PHP & Web Development Blogs

Hello folks! This post is for those of you using Laravel. This beautiful framework makes web development super-easy compared to most of competitors. In the heart of Laravel is the Application class, which is responsible for bootstrapping, registering services and also serves as a dependency injection container. What I do with my Laravel apps, is that I take a slight detour from the common path by adding a custom Application class. While this is not really necessary, I find this approach nice, and will try to share my thought below.

It's normal practice in Laravel world to build all kinds of objects like this:

$cache = app("cache");

I find it a bit confusing to call app("cache"") and expect a Cache\Repository instance as result. If I pass the result of this call to a function that requires a Cache\Repository as parameter, I will probably have a code inspection warning from IDE. Moreover, if I want proper autocompletion, I will have to add additional comment:

$cache = app("cache");

This is where a custom application class might be handy:

namespace App;
class MyApp extends Application
{
 public function cacheRepository(): Repository
 {
 return $this->make(Repository::class);
 }
}

This way I get a TypeError in case of a misconfiguration, and I have a type-hint which allows the IDE to recognize the return value. Bye-bye nasty comment lines and IDE warnings! I make a method per service, with type-hints, like dbConnection() or viewFactory() - works really well for me!

I also thought that, if I have a custom class, then all the custom setup that normally you have in bootstrap/app.php, should reside in that custom class:

namespace App;
class MyApp extends Application
{
 public function __construct()
 {
 define('LARAVEL_START', microtime(true));
 define("APP_ROOT", realpath(__DIR__ . "/../"));
 parent::__construct(APP_ROOT);
 $this->setUp();
 }
 private function setUp()
 {
 $this->singleton(
 Contracts\Http\Kernel::class,
 \App\Http\Kernel::class
 );
 }
}

Then your bootstrap/app.php becomes just this:

return new \App\MyApp;

The Laravel app() function will also return an instance of MyApp from now on. However, it's @phpdoc says it returns \Illuminate\Foundation\Application, so for better clarity, I also added my own accessor method:

namespace App;
class MyApp extends Application
{
 public static function app(): self
 {
 
 $ret = parent::getInstance();
 return $ret;
 }
}

I tend to limit the use of global/static functions and methods, but sometimes it can be handy, and whenever I need an instance of MyApp, I just call MyApp::app(). The IDE wil be aware of the return type due to the type-hint, so I get everything I want for clean and clear development.

With your projects in Laravel, you may or may not want to follow this particular advice, but just be aware that extending a framework built-in classes for your team's comfort, is definitely something that can make your life easier. See you around, don't forget to leave comments!

Ever wanted to publish your own extension for PHP but stopped by the lack of C language background? Well, maybe it's time for another take. Zephir language is targeted at people like you.

If you follow this link, you will find these words that say a lot about this project:

Zephir, an open source, high-level language designed to ease the creation and

maintainability of extensions for PHP with a focus on type and memory safety.

Its syntax highly resembles that of PHP, only there's no dollars scattered around your code. Dollar signs, I mean, the PHP $variables. You only can create object oriented extensions, and all the classes written in Zephir must be namespaced. A different and stricter type system exists in Zephir, which allows for transpiling the code you write, into a real C extension.

Why would you need it? This question is largely answered here: Why Zephir. I can only add that, from experience, if you expect a crazy performance boost, you probably won't get it. First, most of the time the bottleneck is not PHP but the IO: database interactions, network and filesystem interactions etc. You won't gain anything by switching to different programming language, in that regards. However, some CPU-intensive calculations may run a lot faster, and if you worry about someone stealing you intellectual property - it also might be worth checking out, because then you can ship your software in form of a binary.

Zephir is the language in which the fastest modern PHP framework is written - Phalcon. Whether or not to use it - decide for yourself, it obviously has its pros and cons. But it's certainly interesting to know that you have the ability to approach some of your tasks completely differently!

See you around, and feel free to comment!

PHP is an incredibly powerful programming languaage, one that powers roughly 80% of the web! But it's also one of the easier languages to learn as you can see your changes in real time, without having to compile or wait for the code to repackage your app or website.

Defining a PHP script

To get started, create a file called "myfirstpage.php." You can actually call it anything you'd like, but the important part here is the extension: .php. This tells the server to treat this page as a PHP script.

Now let's go ahead and create a basic HTML page:

<html>

<head>

<title>Hello</title>

</head>

<body>

Hello

</body>

</html>

Go ahead and save your page and upload it to any host that supports PHP. Now visit your page and you should see a page that outputs "Hello."

Echo content

Now let's add some PHP code to our script. To signal the server to render PHP code we first open with the <?php tag, then we write our PHP code, and finally close it with the ?> tag. This is important as if we were creating an XML file and forgot to escape the opening XML tag which also has a question mark, we would run into a fatal error.

