PHP best practices
"I don't care about technology I care about sales!"Slavey Karadzhov
This is a technical session in which the speaker will share his knowledge about migrating legacy PHP projects to PHP 7. This session is divided in two parts. The first part will explain the advantages that we have seen in real-life large PHP applications. The second part will describe the steps needed to get there and what you should be aware of in order to better plan your PHP 7 migration.
Becoming a Bug Exterminator!Joshua Copeland
Better Paranoid than Offline - OWASP Top Ten 2017Christian Wenz
The Open Web Application Security Project (OWASP) is most famously known for its list of the top ten security risks for websites. After a long wait, the 2017 edition of the list has been released. We'll have a look at all entries on that list, what's new, what has changed, and what security risks a modern web application will face. And since this is a PHP conference, we'll look how we can mitigate those risks with our favorite programming language.
Big Iron: PHP Lessons from Cold War SupercomputingEdward Barnard
The original CRAY-1 Supercomputer was a 5-ton monster with just 8 MB of main memory, yet programming it can be a fun way to explore subtleties of PHP coding. In this session we indulge in programming "big iron" on "bare metal." We’ll look at CRAY-1 hardware instructions with the aim of understanding logic operations, boolean algebra, and octal arithmetic. As a Cray Research veteran, Edward has carried CRAY-1 logic design to both MySQL table design and PHP coding. After this session, you will as well.
Browser Serving Your Web Application SecurityPhilippe Gamache
Building a Real API Using Command PatternAnderson Casimiro
It is. We'll start from a simple Symfony Microkernel application. Then change the Kernel to use Controllers as Commands and build classes to serve Data and Interaction to endpoints. Then we'll create tests for logic and behavior. Then we'll create more routes. Then we'll connect to a database. Then we'll improve it more. The intention is not to show "how to build an API from scratch" but evolve a Symfony Microkernel project as a Flexible Framework and explore more possibilities using Command pattern to split HTTP logic from business logic.
Building Interactivity with WebsocketsWim Godden
The time of static or dynamically generated sites is long gone. Non-stop interaction with users is the new normal. However, polling with Ajax requests is processor intensive and cumbersome. Websockets allow you to interact with users in real time without increasing system load. We'll go through the basics and see all the different options, illustrated with live examples of how and when to use it, as well as when not to use it. Websockets are the new way of providing live interactivity with users, in many cases replacing the need for Ajax requests alltogether. This relatively new technology isn't always as straightforward as it may seem though, as will be demonstrated in several examples.
Building Middleware Web APIs in PHP 7 with ExpressiveEnrico Zimuel
In this tutorial we'll cover how to design and implement web APIs in PHP 7 using a middleware architecture. We'll use Expressive to implement the API leveraging the PSR-7 standard. We'll demonstrate building both simple RPC and fully RESTful API endpoints. We'll also focus on features like authentication, authorization, versioning, content negotiation, validation and filtering of user's input, and more.
Create an API centric systemChristian Varela
Create Your Own Dependencies!Joshua Copeland
Do you have multiple PHP projects with the same or similar logic? Are you sick of your team copy pasting code from one project to another? Let's talk about pulling all that shared code into one (or more) libraries and how to implement them in your projects via Composer. We'll also be touching on related topics like Statis, Packagist, Toran proxy, Composer settings, code structure, autoloading, and strategies to use when refactoring classes into your new library. Quit duplicating code and come check out this session!
Cryptography for BeginnersAdam Englander
Cryptography is a complex and confusing subject. In this session we'll distill PHP encryption down to its essential drivers. You'll learn what makes cryptography weak and strong. You'll learn the important questions to ask when making decisions regarding modules and libraries. This session won’t make you a cryptography expert but it will give you the knowledge necessary to protect your software from attack. No prior knowledge of cryptography is required for this session.
Cryptography with PHPMark Niebergall
The IT security landscape is littered with events where cryptography was not properly used, leading to leaked sensitive data and major problems for organizations. Learn how to encrypt and hash data using cryptography features in PHP, including password hashing, libsodium, mcrypt, OpenSSL, CrackLib, and CSPRNG. Refresh on current industry standards and review cryptographic algorithms. Come ready to hash passwords, experiment with algorithm costs, and crack weak encryption using attacks from timing, brute force, and rainbow tables.
