Davey Shafik[Slides] What to Expect When You’re Expecting: PHP 7 (phpDay 2015) (23.5.2015, 21:07 UTC)
Ben RamseyMy Failed Attempts at Soft Skills Talks (23.5.2015, 20:30 UTC)

During the Development Hell podcast recording at php[tek] (not yet released at the time of this writing), Chris and Ed discussed soft skills talks with Yitzchok Willroth (@coderabbi). Soft skills are those skills that aren’t necessarily technical in nature—things like interpersonal communication, time management, managing teams, leadership, etc. They’re critical to our jobs, but we often see them as secondary to our technical skills. In fact, they are not soft at all—they’re rather difficult to master, which is why it’s important that we talk about them at conferences and write about them on our blogs and in our trade journals.

At the podcast, I tried to elucidate a sentiment that’s been on my mind for some time, but it came out as rambling nonsense. I’m sorry. Here’s what I was trying to get at.

I’ve been a conference speaker for many years. For a few recent years, I ramped down my speaking and took some time off from conferences to focus on my work, and as I started to ramp things back up, I tried to assess my options and how I wanted to position myself. I assumed the next step for a seasoned speaker should be to start positioning myself for keynote opportunities.

I’ve always given very technical talks, and I’ve observed that keynotes are usually non-technical and focused on ideas, concepts, and soft skills, usually filled with personal anecdotes and inspirational stories. So, I set out to craft some talks that would help take me on a new direction in my speaking career.

In 2013, I made my comeback appearance at CoderFaire Atlanta, where I was invited to give the conference keynote. This was supposed to be my shining moment as a keynote speaker to elaborate on the “Debugging Zen” article I had written for Web Advent. The keynote was entitled “Developing Intuition: How to Think Like a Software Architect.” I shifted the focus away from debugging and told my story of how I came to be a software developer and the heavy role intuition has played in my career. I think the talk resonated for about half of the audience. The other half probably thought it was a bunch of hokey gibberish.

I spoke at php[tek] a little later that year, after having taken three years off from speaking there. I gave a presentation entitled “API First.” This was another soft talk (with a little bit of technical detail thrown in), building on my experiences developing and deploying APIs. In it, I talked about how to approach your managers and company leadership to convince them of taking an API-first approach to web application development. It was well-received and I saw a lot of great feedback, but it was not easy to prepare. I gave it again at ZendCon later that year. Again, I received high marks and good feedback, but it felt lacking in a certain kind of energy and levity. After the intuition talk at CoderFaire, I realized that I’m not good at telling stories or relating anecdotes, and that was evident here, as well.

That same year, Eli asked me to put together the closing talk for php[architect]’s PHP 5.5 Web Summit. He wanted me to talk about modern PHP development, so I decided to turn it into an observation of how best practices have arisen in the community over the years. I gave the talk many times over the following year, but it always had mixed reviews. On one side were the community old-timers with whom the historical look-back resonated. On the other hand were folks newer to the community who criticized the talk as a bunch of nostalgic navel-gazing and were expecting a different kind of talk.

I made one more attempt at a soft talk. Again, I refined my “Debugging Zen” article into its own talk, discussing the role intuition plays for me in the art of debugging and how others can tap into their own intuition to be better software developers. At the Madison PHP Conference, where I first presented it, I gave it to a crowded room and received many encouraging

Truncated by Planet PHP, read more at the original (another 2875 bytes)

SitePoint PHPCRUD (Create Read Update Delete) in a Laravel App (22.5.2015, 16:00 UTC)

In the previous part, we’ve bootstrapped our Laravel CRUD application by creating the database, some controllers, basic routes and simple views. In this part, we’ll wrap things up and implement proper CRUD.

Laravel Logo

If you’d like to follow along through this interactive walk through Laravel’s docs, please catch up by reading the first part now.

Creating A Record

Continuing right where we left off, let’s create the page where we’ll actually perform this action. In our TasksController, let’s return a view like this:

public function create()
    return view('tasks.create');

And now, in our views directory, let’s create tasks/create.blade.php, and enter some starter content:



Add a New Task</</span>h1><</span>p class="lead">Add to your task list below.</</span>p>

Continue reading %CRUD (Create Read Update Delete) in a Laravel App%


blog.phpdevPHP, Security & PSR-9/PSR-10 (22.5.2015, 12:36 UTC)

Late yesterday afternoon the PSR-9 and PSR-10 drafts were moved into master on the php-fig/standards repository, moving them along to the next step and to get the wider perspective of the main PHP-FIG group’s opinions on it.

What are PSR-9 and PSR-10, you ask? Here’s a brief summary so far:

At the end of last year (2014) Lukas Smith made a proposal to the PHP-FIG group for a standard that would make reporting security issues with PHP projects and libraries a much more structured thing. The general idea is that a standardized document (or documents?) in a project’s repository would provide information about current and past security issues in a well-defined structure that could have some automated tooling around it. Much discussion was had around what the proposal actually entailed and how it would integrate with the goals of the PHP-FIG process. As work progressed on it, a few others besides Lukas came on-board to help flesh out the standard and work out the kinks, including myself.

