php[architect] logo

Want to check out an issue? Sign up to receive a special offer.

The Value of the AST

November 2022

November is upon us, and in the United States, it’s the month we celebrate Thanksgiving. I want to take this time to thank each and every one of you who reads our magazine. Producing each issue takes more time than I ever knew, and we have had our share of ups and downs over the past year.

Your AST Toolkit

By Tomas Votruba

Today we look at the three most powerful tools in the AST Toolkit. What is the tool for, how do we use it properly, and where should we use something else or our bare hands? by Tomas Votruba

Bring Value To Your Code

By Dmitri Goosens

Through its iterations, PHP has become as appropriate as any other language to express Domain-Driven Design and implement other concepts and patterns that are more complex. One of these is one of the most important building blocks in Domain Driven Design (DDD), the Value Object… But what is a Value Object? Is it only useful in DDD? How, where, and why should one use them? Let’s try to check it out… by Dmitri Goosens

PHP Puzzles: World Cup Draws

By Oscar Merida

A random draw is straightforward, but we usually have business rules to implement and consider in any solution. With the World Cup kicking off this month, we get a chance to look at one scenario. Can you draw the teams into proper groups before the tournament starts? by Oscar Merida

Education Station: Making Our Own Web Server: Part 2

By Chris Tankersley

One of the biggest laments of PHP is that it does not have a dedicated web server and instead relies on an external program like Apache or NGINX to handle the incoming request. Modern versions of PHP do ship with a development server, but that server is not recommended for production use at all. This is not just because it is normally single-connection only (though there are flags to make it multi-threaded) but because there are better tools to handle the web serving—like Apache and NGINX. by Chris Tankersley

The Workshop: Local Dev with Lando

By Joe Ferguson

This month we’re going to visit a topic near and dear to my heart: local development environments. I’ve been maintaining Laravel Homestead since late 2016. I have been a longtime tinkerer of just about every local development tool you’ve ever heard of, and they all have their strengths and weaknesses. Lando is just about the only tool I haven’t had a chance to dive into, so join me in this dive into the world of local development with Lando.dev. by Joe Ferguson

DDD Alley: Transactional-Boundary

By Edward Barnard

Domain-Driven Design’s Aggregate pattern is perhaps the most powerful of DDD’s tactical patterns. However, strangely enough, the pattern’s power doesn’t come from the Aggregate itself. The power comes from the Aggregate’s underlying concept–the transactional boundary. by Edward Barnard

Security Corner: Direct Object References

By Eric Mann

Building APIs in PHP often exposes us to the potential of obscure bugs that can otherwise compromise the security of our application. Building too pure of an API – and relying on clients to provide too much information about the objects they’re referencing – is one such risk. by Eric Mann

PSR Pickup: PSR-11: Container Interface

By Frank Wallen

In this issue, we’ll discuss the Container Interface, PSR-11. The Container’s job is to act as a registry and return a service object identified by a unique key or name. Many modern frameworks and codebases implement Dependency Injection as a form of inversion of control, where the client requesting the service object does not need to know how to construct it. Usually, containers return service objects, but it could really be any valid object in the application. The responsibilities of the Container are configuring and fetching entries, leaving it up to the framework to fetch the necessary objects to compose the application. by Frank Wallen

Drupal Dab: Security in Drupal 9

By Nicola Pignatelli

When you develop a Drupal site, you often think only of programming and rarely of security. Writing clean and secure code is useless if users can enter 123456 as a password. In this article, I’ll explain which modules to use to secure your Drupal website. Of course, there are other techniques and tools to secure a web application, but you can’t configure the web server or install third-party applications if you don’t have access to the server. Drupal core developers improved code and core modules to minimize risks; they eliminated code that allowed the insertion of PHP code in fields of blocks, content type, etc. In this article, I’ll explain which modules to use to secure your Drupal website. Of course, there are other techniques and tools to secure a web application, but you can’t configure the web server or install third-party applications if you don’t have access to the server. Okay, let’s dive into discovering these essential modules for our safety. by Nicola Pignatelli

finally{}: Our Responsibility in Learned Helplessness

By Beth Tucker Long

Security and clean data are a must in our industry. We go to great lengths to ensure that the data we bring in is not malicious but also, and perhaps even more importantly, is the right data we want. Are we training users to be helpless in our quest to create applications and systems to get exactly what we want from users? by Beth Tucker Long

Leave a comment

Use the form below to leave a comment: