31 Mar

LinkedIn Learning Course – Consuming RESTful APIs in PHP with Guzzle

LinkedIn Learning provides online training courses in a variety of subject matters. I’ve been honored to work with them on a few different courses at this point covering primarily PHP and related topics. The latest one went up earlier this week, it covers using Guzzle to communicate with RESTful APIs. APIs are a super popular tool in web development at practically all skill levels. You might start off just using something simple like the Google Maps API to put up a map on some sites and before you know it, you are building an API to be consumed by other software developers (or at least that was my path).

If you aren’t interested in working with Guzzle or RESTful APIs, take a look at the LinkedIn Learning site in general there are tons of courses on a wide variety of subjects.

You’ll be able to see any new courses I author at https://www.linkedin.com/learning/instructors/justin-yost.

23 Nov

Lynda Course – Test-Driven Development in PHP with PHPUnit

Lynda.com is a website that provides online training courses in a variety of subject materials. I’ve been honored to work with them on a few different courses at this point covering both PHP and Ember.js. The latest one went up earlier this month, it covers some of the basics in working with PHPUnit, a unit testing framework and perhaps more importantly learning the Test-Driven Design pattern. TDD is one the biggest things you as a developer and software engineer can do to level up yourself as a developer. It takes you from a style of manual refreshing, testing and looking at things to figure out if something worked to instead validating your software and proving it works the way it’s intended. I’ve embedded below a video covering some of the reasons you should use and do unit testing.

If you aren’t interested in TDD or PHPUnit, take a look at Lynda just in general there is probably something of interest for you learn from. Lynda prides itself on producing quality content and it shows both in the courses and in working with them.

You’ll be able to see any new courses I author at lynda.com/justinyost.

16 Apr

CakePHP 3.0, Use It In Pieces

One of the key goals of CakePHP 3.0 as discussed recently was making CakePHP 3.0 more decoupled. CakePHP 3.0 has achieved that goal very nicely. Take a look at the CakePHP organization’s repos on GitHub and you will find a long list of decoupled collections of classes that are all part of the overall CakePHP framework that can be used completely independently of CakePHP itself.

Perhaps you are interested in some of CakePHP’s utility classes, like the Security utility, which are a great resource for hashing and encrypting basic data (not passwords) that you want some amount of reasonable security applied to it. Or perhaps you are interested in CakePHP’s Validation system which provides for validating arbitrary arrays of data. The most complex and most interesting part of CakePHP 3 by far is even available for use independent of the rest of the CakePHP core, the ORM layer.

How about an example to help clarify how to use these different pieces in smaller projects. Let’s build a simple webpage that allows us to submit a contact form request and validate it using the CakePHP Validation Library.

I’m doing this in a new `index.php` file in a new directory. First we need to get the Validation Library in our directory.

$ composer require cakephp/validation

That creates a new `composer.json` and loads the CakePHP Validation package. Next in our `index.php` file we need to load the Composer autoloader and the CakePHP Validation Class.

namespace LoadsysTestValidation;
require dirname(__FILE__) . "/vendor/autoload.php";
use CakeValidationValidator;

Now at this point we can create a new instance of the Validator class and validate arbitrary arrays of data, like what we would get from `$_POST`.

$validator = new Validator();
$validator
  ->requirePresence('name')
  ->notEmpty('name', 'Name is required to be submitted.');
$errors = $validator->errors($_POST);

I worked out a complete example of this and posted it on GitHub as a sample if you need more details or insight into using the CakePHP packages.

The overall CakePHP framework may not be the right choice for everyone in every case. With the recent decoupling of the framework in the 3.0 branch, CakePHP can be more easily used for those times when you want to pick either the very best packages for your problem or you only need a limited subset of features from CakePHP for your web application.

This was previously posted on the Loadsys blog.

08 Jan

Meetup Talk on PHP: The Right Way

Think of this is a continuation of the topic from November (that one a PHP Classes 101), this one focused on the site http://www.phptherightway.com/ and other tools to help developers build PHP apps the “Right Way”. I also mentioned both The League of Extraordinary Packages as well as PHP-FIG.

Next month at the Las Vegas PHP Meetup, I’ll be speaking again on CakePHP 3.0 which just came out in RC 1, about a week ago.

