PHP best practices

A continuous delivery pipeline from the future

Massimiliano Cavicchioli

The session will show how to put together a configuration-based continuous delivery (CD) pipeline, based on Jenkins and Docker.

The exemplified configurations and inherent artifacts will support any PHP application.

All the basic tasks of a PHP-based CD pipeline will be covered:

  • Version control
  • Unit testing
  • Static code analysis
  • Packaging
  • Automated provisioning

Agile team development with Zend Studio, Bugzilla, and MyLyn

Peter MacIntyre

Agile (Extreme) development is gaining in popularity. This session will show how Zend Studio for Eclipse can be used in development, exploring integration with Bugzilla and Mylyn, and will cover the latest team development. We'll explore:

  • The concept of Agile
  • MyLyn and its benefits
  • Bugzilla
  • MyLyn's uses within Zend Studio
  • Activating a task in Zend Studio
  • Task preferences

Aphorisms of API design

Larry Garfield

Code that talks only to itself is not useful to anyone. Code that enables other code magnifies its power tenfold.

But how do we enable other code and those who write it? What makes a module extensible? What's that vague extra something that turns merely extensible code into an API, a library, and a cornerstone of other systems? How do we harness that power for ourselves?

We'll examine the aphorisms of good API design, and the eight-fold path of API nirvana. This session goes beyond how to write code well to cover the question of how to write libraries that spawn other libraries and innovation by coding for the future.

Background processing, do's and don'ts

Chuck Reeves

Modern web applications spend a lot of time processing data. From images and video, to big data analysis. To accommodate all this work (without having our users waiting), background processing is key. Even though it seems pretty straight forward, understanding background processing in PHP requires a new way of thinking. We will be going over the different queuing options, their strengths, and the best ways to optimize your code for background processing

Bringing old legacy Apps to PHP 7 and beyond

Sammy Kaye Powers

Most developers don't get the luxury of working on a greenfield project using a web framework of their choice. Often times we find ourselves inheriting a legacy codebase or a web app written years ago on a now-defunct web framework. The initial temptation might be, "I'll just rewrite all this in x framework." But hold on my framework friend, a rewrite is costly and is rarely the correct answer. We'll discuss strategies to give that legacy codebase a complete makeover in PHP 7 with incremental changes that keep the business running while improving security, stability, and maintainability of the codebase.

Building rock solid software in the real world

Omni Adams

As a professional developer, you already do all of the best practices. You store your code in source control and write unit tests. You already know all of the patterns and when to use them. Your code is perfect and beautiful. Then you hire another developer. He puts his braces in the wrong place and uses different formatting than you. He keeps committing broken code to your code base. Then you add another two members to your team along with a junior developer. All of your beautiful code is getting ugly, brittle, poorly documented, and hard to maintain. We'll discuss some of the pitfalls and strategies when developing software in the real world, from style guides to code reviews to automated checks that keep your team from imploding in ego-driven angst.

Building your API for longevity

Michael Stowe

One of the greatest challenges to developing an API is ensuring that your API lasts. After all, you don't want to have to release and manage multiple versions of your API just because you weren't expecting users to use it a certain way or because you didn't anticipate far enough down the roadmap. In this session, we'll talk about the challenge of API longevity, as well as ways to increase your API lifecycle including having a proper mindset, careful design, agile user experience and prototyping, best design practices including hypermedia, and the challenge of maintaining persistence.

Composer for corporate use

Stephan Hochdörfer

It may seem that Composer only makes sense if you open-source your packages, but Composer and its ecosystem can be easily set-up in your corporation for internal use. Let me give you some ideas how to set up and use Composer, Satis, and Jenkins to run your own internal package repository.

Composing PHP applications with middleware

Josh Butts

With the advent of the PSR-7 standard, middleware has become a household name in the PHP ecosystem. This talk will cover middleware architecture concepts including a comparison of how middleware is being used in PHP versus other languages. We'll look at how to leverage middleware concepts to build applications from scratch as well as combine off-the-shelf components using middleware as the glue. Of course, we'll also look at some downright dirty tricks that middleware lets you get away with as well.

