the standard error display or blank page. Let’s check it out.

Load Facebook Fanbox Faster by Caching it

Apr 27, 2010 php

I wasn’t in favor of the Facebook fanbox on the site I was working on… but that’s what the client wanted - and that is what they get. I added it and moved on. Well, later, I started noticing a bit of errors in my Javascript Error log.

Chaining methods in PHP

Nov 4, 2009 php programming

I rarely find myself needing to chain methods in PHP - but it’s not an altogether bad idea.

Bluefish Editor could help you leak your PHP!

Oct 23, 2009 ide-and-web-dev-tools php

The BlueFish editor is a primarily linux based visual editor for various web languages. Visit the site for more…

Displaying the Most Popular Youtube Videos with PHP

Oct 19, 2009 php

During one of my random dreams of how to become an internet millionaire, I thought about displaying the top youtube videos on an aesthetically pleasing backdrop.

Moving files from one webserver to another using PHP script

Oct 13, 2009 php

A while back, a colleague mentioned to me that he was moving his site from one webserver to another. He hated having to FTP everything down, then reupload it. Invariably, we’ve all done this - and forgot to apply proper file permissions, etc.

Javascript error handler

Sep 23, 2009 javascript php

A while ago, I saw a website that provided a javascript error reporting service. You implemented some code and then they would send you reports on javascript errors on your site. I thought, this can’t be that hard. So I went to work to create my own. (It’s now used on this website as well as some political website I’ve worked on recently.)

Scanning for Unfiltered Content Automatically with PHP

Sep 15, 2009 php security

A friend of mine posed a question: Do you know of any good PHP based vulnerability scanners? I told him I did not (add any in the comments, if you know! :) ) - but it wouldn’t be that hard to build one. He asked me to give him a code example, so here goes:

Elgg Plugin: Friend AutoComplete Box Replaces Select Box

May 31, 2009 elgg php

One of the most irritating things to me about the Elgg messaging plugin is the requirement to choose my friends from the select box. This SHOULD be generated using the input/pulldown view in Elgg. Unfortunately, they are doing it by hand. However, I’ve patched my plugin to do it using the proper view. Then, I wanted to have an Auto Complete type box to choose a friend. With JQuery I was able to do this. Check out the specs and download below:

Using PHP to find distance between Zip Codes

May 28, 2009 php

Today marked the second time I had to write this code from scratch. To save my self time - and hopefully you too! - I’m going to post what I’ve developed.

Elgg Plugin: Generate Groups

May 4, 2009 php

The Elgg Generate Users Plugin made me wonder why there was no group functionality… So…

Elgg Development Tools - Elgg Plugin

Apr 24, 2009 php

After working some with the open source Community building application Elgg, I found some settings to be irritating. I had to keep hacking my plugins to get these settings activated the way I wanted. Also, I really wanted to put useful settings in the same location.

When PHP's dirname() saved the day

Apr 24, 2009 php scripting

Now, I won’t bore you with the actual details of how I came across this - let’s just skip to the explanation and example:

My Progression Through Forgot Passwords

Mar 2, 2009 php programming security

I thought I’d take some time to look at the 3 main ways that I’ve handled forgotten passwords on my websites, why I did them that way, and if there was anything wrong.

Disable md5 now - or you will die

Feb 19, 2009 php security

I remember a while ago hearing about a few theoretical collisions of the MD5 algorithm, but I thought nothing of them. Now, as more information emerges, Microsoft is issuing advisories, and people are proving more and more collisions with example code, and even md5 is out of vista, I figure its time to remind everyone not to use MD5.

Password Complexity Class

Feb 12, 2009 php security

After many times of coding relatively the same thing, it becomes prudent to have a standard library for certain sets of processes. Of course - that is why there are things like frameworks! At any rate, one of the biggest things I run into is password complexity. Each website has its own requirement for the security they want to implement. So, let’s talk about the requirements and then look at the code:

Please Use Public Accessors in your Object Oriented Programming

Feb 4, 2009 php programming

I really hate to see people accessing and designing objects with public attributes. So many times I’ve seen this backfire. Let’s take a few examples and see why this matters:

PHP Bitwise User Authorization

Jan 27, 2009 mysql php

After looking at the Windows model for controlling file access, I realized I could also do that for user authorization control.

