php|works 2006 Day 1

Keynote

Rasmus Lerdorf Slides (may not be working yet) Yet another excellent keynote by Rasmus, I’ll have to track him down at lunch for a little chat. Rather than go into detail, I’ll just link to the video of the keynote on Google. Highlights are: * Flash and IE header/cookie hacks * Optimizing your server and script to handle a Digg/Slashdot (including how to find bottlenecks) * Dom and simple XML * Geocoding/maps/flickr * Real file upload progress detection in PHP 5.2, Finally! (source)

View video on Google video

Aside: So far, the magnetic plug on my Mac Book Pro has saved it twice from being yanked off the table by people passing by! Ya Apple.

Session 1: Testing Applications with PHPUnit

Sebastian Bergmann Slides This session introduced the importance of programatically testing software, specifically using PHPUnit. PHPUnit, by the name, performs unit tests on individual bits of PHP code. There are other software packages available for testing including: Unit Tests * PHPUnit * SimpleTest * AcidTest

Acceptance Tests * Selenium * Framework for Integrated Tests (FIT)

Non-Functional Tests * Performance, Load, Stress, Reliability, Availability: ab, httperf, JMeter, Grinder, OpenSTA, … * Security: Chorizo Without going into huge detail, I see the real importance of unit testing in maintinag reliability of code later down the road. Sure your code works great now, but what happens a year from now when the boss asks you to bolt on a new feature. You may forget what you did or miss some intricate detail that was obvious before. By running your tests after adding the new feature, you can be assured your original code still does what it should do along with your new features. Checkout the

slides or site for more info. \

Session 2: I ♥ Unicode, You ♥ Unicode

  • Andrie Zmievski
  • Slides
  • Q: Why do programmers confuse Halloween and Christmas? A: oct 31 = dec 25 (if you don’t get it then never mind)
  • Unicode and multi languages are fun. The upcoming PHP6 release will incorporate string handling to support unicode rather than just binary. I can’t do the topic justice in my blog post here as unicode is complicated stuff but there are a lot of cool features for multi language in PHP. To begin, you might want to take a loot at:
  • TextIterator
  • Collator
  • setLocal() and related local functions
  • (binary), (unicode) and (string) type casts Check out the presentation

slides for a lot more.

Session 3: Migrating to PHP 5.2

Ilia Alshanetsky Slides Why to switch to PHP 5.2 * Performance boosts to increase speed of PHP5 to, or better than, PHP4. * Better security and reliability is a given, fixes all know security issues and some unpublished bugs and security fixes. * Some great new features.

5.2 New feature highlights * JSON extension (enabled by default). * Filter extension (enabled by default). * ZIP (full compression read and write, not enabled by default). * Date (full implementation of date/time object). * __toString() works everywhere. * E_RECOVERABLE_ERROR allows you to catch and deal with this error and allow for fewer fatal errors. * SPL updates including Regex Iterators and SplFileObject CSV support. * Data stream support.

5.2 Performance enhancements highlights * Improved memory manager. * Faster include/require_once but only when you use the FULL path to the file. * Optimized str_replace() and implode() functions. * Optimized shutdown sequence.

5.2 Security highlights * allow_url_include which is disabled by default to prevent code injection through stupid coding such as include($_GET['page']); * Filter extension (see above) which can help prevent XSS, SQL injections and other hacking attempts (but you still need to use it!). * Lots of bug fixes.

