Hello.World

I have been using Zend Studio for quite a while now as my primary PHP IDE. To get the powerful remote debugging and profiling that comes with the tool you used to have to install Zend Studio Server as well. With the release of version 5.5 however, Zend stopped shipping Studio Server and forced developers to install the Zend Platform instead. This is a commercial tool (free to developers) available from Zend that offers PHP acceleration, caching and other features … that I don't want! I just want my debugging back, without having to bloat my local server with software I will not use elsewhere - especially when the Zend Platform does not support APC, which we run on our servers, and it also broke my web application.

It turns out that we do not need the Zend Platform at all. As part of the PDT Eclipse project Zend has made available a standalone version of their debugger. This can be downloaded from here: http://downloads.zend.com/pdt/server-debugger/

Then you just need to put the .so or .dll file in the correct location and add a few lines to your PHP.INI file and you are away. Here are the lines I had to add to my PHP.INI, which is running inside a Debian VMWare image. Note the commas separating the IP numbers - this took me a few goes to work out as the examples showed spaces or forward-slashes which didn't work for me.

Why did Zend make this so hard to work out? Reading on different blogs and through the Zend forums highlights that this issue has been a source of frustration for many developers. Grrrr…

I found a very useful tool today - the Data Generator. It generates large volumes of random, custom data for use in testing software. The tool is a free download, and can generate data in the following formats:

• HTML
• Excel
• XML
• CSV
• SQL

There is an online demo available that is limited to 200 results. Click here to find out more…

Introducing a new technique to allow efficient reuse of JavaScript and CSS - effectively allowing you to download the code once and then inject it into Iframes. This solution is targeted at Web Applications which commonly use Iframes for complex layouts and to control memory usage in larger apps without moving to the complexity of a Single Page Interface (SPI). Along the way we summarise and explain other methods available to developers for minimising their code and speeding up the loading time of their application.

With the next generation of Web Applications upon us the challenges faced by the average web developer have broadened. Understanding and confronting issues like memory leaks, bandwidth, load times and JavaScript processing time is becoming more of an everyday focus for web developers than ever before.

Fortunately we now have the tools available to help. On the developers machine the Web Developer Toolbar and Firebug for example are essential. And within the applications themselves we find increased usage of JavaScript libraries such as Dojo, jQuery, Prototype, YUI and widget frameworks like Ext, which provide a layer of abstraction and freedom for developers from some of these issues.

The increased usage of JavaScript however brings other challenges. Particularly in the world of Web Applications where the use of Widgets (tabs, grids, menus etc) is more likely, it is not uncommon for the volume of JavaScript and CSS to quickly accumulate from tens to a few hundred kb of code. This is a far cry from ideal, but is also to a certain extent unavoidable if that is the type of application you are supporting.

What can a developer do to minimise this issue? There are several very effective methods that can be explored:

Compacting Your Code
This is acheived by stripping out comments and unneccesary white-space which can drastically reduce the size of your files - sometimes cutting them in half. Recommended tools: Dean Edwards Packer or Douglas Crockford's JSMin. You could apply the same theory to your CSS as well.

File Compression
Using GZIP or Deflate can drastically reduce the downloaded file size (but should be used wisely). You can read more on this here.

Combining Multiple Files
In general browsers download only two or four files in parallel per hostname, depending on the HTTP version of the response and the user’s browser. On top of that it seems that JavaScript files are loaded synchronously and sequentially as they appear in your code. This means that only one JavaScript file can be downloaded at a time - and each file must be completely downloaded and then interpreted before the next download can begin. Reducing the number of HTTP requests by combining your JavaScript and CSS files into single files will definitely help improve your applications response times. Using CSS Sprites to combine your images into a single file and re-use with CSS is also an extension of this principle and is a very effective technique.

Caching
Server-side caching can help speed the up the delivery of page content. Also understanding browser caching and how to control this using file headers can make a difference - but again should be used wisely.

These techniques have been around for quite a while now. But this leads me to the real point of this post!

"Injection" Introduced

When it comes to the world of Web Applications (as opposed to a "website") where the use of Iframes is more likely, there is another technique that can be explored - "Code Injection".

I became aware of this technique while trying to interpret some very lengthy posts from Choleriker on the Ext forums. I thank Choleriker for taking the time to explain the concepts. I thought I would share my interpretation of this technique, as well as provide some examples to see it in action as requested by other developers in the forums.

First of all - what is this "code injection" that I am referring to?

