[fixed] In large PHP files (over 2000 lines) code parsing was very slow.
[fixed] Built-In PHP executables crashed on Warning or Error during local run/debug.
[fixed] JavaScript Validator threw Java Null Pointer Exception.
[fixed] Error "Unsupported Content Type" occurred when opening a PHP file from the SVN Repositories or CVS Repositories view.
[fixed] Using the keyboard shortcut Toggle Breakpoint (Ctrl+Shift+B) resulted in a breakpoint of a wrong type (JS instead of PHP). NB: the fix will work only after workspace reset.
[fixed] Hyperlinks in tooltips were not working.
[fixed] Code Formatter used to remove the leading backslash in namespaced paths.
[fixed] When opening the Project Properties through the main menu (Project | Properties) the Remote Server Support page was not available.
[fixed] Refactor/Rename keyboard shortcut (Shift+Alt+R) was not working due to a conflict.

[improvement] Remote Server Support does not perform full re-scan of the remote resources, unless necessary.
[improvement] The Remote Search page has been removed from the Search dialog, because this functionality does not exist.
[improvement] Added keyboard shortcuts for file upload/download in Remote Server Support (Shift+Alt+P,U and Shift+Alt+P,D).
[improvement] PHP 5.3 is the new workspace default.

[update] Zend Framework Example Project (Guestbook) has been updated to the latest version from the Zend Framework project site.

It turns out that we do not need the Zend Platform at all. As part of the PDT Eclipse project Zend has made available a standalone version of their debugger. This can be downloaded from here: http://downloads.zend.com/pdt/server-debugger/

Then you just need to put the .so or .dll file in the correct location and add a few lines to your PHP.INI file and you are away. Here are the lines I had to add to my PHP.INI, which is running inside a Debian VMWare image. Note the commas separating the IP numbers – this took me a few goes to work out as the examples showed spaces or forward-slashes which didn't work for me.

Why did Zend make this so hard to work out? Reading on different blogs and through the Zend forums highlights that this issue has been a source of frustration for many developers. Grrrr…

• HTML
• Excel
• XML
• CSV
• SQL

There is an online demo available that is limited to 200 results. Click here to find out more…

With the next generation of Web Applications upon us the challenges faced by the average web developer have broadened. Understanding and confronting issues like memory leaks, bandwidth, load times and JavaScript processing time is becoming more of an everyday focus for web developers than ever before.

Fortunately we now have the tools available to help. On the developers machine the Web Developer Toolbar and Firebug for example are essential. And within the applications themselves we find increased usage of JavaScript libraries such as Dojo, jQuery, Prototype, YUI and widget frameworks like Ext, which provide a layer of abstraction and freedom for developers from some of these issues.

The increased usage of JavaScript however brings other challenges. Particularly in the world of Web Applications where the use of Widgets (tabs, grids, menus etc) is more likely, it is not uncommon for the volume of JavaScript and CSS to quickly accumulate from tens to a few hundred kb of code. This is a far cry from ideal, but is also to a certain extent unavoidable if that is the type of application you are supporting.

What can a developer do to minimise this issue? There are several very effective methods that can be explored:

Compacting Your Code
This is acheived by stripping out comments and unneccesary white-space which can drastically reduce the size of your files – sometimes cutting them in half. Recommended tools: Dean Edwards Packer or Douglas Crockford's JSMin. You could apply the same theory to your CSS as well.

File Compression
Using GZIP or Deflate can drastically reduce the downloaded file size (but should be used wisely). You can read more on this here.

Combining Multiple Files
In general browsers download only two or four files in parallel per hostname, depending on the HTTP version of the response and the user’s browser. On top of that it seems that JavaScript files are loaded synchronously and sequentially as they appear in your code. This means that only one JavaScript file can be downloaded at a time – and each file must be completely downloaded and then interpreted before the next download can begin. Reducing the number of HTTP requests by combining your JavaScript and CSS files into single files will definitely help improve your applications response times. Using CSS Sprites to combine your images into a single file and re-use with CSS is also an extension of this principle and is a very effective technique.

Caching
Server-side caching can help speed the up the delivery of page content. Also understanding browser caching and how to control this using file headers can make a difference – but again should be used wisely.

These techniques have been around for quite a while now. But this leads me to the real point of this post!

