PHP is one of the most popular scripting languages on the internet today, and one of the easiest to get into. Whether you're a PHP newbie, or an experienced code-slinger, there is always something new to discover. A function you're unfamiliar with a killer timesaving tool, a technique that you forgot about...
Object Oriented PHP
-
Object Oriented PHP for Beginners
Killer PHP teaches the basics of Object Oriented PHP. An easy to follow 5-page guide with videos to go along with the article.
-
PHP for Beginners: Building Your First Simple CMS
Jason Lengstorf shows how to build a very simply object-oriented Content Management System with PHP. While not a ready-to-use solution, due to a few security holes, it nonetheless does a good job at teaching a real-world use for PHP.
-
Learning OOP in PHP ASAP!
An authoritative into to PHP OOP here at NETTUTS. Jo‹o Gradim does a thorough job at explaining the basics of Object Oriented Programming in PHP, with plenty of clear code examples and comments.
Security
-
SQL Injection Prevention
A brief primer on SQL injection and how to counter it.
-
Password Hashing
One of the worst things you can do security-wise is to store users' passwords in plain text. A lot of people use the same passwords on multiple websites, and if someone manages to gain access to your user database, they will have the users' passwords for everything. You should avoid this by encrypting the passwords with some simple PHP functions.
-
Security Corner: SQL Injection
Chris Shiflett explains SQL injection, and covers a few permutations of the exploit, along with instructions on how to prevent it.
-
5 Helpful Tips for Creating Secure PHP Applications
Avoid five of the most common security issues in PHP programs, three of which involve user input. If someone isn't cross-site scripting or injecting SQL, they're reading your error messages to find other ways to exploit your scripts. Don't give those pesky script kiddies any room to sabotage your application.
-
Akismet
Email spam isn't as bad as it once was, thanks to improved filtering technology. Now we have a greater menace: Comment spam. Any site with user-contributed messages, such as a forum or blog, could quickly have hundreds of junk messages, filled with links to questionable sites, added to the comment area. Luckily there is Akismet, a spam filter for just this sort of thing. WordPress blogs can use a simple plugin, and other sites can take advantage of the spam-nuking goodness through an API.
-
ReCAPTCHA
Bots, they're annoying, but what can you do about them? For blog comments, and similar applications, you have the wonderful Akismet filter, but what about other things? You could always use a CAPTCHA, one of those boxes where you enter the jumbled letters shown in an image. ReCAPTCHA provides such a service, with a unique twist. It helps old books be scanned into digital form, using CAPTCHA results to fix words that their computers couldn't read. A user is shown two words, one that ReCAPTCHA knows and one it doesn't, and has the user type both in. If the first word matches, it stores the value the user entered for the second, so the Internet Archive can aggregate the results and automatically figure out what the word is.
-
PHP Short Open Tag: Convenient Shortcut or Short Changing Security?
PHP offers a shortcut for the echo() construct, which looks something like <?=$var?>. It is often used by users of the CodeIgniter framework in Views, as a surrogate for a templating system. Could this convenient shortcut, which depends on short_open_tag being enabled in php.ini, be a security risk? Jeff Starr explains everything.
-
Prepared Statements in PHP and MySQLi
A few years ago, the MySQLi PHP extension was released to improve upon the existing one, known simply as MySQL, like the database software both extensions communicate with. One of the many improvements added was support for prepared statements, a method of querying the database that separates data from the query, which is arguably a more secure way of doing things.
Common Applications
-
PHP Contact Form
Sometimes it's a good idea to have a contact form on your website. It's more convenient than a mailto link, and you don't give out your email address right up front, which can help prevent spam. You can also, with a form, denote fields for mandatory information, which is useful in cases where you need certain information in order to provide an adequate response.
-
User Membership With PHP
User accounts are one the more common components of web applications. Allowing users to register and login isn't as hard as it may seem at first thought.
-
Parse RSS Feeds With SimplePie
RSS Feeds are one of the best things since sliced bread. Not only can you stay up to date with hundreds of websites' content, but you can parse them with PHP. You could, for a basic example, display the headlines from a feed on your website, and link them to the full article. Or you could grab the feeds from your social media profiles and pull them all onto your personal website.