It wasn’t long before we realized that, while having a standardized method for reporting vulnerabilities was good there also needed to be a way to discover this documentation for a given project (more than just a “look for this file” kind of thing). So, the original PSR-9 was split, giving us the security advisory reporting standard (PSR-9) and the security disclosure workflow (PSR-10) to make discovery of the reports easier. Both PSRs have received the votes needed for entrance and consideration and, as I mentioned, work is moving forward on them in the wider PHP-FIG group.

So, what are the standards? Well, I’m not going to just copy and paste from the documents (you can find those here if you’re interested) but I will give a quick overview of what they contain and their goals.

Note: these standards are by no means complete so this information is a bit subject to change. I just wanted to share their current state though.


The main goal of the PSR-9 standard is to provide structure around the documentation a project provides to the wider community around security vulnerabilities that have been found (and fixed) and those that are still pending. The idea is that any given user could look at the document and have a security-centric view into where the project currently stands. Right now, with the exception of those participating in the security-advisories database, most projects make it a bit of a run around to try to figure out what issues have come up and what problems have been fixed. Sometimes it’s reported in the Changelog, other times it’s in the mailing lists and other times you just have to know what to search for in the project’s issue tracker to get the list. This PSR-9 aims to eliminate a lot of this hassle and give a single source for the information.

The security-advisories database has provided a great start around this same kind of information but with PSR-9 the burden of reporting this information falls on the project, not a single source. We’re not aiming to replace that database by any means, though. We just want to empower the projects to share the information in a vetted, well-defined way. The PSR-9 proposal provides a lot more context around the security issues too.

This information includes:

  • An entry for each vulnerability that includes a short summary, published date, link to more information and a unique reference ID
  • CWE and/or CVE information, if possible (not all vulnerabilities are reported as CVEs)
  • What versions the issue affects
  • Current status of the issue
  • A description of the remediation if resolved
  • A low/medium/high severity rating based on the impact to the project’s users

We discussed the versioning of this resource (multiple files) so new vulnerabilities could be added and a “history” of sorts could be tracked over time but nixed that idea in favor of a single file that would just evolve over time. A lot of this vulnerability metadata is similar to information currently reported by other projects, so it’s not too far of a stretch to see this dropped into a structured, easy to find document. Speaking of which, this brings me to the next proposal

Truncated by Planet PHP, read more at the original (another 2877 bytes)

PHP ClassesReview: WordPress 4.x Complete (21.5.2015, 08:48 UTC)
WordPress 4.x Complete
Lopo Lencastre de Almeida
PHP books
Karol Król
If you are willing to know more about what is WordPress then you think you know, you should read this book: "WordPress 4.x Complete". It will definitly help you to understand the complete process of building a fully functional WordPress site from scratch.

As WordPress is such a massive winner among the known commercial and free software CMS platforms, with a huge share of 60%, you should really consider to have it as a potential tool in your belt. And this book is, for sure, a must have and a very good start point for all WordPress newcomers.
Web Development Blog » PHP ScriptsHow to use the Flickr Photo Search API (21.5.2015, 06:22 UTC)
I have found one of the best places to find pictures to use on my websites is Flickr. They make it fairly easy to automatically embed Flickr photos onto your website using the Flickr photo search. This Flickr API tutorial will show you how to use the Flickr API to retrieve and display Flickr photos […]
Ilia Alshanetskyphp[tek[: Business Logic Security Slides (20.5.2015, 22:01 UTC)
My slides from the php[tek] in Chicago on the topic of " Business Logic Security" are now available for download here:
SitePoint PHPBootstrapping a Laravel CRUD Project (20.5.2015, 16:00 UTC)

In this tutorial, we’re going to build and run a simple CRUD application from scratch using Laravel 5.

Laravel Logo

Installation and Setup

If you’re already deep in PHP, then some of the stuff in this section will be common knowledge to you. In any case, let’s go over it. We create a fresh install of Laravel 5 using Composer. First, cd into your directory of choice. Now, run the following command:

composer create-project laravel/laravel MYPROJECT --prefer-dist

If you don’t have Composer installed, you’ll naturally need to do that first, but I recommend using an environment such as Homestead Improved for kickstarting your development flow anyway - it comes with Composer globally preinstalled.

The name “MYPROJECT” will be the name of your application directory. For this tutorial, I just called mine “crud”.

Continue reading %Bootstrapping a Laravel CRUD Project%

PHP ClassesExtending PHP Classes and the Object Model (20.5.2015, 07:32 UTC)
By Dave Smith
Nowadays many PHP developers use Object Oriented Programming (OOP). However not every PHP developer really understands why that is a good thing.

Some use OOP just because they see others using it, without knowing very well its benefits nor how to create a consistent object model that addresses the needs of their applications.

Read this article to learn how objects can represent the real world through classes and how you can create an object model for your PHP application.
Alan KnowlesMore on syntax checking vala - and a nice video (20.5.2015, 00:00 UTC)
Article originally from rooJSolutions blog
As I wrote last week. I had added full syntax checking to the editor. So it runs a full compile check as you type.
Here's a nice video of it working...

After the initial joy of adding this to code, I soon realized it had a fatal flaw, read on to find out more..

LinksRSS 0.92   RDF 1.
Atom Feed   100% Popoon
PHP5 powered   PEAR
ButtonsPlanet PHP   Planet PHP
Planet PHP