"Injection" Introduced

When it comes to the world of Web Applications (as opposed to a "website") where the use of Iframes is more likely, there is another technique that can be explored – "Code Injection".

I became aware of this technique while trying to interpret some very lengthy posts from Choleriker on the Ext forums. I thank Choleriker for taking the time to explain the concepts. I thought I would share my interpretation of this technique, as well as provide some examples to see it in action as requested by other developers in the forums.

First of all – what is this "code injection" that I am referring to?

Explained
In breif, the technique basically involves loading your JavaScript and CSS only once and then re-using it inside any iframes without downloading it again. This is acheived by loading your code "inline" inside the top level page of the application. The top page then makes the JavaScript and CSS available as two variables that can be called from the iframes directly. So the code is passed or "injected" from the top level page into any iframes using JavaScript.

Benefits?
There are several benefits to this technique – the most obvious being that you only download your JavaScript and CSS once, no additional downloads required. If you normally compress your JavaScript files using GZIP you likely know that there is a performance hit in the client browser to decompress the code before it can be used. This is no longer an issue for the reused code. And there is no longer any concerns with browser caching issues. Another big plus is that the CSS and JavaScript is being loaded as part of your actual page – i.e. there are no other additional files to download, which will improve the response times as described above.

Downsides?
I guess that the technique requires iframes. In time I guess/hope the principles of the technique may be able to be used in other perhaps more elegant ways that I haven't thought of yet. Another downside is the need to load your JavaScript and CSS inline. This was initially repugnant to me, mainly due to my background in website development. But in an Application is it really a big deal? I have decided it does not outweight the benefits.

Another perceived downside is that you have to get all of your JavaScript and CSS into a format that is loaded inline – but of course you still want to work with your separate "clean" files as you are used to. This should be viewed as an opportunity! It is likely time to implement a number of techniques as discussed above. My recommended technique is to have a server-side script that does the following:

• Combines the required JavaScript and CSS files
• Compacts the code by stripped white-space, comments etc
• Caches the output code to a file on the server
• Include the code inline using PHP or some other scripting language

I may provide some code for doing this in PHP in the future. In the meantime you might want to look at the "Combine" script from Niels Leenheer to get started.

Sample Application
So – how about an example? Click on the image below to see this technique in action. The example is built using Ext 1.0 Beta 2. It is a top level page which generates an Ext Layout with panels. The right-hand panel contains an iframe which receives the JavaScript and CSS from the top level page – it has not downloaded any files except the required images.

The secret to this working is the following code in the Top Page:

A look at the files downloaded reveals the benefits – the iframe had nothing to download but the basic page itself. The JavaScript and CSS were downloaded only once as part of the top page. This top page was a reasonable size – but Ext is not small, and we can see the GZIP compression kicking in:

Conclusion
So – should you use this technique? That depends on your application and your preference. The objective of this post was to simply introduce a concept that was new to me, and I am sure is new to many others. It is simply another technique to add to a developers toolbox.

PS: I am very interested what other developers think of this technique and what they perceive as the advantages and disadvantages. I also have a question – does this technique expose any security holes I should be aware of?

Stefan Esser’s, widely regarded as an authority on PHP security issues, plans to make daily disclosures on buffer overflows, double free vulnerabilities and trivial bypass bugs in PHP’s protection features as part of a wider goal “to make people and especially the PHP developers aware that bugs in PHP exist.”

Some of these bugs have already been addressed in PHP 5.2.1. Others are fixed by the Suhosin patches and extensions from Stefan Esser, which are freely downloadable here. Others hopefully will be addressed in the very near future by the PHP development team.

To find out more about this initiative visit the PHP Security website.

New Features in PHP 5.2.1

• New Extensions
• JSON (JavaScript Object Notation)
• Filter Extension (simple input validation)
• ZIP (Full zip compression support read & write)
• Date (date manipulation functions/objects)
• __toString() now works everywhere
• E_RECOVERABLE_ERROR (fewer fatal errors)
• New SPL features (Regex Iterators, SplFileObject CSV support, Caching Iterator)
• Data: stream support
• And many other “minor” features

Performance Enchantments

• New & Improved Memory Manager + Heap Protection
• Faster include/require_once
• Optimized str_replace() and implode() functions
• Faster try {} catch {} blocks
• Significantly faster performance on Win32
• Optimized shutdown sequence
• Many other optimizations

Improved Security

• New configuration option allow_url_include (disabled by default)
• Over 40 security fixes compared to any prior release.
• More accurate memory usage tracking
• Filter extension can help filter out hostile input preventing
• XSS, SQL Injection and other nastiness.
• Memory limit is always enabled.