Migration gotchas * If you’re loading PHP files from an external URL, you’ll need to enable the allow_url_include option. * No more abstract static classes. This was an accidental feature that’s been removed. * DateTime and DateTimeZone are now PHP classes so modify your code if you’re using your own classes by that name. Related, you may need to set the date.timezone ini option to prevent E_NOTICE warnings when using timezone methods. * php.ini’s located in the same directory as the running file (PWD) will NO LONGER load into PHP. * If your objects do not implement a __toString() method and you try to convert it to a string and E_RECOVERABLE_ERROR will be thrown. Prior to 5.2, it would give an object #ID. Overall, from the above, migrating is not a big problem if you’re using PHP 5.x, but PHP 4.x is a big difference. PHP 4.3 & 4.4 still account for roughly 80% of the market so upgrading is a challenge for a lot of people. Functions and objects such as DomXML have been removed and other core features have changed such as PHP5 passes all objects by reference, not a copy. Though there may be difficulties, upgrading should be strongly considered.The bullet items above are only changes in PHP5.2, and doesn’t list all the great and wonderful features of PHP5 & PHP5.1. There’s too many great things to list them all (SimpleXML, SPL, PDO etc.) so take a look at the docs and consider spending the time to upgrade today! P.S. If you want to do a quick check to see what you’ll need to modify in terms of parse/compile errors run this:

find /source/directory \ -name \*.php -o -name \*.inc \ | xargs -n1 \ php -ddisplay\_errors=1 -derror\_reporting=8191 -l 

Session 4: Introduction to pl/php

Robert Treat Slides Funny, I had lunch with Robert yesterday and didn’t realize until today that he co-wrote the Beginning PHP and PostgreSQL 8: From Novice to Professional book with Jason Gilmore, who was the editor of my book! So that was neat, but the session was a little sparse in attendance due to the other two topics (JavaScript Light & Sweet and Top PHP Tricks) but I figured I already knew enough about the other two topics, and since PostgreSQL is our DB of choice at work, I thought this session would be the best. What is it? pl/php is basically a language for PostgreSQL server side functions that allows you to write the functions using native PHP code rather than the standard SQL Procedural Language. Why use it? Writing code in your native language (PHP) is always a bonus. There’s a variety of reasons why you’d use server side functions, which I won’t get into here, but using pl/php will let you seamlessly translate between the two, making server side functions MUCH easier to understand. The basics pl/php provides the basic functions for database access. * spi_exec - Execute a query with optional limit. * spi_fetch_row - Return an associative array of the row’s results. * spi_status - Return the status of a previous query. If this is SPI_OK_SELECT you can spi_processed - Return the number of tuples in a result. * spi_rewind - Put the row cursor at the beginning of the result, so spi_fetch_row will continue fetching tuples from the beginning of the result. These should always be used over pg_* functions (though the pg_ functions will still work).

A quick example (from the docs) Let’s say you want to prevent deletion of the admin user but you have also granted delete access to an external party. You can use a trigger with a function to check to see if it’s the admin user and if so, ignore it: CREATE OR REPLACE FUNCTION immortal() RETURNS trigger AS $$ # The record may not be deleted if the username is “admin”.

if ($_TD['old']['username'] == 'admin') {
	pg_raise('notice', "You cannot delete the admin user"); 
	return 'SKIP'; 
} return;
$$ LANGUAGE 'plphp';

CREATE TRIGGER before_delete_immortal_trigger 
BEFORE DELETE ON users 
FOR EACH ROW EXECUTE PROCEDURE immortal(); 

Now even if someone has DELETE access to the rows of the database, they won’t be able to delete the admin user. You can accomplish the same with additional languages but the PHP function is nice.

Session 5: Organizing Your Projects

Paul M. Jones Slides You can read the synopsis on Paul’s site, and I felt this would be a good one to tape as it’s more a theoretical topic that practical code. The key thing to remember: Pick a namespace for your global identifier, ie your ‘vendor’ name or ‘Project’ name, then prefix all your functions, classses, global constants etc. including the $_COOKIES and $_SESSION vars.

PHP5 Certification Exam I’m under NDA so I can’t really say much but I felt I wasn’t quite prepared. My wife and I are expecting our first child next week so I’ve had little time to study and I’ve only really skimmed the newer features of PHP5 as we’ve just begun the migration from PHP4 at work, so I only have a bit of direct experience. But I took the test since it was included in the conference package for FREE and I figure I may as well. We were the first group of people to take the test so I can say that I was roughly the 5th person to officially write the test (about four people finished before me). Hopefully I’ll find out in the next couple days if I passed and if not, I’ll be better prepared next year.