Tag Archives: Php

Free slides for user group meetings

One of the problems I have heard that user groups have had is that it is quite difficult to get content.  Some of the larger, or more active ones, may not have as much of a problem with this but a lot of the smaller ones that I've talked to do.  So what I've decided to do is, in effect, open source a lot of my presentations for re-use at user groups.  What that means is that if you are looking for content specifically for a user group feel free to use some of my stuff to help you along.  No warranty or support will be supplied, and they are provided "as-is".  What that means is that if you see something on there that is weird or perhaps even "wrong" I was probably using it as a keyword or reminder for something I wanted to say.  So, if I wrote something that was spot-on, it was intended, if I wrote something that was wrong or inaccurate, I was trying to prove a point.  It's called nuance.  :-)

I am also going to provide several of the workspaces and projects that I used for delivering these.  Again, treat them with a grain of salt.  Often examples are done in the interest of expediency and I have a tendency to not re-use content, which means re-writing a lot of stuff, quickly, because I speak for a variety of audiences.  And, like the PPTs, I won't be able to provide much by way of support.  If it don't work, you'll probably be on your own, unless, in the vastness of my free time, I am able to help.  Also, I did all of my stuff using Zend Studio, so if there are project-related issues, using Zend Studio might help.

Caffeinated PHP – This is based off of the first presentation I did.  Since I kind of came from a Java background that was the easiest thing for me to do that differentiated myself right off the bat.  This is an updated presentation that I gave at Zendcon in 2009, I believe.  It talks about integrating PHP and Java using the PHP/Java Bridge in Zend Server CE.

There are two projects.  One called Caffeinated PHP, which contains a UI to all of the examples that I worked on.  Most of the examples work with just standard Java.  However, one of the examples uses JMS to connect to ActiveMQ and another uses JPS (Java Printing System) to print to a local printer.  The latter has a simple abstraction layer that provides some basic info to PHP. 

PHP Security.  This talk is an intro to some of the things that PHP developers need to know to help build apps that don't have glaring security holes.  Security is a complicated topic and as such this will not be complete.  However, there is some good content for you to re-use.

Deployment.  I have given this talk a few times and it seems to be relatively well received.  If you decide to use it, make sure to follow the links to the blog posts that I did on this, especially for the PEAR and RPM ones.  This does not cover Continuous Deployment or build tools such as Hudson.

PHP Performance.  Performance, like security, can be a very complicated topic.  What this presentation does is look at some common problems, common symptoms and common remedies. 

I think I have 3 or 4 more I will upload but it's approaching the end of the day and I'm trying to recover after Zendcon so we'll leave it at that for the time being.  Feel free to use all or part of these presentations in a user group.  Please do not use them in webinars or anything that is intended for commercial production/promotion.  If you want to do them in that kind of a context please contact me and I would be happy to do a joint webinar with you (pending boss approval, of course).

If you have criticism I am open to it, but do remember that when building for a presentation you are building for clarity.  Bear that in mind.

Zendcon coming up

I had just tweeted something about Zendcon; how there were so many good sessions that it sucks that attendees have to choose between so many good ones.  I mean, look at the sessions that immediately follow the keynote on Tuesday.

  • Integrating PHP with RabbitMQ – Alvaro Videla
  • A new approach to object persistence in PHP – Stefan Priebsch
  • The State of SOAP in PHP – David Zuelke
  • Advanced Date/Time Handling with PHP – Derick Rethans
  • Documents, documents, documents – Matthew Weier O'Phinney

How many of those do you think I want to attend?  2? 3?  How about all of them.  In fact, out of 60-ish or so (I only kinda counted them), there are only a small handful that I could afford to miss.  I've been at Zend for over 4 years now and have been to as many Zendcons and I don't recall being as excited about our list of talks as I am this year.

