NetTuts.com has a new tutorial posted suggesting a few ways you can make testable and maintainable code in PHP applications.

Frameworks provide a tool for rapid application development, but often accrue technical debt as rapidly as they allow you to create functionality. Technical debt is created when maintainability isn't a purposeful focus of the developer. Future changes and debugging become costly, due to a lack of unit testing and structure. Here's how to begin structuring your code to achieve testability and maintainability - and save you time.

There's a few concepts they cover in the tutorial including DRY (don't repeat yourself), working with dependency injection and actually writing the tests with PHPUnit. They start with a bit of code that needs some work and use the tests to help refactor it into something that can be easily mocked (using Mockery).

In his latest post to his site Chris Jones shows you how to update the Zend Framework 2 tutorial app (quickstart) to make it work with an Oracle database instead.

This post shows the changes to the ZF2 tutorial application to allow it to run with Oracle Database 11gR2. [...] The instructions for creating the sample ZF2 application are here. Follow those steps as written, making the substitutions shown [in the rest of the post].

The full schema definition is included in the post, complete with the same sample data as the tutorial. He includes the updates you'll need to make to the database configuration for the OCI8 connection and changes to the code to accommodate the Oracle data format (mostly uppercasing everything).

Christopher Martinez has a recent post to his site that covers some of the static analysis tools available for PHP including the PHP Mess Detector, PHP CodeSniffer and the PHP Analyzer.

I believe in writing code that is easy to understand, easy to test, and easy to refactor. Yes, I realize that the statement above is pretty general and open to interpretation. Not everyone needs external tools to ensure quality in their code...but, I work on things from time to time that have absolutely no tests. [...] For whatever reason, this happens a lot more frequently in the PHP world. I'm guilty of not writing tests and checking how I write code, sometimes, too. Things are bright, though, for the PHP community - for quite some time now, we've had fantastic tools that assist us in writing better code.

He covers each of the tools, talks some about what they're good for and gives examples of their use, including output. He also talks some about the Pfff set of tools created by Facebook. He also talks some about how these tools fit into his daily work as a part of his pre-commit hooks in git.

Elijah Horton has a recent post to his site sharing a tool he's developed to sandbox and validate PHP code of user-contributed code.

Few quotes related to the PHP language are as pithy and resoundingly accurate as the phrase: "Eval is evil." The reasons are myriad: the eval() function basically gives whatever code is passed to it unlimited control of the parser, and this freedom makes eval() both a temptation for developers, who may need to dynamically control PHP at runtime, and a panacea for hackers who are ever-searching for more servers to add to their botnets. So, how does one make use of the extreme power available through runtime evaulation of PHP, without exposing one's server to near-certain rooting? Through a sandbox.

His tool - PHPSandbox, uses the PHP-Parser library to deconstruct the PHP code its given and look for issues. He gives an example of a call to mail and how it would catch the issue. He shows how to install it via Composer, how to configure it with whitelisted methods/functions. It also includes a way to overwrite function calls with a bit safer alternative.

In a new post to his site Benjamin Eberlei shares an opinion about traits, noting that they're basically the same as static functionality when it comes to several things like coupling, not being testable and being a "global state" container.

I used to look forward to traits as a feature in PHP 5.4, but after discussions with Kore I came to the conclusion that traits are nothing else than static access in disguise. They actually lead to the exact same code smells. Familiar with the outcome of too much static use, we should reject traits as just another way of statically coupling your code to other classes.

He includes some code examples showing traits in use in an example controller to handle a simple redirect. He points out at least six different issues with just this simple implementation. He rewrites it as "static" code to help prove his point. He comes to the conclusion that, much like static methods, traits should be avoided and instead aggregation should be favored.

In a new post Andrew Podner recommends that, as you're doing your day to day development, you try your hardest to create testable code, no matter how painful it is.