Curing the common loop (with collection pipelines)

Adam Wathan

Trying to understand a complex function full of nested loops and conditionals is like trying to read a "choose your own adventure" book from front to back.

In this whirlwind tour of programming with collection pipelines, we'll learn how to use functional programming ideas to break down complex code and abstract hidden duplication behind expressive higher order functions.

Together we'll refactor ugly, complicated spaghetti into a series of simple, elegant transformations; free of loops, complex conditionals, and temporary variables. Never write another loop again.

Debugging effectively

Colin O'Dell

Software bugs are inevitable; some are especially difficult to track down, causing you to waste countless hours before throwing your hands up in defeat. It doesn't have to be this way! The mental fatigue and wasted time can be avoided by using strategies like identifying the most appropriate tool, taking a logical and objective approach, challenging assumptions, listening to variables, isolating the code path, and reinforcing code with automated tests. Attendees will learn how to combine these techniques with the right mindset and attitude in order to debug their code quickly and effectively.


Patrick Schwisow

Once you've been around for a while, people (hopefully) start to look up to you and you may find yourself bestowed with the coveted title of Senior. All is well with the world, until your team leader takes a position elsewhere, and you're asked to cover some of his duties. Before you realize it, you're planning projects, running the day-to-day operations of the team, answering all the questions, and still trying to produce quality code at the same pace as before. It's tough enough to transition from developer to manager in an ideal situation, but being stuck somewhere in the middle has a whole additional set of challenges. I'll discuss these challenges and how to successfully handle them until everything settles down (whether that means you move to management or go back to the code).

Does your code measure up?

Adam Culp

After days, weeks, or months of coding, many developers don't know how to gauge the quality of their code. Adam will introduce tools to grade, benchmark, and analyze PHP code in an automated fashion allowing developers to write better quality software. He will explain key metrics to help understand what may need to be refactored and use code smells to point out bugs before end users discover them. Attendees will see how to use these tools, know where to find them, and be able to implement them in their own workflows.

Encryption, authentication, and data integrity in PHP 7

Enrico Zimuel

Do you need to encrypt sensitive data in PHP 7? Encryption is not enough, you also need authentication and data integrity to secure your data. In this talk, I'll show how to provide encryption using OpenSSL and how to authenticate data using HMAC. I'll also show how to use the AES-256 standard algorithm (FIPS-197) and how to use the new AEAD cipher modes of PHP 7.1. Moreover, I will present the new random number generator of PHP 7.0 and how to use public key cryptography to provide digital signatures and watermarking techniques.

Enough about classes, let's talk templates

Jonathan Reinink

We talk a lot about writing highly decoupled, dependency injectable, single responsibility classes and methods. And this stuff is ALL GOOD. But, are we thinking enough about what defines quality templates? How seriously are you taking security when writing your templates? How tightly are these templates coupled to the objects they use? This talk will show you how to write awesome, modern-day PHP templates. We'll look at new features you should be using, how to decouple templates from your business logic, where to best place your presentation logic, and more.

Event sourcing: The good, the bad, and the complicated

Marco Pivetta

Event sourcing can look like an attractive solution for any of your applications, but does it actually pay off?

What if it is all just buzzwords and no gain?

We'll look at how we implemented event sourcing in our own app,

  • What made us fast?
  • What made us super slow?
  • What made us cry?

This talk will give you a good idea of what kind of challenges you will encounter when approaching event sourcing for the first time.

Extend your database creativity with PHP 7

Shlomo Vanunu

Database management system (DBMS) is the center of operational and analytical business systems. The database is the channel by which data is stored, managed, secured, and served to applications and users.

Today, there's an increasing variety of database products to consider. IT departments consider and use a combination of multiple database technologies for certain processing needs. Often different databases are used during development and production of a web application. For example MySQL is used for development and DB2 for production.

