Archive for the 'PHP' Category

Symfony 2.1.0 released

Friday, September 7th, 2012

Zend Framework 2.0 was announced earlier today, and now the Symfony team announce the release of Symfony 2.1.

Symfony 2.0 has been in use on large websites for over 2 years now, and was a major framework release in the PHP community. It was one of the first frameworks to truly take advantage of the language features available in PHP 5.3, and it has had a huge impact in shaping the next generation of PHP frameworks such as the newly announced Zend Framework 2.0. The Symfony standalone Components have also been used to replace large chunks of code in popular PHP projects such as Drupal8 and PhpBB4.

The release of Symfony 2.1 is great news, particularly with regards to the Form Component which I have been experimenting with recently. I personally have jumped ship from using the Zend Framework (ZF), to using the Symfony 2.0+ stack on newer projects. I have started implementing the Symfony Components within older ZF 1.0 web apps. And on smaller projects I will be experimenting with Silex, the Symfony-based "micro-framework".

With the community slowly adopting PHP 5.4 this is the time to ensure you are keeping pace with the newer frameworks and that you have moved into the post-5.3 era.

Symfony:
http://symfony.com

Symfony Standalone Components:
http://symfony.com/components

Silex Micro-framework:
http://silex.sensiolabs.org

See the announcement on symfony.com

Zend Framework 2.0 finally made it

Thursday, September 6th, 2012

Version 1.0 was released in July 2007 – now, 5 years later, version 2 is finally here. Announcing the official release of Zend Framework 2.0.
See on framework.zend.com

Debugging in Zend Studio without Zend Platform

Monday, June 4th, 2007

I have been using Zend Studio for quite a while now as my primary PHP IDE. To get the powerful remote debugging and profiling that comes with the tool you used to have to install Zend Studio Server as well. With the release of version 5.5 however, Zend stopped shipping Studio Server and forced developers to install the Zend Platform instead. This is a commercial tool (free to developers) available from Zend that offers PHP acceleration, caching and other features … that I don't want! I just want my debugging back, without having to bloat my local server with software I will not use elsewhere – especially when the Zend Platform does not support APC, which we run on our servers, and it also broke my web application.

It turns out that we do not need the Zend Platform at all. As part of the PDT Eclipse project Zend has made available a standalone version of their debugger. This can be downloaded from here: http://downloads.zend.com/pdt/server-debugger/

Then you just need to put the .so or .dll file in the correct location and add a few lines to your PHP.INI file and you are away. Here are the lines I had to add to my PHP.INI, which is running inside a Debian VMWare image. Note the commas separating the IP numbers – this took me a few goes to work out as the examples showed spaces or forward-slashes which didn't work for me.

zend_extension=/etc/Zend/ZendDebugger.so
zend_debugger.allow_hosts=192.168.1.3,192.168.220.1,192.168.150.1,127.0.0.1,192.168.220.10
zend_debugger.expose_remotely=always

Why did Zend make this so hard to work out? Reading on different blogs and through the Zend forums highlights that this issue has been a source of frustration for many developers. Grrrr…

Generating Random Sample Data

Tuesday, April 17th, 2007

I found a very useful tool today – the Data Generator. It generates large volumes of random, custom data for use in testing software. The tool is a free download, and can generate data in the following formats:

  • HTML
  • Excel
  • XML
  • CSV
  • SQL

There is an online demo available that is limited to 200 results. Click here to find out more…

Injecting JavaScript and CSS into Iframes

Sunday, April 15th, 2007

Introducing a new technique to allow efficient reuse of JavaScript and CSS – effectively allowing you to download the code once and then inject it into Iframes. This solution is targeted at Web Applications which commonly use Iframes for complex layouts and to control memory usage in larger apps without moving to the complexity of a Single Page Interface (SPI). Along the way we summarise and explain other methods available to developers for minimising their code and speeding up the loading time of their application.

With the next generation of Web Applications upon us the challenges faced by the average web developer have broadened. Understanding and confronting issues like memory leaks, bandwidth, load times and JavaScript processing time is becoming more of an everyday focus for web developers than ever before.

Fortunately we now have the tools available to help. On the developers machine the Web Developer Toolbar and Firebug for example are essential. And within the applications themselves we find increased usage of JavaScript libraries such as Dojo, jQuery, Prototype, YUI and widget frameworks like Ext, which provide a layer of abstraction and freedom for developers from some of these issues.