-
How to Dynamically Create Thumbnails
When you deal with large images, it's often necessary to create smaller "thumbnail" versions. In gallery situations, you may want to display a grid of thumbnails that link to the larger versions. In a CMS you might want to have an option to upload an image to go with a post, and have a smaller version for display in certain areas. Such image processing is easily within the capabilities of PHP.
-
PHP Markdown
HTML isn't really the most user-friendly way to style text. Sure, some "ordinary" people know it, but overall the markup language is not something that most people want to mess around with. That's where Markdown comes in. Markdown is a simple method of marking-up text to be formatted a certain way. It uses common conventions such as surrounding a phrase in *asterisks* for italicization, **double-asterisks** for bold text, and > characters for quoting text. It's all easy enough for most people to grasp, especially since many people write plain text like that anyway. PHP Markdown is an implementation of Markdown for PHP. After including the class, you can convert Markdown-formatted text to HTML by passing the string to the Markdown() function.
-
Zebra Stripes
Have you ever noticed how, if you have a long list of data, such as a table showing several data fields, it can be hard to follow a line from one side to the other when you read it? You tend to confuse it with the line below if you're not careful. Zebra striping, despite the amusing name, is a technique that can much improve readability in such situations. In essence, you simply alternate the background color, switching between a light color and one slightly darker one, a simple feat for PHP.
-
Get Started With SimpleXML in PHP
In this "Web 2.0" age, more and more web services are making public APIs available, allowing you to access data from their applications from yours. You could pull messages from Twitter, videos from YouTube, search results from Yahoo, and then aggregate them all into a Facebook application in some manner. Most XML-based APIs can be interacted with through PHP5's SimpleXML functions, with which you can parse output and use as you wish.
-
Caching Dynamic PHP pages easily
If your website is on a shared hosting account, you need to be careful of how much processor power you are using at any given time, especially if you tend to get sizeable amounts of traffic. That's where caching comes in to play. Your web server can send-out pages quicker and more efficiently if it doesn't have to process PHP scripts on every page load. Caching is a technique that temporarily stores scripts' plain HTML output in a directory, and serves them instead of the script to improve performance. Every hour or so, depending on the application, the cache is emptied and replaced with the new output.
Frameworks
-
CodeIgniter
A lightweight and modular Model-View-Controller framework for PHP. Requires little configuration, and no command-line usage. CodeIgniter has plenty of useful classes for functions such as image manipulation, file upload, caching, and database I/O. Compatible with PHP4.
-
CakePHP
Another popular MVC framework. CakePHP is a little heavier than CodeIgniter, but has it's own advantages. It's quite full-featured, having plenty of thorough documentation and an impressive collection of helper classes developed by the community.
-
Symfony
Symfony is a bit harder to use than CakePHP and CodeIgniter, requiring the use of the command-line to run configuration commands and to create applications. While it seems more involved, it is no less of a viable option for those who would feel comfortable with it.
-
Zend Framework
Developed by Zend Technologies, Zend Framework is licensed under the New BSD license. It is along the same lines as CodeIgniter and CakePHP.
-
Flourish
Flourish is an object-oriented PHP framework, but not an MVC one. The library allows for a more free coding structure than other frameworks, being an included library rather than a foundation to build upon. It is supposed to reduce the amount of code required to get things done, but not dictate your file structure.
Screencasts
-
How to Build a Login System for a Simple Website
Build an object-oriented login system as you follow this hour-long tutorial. It's not a complete solution, leaving you plenty of room to expand and make it your own, but by the end of the screencast you should have a good idea of how to build a well-structure login system that will withstand SQL Injection.
-
WordPress as a CMS
WordPress is more than just a blogging tool. It's powerful enough to handle just about anything you throw at it. If functionality you need isn't built-in, it can be added with a plugin or some custom coding. WordPress works just as well to manage websites that are more page-based than post-based, and it can be extended to do nearly anything.
-
CodeIgniter: Create a Blog in 20 Minutes
A twenty minute video showing how to use CodeIgniter to create a basic content management system with posts, permalinks, and comments.
-
Build a Login and Registration System with XML
Some smaller projects may not require a full-blown database for login credentials. This screencast shows how to create a login and registration system that stores data in XML files instead. The tutorial covers several interesting PHP things, including file manipulation and the SimpleXML functions.