PHP.ini creator

Jan 17, 2009 php

While listening to someone complain through twitter about their MySQL conf file, I came up with a cool idea: what if I created a PHP.ini creator that would suggest changes to your php.ini file as well as generate an updated version?

PHP and the UUID

Jan 14, 2009 php

I’ve been thinking more and more about having unique ID’s - especially with working with larger datasets - and I thought it was high time that I investigated the UUID.

Is PHP's __call() Used When No __construct is Present?

Jan 11, 2009 php

Simple enough question. Let’s check out some test code:

Localized dates in php

Jan 7, 2009 php

The PHP Date manual page has a ton of interesting features to format the date that you can display to the user. However, when you look closer at it, there are actually some really useful modifiers that will help us with our date calculations as well.

SPL Documentation - Standard PHP Library

Dec 5, 2008 php
Great documentation site for SPL - check it out immediately!!

PDO - can you handle identical prepared statements?

Dec 1, 2008 mysql php

I’ve been wondering if I should be concerned about re-preparing a prepared statement when using PDO. Right now, I use code like this when preparing a statement:

The Observer Pattern in PHP: Refactored

Nov 22, 2008 php

You may remember the article I wrote about the observer pattern in php - but it lacked some of PHP’s advanced features.

Unofficial xdebug ini - with comments!

Nov 18, 2008 php
I found a great article about the xdebug ini file - someone went through and added comments - much like the apache configuration files. Amazingly well written.

Understanding the Observer Pattern in PHP

Nov 17, 2008 php programming

For a while, I’ve been looking at plugin systems, but not really fully understanding the pattern behind them. Don’t get me wrong, I see how they work, but I didn’t know the reason why - the theory or pattern behind it. Well turns out, generally, they’re based upon the observer pattern. I decided to write my own observer pattern demonstration here.

Posting Requests in PHP without CURL

Nov 14, 2008 php

Can it be done? YES! Luckily, functions like file_get_contents() support stream contexts.

DIRECTORY_SEPARATOR is Useless!

Oct 14, 2008 php

The predefined PHP constant DIRECTORY_SEPARATOR is useless.

array_merge is Useful - But With a Caveat

Oct 7, 2008 php

So, the other day, I saw a horrible thing. I saw two PHP associative arrays that needed to be combined into one, and the worst example of NOT using PHP’s built in functions to combine them. They weren’t using array_merge - instead they were looping through each value.

PHP SPL autoload: 3 simple rules you must follow

Sep 29, 2008 php

While working on a larger site that I may need to use many external libraries, I realized I need to come up with a better __autoload() function (for example, I think it was DOMPDF that had its own autoload function as well. Last time I used that, I had to hack my own autoload to use their code as well to locate files). I researched into SPL autoload functionality, and I’ve found what I need.

CSS incompatibility finder

Sep 25, 2008 css php

This is more of a proof of concept than anything else - as most of my scripts are ;) But, let’s say you have some files that have css in them, either external stylesheets, internal one with style tags or even style attributes - and you need to update the browser support. Wouldn’t it be great to have a tool that could look through these files and point out that there are incompatibilities?

SVN Pre-commit duty: Lint your PHP

Sep 21, 2008 php svn

We’ve all been there before, committing code - and then realizing that it was broken (hrm - our unit test didn’t catch it? or… “what unit test?” if you’re in another environment). Well, there is a solution.