Debugging ElePHPantsAdam Culp
Everybody knows how to install a debugger in PHP. Yet very few professional PHP developers have embraced step debugging, and instead do it the old-fashioned way. For many, this is because they simply don't know how to step-debug effectively. In this session we'll see how to debug common issues to speed problem resolution, and spend less time troubleshooting and more time coding. Attendees will walk away with the fundamentals to get up and running quickly, once they get a debugger installed.
Debugging Your Web ApplicationStephanie Rabbani
500 internal server error? Wait, now it's a 404 error. I think it's actually a syntax error. And now my program call isn't returning anything.
Attend this session to hear tips and tricks on how to debug your web application on IBM i, including:
- Analyzing Apache logs and Apache server issues
- Debugging your program calls and Toolkit issues
- Debugging DB2 and library list issues
Defensive Coding Crash CourseMark Niebergall
Ensuring software reliability, resiliency, and recoverability is best achieved by practicing effective defensive coding. Take a crash course in defensive coding with PHP and learn about attack surfaces, input validation, canonicalization, secure type checking, external library vetting, cryptographic agility, exception management, code reviews, and unit and behavioral testing. Learn some helpful tips and tricks from experienced professionals within the PHP community as we review the latest blogs and discussions on best practices to defend your project.
Design Security in PHP Using MiddlewareEnrico Zimuel
Design a secure web application is definitely not a simple task! There are many aspects to consider like how to sanitize the user input, how to provide authentication, how to manage the permissions, how to escape output, etc. Using middleware, we can simplify most of these aspects thanks to the pipeline nature of this architecture design. We'll demonstrate how to implement security by design using middleware and the PSR-7 standard.
Developing PHP Apps FasterAdam Culp
Enterprise PHP development teams, no matter the maturity level, focus on one thing, releasing stable apps that perform. They also want to avoid reinventing the wheel. Therefore, make the investment to listen to the top lessons we've learned from across industries to deliver PHP code faster without sacrificing quality, user experience, or existing workflows.
You will learn:
- How to dig deep into application behavior and performance at runtime
- How to maximize existing continuous delivery principles and tools
- When to take advantage of existing frameworks and extensions and when to do it yourself
- How to avoid reinventing the wheel each time you deploy, upgrade, or rollback
Expect the Un-expected: How to Handle Errors GracefullyBastian Hofmann
Even though you tested your application perfectly, errors and bugs will still happen in production, especially if other services or databases go down or are under high load. Thus it is very important to see errors happening and to be able to react to them quickly. In this session we'll introduce you to efficient ways for monitoring and logging for errors and show how you can handle them if they happen, covering deployment strategies, using intelligent circuit breakers, and gracefully reducing functionality. The session will give examples and recommendations so that you can quickly get started with implementing these.
Get Started Using PHP Frameworks on IBM iStephanie Rabbani
Are you wondering whether PHP frameworks are worth using when developing your applications? In this session we’ll explore the concept of PHP frameworks, and compare three popular frameworks (ZF3, Expressive, and Laravel) and show you how to get started with all three on the IBM i.
Getting and Staying Fast - A Web Performance Round-upBastian Hofmann
Making and keeping web applications fast is hard work, but also very rewarding and pays off very quickly with higher user satisfaction, increased usage, and better conversions. In this session we'll talk about all the lessons learned by working on application performance at ResearchGate: Why it is actually important, how you can convince your managers to invest time and money in it and what you have to do to measure and improve performance server and client side. Keeping a site fast is hard work, this session will contain lots of techniques that can be used and implemented to actually measure the performance and make the your web page faster.
Gitting the Most Out of Your Version ControlDavid Hayes
Git is everyone's go to method of version control. Our goal is to cover what it is, why it's important, and a few of the superpowers it unlocks. Of course, we'll touch on the basics:
- git status
- git commit
- git pull
But we'll also take some time to understand more powerful commands and features like cherrypick, bisect, and using alternative differential browsers for those hairy merges.
Go Micro with MicroservicesMariusz Gil
Microservices… New architectural style oriented on splitting monolithic codebase into set of small and independent applications built around specific business needs. Microservices might be very useful in some situations, but they also can introduce a set of new problems to be solved, from designing to communication between microservices in production environment. During this session we'll introduce core concepts of microservices architecture, possible implementations using PHP, deployment strategies, and running applications in production environment. You'll also learn about patterns in microservices world; building blocks for your next complex projects. All topics will be presented in code, on real PHP 7 applications powered by microservices.
