PHP untold

There are things you might want to know :)

Heredoc and nowdoc syntaxes Permalink to heading Heredoc and nowdoc syntaxes

These syntaxes allow for writing strings in PHP, they are particularly useful to write multiline strings.

For example, the following code is written with heredoc syntax :

$dock = 'dock';
$bay  = 'bay';
echo <<<EOT
I'm sittin' on the $dock of the $bay
Watchin' the tide, roll away
I'm sittin' on the $dock of the $bay

it’s the equivalent of using double quotes so you can still interpolate variables. The nowdoc syntax is the equivalent of single quotes.

These syntaxes are great alternatives, especially if you don’t want to escape each quote with a backslash.

Built-in webserver Permalink to heading Built-in webserver

If you need to test something in PHP, you can start a built-in PHP web server from your terminal with the following command line :

php -S localhost:2222 -t ~/mydir

then go to http://localhost:2222/

How to convert nested objects into arrays Permalink to heading How to convert nested objects into arrays

It’s a very simple trick that PHP developers use to convert nested objects into associative arrays. You just need 1 line of code :

$converted = json_decode(json_encode($object_with_nested_objects), true);

No need to write complex recursive functions.

PHP speaks Hebrew? Permalink to heading PHP speaks Hebrew?

You may already have seen this error :

ParseError : syntax error, unexpected end of file, expecting :: (T_PAAMAYIM_NEKUDOTAYIM)

You can reproduce this error with your terminal :

 php -r '::'

T*PAAMAYIM_NEKUDOTAYIM means “double colon” in Hebrew. It’s a T** constant. PHP used it as an internal representation of data.

The name of this token comes from the Zend team. Andi Gutmans and Zeev Suraski created the Zend Engine during their studies at Technion in Israel.

Measure everything Permalink to heading Measure everything

It’s a good practice to measure execution time and memory usage of your code. Make your benchmarks and see by yourself what is good and what is bad…

There are simple PHP tools you can use to achieve that.

Most simple way to measure execution time (PHP 7++) Permalink to heading Most simple way to measure execution time (PHP 7++)

With just a few lines of PHP code, you can easily measure execution time :

$timeStart = hrtime(true);

// wrap your script here
// here I use sleep(), indeed it's just an example
// I'm making script slow intentionally

$executionTime = hrtime(true) - $timeStart;
echo $executionTime/1e9 . PHP_EOL;

Measure memory usage Permalink to heading Measure memory usage

You can easily measure memory usage :

$memory = memory_get_usage();

$array  = range(0, 1e7);
$cool   = [];
$length = count($array);
for ($i = 0; $i < $length; ++$i) {
    $cool[ $i ] = "entry $i";

$usage = (memory_get_usage() - $memory) / (1024 * 1024);

Performance is hard, time is money Permalink to heading Performance is hard, time is money

Never trust your instinct when dealing with performance optimization. It’s even counterintuitive sometimes.

Besides, PHP 7 significantly improves the overall performances, especially regarding execution time.

Micro-optimizations Permalink to heading Micro-optimizations

Unfortunately, a lot of good practices are micro-optimizations :

  • use a backslash in front of standard functions
  • don’t use require_once and include_once, use require and include instead
  • echo vs print
  • procedural is faster than OOP
  • use absolute paths in your includes
  • isset() vs array_key_exists()
  • use unset() to clean memory

Just visit phpbenchmark

So that’s cool but at the end of the day, this won’t significantly improve the execution time. Besides, some of these techniques might be fine but others are time-consuming and pretty bad for maintenance.

Major impact Permalink to heading Major impact

There are things you can do to significantly speed execution time :

  • use PHP 7
  • enable opcache
  • use Redis
  • use memoization techniques when necessary
  • be extra careful with your regex patterns
  • use autoloading
  • use profilers such as Blackfire

Security tips Permalink to heading Security tips

While absolute computer security is impossible, there are several ways to prevent major security breaches.

Never trust user input Permalink to heading Never trust user input

Don’t assume, test, sanitize and escape things instead. Some flaws are more obvious than others, try to stay away from them :

$url = "$_GET['url'];"

Defense in depth Permalink to heading Defense in depth

Implementing several layers of security in your application is recommended. This allows for mitigating attacks.

It’s like having multiple backup plans so the enemy has to climb several ladders before breaking in.

For example, in your Google account, even if you are already connected, you are not allowed to directly access some pages. They ask you to re-authenticate.

This is a good additional layer of security. In case an unauthenticated hacker is somehow impersonating you, he won’t access critical settings such as the phone number used for two-factor authentication.

Wrap up Permalink to heading Wrap up

I hope you enjoy reading those thoughts and facts. Love PHP.

I do my best to update all my contents, but keep it mind that "PHP untold" has been published many months ago.