IBM DB2 UDB, MySQL, Oracle, Microsoft's SQL Server may be connected using the PHP extensions, each of which is database specific.

Extremely defensive PHP programming

Marco Pivetta

Resistant, highly testable, safe and maintainable code: Or not?

There are a thousand ways to break your code and a lot of ways to prevent that from happening.

Let's explore defensive programming and learn how to protect our code from invalid usage.

Hacking your way to better security

Colin O'Dell

This talk educates developers on common security vulnerabilities, how they are exploited, and how to protect against them. We'll explore several of the OWASP Top 10 attack vectors like SQL injection, XSS, CSRF, and others. Each topic will be approached from the perspective of an attacker to see how these vulnerabilities are detected and exploited using several realistic examples. We'll then apply this knowledge to see how web applications can be secured against such vulnerabilities.

High availability PHP

Josh Butts

With the rise of containerized applications, more and more people are starting to consider running high-availability applications in production with Docker. This is not to be taken lightly and the path is fraught with peril. In this talk, we'll discuss what a highly-available Docker-powered PHP environment looks like and how to build one. We'll also look at strategies for using Docker and container concepts to avoid getting burned by "disposable" cloud hardware. We'll look at load balancing, service discovery, failover, and talk about tools that make these manageable. We'll also talk about the speed at which the Docker ecosystem is moving and how to cope with that when dealing with production applications.

Let's make your PHP app even faster

Gregory Chris

Performance awareness, problems diagnostics, and their solutions are key parts of a development life-cycle. This talk will highlight proven methods to discover and diagnose server-side bottlenecks using the advanced monitoring in Zend Server, PHP insights, code tracing, execution profiling, and more. Once the problems are exposed, we will solve them by using automation and cutting-edge tools developed by Rogue Wave Software, such as asynchronous scripts execution, offline processing, caching methods, and more.

Middleware pattern is good for IBM i

Massimiliano Cavicchioli

This session will show why middleware is a very suitable pattern for IBM i, and will cover the pattern logic with real life examples using Zend Expressive.

By using a well-structured middleware pipeline, in an event driven approach, we'll show how to best manage the business logic residing in DB2 and RPG routines for common web application tasks. We'll also focus on introspecting the revamped IBM i toolkit, dissecting the code examples used to achieve our goals.

Modern PHP: Command buses, event handlers, and more!

Brandon Savage

For anyone doing PHP for any length of time, the modern concepts behind command buses and event handlers can be challenging. These concepts have been around for a long time but are relatively new to PHP in the last few years. Come learn how you can implement these in your code to create an extensible, maintainable, and testable application!

My journey to the center of PHP

Sammy Kaye Powers

"I don't know C!" is probably one of the most common excuses that we PHP nerds give for not contributing to PHP source. And top it off with all the overly-publicized drama surrounding the PHP internals mailing list, most user-land PHP developers don't want to touch PHP source with a ten foot pole.

In this talk, I tell my story of how a plain-old user-land PHP nerd who, "doesn't know C," found himself drawn to PHP internals like a bug to a light. I was meet with a lovely, helpful community of individuals who mentored me the whole way to making PHP better. This talk will encourage and inspire you to join me on an epic journey to the center of PHP.

Nom Nom: Consuming REST APIs

Tessa Mero

Feeling hungry? You've come to the right place. As APIs have become increasingly more important and popular in usage in the past few years in web development, it's important to understand the basics of what they are and why to use them. We'll go over the basics: The what's, why's, where's, and when's. You'll learn the basics of REST APIs and see how you can use POSTMAN to test making REST API calls. You'll see Cisco's Spark and Tropo as use case examples of working with APIs.

