loading...

PHP untold

jmau111 profile image Julien Maury Updated on ・3 min read

There are things you might want to know :)

Heredoc and nowdoc syntaxes

These syntaxes allow for writing strings in PHP, they are particularly useful to write multiline strings.

For example, the following code is written with heredoc syntax :

$dock = 'dock';
$bay  = 'bay';
echo <<<EOT
I'm sittin' on the $dock of the $bay
Watchin' the tide, roll away
I'm sittin' on the $dock of the $bay
EOT;

it's the equivalent of using double quotes so you can still interpolate variables. The nowdoc syntax is the equivalent of single quotes.

These syntaxes are great alternatives, especially if you don't want to escape each quote with a backslash.

Built-in webserver

If you need to test something in PHP, you can start a built-in PHP web server from your terminal with the following command line :

php -S localhost:2222 -t ~/mydir

then go to http://localhost:2222/

How to convert nested objects into arrays

It's a very simple trick that PHP developers use to convert nested objects into associative arrays. You just need 1 line of code :

$converted = json_decode(json_encode($object_with_nested_objects), true);

No need to write complex recursive functions.

PHP speaks Hebrew?

You may already have seen this error :

ParseError : syntax error, unexpected end of file, expecting :: (T_PAAMAYIM_NEKUDOTAYIM)

You can reproduce this error with your terminal :

 php -r '::'

T_PAAMAYIM_NEKUDOTAYIM means "double colon" in Hebrew. It's a T_* constant. PHP used it as an internal representation of data.

The name of this token comes from the Zend team. Andi Gutmans and Zeev Suraski created the Zend Engine during their studies at Technion in Israel.

Measure everything

It's a good practice to measure execution time and memory usage of your code. Make your benchmarks and see by yourself what is good and what is bad...

There are simple PHP tools you can use to achieve that.

Most simple way to measure execution time (PHP 7++)

With just a few lines of PHP code, you can easily measure execution time :

$timeStart = hrtime(true);

// wrap your script here
// here I use sleep(), indeed it's just an example
// I'm making script slow intentionally
sleep(3);

$executionTime = hrtime(true) - $timeStart;
echo $executionTime/1e9 . PHP_EOL;

Measure memory usage

You can easily measure memory usage :

$memory = memory_get_usage();

$array  = range(0, 1e7);
$cool   = [];
$length = count($array);
for ($i = 0; $i < $length; ++$i) {
    $cool[ $i ] = "entry $i";
}

$usage = (memory_get_usage() - $memory) / (1024 * 1024);
print_r($usage);

Performance is hard, time is money

Never trust your instinct when dealing with performance optimization. It's even counterintuitive sometimes.

Besides, PHP 7 significantly improves the overall performances, especially regarding execution time.

Micro-optimizations

Unfortunately, a lot of good practices are micro-optimizations :

  • use a backslash in front of standard functions
  • don't use require_once and include_once, use require and include instead
  • echo vs print
  • procedural is faster than OOP
  • use absolute paths in your includes
  • isset() vs array_key_exists()
  • use unset() to clean memory

Just visit phpbenchmark

So that's cool but at the end of the day, this won't significantly improve the execution time. Besides, some of these techniques might be fine but others are time-consuming and pretty bad for maintenance.

Major impact

There are things you can do to significantly speed execution time :

  • use PHP 7
  • enable opcache
  • use Redis
  • use memoization techniques when necessary
  • be extra careful with your regex patterns
  • use autoloading
  • use profilers such as Blackfire

Security tips

While absolute computer security is impossible, there are several ways to prevent major security breaches.

Never trust user input

Don't assume, test, sanitize and escape things instead. Some flaws are more obvious than others, try to stay away from them :

$url = $_GET['url'];

Defense in depth

Implementing several layers of security in your application is recommended. This allows for mitigating attacks.

It's like having multiple backup plans so the enemy has to climb several ladders before breaking in.

For example, in your Google account, even if you are already connected, you are not allowed to directly access some pages. They ask you to re-authenticate.

This is a good additional layer of security. In case an unauthenticated hacker is somehow impersonating you, he won't access critical settings such as the phone number used for two-factor authentication.

Wrap up

I hope you enjoy reading those thoughts and facts. Love PHP.

Posted on by:

jmau111 profile

Julien Maury

@jmau111

Practise what you preach.

Discussion

pic
Editor guide