To clear up that confusion about public and public static access in PHP

Sep 19, 2008 php

Apparently, a few programmers I know have been getting confused about access of public, public static variables in PHP classes. I’ve written this example code with the following comments to explain what will work - and what won’t.

dtemplate: dynamic template system for static designed files

Sep 16, 2008 misc-web php

One of the biggest time wasters I deal with is parsing out static web designs given to me by designers. They don’t know programming, so they design it with static HTML in mind. Even if you’re using a tool like dreamweaver, updating static pages can be a hassle. Then, a lot of times, they have to remove their ’lorem ipsum’ text and send it to me - and then I continue to chop it up. Now, I’m talking about smaller 5 to 10 page sites here, not huge sites like JEMDiary or something. However, that idea birthed…

heredoc - time for dead-dead or happy-smile time?

Sep 8, 2008 php

PHP’s heredoc - good or bad? All silly titles aside, let’s check out some points.

What I believe MVC is - or MVCFDH

Aug 28, 2008 php programming

There are many interpretations of MVC - there are less definitions but more implementations. I want to cover what I personally do when using PHP for MVC. I call it MVCFDH.

PHP - Return results of comparison

Aug 27, 2008 php

A useful reminder: you can make use of returning the results of comparisons for is*() functions. Let me explain that further…

Don't Forget About Class Constants!

Aug 23, 2008 php

Constants can be great. They can stand for things like web services keys, integers, flags, etc. Basically, anything that you aren’t going to be changing in your script - and most likely things that don’t change much outside of the script either. However, I’ve seen people use them in the global name space far too many times. A great alternative is the class constant. Let’s check out some examples:

Programming without E_Notice

Jul 17, 2008 php

Well, my boss at #superdev - who can only be compared to a more energetic version of the squirrel from hoodwinked asked me to start putting together some thoughts here and there on some proper PHP coding. I thought I’d start out the series with this article, Programming without E_NOTICE.

Finally - PHP has NoIndex on phpinfo output

Jun 4, 2008 php security

A big issue with PHP security had been the developers creating a php info page and not removing it from a production site. As you may know, phpinfo() will dump a ton of useful information (for the developer - as well as the cracker) to the screen:

PHP Script Configuration Class with Logic built in

Jun 3, 2008 php

Sometimes we have static configuration options, such as the name of the company or the location of a particular partner’s website. Other times, there are more dynamic configuration options - such as the current location’s URL or database connection credentials.

PHP Script Configuration Options - Class Constants or MySQL

May 31, 2008 php

I’m trying to figure out the best way to do configuration options for my newest PHP scripts that I’m working on. My requirements are simple:

PHP application plugins - force the interface

May 27, 2008 php

The other day I was experimenting with some PHP plugin scripts and trying to develop my own robust plugin system. I started thinking: how can I guarantee that a 3rd party developer sticks to my plugin standards?

XDebug and Eclipse PDT on Windows - From Start to Finish

XDebug and Eclipse PDT on Windows - From Start to Finish

XDebug's settings reminded me - no output to the browser if sending headers

May 20, 2008 php

So, I admit it - I’ve become lazy. Well, in all fairness, the programmer before me at “the triangle” was also lazy. And after messing with XDebug and setting output_buffering to off and implicit flush to on… I was reminded of our laziness.

Timetracker Timeclock

May 12, 2008 php

The 102 Degrees Timeclock software package is a very simple interface for keeping track of time. Instead of purchasing a timeclock, you could resurrect an old laptop and run this software on it. With a very simple clean interface, even beginning computer users will feel comfortable. The timeclock has .csv generation for reporting - which can easily be opened in Microsoft Excel. The entire interface is web based.

PHP Shared Host - Session File Browser Script

Apr 24, 2008 php security

PHP stores its session information into flat files unencrypted by default.

SimplePHPMailer

Apr 24, 2008 php

There are a very small amount of really easy to implement PHP mailer scripts in the wild. They usually try to pump so many features into them that it becomes difficult to implement or too large of a file. For those looking for just a quick drop-in solution - that you DON’T need to know PHP to use - SimplePHPMailer was developed.

