Format §Disclaimer: Anything with a black header is a vintage slide and may be dated §Reading your own old slides is like reading old code :( §Each topic through the ages 2001-2014 3
• PHP frameworks are proliferating, and Rails doesn’t help. • Having an architecture like MVC can be a really good thing, but: • Everybody has a different idea about how this ought to be implemented • Some of the ideas are really twisted • Some make it hard to do very basic things simply • Code bloat • Which framework? • No dominant paradigm yet, ergo little help with maintainability Have
a
clear,
simple,
architecture
that
is
easy
to
add
to,
easy
to
explain
to
new
developers,
and
easy
to
remember
now
or
in
two
or
five
years’
*me. Frameworks
and
Architectures:
use
and
abuse 15
Framework best practices §Lightweight beats heavyweight (unless it doesn’t) §CRUD, junior devs, MVP, giant teams §ORM is a kickstarter: training wheels for your app §Use what works, and throw it away when it doesn’t 20
2014 §Minimize and isolate failure effects §Self-healing systems §Resilience: as much of it should work as possible §Feature flagging: turn off parts of your app that are broken or under load 31
• Consider illegitimate uses of your application • Educate yourself • If nothing else, filter all external data –(From the PHP Security Guide at http://phpsec.org/ projects/guide/) Basic
principles 33
• External data is not to be trusted. • What’s external data? • Anything from a form • Anything from $_GET, $_POST, $_REQUEST • Cookies • Some server variables (e.g. $_SERVER['SERVER_NAME']) • Database query results • Web services data • Files • The basic principle is to filter input and escape output • Filter input using whitelisting where possible • Escape output according to where it’s going. External
Data 34
• Profile early, profile often. • Dev-ops cooperation is essential. • Test on production data. • Track and trend. • Assumptions will burn you. General
Best
Prac*ces 43
•Use a compiler cache. •Be mindful of using external data sources. •Avoid recursive or heavy looping code. •Don’t try to outsmart PHP. •Build with caching in mind. Performance 45
•Above all, code needs to be readable and maintainable •Beware clever code: –cool design patterns –obscure performance tweaks –niche language features Write
good
code 52
•Turn error_reporting up in dev and display_errors off in production •Use set_error_handler() and set_exception_handler() for top level errors •Whacking all your code in a try…catch block is not a panacea. Errors
and
Excep*ons 53
2014 §So many nice nice things §PHP 5.4 generators and anonymous functions and traits, oh my §(It’s beginning to look a lot like Christmas Ruby) §I’m kidding. Kind of. §Composer! PHPUnit! PHPDoc! Doctrine! 59
• The process needs managing • Use a version control system • Have a testing and release process • Have an easy way for developers to set up a staging server • Plan for scale
Web
Dev
is
SoMware
Dev 61
2014 §Better tools for everything §Continuous integration and deployment §Test automation and monitoring converge §Commoditization of version control §MTTR vs MTBF 66
PHP is not a best practice §PHP is an anti-pattern §Pinnacle of bad design §All PHP developers are incompetent §PHP is only suitable for making trivial personal sites 68
lauraxt
rynsuke
sansantech
h1kita
wakamsha
sugawani
colopl
baseballyama
kenchan
onecareer_tech
radkmb
mottox2
aoshun7
jonrohan
colly
nonsquared
chriscoyier
vanstee
addyosmani
cherdarchuk
ddemaree
malarkey
aki_iinuma
paulrobertlloyd