-
A Crash-Course in WordPress Plugin Development
In this screencast, Jeffrey Way walks you through the creation of a basic WordPress plugin to automatically rewrite unfavorable HTML in posts. Covers plugin structure and the basis of the WordPress hook system.
WordPress
-
Using Custom Fields
The WordPress Write screen offers an option to assign metadata to a post when you are writing it. That data could be anything from a thumbnail URL to your current mood to a flag to enable/disable the display of part of the template. You can add and remove fields while editing a post, and later call the data programatically with the get_post_meta() function.
-
Creating Custom Write Panels in WordPress
Add a new meta box to the Write Post screen in WordPress. The tutorial uses post thumbnails as an example. The end result is a handy thumbnail URL field that creates a custom field to store the URL, allowing the theme to pull the image up with the post. If you make extensive use of custom fields, creating a meta box with a friendlier interface just might save you time in the long run.
-
10 Useful RSS-Tricks and Hacks For WordPress
Exclude categories from your RSS feed, put ads in your feeds, set a delay between when the post is published and when it shows up in the feed. Smashing Magazine gives ten hacks and tips for getting the most out of your WordPress site's feeds.
-
WordPress 2.7 Featuring Your Favorite Actions
Using the favorite_actions filter, add (or remove) items to the favorite actions drop-down in the upper-right of the WordPress 2.7 backend. Any page in the Admin can be added to the menu. You could do this from your theme's functions.php file, or through a plugin.
-
Easily display your last Tweet
Who doesn't use Twitter these days? The "A-List" bloggers were the early adopters, but now the Twitter community is full of developers, designers, politicians, businesses, celebrities, etc.. Wouldn't it be neat if you could put your latest "tweet" in your blog's sidebar? You could use a plugin, of course, but isn't it more fun to roll your own solution with a bit of PHP magic? Joost de Valk has some working examples to learn from.
-
Mastering WordPress Shortcodes
Shortcodes, introduced in WordPress 2.5, allow you to include things in posts with a simple statement such as [AdSense]. The placeholder is replaced with something useful whenever the post is displayed. To continue with the AdSense example, you could have any instance of [AdSense] replaced with your AdSense code.
-
How to Write a Wordpress Plugin
Writing a plugin is one of the best ways to contribute to the best ways to contribute to the WordPress community. If you have an idea for something to improve WordPress, put your PHP skills to use and make it happen. Devlounge has a comprehensive introduction to plugin development, which covers the major bases and should get you started in no time.
Books
-
PHP 5 for Dummies by Janet Valade
A solid and easy to understand introduction to the PHP language. True to the series' reputation, this volume could potentially teach nearly anybody (even someone without prior programming experience) how to write PHP scripts. A very good primer on PHP, though the current edition has a few errors from the typesetting process, namely the substitution of underscores where double-quotes should be.
-
PHP Hacks by Jack Herrington
O'Reilly Media is famous for the tech-centric books they exclusively publish. They consistently produce quality guides to everything from Linux to JavaScript to iPods. PHP Hacks is no exception. This book, rather than being a ground-up intro, focuses on practical lessons in PHP. The book is full of "hacks," short tutorials filled with code snippets that show you how to do interesting and useful things with the language. A great book for intermediate-level PHP coders.
-
Wicked Cool PHP: Real-World Scripts That Solve Difficult Problems by William Steinmetz and Brian Ward
From the venerable No Starch Press comes this gem, a 200-odd paged paperback chock-full of useful script bits to help you solve the tricky problems that come up all to often. Whether you're a PHP newbie or an experienced code-forger, there's something for you in this book. Keep a pad of paper handy when you read it.
-
The PHP Anthology: 101 Essential Tips, Tricks & Hacks by SitePoint
Inside The PHP Anthology, you will find not an introduction to PHP, but a more intermediate guide. It focuses on the Object Oriented approach throughout, and tries to give you a solid understanding of important and practical concepts that beginner books leave out, such as producing error-free output, XML web services, and the many aspects of security. It is full of useful tips and code snippets as well. Definitely worth a read.
Bonus: Some Useful PHP Functions
- Strtotime()
- Explode()
- Print_r()
- Serialize()
- Str_replace()
- Strip_tags()
- Rawurlencode()
- Htmlentities()
- Follow us on Twitter, or subscribe to the NETTUTS RSS Feed for more daily web development tuts and articles.