Explained
In breif, the technique basically involves loading your JavaScript and CSS only once and then re-using it inside any iframes without downloading it again. This is acheived by loading your code "inline" inside the top level page of the application. The top page then makes the JavaScript and CSS available as two variables that can be called from the iframes directly. So the code is passed or "injected" from the top level page into any iframes using JavaScript.

Benefits?
There are several benefits to this technique - the most obvious being that you only download your JavaScript and CSS once, no additional downloads required. If you normally compress your JavaScript files using GZIP you likely know that there is a performance hit in the client browser to decompress the code before it can be used. This is no longer an issue for the reused code. And there is no longer any concerns with browser caching issues. Another big plus is that the CSS and JavaScript is being loaded as part of your actual page - i.e. there are no other additional files to download, which will improve the response times as described above.

Downsides?
I guess that the technique requires iframes. In time I guess/hope the principles of the technique may be able to be used in other perhaps more elegant ways that I haven't thought of yet. Another downside is the need to load your JavaScript and CSS inline. This was initially repugnant to me, mainly due to my background in website development. But in an Application is it really a big deal? I have decided it does not outweight the benefits.

Another perceived downside is that you have to get all of your JavaScript and CSS into a format that is loaded inline - but of course you still want to work with your separate "clean" files as you are used to. This should be viewed as an opportunity! It is likely time to implement a number of techniques as discussed above. My recommended technique is to have a server-side script that does the following:

• Combines the required JavaScript and CSS files
• Compacts the code by stripped white-space, comments etc
• Caches the output code to a file on the server
• Include the code inline using PHP or some other scripting language

I may provide some code for doing this in PHP in the future. In the meantime you might want to look at the "Combine" script from Niels Leenheer to get started.

Sample Application
So - how about an example? Click on the image below to see this technique in action. The example is built using Ext 1.0 Beta 2. It is a top level page which generates an Ext Layout with panels. The right-hand panel contains an iframe which receives the JavaScript and CSS from the top level page - it has not downloaded any files except the required images.

The secret to this working is the following code in the Top Page:

A look at the files downloaded reveals the benefits - the iframe had nothing to download but the basic page itself. The JavaScript and CSS were downloaded only once as part of the top page. This top page was a reasonable size - but Ext is not small, and we can see the GZIP compression kicking in:

Conclusion
So - should you use this technique? That depends on your application and your preference. The objective of this post was to simply introduce a concept that was new to me, and I am sure is new to many others. It is simply another technique to add to a developers toolbox.

PS: I am very interested what other developers think of this technique and what they perceive as the advantages and disadvantages. I also have a question - does this technique expose any security holes I should be aware of?

In an initiative to improve the sucurity of PHP, experts from the Hardened PHP Project have launched the "Month of PHP Bugs".

Stefan Esser’s, widely regarded as an authority on PHP security issues, plans to make daily disclosures on buffer overflows, double free vulnerabilities and trivial bypass bugs in PHP’s protection features as part of a wider goal “to make people and especially the PHP developers aware that bugs in PHP exist.”

Some of these bugs have already been addressed in PHP 5.2.1. Others are fixed by the Suhosin patches and extensions from Stefan Esser, which are freely downloadable here. Others hopefully will be addressed in the very near future by the PHP development team.

To find out more about this initiative visit the PHP Security website.

PHP 5.2.1 was officially released yesterday, and it is possibly the time for PHP 4 die-hards or PHP 5/5.1 users to upgrade. Why? Consider the following:

New Features in PHP 5.2.1

• New Extensions
• JSON (JavaScript Object Notation)
• Filter Extension (simple input validation)
• ZIP (Full zip compression support read & write)
• Date (date manipulation functions/objects)
• __toString() now works everywhere
• E_RECOVERABLE_ERROR (fewer fatal errors)
• New SPL features (Regex Iterators, SplFileObject CSV support, Caching Iterator)
• Data: stream support
• And many other “minor” features

Performance Enchantments

• New & Improved Memory Manager + Heap Protection
• Faster include/require_once
• Optimized str_replace() and implode() functions
• Faster try {} catch {} blocks
• Significantly faster performance on Win32
• Optimized shutdown sequence
• Many other optimizations

Improved Security

• New configuration option allow_url_include (disabled by default)
• Over 40 security fixes compared to any prior release.
• More accurate memory usage tracking
• Filter extension can help filter out hostile input preventing
• XSS, SQL Injection and other nastiness.
• Memory limit is always enabled.

Improved Stability

• PHP 5.2.1 includes hundreds of bug fixes compared to previous releases, over 300 since 5.1.6
• Chances are that if you’ve reported a PHP bug in the last 6-8 months, PHP 5.2.1 has the fix for it.