Which Fires First? Error Handler or Shutdown Function

Apr 24, 2008 php

I was working on writing a shutdown function for a PHP 4 script and noticed some odd behavior when I was getting errors (no way! I program and get errors? Who knew!?) At any rate, when I would handle my error with my custom function, I noticed the shutdown function was still executing after the error function. (Or when it was a Fatal error, the error was shown to the screen but the shutdown function was still ran…)

Link Checking Module - 1st attempt

Mar 20, 2008 php

So I wrote some code the other day. It sat in my code repository and I never tested it. I was pretty certain it was going to be some good code, though.

XSS with Img OnError attribute

Mar 20, 2008 javascript php security

So much of my time is spent worrying over the src or href tags on images and links - that I sometimes forget about the other attributes.

5 Things this PHP programmer learned from System-i/as400 programmers

Dec 9, 2007 php programming

Working in a shop that has approximately 15 times more System-I as/400 iSeries (whatever you want to call it) programmers, I’ve been immersed into their culture, standards and mindset.

APD post processing wrapper

Nov 17, 2007 performance php testing

A while ago, I discovered the ‘joys’ of APD… and then more so, the ‘joys’ of not being able to make heads or tails out of the output script. After digging deeper, I saw that the original directory already had some PHP scripts to parse the output. I ran those and wasn’t very impressed. Even more important, my boss wouldn’t be impressed. I needed to be able to make something that could be useful to integrate into a table (I finally used dojo to create a table…)

MySpace bulletins to RSS

Sep 27, 2007 php

So I’m sick of myspace… or so I say to myself. So now I log in about half the time as I did before… and this is because I’ve made the following script. It logs in and grabs each bulletin from your top bulletins. Then, it creates an RSS feed from them.

Create Google Advanced Search String

Sep 25, 2007 google php

I found an interesting article about the parameters of the advanced search URL for google. Just for fun, I tested out their concepts and they were all true. I figured maybe there was a reason to do this as a PHP class (I think I was just bored…).

Create an RSS feed of comments from myspace

Sep 8, 2007 misc-web php scripting

Lately, I’ve been trying to find ways to reduce the amount of time I spend on stupid sites like myspace (nevermind the fact that the time it took to reduce this amount took me enough time to visit myspace 1x a day for another month – heh). At any rate, I’ve been using Google Reader a lot more (I’m up to 180 or so feeds) and I thought: Why don’t I make an RSS feed o my comments – then I don’t have to go back to the site when someone sends me a comment.

Pass PHP session to a new script using fsockopen

Sep 6, 2007 apache php

I was working on a script that opened up a new connection to the same server with fsockopen to process a php script. It passed the variables needed through GET and then gathered the output. Finally, it displayed the output on the screen under the current context.

Friendly reminders about testing your PHP code

Aug 3, 2007 misc-web php testing

I was reading on a forum the other day about some benchmarks for PHP. The guy had posted some results in ms measurements, and was getting upset about his erratic results. There were some things that he was forgetting, however.

ODBC for UDB and PHP - How I increased performance by 400%

Aug 2, 2007 php sql

In our current setup at (“the triangle”), we have to use odbc connections to access our db2-udb database - and I don’t like it. But we have to stick with it - and that’s the way life is. The main reason I don’t like it is the immense overhead and time it takes to execute queries. Well, I did some research and found out some interesting things. The most important of which was a cursor setting that allowed me to gain up to 400% performance. Find out how:

Is it better to write your 'for' loops backwards in PHP?

Jul 27, 2007 performance php

After listening to a javascript internals optimization talk, I wanted to see how these concepts could relate to PHP. The biggest thing that stuck out to me was the order of the for loops in javascript.

The Perils of the AT in PHP

Jul 27, 2007 performance php

A lot of weird things have been happening ever since we introduced a new error handler at (“the triangle”). First of all, it took down our whole site for a good portion of time (oops!), then it created a large project for us to review our code. Turns out a lot of the errors were just weird little things that we ignored.