But it's not just topics, but also partners, customers and vendors who are talking.  Sometimes people think of these as "marketing" talks, and, as such, worth ignoring.  But we've got talks by Ryan Stewart at Adobe, who knows his stuff. Josh Holmes, who knows his stuff (and is bringing brownies…. for real…. actual brownies).  I've not met Jeff Kibler from InfoBright, but I know what InfoBright does and it's pretty cool.  We've also got VMWare, PHPStorm and Oracle giving presentations as well.  I can't speak for all of those talks but these seem to be TECHNICAL talks and not just stuff from the Marketing Slime… (I'm in Zend's Marketing dep't).

We've got seriously good content which should make for a seriously good Zendcon for 2010.  If you haven't registered by now you need to get your butt in gear!

You want to do WHAT with PHP? GIVEAWAY

I just got my copies of my book "You want to do WHAT with PHP?" today.  During my conversations with MCPress, my publisher, I had asked for 3 copies to do a social media promotion and they agreed.  I posted that I would be giving away 3 copies on Twitter and got a whole bunch of "I WANTS".  So I asked my publisher for more copies to give away and they agreed to another 6. So that is a total of 9 copies I have avaialble to give away.

Now the problem I have is; how do I give them away.  So here's what I'm thinking.  First of all, I'd like to open it up to everyone around the world.  But shipping 9 copies of a book to Timbuktu can get expensive, so I will ask that anybody who wins be willing to pay for shipping from my address in the U.S. to the address where you want to receive it.  I believe it will fit into a USPS international mail envelope which looks like it costs $13US to ship anywhere in the world (I tried the UK, India and China and all came up as $13).  So it doesn't look horribly unreasonable.  If the actual shipping costs end up being more I'll give you the option of deciding.

So, with 9 books I'm thinking of splitting it into 3 categories with 3 winners each.  I would split up the winners over the course of three weeks, announcing the winners on each Friday (or thereabouts).  The standard exclusions would apply; family, friends, coworkers (sorry all you Zenders!).  The categories would be:

1) User groups libraries.  What I would do is have the user group leaders submit their group to me via Twitter, Facebook or email.  I would have to verify that it is an actual user group and so I would check it against the list that Zend maintains.  I, technically, manage that list so if you want your user group on it contact me now. 

2) Twitterers.  I will have a blog post that, for you to enter, all you would need to do is retweet the link to the page that I post (and be willing to pay for shipping).

3) Facebookers.  I have a fan page for the book.  I would choose 3 random "Likers" from that page to win a copy of the book.  To win, just "Like" the page and be willing to pay postage.

How does that sound?  If you think it's dumb feel free to make alternate suggestions in the comments.

UPDATED: I would also be willing to accept PayPal to cover shipping charges

UPDATE #2: My twitter handle is kpschrade

Your favorite PHP sites (based off of Facebook responses)

Earlier today I had asked on the Zend Facebook page “what is your favorite page for getting PHP-based information?”  There were some good answers there so I figured that I would post those answers here (since it’s all public information anyways).


PHP 5.3 Certification Beta Testers Needed

Zend has recently teamed up with several of the top people in the PHP community to offer the PHP 5.3 Certification.  It will be coming out in a few months, but before we can do that we need beta testers.  That means YOU!  If you want to participate all you need to do is fill out a quick qualification survey.  Everyone who takes the survey can take the final certification at a discounted rate!  Even if you aren't chosen for the beta!  These are the questions you will be asked (fill them out on the link, not on this page).

The survey will be open until July 15th.

ALSO, please Stumble, Digg, Like and Retweet this page so we can get lots of beta testers.

* Please rate your overall PHP experience level:

Just exploring PHP
Have done some programmnig in PHP
I use PHP extensively
I have a PHP certification

* Please rate your experience specifically with PHP 5.3:

Just exploring PHP 5.3
Have done some programming in PHP 5.3
I use PHP 5.3 extensively including all the new capabilities

* Which PHP versions have you used?

PHP 4.x
PHP 5.0
PHP 5.1
PHP 5.2
PHP 5.3

* What percentage of your day requires you to use PHP?