Going Bare - Writing the Web without a FrameworkSammy Kaye Powers
If you've only ever experienced web development through a web framework, you're missing out. Have you ever been tempted to rewrite a codebase in your favorite framework? That's a smell that you need to come to this session. Being comfortable developing without a framework is a crucial skill to have for refactoring legacy applications. In this session you'll see how to harness the power of going "frameworkless" so you'll feel empowered to make better decisions in your next web project. Be set free from your web-framework ball and chain.
How I Learned to Stop Worrying and Love Regular ExpressionsJordi Boggiano
This session will cover Regular Expressions from the basics to the darkest corners of this arcane art. Regular Expressions, at the core, come in handy to achieve validation and text manipulation tasks. In the day-to-day life of a developer, becoming comfortable with them opens up many more use cases. As one of the tortured souls that actually enjoys writing - and reading - regexes, Jordi will share his passion so that you too can see there is no reason to worry.
Learn Unit Testing with KatasDavid Hayes
In this session we'll introduce the core concepts of unit testing and TDD — what it is, how it's done, why it matters — and then jump into doing it with one of the most time-tested techniques to comfortably start to get comfortable with the idea: code katas. Code katas are a systematic practice where you solve a specific code problem for about 25 minutes. After that, you throw the code away! This means they're the ideal safe places to learn new things and stretch our boundaries. We'll do one live front-to-back so you'll be comfortable taking the idea and doing it on your own.
Let the Architecture EmergeJason McCreary
We often have the tendency to over engineer our software. We want to use the latest packages, integrate with the hip services, and adopt those shiny patterns. Jason's here to say, “you aren’t gonna need it”. In this session we’ll take a look at how to practice YAGNI and what that means when writing code and making design decisions.
Let's Migrate to PHP 7Slavey Karadzhov
In this workshop we'll show you how to migrate a PHP source code from older versions to PHP 7. Slavey will guide you through a sample project and after that you should be able to migrate your own source code using the techniques demonstrated in the workshop. PHP knowledge is a must. GIT knowledge is a plus.
Leveraging Composer In Existing ProjectsMark Niebergall
Keeping external libraries current and organized can be a tedious and risky task. Converting those libraries from embedded inside a codebase to being included via Composer is a clean and efficient solution. Learn how to migrate and autoload those libraries, use the composer.json and composer.lock files, find new libraries, and run Composer commands. Use what you learn to clean and organize your codebase to make it easier to maintain, and more lean and better to work with.
Multi-factor AuthenticationPhilippe Gamache
Nom Nom: Consuming REST APIsTessa Mero
Feeling hungry? You’ve came to the right place! As APIs have become increasingly more important and popular in usage in the past few years in web development, it is important to understand the basics of what they are and why to use them. We'll be going over the basics: The What’s, Why’s, Where’s, and When’s. You'll learn the basics of REST APIs and we'll show you how you can use POSTMAN to test making REST API calls. By the end of this session, you’ll be able to go home and make REST calls on any API.
Offline Sync for Progressive Web AppsBradley Holt
Offline Sync for Progressive Web AppsBradley Holt
PHP 7.NEXT: The New BitsDavey Shafik
PHP 7.0 is old news, PHP 7.1 is the new hotness. As the first point release in the 7.x series, 7.1 will set the tone for future releases of the highly successful PHP 7. PHP 7.1 is shaping up to be an even more feature-filled release than 7.0, join me and walk through what's coming up in the most exciting release yet.
PHP Package Management with ComposerClark Everetts
- What PHP source code dependency management looks like, and what problem Composer solves
- How to install Composer (friendly to all developers, including IBM i developers)
- How to use Composer to install, update, and lock code dependencies to appropriate versions
- Autoloading in general, Composer's autoloader in particular
- The difference between composer.json and composer.lock
- What Semantic Versioning means, and what those version numbers communicate to you as developer
- Packagist, the public clearing house for Composer-managed packages
- Considerations when using Composer in development vs. production environments
- Important do's and don'ts when using Composer
- Intro to setting up and using a private repository
PHP Prepared Statements and MySQL Table DesignEdward Barnard
When using a PHP framework, standard practice is to use an Object-Relational Model (ORM) for database access. However, with high-volume logging and statistics-gathering, it pays to go "old school" with PHP prepared statements. Meanwhile, when MySQL tables quickly grow by millions of rows, table storage space becomes an issue. Our table design must focus on keeping these tables more compact and efficient. Here too, prepared statements simplify both coding and table design. This session will use CakePHP 3's excellent support for PHP prepared statements, but all concepts are native to PHP and apply to any project striking this use case.
