PHP under control
-
Upload
damien-seguy- -
Category
Technology
-
view
2.192 -
download
2
Transcript of PHP under control
![Page 1: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/1.jpg)
PHP under controlKeep an eye on your source code
![Page 2: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/2.jpg)
Agenda
The age of industrialisation for PHP
How to keep this code under control
Technics and tools
Organizing teams for quality
![Page 3: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/3.jpg)
Speaker
Damien Seguy
Nexen (.net), AlterWay Group
Expert services on LAMP hosting
Raise elePHPants
Monthly PHP stats
![Page 4: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/4.jpg)
Keep an eye on the codeSecurity
Performances
Code quality
Maintenance But
Bigger teams
Changing teams
Long projects
Lots of code
![Page 5: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/5.jpg)
Set up a coding reference
Set up the rules
Share them
Keep them simple
"No bug" is not a rule
Don't try to catch everything
![Page 6: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/6.jpg)
Reference suggestions
Security
Filter incoming data
Protect data
Quality
Short functions
No globals
Performances
Less require (_once)
No eval()
Maintenance
Sensible symbols
CamelCaps or underscores
![Page 7: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/7.jpg)
Searching the codeGrep
preg_match()
Tokenizer
![Page 8: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/8.jpg)
Grep
Fast, efficient, will always find something
Will find way too much
Difficult to find larger structures (function, class)
Great when you know what to look for
Great with one liners
![Page 9: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/9.jpg)
Grep targets
Search for
$_GET, $_POST, $_COOKIE, $_SERVER, $[A-Z]
filter with dot, comma, parenthesis
var_dump, print_r
mysqli_query, mysqli_fetch_, mysqli_error
_once
![Page 10: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/10.jpg)
Grep charts
if(isset($_POST['sgoogle'])){
// Traverse each _REQUEST data adn put them in ...
$GLOBALS['HTTP_POST_VARS'] =& $_POST;
$_REQUEST["comments_threadId"] = 0;
$game["desc"] = $_POST['description'];
$comments_t_query .= "?$c_name=" . $_REQUEST["$c_name"];
var_dump($aux);
![Page 11: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/11.jpg)
Grep charts
Tiki-wiki (http://tikiwiki.org/)
1422 PHP files
456850 lignes of code
178 occurrences $_POST
7634 occurrences of $_REQUEST
56 var_dump
![Page 12: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/12.jpg)
Regexing PHP code
perl -m
More complex regex calls
Sometimes easier to write as PHP
Still a wide net
Only search for strings, not code
![Page 13: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/13.jpg)
Regex examples
Spotting heredocs
if (preg_match_all('/<<<(\S*)(.*?)(\1)/is', $code, $r)) {
Globals affectations
/=\s*\$_[A-Z]/s
But how to get strings?
/'[^']*'/ (Try 'No this won\'t work';)
![Page 14: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/14.jpg)
Regex stats
No HereDocs
2645 SELECT
Grep got us 7861, including .sql files, </select> tags
1059 affectations of incoming values ($_REQUEST...)
![Page 15: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/15.jpg)
Tokenizer
Your own PHP analyser!
Included since PHP 4.3
Exact with PHP semantics
Huge list of tokens
Must be processed
Rebuild large structure
![Page 16: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/16.jpg)
[1] => Array ( [0] => 266 [1] => print [2] => 1 )
[2] => Array ( [0] => 370 [1] => [2] => 1 )
[3] => ( [4] => " [5] => Array ( [0] => 314 [1] => hello [2] => 1 )
[6] => Array ( [0] => 309 [1] => $world [2] => 1 )
[7] => Array ( [0] => 314 [1] => ! [2] => 1 )
[8] => " [9] => ) [10] => ;
<?php print ("hello $world! "); ?>
[1] => Array ( [0] => PHP token [1] => PHP code [2] => Script line ) [2] => "
![Page 17: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/17.jpg)
Tokenizer
Extract variables names, arguments, function call
61 $foo, 2 $ccc
2 $feature_community_friends_permission_dep
all $a .... $z except $o and $q
124 variables only used once...
![Page 18: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/18.jpg)
Other ideas?
VLD
Vulcan Logic Disassembler
Tokenizer, but worse
xDebug
Great for execution time
Error handler (great for PHP 4->5)
PHP is dynamic : tough on vars
Require automated browsing
![Page 19: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/19.jpg)
Tools
PHP error reporting (E_STRICT)
PHP Code Sniffer (PEAR)
PHP Mess detector (PHP Unit)
phpCallGraph
![Page 20: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/20.jpg)
Managing the finds
Count every value of previous searchs
every night / every commit
Graph it and act upon changes
phpUnderControl (.org)
![Page 21: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/21.jpg)
Progressive implementation
Set up your reference
Organize a few tests
Graph them, and act upon violation
When 0 (or stable), add extra tests
![Page 22: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/22.jpg)
Organizing teamsSet up code cross-reviews
Have developpers teamed by two
Each one review the other's code
Every one has the same reference
Google mondriantool
![Page 23: PHP under control](https://reader034.fdocuments.net/reader034/viewer/2022052411/55731d36d8b42aae7b8b49c7/html5/thumbnails/23.jpg)
Organizing teams
It distributes the reviews among developpers
not team lead, not current hierarchy
Senior can take on junior, or recent employes
Both might benefit
Works even under load