Up to 25%
Up to 50%
Up to 75%

* What best describes your role:

Programmer / Engineer
Technical Manager / Team Lead
Non-technical Manager
Other, please specify

Why I don’t think type-hinted foreach loops are a good idea

There was a Twitter poll going around this morning that I thought was kind of interesting and got me thinking.  It asked whether or not type-hinting in a foreach loop would be a good idea.  The argument was that the same arguments that go for have type hinting in functions/methods apply to loops.  Those reasons would primarily be structure.  Having a more rigid structure means that the likelihood of a runtime error is lessened to a much greater degree.  I agree with this statement, but I don't think that it applies to loops.  And here's why.

The structure argument makes complete sense in the function/method definition.  That is because an individual function has a defined unit of functionality.  Therefore, requiring a certain type of data may  be necessary to implement that specific piece of functionality.

However, this is not the same with a loop.  The only purpose of a loop is to iterate over data.  The example given is

foreach($array as $key => MyClass $a)

I am assuming that when you iterate over the array that if an array item is not an instance of MyClass that PHP would fail in the same way that it does when you run into a function with a different declaration.  Besides the fact that an array is a generic data structure, what happens if this failure occurs during a series of database inserts or updates?  Or a series of web service calls?  IMHO, a loop is a generic structure that does one thing: iteration.

That said, there is actually a construct that I would be open to.

foreach(MyCollectionClass $array as $key => $a)

Then you could have code like this

class MyClass {}

class MyCollectionClass extends ArrayIterator
    public function append($value)
       if (!$value instanceof MyClass) {
           throw new Exception("Invalid class added to collection");

    public function offsetSet($index, $newval)
        if (!$newval instanceof MyClass) {
           throw new Exception("Invalid class added to collection");
       parent::offsetSet($index, $newval);

What this does is enforce typing prior to the loop iteration and protects against invalid data in the loop.  But this could just as easily be written

if ($array instanceof MyCollectionClass) {
    foreach( $array as $key => $a) {

What do you think?

Why you should be careful with phpinfo

I recently posted an image on why you shouldn’t put phpinfo() calls in your code.

There were a couple of comments from people asking “why not?”

Here’s why not.

  1. Go to Google
  2. Search for inurl:phpinfo
  3. Check out the results

At the time of writing there were 4 pages on the first result page that were broadcasting their settings.

Here’s another fun one.  Search for “inurl:phpinfo root”.  Lots more.

There’s a bunch of information that you will see.

  1. PHP Version (which you can then check against for security vulnerabilites) – You’d be surprised how many PHP 4.3 installations there are out there.
  2. Which extensions are loaded (which may also have vulnerabilities)
  3. Where all of the website files are
  4. The username of the web server.  The second search will show up some scaring results.
  5. And much, much more!

A model layer for the i5 Toolkit on PHP

PHP has kind of taken the i5 world by storm.  Many RPG developers want to move their applications to the web, but while there are options for doing so, RPG is not all that well suited for writing web applications unless you invest heavily in a CGI framework like DEV2.  The other option has been Java, which represents a completely different way of coding that many RPG developers are not overly comfortable with.  Alongside that, there is the standard issue of Java taking some time to learn properly.  So along comes PHP and it gives the RPG developers a chance to ease into programming for the web.  They can still use procedural programming when they start, but they can also move to more structured applications as they become more familiar with the language.

However, there is often a problem in that there is a significant amount of functionality that still exists in RPG that you don't necessarily want to duplicate in PHP.  For that reason the PHP Toolkit was added as part of Zend Core, and now Zend Server for the i.  You can see an example of that on George Papayiannis' blog.  What it basically amounts to is calling several PHP tookit functions whenever you want to access that functionality.  The example from George's blog is like this:

$conn = i5_connect("localhost", "gpapayia", "secret");

if (!$conn) {

$description = array(

$pgm = i5_program_prepare("QGPL/GEOPGRM", $description);

if (!$pgm) {

$parameter = array(

$parmOut = array(

$ret = i5_program_call($pgm, $parameter, $parmOut);

if (!$ret) {

echo "Product Id: ".$PROD_ID."l
echo "Store Location: ".$STORE_LOC.";
echo "Price: ".$AMOUNT.";

Before I get into some of the problems with this I would like to state that this is not a critique of George's code.  Given the toolkit as it stands, this is, in actuality, a good example.