PHP internal architecture

Elizabeth Smith

PHP 7 is awesome with new engine features, new keywords, and speed and memory improvements. But I bet you didn't know the fundamental architecture of PHP hasn't changed since PHP 3 and the decisions made have helped grow PHP in a fabulous way. The extensions API, the server application interface, and the streams layer make PHP pluggable and extensible in a pretty fabulous way. And for those who whine about how Ruby or Python can tie into C code without extensions, we'll take a quick path down FFI (and MFFI). So get a peek at PHP internals and the abstraction and layers that make it both a joy and a pain.

Practicing YAGNI

Jason McCreary

We often have the tendency to over-engineer our software. We want to use the latest packages, integrate with the hip services, and adopt those shiny patterns. I'm here to say, "you aren't gonna need it." YAGNI is a principle of extreme programming that states a programmer should not add functionality until necessary. In this talk, we'll take a look at what that means when writing code. Through everyday scenarios and audience participation we'll challenge YAGNI and ourselves to write better software.

Robust 2nd-factor authentication with PHP

Tim Lytle

Single-use codes delivered by email and SMS, mobile phone verification using automated phone calls and installed applications, or standalone physical devices - there's more than one way to do 2nd-factor authentication (2FA).

There are benefits - and downsides - to each. Learn how each one works and what is best for you and your users. Avoid some common mistakes when rolling out 2FA, and take a look at how you can add one, or many, to your application's login flow.

TDD with phpspec

David Stockton

phpspec helps promote the TDD software development methodology and removes a lot of the tedium with the process, making it simple to start and continue building software with TDD.

Writing tests first means that the code we write has documented intention and was built and designed on purpose. Each line has a reason to exist and since there are tests to back it up, refactoring and improving the codebase no longer needs to be something that is feared. All software becomes "legacy," but with TDD, we can continue to modernize, enhance, and refactor without worrying about breaking code.

Time to know better your PHP applications

Gregory Chris

This session is about extending Zend Server Z-Ray in order to get as much information from your own application as possible.

Z-Ray is a technology that provides useful information about PHP application run-time. It displays all the under-the-hood details of PHP scripts such as execution times, errors and warnings, special PHP events, list of database queries, execution environment information, and many more. By using Z-Ray, application maintenance and optimization time is reduced to the minimum, and definitely, Z-Ray is one of the best tools for profiling and debugging PHP applications nowadays.

In addition to the built-in features, Z-Ray can be easily extended to provide information about your specific application. In this session, we are going to learn how Z-Ray plugins work, what we can track in our code, and best practices in writing extensions. During the session, we'll write a few plugins, starting from very simple examples and advancing to more sophisticated Z-Ray panels.

Being a developer is not just about writing wonderful code and enjoying your products but also contributing back to the community. In this session, I am going to introduce the Zend Server plugins gallery and we're going to learn how pack and submit new plugins to the gallery.

Web performance 2016: Myths and truths

Christian Wenz

The performance of a web site is one of the criteria used by Google and other search engines to determine the site's ranking. Various studies have shown that there is a link between performance and conversion rates. These are just two of many reasons to make performance optimization a mandatory step in your development process. However, advice that was relevant a few years ago is often made obsolete by new browser versions or new technologies like HTTP/2. We'll cover several aspects of optimizing a site from a performance perspective, debunk some myths, and also present tools that help analyze a web site's performance.

Websockets and event-driven programming with ReactPHP

Steve Meyers

Modern browsers support a new standard called Websockets, which allow persistent connections between a browser and a server. We'll discuss how to implement Websockets with your client-side Javascript talking to your server-side PHP, using the ReactPHP framework.

Z-Ray: A customizable development tool belt

Mathew Beane

Using Zend Z-Ray offers PHP developers a very powerful suite of tools out-of-the-box. Extending Z-Ray is easy and allows for nearly limitless customizable development tools. An exploration of Z-Ray plugin features will give attendees a foundation for creating their own Z-Ray extensions.

This session will show how to develop Z-Ray plugins for your applications and frameworks. Covering the Z-Ray plugins structure, storing and displaying data, tracing functions and files, utilizing the tree widget, how to format your data for use in Z-Ray, and modifying the way data is displayed in Z-Ray.