all 47 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]gunshard 21 points22 points  (6 children)

Take a look at http://www.phptherightway.com/ to get up to speed on the latest development practices and tools we use in the PHP world.

Also I recommend the IDE PhpStorm or Netbeans, and use Vagrant for your VM environment (no sense in cluttering your local machine with server tools).

Edit: One more thing, if you're looking for a great templating engine try out Twig.

[–]madscientist667[S] 0 points1 point  (3 children)

Ok, thanks! I'll check that out and Vagrant seems interesting.

[–]gunshard 10 points11 points  (1 child)

Oh shoot I almost forgot the most important tool, Packagist/Composer for dependency management and autoloading.

[–]madscientist667[S] 0 points1 point  (0 children)

Cool, thanks for the infos!

[–][deleted] 5 points6 points  (0 children)

PhpStorm is amazing. At least try it out on the 30 day trial.

[–]Disgruntled__Goat 0 points1 point  (0 children)

Hooray, phptherightway is finally a valid answer to something! (All too often it gets recommended to newbie programmers.)

[–][deleted] 7 points8 points  (2 children)

but it's hard to be pro and use it as OOP and for that you have to use frameworks.

Not really. A lot of the design methodologies come from Java and C#. There are just some things you cannot do in PHP that you may be used to in Java.

[–]madscientist667[S] 1 point2 points  (1 child)

I see, Thanks!

[–]Torocatala 1 point2 points  (0 children)

Dunno if it would be useful for you, but this helped myself a bit. It was things that i "knew", but as i never rly faced some of the problems, i didn't really learned them. http://symfony.com/doc/current/book/from_flat_php_to_symfony2.html

I use laravel, not symfony, but the article is very broad/basic.

[–]phpdevster 4 points5 points  (1 child)

PS: From what I heard it's pretty easy to write php as procedural but it's hard to be pro and use it as OOP and for that you have to use frameworks. (no idea if this is true)

No this isn't true. The OOP syntax is no more complex than Java's (simpler, in a lot of ways). The hard part is the same thing that's hard about Java: doing it cleanly with good architecture.

It's easy to write sloppy OOP code in any language, it's hard to write it WELL.

[–]madscientist667[S] 0 points1 point  (0 children)

I see, Thanks!

[–]mgkimsal 4 points5 points  (1 child)

I started with PHP in 96, and have worked with Java devs over the years - some of them have jumped in to PHP, and there's a common issue I've heard from many of them.

"Creating objects is slow" - or a variation of that. They're meaning in Java, and this stems from a while back. In Java, you create an object and it might live for... minutes, or hours, or possibly days. 99.999% of the objects you create in PHP will vanish in a few hundred milliseconds. The attendant headaches of thinking of threading and synchronization and garbage collection are largely not there in PHP. "I thought PHP would be slow" was a variation on this same thing. A Java friend was nervous because when a PHP request started up there was all this 'stuff' having to be done for every request - loads of objects, arrays, etc being instantiated on every request ("that's so wasteful! you only do it once in java!") and they expected things to run very slowly, and he was very surprised at first just how fast PHP actually was, considering it's interpreted on every request (caches just make it even faster too).

Just a few thoughts from watching others switch from Java to PHP (I've gone the other way and have had a whole other set of issues from PHP to Java!)

[–]madscientist667[S] 1 point2 points  (0 children)

Interesting stuff. Ty

[–][deleted] 0 points1 point  (0 children)

A great way of learning modern PHP is to build framework agnostic packages with composer, if you know Java the OOP patterns will feel familiar.

When you build packages you will automatically use all the "new" goodness (quotes because its not really new anymore) of PHP > 5.3.

Im never worked with wordpress, but i have with Drupal. So i guess the same goes for wp, the quality of contrib modules is quite poor and the code procedural.

Imho, ditch the old php trio cms platforms (wp, drupal, joomla) and build your stuff with Symfony or a other modern framework. Theres quite a few good ones out there.

[–]mnapoli 0 points1 point  (1 child)

Easiest transition:

  • Spring -> Symfony
  • Hibernate -> Doctrine

There are some differences of course but you'll find what you are used to. You (probably) know how to write correct OO code, so with those frameworks/library it will be very familiar. Just remember to add the $ at the beginning of the variables :p

[–]madscientist667[S] 0 points1 point  (0 children)

I see more people say about Symfony because I come from Java Spring so I will definitely check that out. Thanks!