However, there are a couple of problems with this.

  1. This can lead to a lot of duplicated code
  2. This injects individual variables into the global scope. (due to the toolkit)
  3. It is difficult to structure a large application when you have to repeat the same connectivity code over and over again.

So what I've done is written a very simple library that can be used to abstract out that functionality.  I have placed it on Github so you can install it, examine it, and modify it to add functionality as needed.  The library I wrote only supports program calls at this time and there is a lot of additional functionality in the i5 Toolkit that could be abstracted.

The way it works is that you set up a connection manager in one part of your application, either an include file or preferably some kind of bootstrap.  Then you define your individual model classes (classes that represent programs in RPG) to match that functionality.  Then you call it.  I won't spend any time at this point talking about the underlying architecture.  If you are interested you can read the source code.  Or I may do another blog post on it.

The first thing you need to do is define your connection manager.  This allows you to set the adapter type and any connection information in one place.  This would be done in a bootstrap or include file.

$mgr = new Itk_Connection_Manager(
        'adapter'        => 'Live',
        'username'        => '',
        'password'        => '',
        'host'            => ''            

What this does is set the default adapter for any model classes that are called.  You can actually create a model object off of any arbitrary adapter (if you have multiple adapters running at the same time), but this generally will not be necessary.  In this library I have created two different adapters.  One is Live, which will call the i5 Toolkit.  The other is Mock, which allows you to define the return values for individual program calls to help facilitate unit testing.  Look in the /tests directory for some examples of this.

The next thing to do is to define your model class.

class Model_CommonPgm extends Itk_PgmAbstract
    protected $_programName = 'ZENDSVR/COMMONPGM';
    protected $_description = array(
        'CODE'    => array(
            self::DESC_IO        => I5_INOUT,
            self::DESC_TYPE      => I5_TYPE_CHAR,
            self::DESC_LENGTH    => "10"
        'DESC'    => array(
            self::DESC_IO        => I5_INOUT,
            self::DESC_TYPE      => I5_TYPE_CHAR,
            self::DESC_LENGTH    => "10"
    public function setCode($code)
        $this->CODE = $code;

What you are doing here is defining what the input and output parameters are, just like you would in a regular i5 toolkit call.  However, there is a big difference in the actual call.  The class definitions are usually done in separate files and included either manually or (preferably) using an autoloader, such as Zend_Loader_Autoloader.  So actually calling the RPG function makes your inline code extremely simple.  Additionally you can optionally define setters like I did here to document and structure the available functionality even more.

One of the reasons that I like this is that it is both very clean and very repeatable.  When you want to actually execute the RPG logic from within your application you run code like this.

$model = new Model_CommonPgm();
$result = $model->execute();
echo "The return values are: ", "Code: ", $result->CODE, " Description: ", $result->DESC," ";

The code example I took this from was at least 2 dozen lines long and I was able to bring it down to about 3 lines of code.  What this is doing is creating a new class and attaching outside data to the IN or INOUT properties by referencing the POST variable.  Then I execute it, taking the result and putting it into a result object where I can reference the out-bound results of the call.

Please note that I am not an RPG programmer and as such it would probably be a good idea for people more familiar with RPG than I to use this and find problems but I think that this can go a long way to making PHP applications that rely on RPG and the i5 Toolkit to be much more structured and much easier to maintain.

Again, here's the link to Github.

Open Source Interdependency

Several months ago I was talking with some Java developers who were being forced to move onto PHP.  They were actually quite open to the idea but had some questions.  One of them was on how you would set up a page counter.  In the Java world what you would do is define a static property within a class, synchronize it, and increment it for each page that hit the site.  In my explanation I went through the myriad of ways that you could do that, probably confusing them even more.