06 Nov

Meetup Talk on PHP Classes 101

I presented at this week’s Las Vegas PHP meetup on PHP Classes and Object Oriented Programming. I did a quick run through of both the basics of OOP and how PHP classes and objects work. If you’ve done PHP OOP for any length of time most everything will be commonplace. Though I did add a bit about SOLID and we had a good discussion on the visibility of properties and methods that was useful for even an experienced user.

Each time I present the feedback says it goes better each time. I’m coming down hard against trying to either present code (outside of slides) or actually live code during a presentation. At least today, in the future after I’ve done this dozens of times I might change it up.

11 Apr

Talks I’ve Given In The Past Few Months

Since moving to Las Vegas, I’ve joined the PHP Users Group. Overall it’s been a great experience meeting people in the community and hearing about more PHP stuff. Since I’ve been there I’ve given a few talks and figured I should list them here.

First up, a talk that was an introduction to CakePHP. Probably my best talk out of the three listed. It was informative, with lots of questions and I knew the material really well (one would hope considering it is my day job).

Next was a talk on Ember.js, this one didn’t turn out so well. I under prepared for it, and it showed. It also didn’t help that I mostly based my talk on a co-worker’s slides. Overall this was novice hour for me. Moral of the story – don’t give talks unless you know the information and don’t try to base a talk using someone else’s work.

Last presentation was one on PHPUnit, which went ok. I knew the material better than the Ember stuff but there were a few weak areas. Overall I think it went pretty well but it could have gone better.

Some random thoughts on public speaking

Public speaking (of a sort) is something that I used to do much more often, it’s been good to stretch that part of my brain over the past few months and get a handle on delivering talks that deal with technical information for a generally technical audience. It is definitely something I want to do more of in the future and to get better at.

Not everyone may want to do this type of thing, but if you are interested in it, I would urge you to give it a shot. It is easier than what you think. I would suggest pick a topic you are very familiar with and can answer questions on the fly about. Feel free if you get a question that you can’t answer to say so, rather than present imprecise information.

06 Oct

Seldo.Com Blog – PHP needs to die. What will replace it?

Ten years later, I can feel the tide turning again. Developers’ expectations of languages have moved on. If the critical thing Perl was lacking was PHP’s wonderfully flexible "associative arrays" (aka smart hashes), then what PHP is lacking is lambdas and method chaining. While PHP used to be the language where you could write a web page in twenty lines of code, nowadays it doesn’t feel like you’re doing it properly unless you’ve laid down at least a basic MVC framework of some kind. That boilerplate code is the tell: the language now requires modification by a framework to do what you need.

Back then, I felt the die-hards clinging to Perl for web development were silly. Now, with ten years of PHP experience under my belt, I’m in the same position. I can knock out a good website in an hour in PHP, and an excellent one in a day or two. Its performance characteristics are well-known and understood, so I can make it scale pretty much indefinitely. Every developer we’d want to hire knows it, and every system we’d integrate with has a wrapper library written in it. I am trapped by the convenience of PHP in a language that is losing its suitability for the task.

via Seldo.Com Blog – PHP needs to die. What will replace it?. I know what he’s talking about PHP is a language that at times shows it’s age and is ridiculed by people on the latest and greatest (Node.js/Ruby on Rails/etc). That being said PHP has some advantages that anytime soon are going to be hard to meet in terms of ease of deployment (name a shared hosts that doesn’t have PHP on it), tools and frameworks (WordPress, CakePHP, etc). I use PHP for my day job every day and will probably still be using it years from now, but there are times I wish the language itself was more modern. For a great overview of issues with PHP from a language design standpoint Hypercritical Episode 17 goes into some of the problems.

18 Aug

Neal Poole – Cross-Site Scripting via Error Reporting Notices in PHP

A PHP application that displays error reporting notices and contains specific code patterns may be vulnerable to a cross-site scripting attack. I’ve confirmed this issue on PHP 5.2.17 and a snapshot of PHP 5.4 (I assume it affects other versions of PHP as well). This issue was filed as Sec Bug #55139 back in July, but it was recently closed as “bogus” by a member of the PHP team, making the report public.

When display_errors is enabled and a PHP notice is generated, none of the text of the notice is HTML-encoded. That means if an attacker can control part of the notice text, they can inject arbitrary HTML and JavaScript into the page. Certain specific coding patterns make such an attack possible.

via Neal Poole – Cross-Site Scripting via Error Reporting Notices in PHP. Though to be fair you probably shouldn’t be using display_errors in a production site.