PHP Annotated Monthly – March 2015

PHP Annotated MonthlyMarch issue of our PHP Annotated Monthly features: updates on PHP, tools, tips for coding and presentations, HTTP/2, HHVM, news on RFCs for PHP 7, community, and much more — read our monthly digest curated by Anderson Casimiro, JetBrains’ developer advocate.


We’ve just got new versions of PHP last month: 5.6.6, 5.5.22 and 5.4.38. While those are mostly bug fixes, two changes deserve to be highlighted: removed support for multi-line headers and NULL byte protection to exec, system and passthru functions.

Last month we’ve talked about Scalar Type Hint RFC for PHP 7. Lots of things happened since then, and now everyone waits for votes on Anthony Ferrara’s new version of this RFC. A lot of interesting information on the matter can be also found in the blog post by Pascal Martin and in this blog post by Anthony.

Still on RFCs topic: probably we’ll get a better array to string conversion and Exceptions on Engine in PHP 7, as their RFCs are currently approved. If you want to follow the discussion, check the PHP RFC Watch by Benjamin Eberlei.

Frameworks and Tools

Derick Rethans’ PHP Debugger turned into 2.3 with some new features. Xdebug got various bug fixes, lots of updates for debugging, tracing, coverage and even for var_dump overloading. One thing to note: this release drops support for PHP versions below than 5.4.

Mathias Verraes is talking about Form, Command, and Model Validation in his recent post, covering his approach to clearly separate the validation for the form itself, from the Command validation and the model validation.

Some frameworks got updates last month: Yii reaches 2.0.3 with about 50 fixes and some improvements, Zend Framework 2 got bug and security fixes on 2.3.5.

SitePoint has launched the Best PHP Framework Survey 2015 to shed the light on current frameworks popularity. And there are some PhpStorm licenses to be given to top re-sharers of the survey!

Community and more

Let’s talk about Hack and HHVM: the first one got a new initial specification, as well as PHP a few months ago. Hack developers produced a specification for the language helping another developers to use Hack for their own purposes. HHVM 3.6 is about to be released and development team listed some of the features as async support for mysql and memcache, more compatibility with PHP code, fixes, and announced a long term support. On the same post they tell us about their 2015 plans. And just in time Stephan Hochdörfer gives us a quick tip on running PHPUnit via Phing on HHVM.

Probably you know FIG and PSRs. PSR-7 is (possibly) an upcoming recommendation about HTTP messages and there are some huge implications on its implementation (of course, if it’s get approved). Evert Pot, author of sabre/dav, has some thoughts about it and shared concerns on the matter, and why he’ll (or not) be using it on his webdav library. Evert also wrote a quick overview about HTTP/2 (recently approved as recommendation) telling what changes have been introduced.

Roave team recently announced the launch of Roave Foundation initiative aiming to help to send amazing people to amazing events. The scholarship will get awesome people in the PHP community to the places that they really deserve to be going.

For those who wants to share knowledge on conferences, Matthew Setter share his experience of applying for the first conference talk with meaningful tips from well known speakers such as Eli White and Cal Evans. Anna Filina have some words about preparing a talk before proposing them to events. Adam Culp (Are Conference Talks Getting Too Soft?) and Cal Evans (Airfare and Two Nights in the Hotel) share their opinion on conference talks and CFPs, as well as declaring some challenges for the next conference season.

On security topic we have some suggestions for reading (and further applying). First: do you like not getting what you asked for? Pádraic Brady have some points and solutions on distributing phar archives. Second: do you authenticate your application users in a right way? OWASP updated their cheat sheet on authentication. Last, but not least: have you committed your ever AWS keys into Github? Jeff Reifman has some tips to protect them.

Do you review code? Stefan Koopmanschap guides us on various topics on how to achieve a good Code Review. The post embraces the whole review process, the team’s participation and how it’s involved on QA processes.

Stefan’s post has been started a little while before as his thought included in collaborative knowledge initiative by Cal Evans: The Wisdom of the ElePHPant. Surely you will find a good inspiration by reading some other community thoughts.

Did you find an interesting read? Have news to share? Or just want to comment on this post? We’d love to hear from you in the comments below. Feel free to reach out to our PhpStorm developer advocate @duodraco on Twitter.

See you in April!

Develop with pleasure!
– JetBrains PhpStorm Team

Get PhpStorm 8

image description