How to use PHP to generate downloadable content

Jul 22, 2007 php

I was looking at some code I had written about 3 years ago - how sad! I was creating a PDF of my resume using PHP to grab my qualifications out of a database. Unfortunately, I never researched into the header php command, so I made my job harder. Instead of writing it with a php file, I made a php file, and renamed it as a .pdf file. I modified my .htaccess file to process that one particular file as a php script. This way, the file executed as php but was mime/typed as the pdf.

A reminder about triggering errors not in the USER level

Jul 21, 2007 php

I had a function in some of my code that I wanted to trigger a notice error on certain occasions. Unfortunately, it kept halting my script with a Warning instead. Unfortunately, the error handler at that particular block of code was not properly capturing the error string. It runs out that I was triggering an E_NOTICE instead of an E_USER_NOTICE error… (if I would have reviewed the trigger_error manual page, I wouldn’t have made this mistake… silly, lazy developer). Just to make sure that I fully understood this issue and hopefully wouldn’t make the same mistake again, I made a quick proof of concept:

Execute Windows Commands from PHP without blocking

Jul 21, 2007 php windows

When researching for my live error reporting posting, I tried running some exec and passthru command tests by starting up calc.exe. While they executed the command correctly, I got some weird results in my script … which I suppose now make sense. Let’s see how we can start programs in Windows, and not run into the same issues that I did.

Master the 'Run As' option in Eclipse PDT with PHP

Most of my development in Eclipse PDT with the results tested outside of it - using firefox. PDT has a few options in the Run… menu:

PHP developer's shortcut for optimizing mysql

Jul 21, 2007 php sql

PHP developers, raise your hand if you run an explain on each MySQL statement you write and use in your apps! Anyone? Ok… 1… 2… that’s it? Yah, I tend to forget that too, but luckily PHP allows us to cheat. Thanks PHP!

When is a PHP array not an array?

Jul 21, 2007 php

Arrays, return variables, expressions, OH MY! I recently learned a lesson about array functions in PHP not returning what I thought they would. I had a function that returned the value of array_shift()… and then used it in another function. Unfortunately, this generated a strict error and was causing some issues… As usual, I put together a proof of concept. Let’s check out the code example, the error, and then why:

A Better Understanding of Error Reporting in PHP

Jul 19, 2007 php

While working on a website for (“the triangle”), I came to a page running locally that just stopped - blank. This particular website was not using output buffering - so there is no excuse for a blank page.

Helpful strtotime reminders

Jul 12, 2007 php

Today, Todd (one of the consultants that (“the triangle”) uses) called me up to share a bit of a reminder and also tell me about an issue in the code that was in one of our older modules. There was an issue with the strtotime function converting a year to a timestamp.

AJAX Security Research and Findings - Round 2

Jul 7, 2007 ajax php security

Round 2, and the final round, is complete! The previous article here talked about my initial findings. Well, I was able to try some proofs of concepts on my javascript finding, and I put together our top level recommendations for (”the triangle”). Let’s see:

Namespacing is important - even in PHP

Jul 7, 2007 php

Perl, Java and xml people are very aware of what a namespace is… even wikipedia tells us they are. But, certain languages, such as PHP, don’t support namespaces yet. (However, thank you Dmitry for your proposal.) But are namespaces really important? PHP has made it this far without them, so why should you be concerned? Well, let’s see:

PHP Script Installer

Jul 6, 2007 php

A couple weeks ago I was reading a blog posting about PHP Script installing. I don’t remember the exact context of the article (or where it was for that matter - otherwise I’d link to it!), but I had suggested someone make a php script packager - an all in one file to install a php project.

