ENTRIES TAGGED "best practices"
PHP's experiencing a renaissance, with improvements and new standards
The programming language many love to hate is experiencing a renaissance. This is not your parents’ PHP. The new PHP is a more mature language with community standards, a growing affinity for interoperable components, and a passionate movement to improve performance. If you have bypassed PHP for alternative languages, or if you are a PHP veteran unaware of recent changes, you owe it to yourself to give PHP a second look.
PHP 5.5 (the latest stable build as of this writing) has made major progress from earlier versions. Recent PHP releases contain powerful new features and helpful developer tools, such as a built-in web server, generators for simpler iteration, and namespaces. With PHP 5.4, traits were introduced (a la Scala or Perl) to allow code reuse in single inheritance languages, as well as closures, which allow you to code PHP in a functional style. Other important features include the built-in FastCGI process manager and
phpdbg debugger, and a new password hashing API that makes it easy to hash and securely manage passwords in PHP.
Taking a look at the usual suspects: SQLi, XSS & CSRF
As any PHP developer that’s been around for a while will tell you, there’s a certain kind of stigma that comes with the language. They’ll hear it from their peers using other languages that PHP is “sloppy” or that “it’s just a scripting language, not a real one.” There’s one other that seems to follow the language around as well—that it’s insecure. Sure, PHP’s not without its problems—but any language is going to have its share. Ruby’s had several major vulnerabilities in the press lately and Java has definitely had its own list over its extensive lifetime. People put down PHP for not being secure, but they forget that it’s not the language that makes for insecure code, it’s the developer.
PHP, by its nature is “meant to die” at the end of every request, so the developers don’t have to worry about some things that more persistent languages do. There’s still some common dangers, though, that you as a PHP developer should be aware of. The most common ones come from the well known OWASP Top 10 list. Here’s a quick look at how to help prevent just a few:
How dabbling in a new language now can lead to innovation later
Being a polyglot programmer has its benefits; most of us have read or heard about those benefits from various respectable sources. I’d like to highlight the importance of being a polyglot learner before being a polyglot programmer.
You heard me right—learn a new language, but don’t rush to use it in production. At least not right away. I have used this approach and have realized two major benefits:
- Enhanced design skills, and
- The ability to adapt quickly to an evolving mainstream language
Most programmers currently code in one of the mainstream languages like Java, C#, and C++. On a typical enterprise project, chances are we’re using one of these languages. It might seem like a tall order for most of us to be able to intermix other languages. However, it’s becoming more critical that we do. Let’s discuss why.
An Interview with Neal Ford
I recently interviewed O’Reilly author Neal Ford (Functional Thinking, The Productive Programmer) on the subject of polyglot programming. In 2006, Neal wrote a blog post which resurrected the term, suggesting that as modern applications become more complex, it is important for developers to leverage knowledge of multiple languages and use the right tool for the job. In the interview, we discuss the benefits and challenges of polyglot programming, how it has evolved in recent years, and the impact it’s had on software development.
Some key highlights in our conversation include:
- What is polyglot programming? [Discussed at 0:15]
- What are some of the benefits? [Discussed at 1:39]
- How polyglot programming has affected software development in recent years [Discussed at 4:25]
- Downsides to polyglot programming? What are the trade-offs? [Discussed at 6:22]
- Best practices when starting out in polyglot programming [Discussed at 8:58]
- Resources for keeping up on trends and new technologies [Discussed at 12:48]