The increased usage of JavaScript however brings other challenges. Particularly in the world of Web Applications where the use of Widgets (tabs, grids, menus etc) is more likely, it is not uncommon for the volume of JavaScript and CSS to quickly accumulate from tens to a few hundred kb of code. This is a far cry from ideal, but is also to a certain extent unavoidable if that is the type of application you are supporting.

What can a developer do to minimise this issue? There are several very effective methods that can be explored:

Compacting Your Code
This is acheived by stripping out comments and unneccesary white-space which can drastically reduce the size of your files – sometimes cutting them in half. Recommended tools: Dean Edwards Packer or Douglas Crockford's JSMin. You could apply the same theory to your CSS as well.

File Compression
Using GZIP or Deflate can drastically reduce the downloaded file size (but should be used wisely). You can read more on this here.

Combining Multiple Files
In general browsers download only two or four files in parallel per hostname, depending on the HTTP version of the response and the user’s browser. On top of that it seems that JavaScript files are loaded synchronously and sequentially as they appear in your code. This means that only one JavaScript file can be downloaded at a time – and each file must be completely downloaded and then interpreted before the next download can begin. Reducing the number of HTTP requests by combining your JavaScript and CSS files into single files will definitely help improve your applications response times. Using CSS Sprites to combine your images into a single file and re-use with CSS is also an extension of this principle and is a very effective technique.

Caching
Server-side caching can help speed the up the delivery of page content. Also understanding browser caching and how to control this using file headers can make a difference – but again should be used wisely.

These techniques have been around for quite a while now. But this leads me to the real point of this post!

"Injection" Introduced

When it comes to the world of Web Applications (as opposed to a "website") where the use of Iframes is more likely, there is another technique that can be explored – "Code Injection".

I became aware of this technique while trying to interpret some very lengthy posts from Choleriker on the Ext forums. I thank Choleriker for taking the time to explain the concepts. I thought I would share my interpretation of this technique, as well as provide some examples to see it in action as requested by other developers in the forums.

First of all – what is this "code injection" that I am referring to?

Explained
In breif, the technique basically involves loading your JavaScript and CSS only once and then re-using it inside any iframes without downloading it again. This is acheived by loading your code "inline" inside the top level page of the application. The top page then makes the JavaScript and CSS available as two variables that can be called from the iframes directly. So the code is passed or "injected" from the top level page into any iframes using JavaScript.

Benefits?
There are several benefits to this technique – the most obvious being that you only download your JavaScript and CSS once, no additional downloads required. If you normally compress your JavaScript files using GZIP you likely know that there is a performance hit in the client browser to decompress the code before it can be used. This is no longer an issue for the reused code. And there is no longer any concerns with browser caching issues. Another big plus is that the CSS and JavaScript is being loaded as part of your actual page – i.e. there are no other additional files to download, which will improve the response times as described above.

Downsides?
I guess that the technique requires iframes. In time I guess/hope the principles of the technique may be able to be used in other perhaps more elegant ways that I haven't thought of yet. Another downside is the need to load your JavaScript and CSS inline. This was initially repugnant to me, mainly due to my background in website development. But in an Application is it really a big deal? I have decided it does not outweight the benefits.

Another perceived downside is that you have to get all of your JavaScript and CSS into a format that is loaded inline – but of course you still want to work with your separate "clean" files as you are used to. This should be viewed as an opportunity! It is likely time to implement a number of techniques as discussed above. My recommended technique is to have a server-side script that does the following:

  • Combines the required JavaScript and CSS files
  • Compacts the code by stripped white-space, comments etc
  • Caches the output code to a file on the server
  • Include the code inline using PHP or some other scripting language

I may provide some code for doing this in PHP in the future. In the meantime you might want to look at the "Combine" script from Niels Leenheer to get started.

Sample Application
So – how about an example? Click on the image below to see this technique in action. The example is built using Ext 1.0 Beta 2. It is a top level page which generates an Ext Layout with panels. The right-hand panel contains an iframe which receives the JavaScript and CSS from the top level page – it has not downloaded any files except the required images.