Now let's write some PHP code that tells the server to echo specific output. To echo or print the content on the page we can use the echo statement in our PHP code by placing the text we want to echo in single quotes and then end the command with a semi colon. Let's echo out "there!":

<html>

<head>

<title>Hello</title>

</head>

<body>

Hello <?php echo 'there!'; ?>

</body>

</html>

Now upload your script and test it on your webhost. You should now see "Hello there!" on your screen. Now this isn't as exciting since we could do the same thing in HTML without PHP, so let's create dynamic content based on the URL string.

Using $_GET

PHP allows you to interact with your visitors and handle incoming data. This means that you can use either the URL (querystring) or forms to retrieve user input. There are additional ways to access data as well, but we will not be covering those in this introduction.

In your browser, add the following to the end of your url: ?name=yourname

The full URL should now look like myfirstpage.php?name=yourname

You'll notice when you visit this page nothing happens - so let's change that! To access the value of name in the querystring, we can use $_GET['name'] like so:

<html>

<head>

<title>Hello</title>

</head>

<body>

Hello <?php echo $_GET['name']; ?>

</body>

</html>

You'll notice that unlike the text "there!" that the GET is not in quotes - this is because this is a variable and by not placing it in quotes we're telling PHP to render this as a variable and not as text. If we leave the single quotes, instead of saying "Hello yourname" it would say "Hello $_GET['name']."

Using logic and defining variables

Along with getting user input, you can also create conditions to determine what content should be output. For example, we can determine whether or not to say "Good morning" or "Good evening" depending on the time, along with your name using the querystring.

To do this, we'll be using if, elseif, and else along with the PHP date() function. You can learn more about how to use different date formats to output the date here, but we'll be using the date() function to get back the hour of the day (based on the server's time) between 0 (midnight) and 23 (11pm). We'll then use greater than (>) to determine what to assign to our $time variable which we'll output with the user's name.

<html>

<head>

<title>Hello</title>

</head>

<body>

<?php

if(date("G") > 18) {

$time = 'evening';

} elseif (date("G") > 12) {

$time = 'afternoon';

} else {

$time = 'morning';

}

echo 'Good '.$time.' '.$_GET['name'];

?>

</body>

</html>

Now upload your script again to the web server and refresh the page. Depending on the time of the server you should see either Good morning, Good afternoon, or Good evening followed by your name.

If you get an error, or the page is blank, make sure you have closed all of your quotes and have a semicolon after your statements/ commands. Missing a quote or semicolon is one of the most common causes of PHP errors.

You may also receive an error if the timezone has not been set on your server. To resolve this (or change the timezone/ output of the script) try adding this line as the first line following the opening PHP bracket (<?php):

date_default_timezone_set('America/Los_Angeles');

With that you have created your first PHP script and have already taken advantage of many of the fundamentals used in every PHP program. While there is more to learn you are well on your way, and have a great start on defining variables, using user input, and taking advantage of PHP's built in functions.


Want more? Go even further with our Beginning PHP video training course!

It's 2018, and you're a top-notch modern web developer, with a load of knowledge and tools right there at your disposal: Google and StackOverflow, debugger with a GUI, IDE with autocomplete, you name it. Occasionally, though, you still find yourself in a plain old text console on a remote server, or you have to do something without IDE, or there is no network connection... In such cases it might be helpful to feel comfortable in a simple terminal. In this post I'm going to list some switches for the PHP command that you can use to get information and some utilities.

Getting basic information about PHP

$ php -i
phpinfo()
PHP Version => 7.2.10-0ubuntu1

System => Linux awesome 4.18.0-10-generic #11-Ubuntu SMP Thu Oct 11 15:13:55 UTC 2018 x86_64
Build Date => Sep 13 2018 13:38:55
Server API => Command Line Interface
Virtual Directory Support => disabled
...

Full information about your PHP interpreter. Pipe the output to the Unix less command in order to get pagination and search: php -i | less. Type Q to exit the less shell. Some distros might lack less, in that case you may try php -i | more, which doesn't give you search but still has pagination.

Want a short summary of which PHP extensions you have? Just ask:

$ php -m
[PHP Modules]
calendar
Core
ctype
date
dom
ds
exif
...

More specific info about core and extensions' functions and classes

Full information about functions and classes provided by an extension:

$ php --re ds
Extension [ <persistent> extension #46 ds version 1.2.6 ] {

 - Dependencies {
 Dependency [ json (Required) ]
 Dependency [ spl (Required) ]
 }

 - Classes [11] {
 Interface [ <internal:ds> interface Ds\Hashable ] {

 - Constants [0] {
 }

 - Static properties [0] {
 }
...

Information on a specific class:

$ php --rc Ds\Vector
Class [ <internal:ds> <iterateable> final class Ds\Vector implements Ds\Sequence, Traversable, Countable, JsonSerializable, Ds\Collection ] {

 - Constants [1] {
 Constant [ public integer MIN_CAPACITY ] { 8 }
 }

 - Static properties [0] {
 }
...