Playing with the New Toys in PHP 7.0, 7.1, and 7.2Cal Evans
Things change fast in the PHP world. If you don't stop every once in a while and look around, PHP will pass you by. With regular point releases coming out, it's tough sometimes to keep up with all the new features that the core developers are constantly giving us. Join this session as we walk through the changes that came with PHP 7.1. We'll take a look at the important changes and how you can use them in your projects. Along the way, we'll say a fond farewell to some features that have served their purpose and are now just a fond memory...or nightmare.
Refactoring Done RightBrandon Savage
Everybody talks about refactoring, but what's the best way to actually refactor a part of your application? Come watch a live session where we'll refactor a piece of code and come away with a well-designed solution. Along the way we'll learn how to spot candidates for refactoring, and pitfalls to avoid.
Review Unknown Code with Static AnalysisDamien Seguy
Code quality is not just for Christmas, it is a daily part of the job. So, what do you do when you're handed with a five feet long pole a million lines of code that must be vetted? You call static analysis to the rescue. During one hour, we'll be reviewing totally unknown code: no name, no usage, not a clue. We'll apply a wide range of tools, reaching for anything that helps us understand the code and form an opinion on it. Can we break this mystery and learn how everyone else is looking at our code?
Rise of the Machines: PHP and IoTColin O'Dell
The Internet of Things (IoT) is fundamentally changing how we interact with the digital world. In this session we’ll explore the implementation of real examples which bridge the gap between the physical and digital world using PHP: asking Alexa for information within a PHP application; displaying API data on an Arduino-powered display; using PHP to control LEDs on a Raspberry Pi to monitor application uptime; and connecting IR sensors to Slack to see whether a conference room is in use.
Start Testing your PHP CodeJason McCreary
In this workshop we'll cover different ways to test your PHP code. Our focus will be the tools and writing tests - we won't get caught up in all the various testing practices. With a foundation in tools like PHPUnit, Mockery, and Codeception you can make the decisions about what testing tools and strategies work best for you. So if you're looking to start testing your PHP code, or learn other PHP testing tools, this workshop is for you.
Static Analysis Saved my Code TonightDamien Seguy
Static analysis tools checks PHP code without running them. Fully automated, they bring expertise to review the code, enforce good practices when programming, keep code ready for the next PHP version. PHP 7 has developed tremendously our capacity to audit code. Thanks to AST and return types, it is possible to go deeper and prevent more bugs. During this session, we'll review the current state of static analysis tools, learn what they can find for us, and how to integrate it in the development cycle: security bugs, migration incompatibilities, and directives recommendations. Simply said, better PHP coding.
Tackling the Beast: How to Gradually Upgrade a Legacy Code Base to PHP 7Ann Gaffigan
Hypothetically speaking, what if you wanted to change all of the lightbulbs in your house to use LED bulbs, but your current wiring didn’t support LED bulbs? You would need to re-wire your house, which would take a long time. In the meantime, you wouldn’t have any working electricity. Is there a better way? What if there was an adapter that could transition LED to work with old wiring if necessary, or if the wiring was new, just work as usual? That’s a metaphor for how I figured out how to gradually upgrade a legacy (LAMP) code base to be compliant with PHP 7.0. Since PHP deprecated the MySQL extension functions as of PHP 5.5.0 and removed in 7.0, we needed to transition a LOT of code in a legacy system to use the modern MySQLi extension functions. In trying to figure out how to upgrade the code base without ceasing new development on the system, we decided to use an adapter database class to allow us to transition gradually. In this session, we'll explain how the adapter class works and also the rules we put in place to ensure there was an end to the transition tunnel.
Test Driving Test Driven DevelopmentJason McCreary
We've all been to the sessions about the tools for test driven development (TDD). But TDD is not just about writing tests, it's about driving development through testing. There's a very specific process of TDD with red, green, and blue phases. There's also different patterns, like outside-in or inside-out. In this session we'll focus on these practices by TDDing a common data structure from start to finish. You will gain experience and leave with tips to help them practice TDD in the real world.