Launch Demo

The secret to this working is the following code in the Top Page:

<textarea id="StyleProxy" style="display:none;visibility:hidden;">
// CSS loaded inline here
</textarea>
<script type="text/javascript">
document.write(['<style type="text/css">',document.getElementById('StyleProxy').innerHTML,'</style>'].join('r'));
</script>
 
<script type="text/javascript" id="ScriptProxy">
// JavaScript loaded inline here
</script>
 
<script type="text/javascript">
// define the variables for storing the JavaScript and CSS
var _SCRIPTS = null;
var _STYLES = null;
 
// use jQuery to run the JS once HTML is loaded
$(document).ready( function()
{
    // place the JavaScript and CSS into the variables for reuse
    top.window._SCRIPTS = Ext.get("ScriptProxy").dom.innerHTML.toString();
    top.window._STYLES = Ext.get("StyleProxy").dom.innerHTML.toString();
 
    // create an iframe and add to the DOM
    // this should be always be done after the variables 
    // for the JS and CSS are filled 
    $main_container = Ext.get("iframe_main_container");
    var $iframe_nav = Ext.DomHelper.append (
        $main_container, {
         tag:         "iframe",
         id:          "iframeMain",
         name:        "iframeMain",
         width:       "100%",
         height:      "100%",
         frameborder: "no",
         scrolling:   "no",
         src:         "ext_demo_iframe1.htm"
        }
    );
})
</script>

A look at the files downloaded reveals the benefits – the iframe had nothing to download but the basic page itself. The JavaScript and CSS were downloaded only once as part of the top page. This top page was a reasonable size – but Ext is not small, and we can see the GZIP compression kicking in:

File Usage

Conclusion
So – should you use this technique? That depends on your application and your preference. The objective of this post was to simply introduce a concept that was new to me, and I am sure is new to many others. It is simply another technique to add to a developers toolbox.

PS: I am very interested what other developers think of this technique and what they perceive as the advantages and disadvantages. I also have a question – does this technique expose any security holes I should be aware of?

The “Month of PHP Bugs” Begins

Friday, March 2nd, 2007

In an initiative to improve the sucurity of PHP, experts from the Hardened PHP Project have launched the "Month of PHP Bugs".

Stefan Esser’s, widely regarded as an authority on PHP security issues, plans to make daily disclosures on buffer overflows, double free vulnerabilities and trivial bypass bugs in PHP’s protection features as part of a wider goal “to make people and especially the PHP developers aware that bugs in PHP exist.”

Some of these bugs have already been addressed in PHP 5.2.1. Others are fixed by the Suhosin patches and extensions from Stefan Esser, which are freely downloadable here. Others hopefully will be addressed in the very near future by the PHP development team.

To find out more about this initiative visit the PHP Security website.

PHP 5.2.1 Released – Time to Upgrade?

Thursday, February 15th, 2007

PHP 5.2.1 was officially released yesterday, and it is possibly the time for PHP 4 die-hards or PHP 5/5.1 users to upgrade. Why? Consider the following:

New Features in PHP 5.2.1

  • New Extensions
    • JSON (JavaScript Object Notation)
    • Filter Extension (simple input validation)
    • ZIP (Full zip compression support read & write)
    • Date (date manipulation functions/objects)
  • __toString() now works everywhere
  • E_RECOVERABLE_ERROR (fewer fatal errors)
  • New SPL features (Regex Iterators, SplFileObject CSV support, Caching Iterator)
  • Data: stream support
  • And many other “minor” features

Performance Enchantments

  • New & Improved Memory Manager + Heap Protection
  • Faster include/require_once
  • Optimized str_replace() and implode() functions
  • Faster try {} catch {} blocks
  • Significantly faster performance on Win32
  • Optimized shutdown sequence
  • Many other optimizations

Improved Security

  • New configuration option allow_url_include (disabled by default)
  • Over 40 security fixes compared to any prior release.
  • More accurate memory usage tracking
  • Filter extension can help filter out hostile input preventing
  • XSS, SQL Injection and other nastiness.
  • Memory limit is always enabled.

Improved Stability

  • PHP 5.2.1 includes hundreds of bug fixes compared to previous releases, over 300 since 5.1.6
  • Chances are that if you’ve reported a PHP bug in the last 6-8 months, PHP 5.2.1 has the fix for it.

