PUBLIC MARKS from mbertier with tags bestpractices & php

While still messing around with the PHP_CodeSniffer Pear package, I took a somehow jealous 1000 feet look at some prominent code inspection tools of the Java community: PMD and Checkstyle. Browsing their available rule sets/checks I soon recognized that guaranteeing the coding standard adherence is just a partial aspect of these tools. The following post will focus on one of these additional aspects, which is finding problems related to the code size of the inspected code artifacts, by showing how to port two selected rules to sniffs for utilization with the PHP_CodeSniffer tool. These ported sniffs can be used to automatically spot obvious code smells in the code base and to signal the need to apply the appropriate and odour reducing activity known as refactoring. Further more a complete set of code size sniffs, going beyond the trageted realm of the sniffs to come, could be used to speed up the feedback loop and to reduce the effort for manual code reviews.

I've just commit a new script to PHP_CodeSniffer called phpcs-svn-pre-commit. It sits in the scripts dir with phpcs and phpcs.bat. This script was contributed by Jake Bates, who has also volunteered to maintain the Debian package, and will be available in the 1.1.0 release.

Running phpunit --group bug42 AllTests.php will run only the tests associated with bug #42, regardless of what files and groups those test methods span.

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.

This extension allows you to transliterate text in non-latin characters (such as Chinese, Cyrillic, Greek etc) to latin characters. Besides the transliteration the extension also contains filters to upper- and lowercase latin, cyrillic and greek, and perform special forms of transliteration such as converting ligatures such as the Norwegian "æ" to "ae" and normalizing punctuation and spacing.

One big issue of the PHP error handling is that there’s no built-in way to catch fatal errors with an user-defined error handler. So I thought a little bit about it and maybe you have better approaches or solutions … The short goal is to send the error via e-mail to the developer(s). As we are security-aware, we’re logging errors and do not display them to the world. (Hint: that should be your default on every production machine!)

# Comparisons of different coding standards. I'd worked up a comparison of eZ Components and Zend Framework standards to contrast against PEAR's. # Functional testing. Mike put a lot of effort into the unit testing section, and I'd done an additional section on functional testing -- testing against fixtures, such as test databases, sandbox services, etc. # Repository layout. Mike actually talked about this briefly, but we'd intended to show some designs for subversion layouts, and how to create and use branches and tags. # Subversion hook scripts. We mentioned their existence, and some uses, but we'd hoped to show how to add these to your repository, and some sample scripts. # Mailman. How to setup archived mailing lists. # Capistrano. Mike mentioned this tool in the talk, but did not have time to go into examples of usage.

The idea behind PHPSecInfo is to provide an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.

Inside is a check list of settings that are intended to harden the default PHP installation.

We have good news for those of you who fear the work of converting thousands of lines of source code manually: MySQL has developed a tool which helps you with the conversion of the code.

PHP_CodeSniffer is a PHP5 script that tokenises and "sniffs" PHP code to detect violations of a defined set of coding standards. It is an essential development tool that ensures that your code remains clean and consistent. It can even help prevent some common semantic errors made by developers.

In short, the point of template engines should be to separate your business logic from your presentation logic, not separate your PHP code from your HTML code.

This is an informal document to describe usage guidelines for exceptions in PHP5.

Learn about PHP (Hypertext Preprocessor) with this reading list compiled for programmers and administrators by IBM Web application developers.

What is the one true path to creating a successful PHP application? Does it exist? Does everyone know what it is? What dangers should I avoid? What works, what doesn’t? Is there a guide that will lead me down this path?

PHPLint is not simply a checker: it implements a new, strong typed, language implemented over PHP.

Structs instead of Arrays Imagine using overloading, then you can even implement automatic value checks into your data structures.

If you're anything like me, you enjoy writing code a lot more than you enjoy testing and debugging it. If we could produce higher quality code with less test and debug effort, we'd jump at the chance, right?

The rest of the work is performed by the excellent MDB2_Schema package, which has the ability to examine two schema files, generate a diff, and literally upgrade the database structure.

Ran into TestGen4Web today; a Firefox extension (needs 1.5 beta) to help automate testing of web applications, developed by Spikesource, a company making a name for themselves by testing Open Source applications.

This site is becoming a wiki. The #1 problem with the old site was the person running it.