I look at the situation we have gotten into by having this problem [of replacing a large legacy application], and frankly, it is like the tech version of 'Scared Straight'. The paranoia of such a far reaching application within the enterprise that absolutely has to deploy successfully and also be very flexible to meet the needs of the future have driven me to the point of near madness in trying to make sure this thing is bulletproof, enter Test Driven Development.

He includes an example situation he recently was faced with in his code...and opted for the "easy" way out (difficult to test). He talks some about the issues, dependencies and coupled code this has created. He does, however, show a solution to the issue - passing in the dependencies as they're needed, not defining them in the method.

For me, writing custom apps in an enterprise environment is not about rapid deployment and looking like a hero. It is about deploying software with a design life of 7-10 years, because the change management involved in deployment is not something you want be be doing over and over again. Testable code with 100% coverage of unit tests, well developed integration testing, and prolific use of tools like PHPUnit & Selenium are part of the development culture because while speed is important, durability is even more critical to business.

On the QaFoo blog today there's a post for those using the Behat testing tool showing a way to collect code coverage metrics based on your tests using the PHP_CodeCoverage library and phpcov.

There is generally no point in having code coverage for Behat test cases because of their nature: The purpose of an acceptance test is to assert a certain behavior of an application, not to technically test a piece of code. Therefore, there is no point in checking for uncovered code pieces in order to write a Behat test for it. That said, there is still a scenario where you want to peek at code coverage of Behat tests: When creating them as wide-coverage tests before starting to refactor legacy code. Behat in combination with Mink provides you with a great tool for such tests.

They help you get the tools installed and show the code you'll need to add to the application itself to collect the coverage data as the tests execute. It keys off of a file existing/not existing to know if it should execute the coverage or not. The phpcov tool can then be used to generate the HTML output of the coverage information for easy viewing.

In this new post to his site Bob Majdak talks about extending iterators to help make it easier to customize it for your needs.

One of the nice things about iterators is the ability to shove them into other iterators, allowing you to wrap their functionality in other functionality to return a more precise result set. Take for example the idea that we want to read a directory to list only the images inside of it. There are two main ways to do this, via readdir functions and via FilesystemIterator objects. Going the FilesystemIterator route, one common way seems to be extend another class called FilterIterator which allows you to customize a filter based on you overwriting a method called accept().

He shows not only overriding the "accept" method, but also the constructor to make using this new iterator a much simpler (and cleaner) call. You can find out more about the FilesystemIterator (and others) over in the Iterators section of the PHP manual.

In this recent post to his site Greg Freeman share some things to check for when you think your PHP site (any kind, even something like WordPress) might have been compromised.

A friend of mine recently had their site compromised, they were running an older version of IP.Board that is vulnerable to a local file inclusion vulnerability. This post won't be about IP.Board or any specific php code, it will show you how to locate potential malicious php code hosted on your servers and how to fix it. Finally I will give a brief explanation on what attacker's are uploading to compromised sites.

Among the things he recommends are tips like:

• Check your Access Logs
• Finding Recently Modified PHP Files
• Finding obfuscated code
• Always search your writable upload directories for executable code
• Check .htaccess Files if you use Apache

You can find the descriptions for each of these (and some others to watch out for) in the full post.

On NetTuts.com today there's a great new article about how to write code that embraces change and can be easily updated and reconfigured due to a decoupled nature and use of good OOP concepts.

Writing code, which is easy to change is the Holy Grail of programming. Welcome to programming nirvana! But things are much more difficult in reality: source code is difficult to understand, dependencies point in countless directions, coupling is annoying, and you soon feel the heat of programming hell. In this tutorial, we will discuss a few principles, techniques and ideas that will help you write code that is easy to change.

He covers some of the good OOP principles to think about when developing - like cohesion, orthogonality and coupling (via class methods, polymorphism, dependency injection or interfaces). He spends some time looking at the SOLID development principles and how you can implement each of them in some sample code. He also talks some about high level design and how the separation of concerns can help make your code easier to maintain and change.