Real world stories of a prepared statement

Jul 6, 2007 php sql

A couple months ago, I was out in Rochester MN at IBM for a multi-day meeting about communication between the iSeries(system-i, i5, as400, whatever its called now a days) and PHP/Apache. One of the things we talked about was our use of ODBC at (“the triangle”) currently to which they asked a good question - Are we using prepared statements over odbc? Well, right now, we’re not, but I think we should. As always, its up to me to show why we should be doing this. Let’s explore:

Send e-mail from outlook using PHP

Jul 6, 2007 php windows

While working on some code at (“the triangle”), I run into some issues with the mail() function. On our linux qa and production servers, we can use the mail() function no problem - but on my development platform, windowsxp, I cannot with our current configuration.

Build PHPDocumentor into Eclipse

Jul 4, 2007 eclipse-pdt php

Well, maybe that’s a little bit misleading - actually you’re running PHPdocumentor as an external tool.

PEAR Installation Woes

Jul 4, 2007 php

I’ve found the need to do some installs from some PEAR channels, so I jumped into my command line on PHP 5.2.0 and windows xp sp2. I ran c:\php5.2\go-pear - which would launch the go-pear.bat file. I executed with standard permissions, and the unthinkable happened - a PEAR FAILURE. OH NO! But I was able to get around it. Let’s look at the details of the error, and my lazy man’s way of solving it:

PHP Command Line Shell Experiments

Jul 4, 2007 php

Having been a shell, perl and batch scripter before I started PHP, I’ve always enjoyed the CLI life. I actually created an interactive or script-able interface for creating all of my projects at (“the triangle”) - hopefully I’ll link to it here when I write it up.

Type-Safe PHP? Hrm...

Jul 3, 2007 php

As you can probably remember, lately I’ve been writing about PHP’s object handling, patterns, etc. - but I lightly glossed over the whole forced typing of variables - and how that relates to PHP. While looking for solutions to this, I came across a great blog entry that solves this issue - but I’ve gotta bring up some counter points… Finally, I’m also wondering: what are the real important needs for a strongly typed object?

AJAX Security Research and Findings - Round 1

Jun 28, 2007 ajax php security

(“the triangle”) wants to keep implementing more and more AJAX based systems - but no one ever took time to research into the security issues with this.

Emulation of Collections - true stories of data object handling

Jun 27, 2007 php

Today, Big Boy sent me an e-mail at work talking about emulation of collections in his .net programming. He included a code sample (after the break). This got me thinking about how I am planning on handling data going forward.

When to be OOP - and how much... Lesson Learned!

Jun 26, 2007 misc-web php

I just finished reading a snippet of a book about design patterns - of which Strategy, Adapter, Decorator and others were discussed. It got me to thinking about my design patterns that I used in JEMDiary - and what I’ll be using in this project.

I am a Zend Certified Engineer

Jun 23, 2007 php
I just wanted to point out that I am the world’s newest Zend Certified Engineer - as of this morning at 10:00a.m. CST. PHP 5 ZCE :-D

PHP5 Object Oriented Properties - Tested!

Jun 22, 2007 php

I was recently reading an article (while researching for my website monitoring project), and there was a comment about PHP5’s lack of flexibility in its Object Oriented usage. Some people were arguing for it - and some against, the typical ranting that goes on in blog comments, etc. Instead of joining the argument, I wanted to do my proof of concepts myself. I’m going to explore (well I already know some of the answers - but it’ll be exploration to YOU reader ;)) public/private constructors, magic methods, and maybe a few extras (we’ll see when we get to the end!)

Setting Config Variables - Constants vs. Abstract Class Access

Jun 12, 2007 php

As I was looking through some old code from Big Boy, I noticed a block of his code at the top of his initial control file and noticed a way he was using his configuration. He was defining his from an INI file and setting constants in the code with a prefix identifier. I then took a minute to look at my most recent framework to see how I was using my config - a static class instance with an internally held singleton pattern. It got me starting to think of which was best… I have a new open source project coming up and I’d like to do the right thing.

How to make a Great MySpace Layout

Apr 4, 2007 css html misc-web php

In this posting, I’m going to share the steps to making a slimmed down, cleaner, nicer layout for MySpace to help showcase your personal interests, your band, or your business.