Same for a function:

$ php --rf fopen
Function [ <internal:standard> function fopen ] {

 - Parameters [4] {
 Parameter #0 [ <required> $filename ]
 Parameter #1 [ <required> $mode ]
 Parameter #2 [ <optional> $use_include_path ]
 Parameter #3 [ <optional> $context ]
 }
}

Utilities

Ever found yourself creating a dummy PHP file of just a few lines - only to be run once and then deleted? The -a switch might be what you're looking for:

$ php -a
Interactive mode enabled

php > var_dump(join(", ", [1, 2, 3]));
php shell code:1:
string(7) "1, 2, 3"
php > 

It starts an interactive shell so you can type any PHP code and execute it straight away. Requires PHP to be compiled with readline support (most distros have that anyway).

Want a quick check for any parse/syntax errors in a PHP file? Use linter:

$ php -l test.php 
PHP Parse error: syntax error, unexpected 'array_shift' (T_STRING) in test.php on line 4
Errors parsing test.php

It has a web-server!

Yes! Just in case you missed it, as of PHP 5.4.0, the CLI SAPI provides a built-in web server. Want a quick look at a web page generated by an app? Here you go:

$ cd /my_application/document_root
$ php -S localhost:8000

Then open http://localhost:8000/ in your browser of choice and enjoy!

Hope you also have enjoyed this reading. Your feedback and questions are always appreciated!

In today's digital age, where data breaches and cyber attacks are increasingly prevalent, safeguarding sensitive information is paramount. Cryptography, the art of secure communication, plays a crucial role in ensuring data confidentiality, integrity, and authenticity. Implementing cryptography in PHP, one of the most widely used server-side scripting languages, offers a robust means to protect your data. In this guide, we'll explore how to utilize cryptography effectively in PHP to enhance the security of your applications.

Understanding Cryptography Basics

Before diving into PHP implementations, it's essential to grasp the fundamental concepts of cryptography. At its core, cryptography involves techniques for encrypting plaintext data into ciphertext to conceal its meaning from unauthorized parties. Key aspects of cryptography include:
   
. Encryption: The process of converting plaintext data into ciphertext using an algorithm and a secret key. This ciphertext can only be decrypted back to its original form using the appropriate decryption key.
   
. Decryption: The reverse process of encryption, where ciphertext is transformed back into plaintext using the decryption algorithm and the correct key.
   
. Symmetric Encryption: A type of encryption where the same key is used for both encryption and decryption. Examples include AES (Advanced Encryption Standard) and DES (Data Encryption Standard).
   
. Asymmetric Encryption: Also known as public-key cryptography, it involves a pair of keys: a public key for encryption and a private key for decryption. RSA and ECC (Elliptic Curve Cryptography) are common asymmetric encryption algorithms.

Implementing Cryptography in PHP

PHP provides robust cryptographic functions through its OpenSSL and Mcrypt extensions, allowing developers to implement various encryption techniques easily. Here's a step-by-step guide on how to perform common cryptographic operations in PHP:

1. Symmetric Encryption

<?php
$encryptionKey = openssl_random_pseudo_bytes(32);

$plaintext = "Sensitive data to encrypt";
$ciphertext = openssl_encrypt($plaintext, 'aes-256-cbc', $encryptionKey, 0, $iv);

$decryptedText = openssl_decrypt($ciphertext, 'aes-256-cbc', $encryptionKey, 0, $iv);

echo $decryptedText;
?>

2. Asymmetric Encryption

<?php
$config = array(
 "digest_alg" => "sha512",
 "private_key_bits" => 4096,
 "private_key_type" => OPENSSL_KEYTYPE_RSA,
);
$keyPair = openssl_pkey_new($config);

openssl_pkey_export($keyPair, $privateKey);
$publicKey = openssl_pkey_get_details($keyPair)["key"];

$plaintext = "Confidential message";
openssl_public_encrypt($plaintext, $encrypted, $publicKey);

openssl_private_decrypt($encrypted, $decrypted, $privateKey);

echo $decrypted;
?>

Best Practices for Cryptography in PHP

While implementing cryptography in PHP, it's essential to adhere to best practices to ensure maximum security:
   
. Use Strong Algorithms: Always use widely recognized cryptographic algorithms like AES for symmetric encryption and RSA for asymmetric encryption.
   
. Key Management: Safeguard encryption keys carefully. Utilize secure key management practices, such as storing keys in secure vaults and rotating them regularly.
   
. Data Integrity: Implement mechanisms to verify data integrity, such as HMAC (Hash-based Message Authentication Code), to detect tampering attempts.
   
. Secure Communication: When transmitting encrypted data over networks, use secure protocols like HTTPS to prevent eavesdropping and man-in-the-middle attacks.
   
. Stay Updated: Keep PHP and cryptographic libraries up to date to patch any security vulnerabilities and ensure compatibility with the latest cryptographic standards.

By following these guidelines and leveraging the cryptographic capabilities of PHP, developers can strengthen the security posture of their applications and protect sensitive data from unauthorized access. Remember, effective cryptography is not just about encryption but also encompasses key management, integrity verification, and secure communication practices. With diligence and proper implementation, PHP can be a powerful tool for building secure and resilient systems in today's digital landscape.