I had thought about it for a while after that discussion and it hit me.  My answers were not wrong, but the way I communicated them was.  In the Java world you tend to look to language answers for problems like that.  Then for much more complex problems you tend to look for software solutions from a given vendor.  In PHP, it's done a little differently.  Rather than add a bunch more features into the language, we tend to depend very highly on third party software to handle problems that might seem more basic for more "enterprisey" languages.

For the problem of the page counter, rather than throwing it into an object, you'd throw it into the database.  Rather than using threads, you might use Gearman or something like Zend Server.  In other words, DRY (Don't Repeat Yourself) is huge in the open source world.  It's almost more DRA (Don't Repeat Anything).  If someone, somewhere in the world, has written it, you should be contributing to that project, not writing yet another library. 

If you have ever compiled software on Linux you actually have experienced what I'm talking about.  The first thing you do is type ./configure and it goes through a litany of different header and library files making sure that you have all that you need.  You see this to a lesser extent with Linux and package managers.  Yum or apt do a good job of hiding the compilation hell, but you still do see a lot of needs for dependencies.

One of the things that I really love about open source is not that you can change the code, or that you can see the code, but that you get many more details about what your application is doing.  The desktop platforms have a strength in that you install something and it just works (supposedly).  But what did they install?  What are the gotchas that their certain version has?  You really don't have nearly the same level of insight into what's going on.  Some people like that.  Some people would rather expect a vendor to provide a big ball of software that solves all their problems.

I can understand the position, but I really like knowing about a dependency.  Why?  Because if there's a bug that needs to be fixed you are only updating one piece of software.  Granted, it could also end up breaking others, but that has very seldom been my experience.

So in the end, if you are ever talking to Java developers who are being told to move to PHP and they ask how you would build a page counter, just tell them that with PHP, and most other open source programs, the goal is to re-use other people's software wherever your code does not provide the functionality needed.  So, if you need a page counter, ask yourself "who else has done this and how can I get their code".

Introducing CAPTN – CAPTCHA for the next generation

strengthWe all know of the ubiquitous CAPTCHA; those horrendous looking images that are designed to keep robots from submitting forms with spam in them because it is assumed that the robots cannot read the messed up images.  The problem is, of course, that humans can't read them either.  We're just better at guessing what the letters are.  CAPTCHA, if you're wondering, stands for "Completely Automated Public Turing test to tell Computers and Humans Apart."  A Turing Test is a test where a computer is able to sufficiently mimic a human to the point where another human cannot tell the difference between the two.  CAPTCHA is the exact opposite.  Its purpose is specifically to determine who is a machine and who is a human when user generated content is placed on a web site.

Because of the problem that people have reading CAPTCHA images, meaning that they are having difficulty proving they are human, there have been some alternatives suggested.  One of the ones that intrigues me is the use of 3D CAPTCHA.  I first read about it on a CNET article.  What it basically does is use 3D images for CAPTCHA tests.  The human brain is extremely adept at processing 2D images as 3D images.  In other words, whether we're looking at the gifted horse in the mouth or simply a horse's ass, we know it's a horse.  A computer has a hard time making that translation.

However, perhaps there's a better way.  Behavior is probably one of the hardest things of all for computers to mimic because human thought is not easily distilled into a formula.  Yes, you can put someone on a bell curve and predict what a likely behavior would be, but I have my doubts as to whether human thought can ever be programmed.  And so I would think that behavioral testing would be the best type of Turing test to do.

The problem is that you are having a computer, the same type of computer that is unable to completely mimic human behavior, as the judge of who is a human and who is not.  So I have devised a Turing test that will solve all of that.  I call it CAPTN, pronounced Captain.  It stands for Completely Automated Public Test for Nerds.  In other words, it tests whether or not a nerd is behaving like a nerd.

If you look on the comments forms you see that there is now several checkboxes there and you are asked to check off the individual bits necessary to specify the requested number.  It works under the theory that it will be so under-utilized by the rest of the web that there will be no point in spammers building something to counteract it.

And I predict that nerds are so prone to proving their tech-worthiness that they'll need to post a comment simply to state that they can count in binary.

Web Analytics