Improved Stability

• PHP 5.2.1 includes hundreds of bug fixes compared to previous releases, over 300 since 5.1.6
• Chances are that if you’ve reported a PHP bug in the last 6-8 months, PHP 5.2.1 has the fix for it.

If you are interested in migrating from earlier versions of PHP please see the guide provided by Ilia Alshanetsky.

Here is a complete list of the feature enhancements in version 5.5:

Zend Framework Integration:

• Enable code completion for Zend Framework
• View Zend Framework classes and functions in the PHP Inspector View
• View source and debug into Zend Framework code

Source Control:

• Explorer: highlights file labels according to their status in source control (added, merged with conflicts, modified, not versioned and up to date)
• Source Control file status highlighting is customizable (from the Preferences dialog)
• Can easily switch between CVS and Subversion support
• Support for Subversion 1.4

PHP 5.2:

• New PHP 5.2 Support

General:

• Installation support for Mactel (Install Anywhere 8 )
• Support for antialiasing (via Preference settings)

Editor:

• Supports opening URLs from the Editor using right click

Web Services Support (SOAP):

• Support for URLs in SoapClient Constructors

Java:

• Embedded Java code completion of packages and classes in PHP code
• Configure the Workspace's default JRE / JDK
• Configure project specific preferences
• Nested Java code completion

Zend Platform 3.0 Integration:

• View Zend Platform Events in a dedicated Events List window
• Customize, sort and filter Event List entities
• Limit number of visible rows and initiate auto refresh
• View Events from user-selected servers
• Direct access to Platform's Configuration dialog from the toolbar / menu
• Configure Zend Platform's GUI URL and authentication information

The theory is that Zend_Search_Lucene overcomes the usual limitations of relational databases with features such as:

• Fast indexing
• Ranked result sets
• A powerful but simple query syntax
• The ability to index multiple fields

Lucene is well-known for it's speed. For an example have a look at DamnFastDotLucene – this demo site tests the performance of a .Net implementation of Lucene on quite a large set of documents:

• 9150 text files from the Gutenberg Project
• The total size of indexed documents is 3.5 GB
• The index size is 880 MB
• The Hardware: Pentium 4 3Ghz 800/1MB Cache, 1 GB DDRII Kingston 533, Western Digital Raptor 80GB

The result – it takes approximately the same time to search 5 MB of text as it does to search 3.5 GB of text. I was getting speeds less than 0.125 seconds. That is fast.

That was .Net though – what about the PHP implementation in the Zend Framework?

The reality for PHP developers using the Zend Framework may be a little different from the hype. Some developers are reporting Zend_Search_Lucene as being significantly slower than the queries being run from MySQL or PostGres. Have a look at the following comments in the Zend Framework Mailing List for details.

To be fair it is only very early days for the Zend Framework and Lucene – the project is still in early Alpha. However it is already being adopted by the community for live projects.

If you want to learn more about Zend_Search_Lucene I recommend the following links:

• A new Tutorial on using Zend_Search_Lucene
• The Zend Framework Manual

If you have any experiences with Zend_Search_Lucene that you would like to share I would appreciate hearing about it…

And yet now I am learning for the very first time that the closing PHP tags are not necessary, and in fact in some cases is not recommended!

The first clue I received was when I downloaded the Zend Framework. I noticed that most of the files were missing the closing tags (?>). Then somebody raised the issue on the Zend Framework Mailing List and the penny dropped:

• PHP files have apparently never required closing tags
• Leaving out the closing tags helps prevent whitespace sneaking into the ouput and messing with functions like header(), session_register() functions etc.

Well, that is definitely a new thought for me – and not one I have ever read anywhere. It sounds like it will make it into the Zend Coding Conventions though, so take note

Chris Shiftlett is a PHP security consultant and he developed a lot of the security features (input filtering etc) in the framework – his tutorial is certainly worth a look…