The Most Exciting Features of PHP 7.1Enrico Zimuel
Many frameworks and applications are bumping their minimum PHP requirement to 7.1; do you find yourself wondering why? PHP 7.1 contains new exciting features and improvements that can facilitate the life of many PHP developers. During this session we'll cover some of these new features like nullable types, catching of multiple exception, void return types, class constant visibility, authenticated encryption in OpenSSL, and more.
The Promise of Asynchronous PHPWim Godden
From ReactPHP to Facebook Hack's Async implementation and many more, asynchronous programming has been a hot topic lately. But how well does async programming support work in PHP and what can you actually use it for in your projects? Let's look at some real-world use cases and how they leverage the power of async to do things you didn't know PHP could do.
The Red Team is Coming!Adam Englander
The Red Team, hackers, criminal organizations, and nation states, are a constant threat. The systems we build are the targets. We need to understand the human collateral that hangs in the balance. We embrace methodologies to write better code and make our lives better. They do nothing for the rest of humanity that is directly affected by security vulnerabilities we introduce. In this session we'll put a human face on the users of our software. It will challenge you to think in terms of flesh and blood rather than ones and zeros. We are all the Blue Team. We protect the rest of humanity. Join us in the fight. The Red Team is coming!
Watch the Hacker HackMichael Hess
This interactive session will outline a range of common vulnerabilities in websites. You'll watch Security Team members try to hack these sites and share their thought process as they go. You'll learn how to think like an attacker so you can better understand common vulnerabilities and we'll cover best practices for configuring and protecting your sites. Finally, we’ll share how the Drupal Security team oversees security across this global open source community.
Web Security: Website Hacks and Heists, Be a Detective and Find out `Whodunnit`Michael Hess
Become a web security detective and join us as we look at some cases of compromised websites drawn from real-life events. We'll cover four tales of hacked sites, from uncovering the hack, to tracking down the root cause, to mitigating the problem. You'll learn techniques for trouble-shooting hacked sites and increase your awareness of common attacks. We aim to make web security more engaging by inviting session participants to use their creative problem-solving abilities to learn how to track down the causes of common website hacks. We'll also cover security issues unique to the Drupal content management system. While web security can be intimidating to beginners — including early-career web developers — it's not difficult to maintain a secure Drupal website. We'll share best practices and recommendations as to how to approach security for your site.
Why Did My Project Fail?Brandon Savage
Failed projects are a reality of our business, with more than half of projects failing to come in on budget and on time. Yet despite the consistent failures and the platitudes for avoiding them, projects still fail with stunning regularity. Come learn why projects fail, and how you can break the cycle.
Zend PHP Certification Boot Camp - Part IChristian Wenz
The Zend PHP Certification is the industry standard to test a candidate's knowledge of PHP and to aid employers to select suitable developers. Learn what it takes to become a Zend Certified Engineer (ZCE) by one of the authors of the certification. We'll have a look at all topic areas, discuss common traps and required knowledge for each of them, and will provide you with background information on the test. The full-day tutorial will be conducted by the lead author of the certification and will feature a number of typical questions that resemble the layout of the actual test questions, giving you a realistic impression of the test itself and aiding you in self-assessing your current PHP knowledge.
Zend PHP Certification Boot Camp - Part IIChristian Wenz
The Zend PHP Certification is the industry standard to test a candidate's knowledge of PHP and to aid employers to select suitable developers. Learn what it takes to become a Rogue Wave Zend Certified PHP Engineer by one of the authors of the certification. We'll have a look at all topic areas, discuss common traps and required knowledge for each of them, and will provide you with background information on the test. The full-day tutorial will be conducted by the lead author of the certification and will feature a number of typical questions that resemble the layout of the actual test questions, giving you a realistic impression of the test itself and aiding you in self-assessing your current PHP knowledge. This workshop will feature the new certification exam based on PHP 7.1!
Zend Studio Tips and TechniquesJohn Valance
If you're new to using Zend Studio, or if you haven't yet had training in using this tool, you may not be aware of many of its features, some of which can save you a lot of time and frustration. Zend Studio is the PHP editor provided free to IBM i customers with a full year of free support and upgrades. Using a live version of Zend Studio, we'll cover some basic concepts of the IDE and demonstrate some popular features and techniques. We'll discuss perspectives and contrast the Remote System Explorer with the PHP Perspective, and demonstrate some of the advantages of the PHP perspective for developing larger projects. We'll also cover editing shortcut keys, creating templates, using filters, and more.