If you are interested in migrating from earlier versions of PHP please see the guide provided by Ilia Alshanetsky.

I have been waiting for an update to Zend Studio for a few months - particularly hoping for support of SubVersion 1.4. Zend delivers this and more in the beta release of Studio 5.5. One of the most exciting enhancements for me is the integration of support for the Zend Framework.

Here is a complete list of the feature enhancements in version 5.5:

Zend Framework Integration:

• Enable code completion for Zend Framework
• View Zend Framework classes and functions in the PHP Inspector View
• View source and debug into Zend Framework code

Source Control:

• Explorer: highlights file labels according to their status in source control (added, merged with conflicts, modified, not versioned and up to date)
• Source Control file status highlighting is customizable (from the Preferences dialog)
• Can easily switch between CVS and Subversion support
• Support for Subversion 1.4

PHP 5.2:

• New PHP 5.2 Support

General:

• Installation support for Mactel (Install Anywhere 8 )
• Support for antialiasing (via Preference settings)

Editor:

• Supports opening URLs from the Editor using right click

Web Services Support (SOAP):

• Support for URLs in SoapClient Constructors

Java:

• Embedded Java code completion of packages and classes in PHP code
• Configure the Workspace's default JRE / JDK
• Configure project specific preferences
• Nested Java code completion

Zend Platform 3.0 Integration:

• View Zend Platform Events in a dedicated Events List window
• Customize, sort and filter Event List entities
• Limit number of visible rows and initiate auto refresh
• View Events from user-selected servers
• Direct access to Platform's Configuration dialog from the toolbar / menu
• Configure Zend Platform's GUI URL and authentication information

One of the most talked about features of the Zend Framework is its port of the Apache Lucene project - a Java-based full-text search-engine framework. The Zend Framework allows PHP developers to use Lucene without requiring additional PHP extensions or Java, or even a database.

The theory is that Zend_Search_Lucene overcomes the usual limitations of relational databases with features such as:

• Fast indexing
• Ranked result sets
• A powerful but simple query syntax
• The ability to index multiple fields

Lucene is well-known for it's speed. For an example have a look at DamnFastDotLucene - this demo site tests the performance of a .Net implementation of Lucene on quite a large set of documents:

• 9150 text files from the Gutenberg Project
• The total size of indexed documents is 3.5 GB
• The index size is 880 MB
• The Hardware: Pentium 4 3Ghz 800/1MB Cache, 1 GB DDRII Kingston 533, Western Digital Raptor 80GB

The result - it takes approximately the same time to search 5 MB of text as it does to search 3.5 GB of text. I was getting speeds less than 0.125 seconds. That is fast.

That was .Net though - what about the PHP implementation in the Zend Framework?

The reality for PHP developers using the Zend Framework may be a little different from the hype. Some developers are reporting Zend_Search_Lucene as being significantly slower than the queries being run from MySQL or PostGres. Have a look at the following comments in the Zend Framework Mailing List for details.

To be fair it is only very early days for the Zend Framework and Lucene - the project is still in early Alpha. However it is already being adopted by the community for live projects.

If you want to learn more about Zend_Search_Lucene I recommend the following links:

• A new Tutorial on using Zend_Search_Lucene
• The Zend Framework Manual

If you have any experiences with Zend_Search_Lucene that you would like to share I would appreciate hearing about it…

I don't know about you - but I always learnt to open and close my PHP files properly:

And yet now I am learning for the very first time that the closing PHP tags are not necessary, and in fact in some cases is not recommended!

The first clue I received was when I downloaded the Zend Framework. I noticed that most of the files were missing the closing tags (?>). Then somebody raised the issue on the Zend Framework Mailing List and the penny dropped:

• PHP files have apparently never required closing tags
• Leaving out the closing tags helps prevent whitespace sneaking into the ouput and messing with functions like header(), session_register() functions etc.

Well, that is definitely a new thought for me - and not one I have ever read anywhere. It sounds like it will make it into the Zend Coding Conventions though, so take note

For those who want to get started on the Zend Framework, Chris Shiftlett has just written a 6 page tutorial for the php|architect website. It is a good introduction to how the framework fits togethor, and will demonstrate how to structure a web application/site using the MVC (Model-View-Controller) approach.

Chris Shiftlett is a PHP security consultant and he developed a lot of the security features (input filtering etc) in the framework - his tutorial is certainly worth a look…

After many weeks of waiting impatiently the Zend Framework has finally arrived - proving that it is not the "vapourware" it has been labelled by many.

The news came from Zend came just a few minutes ago, and includes the following announcements from Andi Gutmans:

We have finally updated the static PHP Collaboration Project page which now points to the individual projects which we have started:

The Zend Framework - We have released a preview release of the Zend Framework. I'd like to thank all the initial contributors who have been of tremendous help in getting this off the ground. There is a lot of work still to do, but after having already seen four applications build with the framework, it is clear that it already includes some very cool and useful modules.

The Eclipse PHP IDE framework - We have submitted a proposal to the Eclipse Foundation for a community based open-source PHP IDE framework. If all goes well in next week's creation review, we will be submitting the initial code drop shortly thereafter. In the spirit of Eclipse, we have already reached out to community members, including the PHP/Eclipse project, and have received great interest to join the effort.

The Zend Developer Zone - We have launched our new developer zone. The goal of this developer zone is to provide best practices with high-quality content from partners and the community. We already have many companies and invidiuals lined up to collaborate around this site who will share their knowledge for the benefit of the PHP community. The site will cover many aspects of best practices including Zend Framework use, interoperating with other technologies, and general PHP best practices around subjects such as security. The Zend Developer Zone is still under active development so expect further changes in the coming week.

Here is a run-down of the features/classes included in the initial Framework release:

Zend_Controller and Zend_View

These components provide the base for a simple MVC website and are already used on the Zend Framework site and several others. A front controller dispatches requests to page controllers. It is as minimalist as possible and it will become even simpler. The Zend_View component provides encapsulation for view logic. It can use templates written in PHP or can be combined with a third-party template engine.
more >>

Zend_Db

Database access is a very light layer on top of PDO. Solutions for existing systems not using PDO (such as mysqli or oci8) are presently under development. Included are adapters, a profiler, a tool to assist with building everyday SELECT statements, and simple objects for working with table row.
more >>

Zend_Feed

The links on the sidebars of Zend Framework home page are generated using Zend_Feed. This component provides a very simple way to consume RSS and Atom data from feeds. It also includes utilities for discovering feed links, importing feeds from different sources, and feeds can even be modified and saved back as valid XML.
more >>

Zend_HttpClient

This component provides a client for the HTTP protocol and does not require any PHP extensions. It drives the web services components. In time, Zend will develop support for extension-based backends such as cURL.
more >>

Zend_InputFilter

The input filtering component encourages the development of secure websites by providing the basic tools necessary for input filtering and validation.
more >>

Zend_Json

Easily convert PHP structures into JSON for use in AJAX-enabled applications.
more >>

Zend_Log

Log data to the console, flat files, or a database. Its no-frills, simple, procedural API reduces the hassle of logging to one line and is perfect for cron jobs and error logs.
more >>

Zend_Mail and Zend_Mime

Almost every internet application needs to send email. Zend_Mail, assisted by Zend_Mime, creates email messages and sends them. It supports attachements and does all the MIME dirty work.
more >>

Zend_Pdf

Portable Document Format (PDF) from Adobe is the de facto standard for cross-platform rich documents. Now, PHP applications can create PDF documents on the fly, without the need to call utilities from the shell, depend on PHP extensions, or pay licensing fees. Zend_PDF can even modify existing PDF documents. Create a sharp customer invoice in Adobe Photoshop, fill in the order from Zend_Pdf, and send it with Zend_Mail.
more >>

Zend_Search_Lucene

The Apache Lucene engine is a powerful, feature-rich Java search engine that is flexible about document storage and supports many complex query types. Zend_Search_Lucene is a port of this engine written entirely in PHP 5, allowing PHP-powered websites to leverage powerful search capabilities without the need for web services or Java. Zend_Search_Lucene's file format is fully binary with its Java counterpart.
more >>

Zend_Service: Amazon, Flickr, and Yahoo!

Web services are becoming increasingly important to the PHP developer as mashups and composite applications become the standard for next generation web applications. The Zend Framework provides wrappers for service APIs from three major providers to make the as simple to use as possible. There is working on more wrappers and engaging API vendors directly to make PHP the premier platform for consuming web services.
more >>

Zend_XmlRpc

PHP 5's SOAP extension dramatically lowered the bar for communicating with SOAP services from PHP. Zend_XmlRpc brings the same capabilities to XML-RPC, mimmicking the SOAP extension and making these services easier to use than ever from PHP 5.

________

It's time to verify if this was worth the wait - click here to download the Framework (7.8Mb)