The document discusses modern PHP features such as exceptions, namespaces, closures, statics, short array syntax, PDO, security improvements, and popular PHP tools. It provides examples of how to use exceptions, closures, namespaces, statics, short array syntax, PDO, and security features. It also introduces the built-in PHP web server, Composer package manager, and PHPUnit testing framework as useful modern PHP tools.

1. PHP
modern
not your grandma’s php
& secure

2. Who is this guy?
Ben Edmunds
!
@benedmunds
http://benedmunds.com

3. Who is this guy?
Ben Edmunds
!
Open Source
Author
PHP Town Hall Podcast
CTO at Mindfulware

4. Welcome to
the Future

5. Welcome to the Future
Exceptions
Namespaces
Closures

6. Welcome to the Future
Statics
PDO
Short Arrays
Security

7. Legit Tools

8. Legit Tools
Built-in Server
Unit Testing
Composer

9. Welcome to!
the Future

10. Great Scott!

11. Exceptions

13. Exceptions
try {
//your code goes here
}
catch (Exception $e) {
die($e->getMessage());
}

14. Exceptions
try {
//your code goes here
}
catch (Exception $e) {
die($e->getMessage());
}

15. Closures

17. Closures
Route::get(‘/', function(){
return View::make(‘index');
!
});

18. Closures
Route::get(‘/', function(){
return View::make(‘index');
!
});

19. Namespaces

21. Namespaces
namespace IlluminateConsole;
class Command
{
//…

22. Namespaces
use IlluminateConsoleCommand;
namespace IlluminateConsole;
class Command
{
//…

23. Namespaces
use IlluminateConsoleCommand;
namespace IlluminateConsole;
class Command
{
//…

24. Statics

26. Statics
Class Route {
public static function get() {
//…
}

27. Statics
Route::get();
Class Route {
public static function get() {
//…
}

28. Statics
Route::get();
Class Route {
public static function get() {
//…
}

29. Statics
NO $this
$var = self::varAtDefinition;
!
$var = static::varAtExec;

30. Short Array!
Syntax

32. Short Array Syntax
$array = array(
0 => ‘value1’,
1 => ‘value2’,
);

33. Short Array Syntax
$array = [
0 => ‘value1’,
1 => ‘value2’,
];

34. Short Array Syntax
$array = [
0 => ‘value1’,
1 => ‘value2’,
];

35. PDO

37. PDO
Cross System

38. PDO
Cross System
MS SQL
MySQL
Oracle
PostgreSQL
SQLite
CUBRID
Firebird
Informix
ODBC & DB2
4D

39. PDO
Cross System
Safe Binding

40. PDO
$stmt = $db->prepare(‘
SELECT * FROM users
WHERE id=:id
’);
!
$stmt->bindParam(‘:id’, $id);
$stmt->execute();

41. Security

42. Security
SQL Injection
HTTPS
Password Hashing

43. Security
Authentication
Safe Defaults
XSS & CSRF

45. Security
//escaping input
$stmt->bindParam(‘:id’, $id);

46. Security
//escaping input
$stmt->bindParam(‘:id’, $id);
//escaping output
htmlentities($_POST[‘name’]);

47. Security
HTTPS / SSL
!
Encrypts traffic across the wire
!
Trusted sender and receiver
!
Required by OAUTH 2

48. Security
//authentication - access control
if (!$user->inGroup(‘admin’)) {
return ‘ERROR YO’;
}

49. Security
//authentication - brute force
if ($user->loginAttempts > 5) {
return ‘CAUGHT YA’;
}

50. Security
//safe password hashing
password_hash($_POST['pass']);

51. Security
//safe password hashing
password_hash($_POST['pass']);
//password verification
password_verify($_POST['pass'], $u->pass);

52. Security
//safe defaults
class Your Controller {
protected $var1 = ‘default value’;
!
function __construct() { … }
}

53. Security
//safe defaults
$something = false;
!
foreach ($array as $k => $v) {
$something = $v->foo;
if ($something == ‘bar’) { … }
}

54. Security
//Non-Persistent XSS
!
http://www.yourSite.com/
?page_num=2&per_page=50
!
Send the link to someone, boom

55. Security
//Persistent XSS
!
Same idea, except with data that is
saved to the server and
re-displayed

56. Security
//XSS Protection
!
<h1>Title</h1>
Hello <?=htmlentities($name)?>
!
!

57. Security
//Cross Site Request Forgery
//(CSRF)
!
http://yourSite.com/
users/12/delete
!
!

58. Security
//CSRF Protection
!
POST / PUT / UPDATE / DELETE
behind forms with one-time use
tokens
!
!

59. Security
//CSRF Protection
!
function generateCsrf() {
$token = mcrypt_create_iv(
16, MCRYPT_DEV_URANDOM);
Session::flash('csrfToken', $token);
return $token;
}

60. Security
//CSRF Protection
!
if (
$_POST['token'] == Session::get(‘csrfToken')
) { … }
!

61. Legit Tools

63. Built-in !
Web Server

64. Built-in Server
$ php -S localhost:8000
!
PHP 5.4.0 Development Server started…
Listening on localhost:8000
Document root is /home/ben/htdocs
Press Ctrl-C to quit

65. Composer

66. Another
Package Manager!?

67. Composer
Sane Package
Management

68. Composer
Autoloading

69. Composer
PEAR, ha!
packagist.org

70. Composer
/ composer.json
!
{
"require": {
"stripe/stripe-php": "dev-master",
"twilio/sdk": "dev-master"
}
}

71. Composer
$ php composer.phar update
$ php composer.phar install

72. Composer
$client =
new Services_Twilio($sid, $tkn);
!
$client->account
->messages
->sendMessage(…)

73. Unit Testing

75. Unit Testing
PHPUnit
Behat
Mink
Selenium
CodeCeption
PHPSpec

76. Unit Testing
class ApiAuthTest extends PHPUnit_Framework_TestCase {
!
public function testVerify() {
!
$auth = new apiAuth();
$this->assertTrue($auth->verify());

77. Unit Testing
class ApiAuthTest extends PHPUnit_Framework_TestCase {
!
public function testVerify() {
!
$auth = new apiAuth();
$this->assertTrue($auth->verify());

78. Unit Testing
$ phpunit tests
!
PHPUnit 3.3.17 by Sebastian Bergmann.
Time: 0.01 seconds
OK (1 tests, 1 assertions)

79. Resources

81. Resources
PHP.net

82. Resources
Modern Frameworks
Laravel
Symfony2
Fuel PHP
SlimPHP 2
Aura for PHP
Silex

83. Resources
leanpub.com/
phptherightway
PHPtheRightWay.com

84. Resources
BuildSecurePHPapps.com
Coupon Code:
codementor
$3 off
http://buildsecurephpapps.com/?coupon=codementor

85. Q/A TIME!
Ben Edmunds
@benedmunds
http://benedmunds.com
http://buildsecurephpapps.com/?coupon=codementor