If you are interested in migrating from earlier versions of PHP please see the guide provided by Ilia Alshanetsky.

Zend Studio 5.5 with Zend Framework Support

Wednesday, November 15th, 2006

Zend FrameworkI have been waiting for an update to Zend Studio for a few months – particularly hoping for support of SubVersion 1.4. Zend delivers this and more in the beta release of Studio 5.5. One of the most exciting enhancements for me is the integration of support for the Zend Framework.

Here is a complete list of the feature enhancements in version 5.5:

Zend Framework Integration:

  • Enable code completion for Zend Framework
  • View Zend Framework classes and functions in the PHP Inspector View
  • View source and debug into Zend Framework code

Source Control:

  • Explorer: highlights file labels according to their status in source control (added, merged with conflicts, modified, not versioned and up to date)
  • Source Control file status highlighting is customizable (from the Preferences dialog)
  • Can easily switch between CVS and Subversion support
  • Support for Subversion 1.4

PHP 5.2:

  • New PHP 5.2 Support

General:

  • Installation support for Mactel (Install Anywhere 8 )
  • Support for antialiasing (via Preference settings)

Editor:

  • Supports opening URLs from the Editor using right click

Web Services Support (SOAP):

  • Support for URLs in SoapClient Constructors

Java:

  • Embedded Java code completion of packages and classes in PHP code
  • Configure the Workspace's default JRE / JDK
  • Configure project specific preferences
  • Nested Java code completion

Zend Platform 3.0 Integration:

  • View Zend Platform Events in a dedicated Events List window
  • Customize, sort and filter Event List entities
  • Limit number of visible rows and initiate auto refresh
  • View Events from user-selected servers
  • Direct access to Platform's Configuration dialog from the toolbar / menu
  • Configure Zend Platform's GUI URL and authentication information

Lucene and the Zend Framework

Thursday, April 27th, 2006

Zend FrameworkOne of the most talked about features of the Zend Framework is its port of the Apache Lucene project – a Java-based full-text search-engine framework. The Zend Framework allows PHP developers to use Lucene without requiring additional PHP extensions or Java, or even a database.

The theory is that Zend_Search_Lucene overcomes the usual limitations of relational databases with features such as:

  • Fast indexing
  • Ranked result sets
  • A powerful but simple query syntax
  • The ability to index multiple fields

Lucene is well-known for it's speed. For an example have a look at DamnFastDotLucene – this demo site tests the performance of a .Net implementation of Lucene on quite a large set of documents:

  • 9150 text files from the Gutenberg Project
  • The total size of indexed documents is 3.5 GB
  • The index size is 880 MB
  • The Hardware: Pentium 4 3Ghz 800/1MB Cache, 1 GB DDRII Kingston 533, Western Digital Raptor 80GB

The result – it takes approximately the same time to search 5 MB of text as it does to search 3.5 GB of text. I was getting speeds less than 0.125 seconds. That is fast.

That was .Net though – what about the PHP implementation in the Zend Framework?

The reality for PHP developers using the Zend Framework may be a little different from the hype. Some developers are reporting Zend_Search_Lucene as being significantly slower than the queries being run from MySQL or PostGres. Have a look at the following comments in the Zend Framework Mailing List for details.

To be fair it is only very early days for the Zend Framework and Lucene – the project is still in early Alpha. However it is already being adopted by the community for live projects.

If you want to learn more about Zend_Search_Lucene I recommend the following links:

If you have any experiences with Zend_Search_Lucene that you would like to share I would appreciate hearing about it…

Do PHP Files Require Closing Tags?

Thursday, March 9th, 2006

I don't know about you – but I always learnt to open and close my PHP files properly:

<?php
// Included PHP File
// Code goes here
?>

And yet now I am learning for the very first time that the closing PHP tags are not necessary, and in fact in some cases is not recommended!

The first clue I received was when I downloaded the Zend Framework. I noticed that most of the files were missing the closing tags (?>). Then somebody raised the issue on the Zend Framework Mailing List and the penny dropped:

  • PHP files have apparently never required closing tags
  • Leaving out the closing tags helps prevent whitespace sneaking into the ouput and messing with functions like header(), session_register() functions etc.

Well, that is definitely a new thought for me – and not one I have ever read anywhere. It sounds like it will make it into the Zend Coding Conventions though, so take note 😉