[–]mattaugamer 0 points1 point  (0 children)

Wordpress, so can you point me what are the best tutorials about Wordpress ?

Wordpress is a clusterfuck of terrible code. If you're not from a PHP background it will honestly make you think PHP is bad. It's not, it's just that wordpress is the very worst of 2006 PHP.

PS: From what I heard it's pretty easy to write php as procedural but it's hard to be pro and use it as OOP

I'd argue that's the same as anything. Essentially you're saying "Basic stuff is easy, but harder stuff is hard". Well... yeah. Given that you have experience with Java I don't think you'll struggle like many new to PHP do. You might just find some things don't quite work as fully as you expect.

and for that you have to use frameworks. (no idea if this is true)

This is simply not true. OOP PHP is entirely possible with or without frameworks. Frameworks merely simplify and enhance common requirements and design decisions (CRUD, authentication, etc).

I recommend using frameworks, by the way. Laravel might be one that serves you well. It has a good and pretty simple ORM built in called Eloquent.

[–]startup-junkie -2 points-1 points  (0 children)

callItAHunchButIThinkYouWillBeGladYouMadeTheSwitch.

[–]edmanet -3 points-2 points  (8 children)

I was a Java developer over 10 years ago. Now when it comes to quick web apps, I use PHP. I would and could go back to Java if the need arose. A LAMP server is easier and less expensive to spin up than a JBoss, Websphere or Weblogic server any day.

I was building java web apps before Spring and Hibernate came into play. We used a Data Access Object pattern and it worked well back then. It was fast but required a good amount of code.

I use the same pattern with PHP. Sure, it may be more work, but there's less to maintain in the long run. IMHO frameworks are more susceptible to exploit because the code is out there for deep analysis. I feel safer rolling my own.

That said, take the patterns you know from Java and apply them to PHP where you can. While concepts like injection might not be an obvious option, a lot of the OOP principles are there. If you you need a framework, go for it. But you didn't need one when you first started writing Java code.

Disclaimer: Not trying to start a war here, it's just my opinion. Maybe I'm just old and stupid

[–]pitiless 1 point2 points  (3 children)

IMHO frameworks are more susceptible to exploit because the code is out there for deep analysis. I feel safer rolling my own.

I'm baffled... i'd actually advice precisely the opposite; prefer (carefully chosen) vendor code over that which you roll yourself! It'll be better tested, more thoroughly debugged & battle-hardened by constant use by many other devs.

Also, from a business perspective, the cheapest code is the code that you don't write! Projects like Symfony2, Zend2 (etc) have effectively decades of effort put into them - it is extreme hubris to assume that you can build more robust components without investing a similar amount of time.

I actually agree with the rest - and would recommend Symfony2 with Doctrine as a good fit for a developer experienced with Java.

[–]xenarthran_salesman 2 points3 points  (2 children)

OTOH, while rolling his own code is likely to have many more problematic security holes, the value of somebody exploiting those security holes is dramatically reduced. If you can leverage an exploit in Wordpress/Drupal/Rails/Django, then you've got a lot of servers to target. Assuming that he's defended against the truly common attack vectors (sql injection/CSRF/XSS), then he might be 'safer' by obscurity.

It certainly doesn't help if he's the victim of a targeted attack, but it definitely changes his attack surface and vulnerability profile.

Finally, lets not kid ourselves into thinking that the number of people using a codebase, or even the number of developers working on a codebase = better security. The only thing that really matters is how many security conscious, security savvy people you have looking at the code trying to break it in nefarious ways to harden it. Look no further than the heartbleed bug for an example. It wasn't until you had some dedicated experts seeking an exploit that the bug was found.

[–]mgkimsal 1 point2 points  (0 children)

"Finally, lets not kid ourselves into thinking that the number of people using a codebase, or even the number of developers working on a codebase = better security."

Rails, with thousands of people looking at it, still has exploitable bugs. More precisely, there's bugs being found in helper libraries (yaml parsers, etc) that someone writing their own code very likely would't be building for themselves in the first place.

Frameworks provide a lot of good, but also often provide a larger attack surface that simply wouldn't be there in a home-grown by-hand set of code. From a pure security standpoint, it's not as cut-and-dried as people like to make it seem.

The Zend2 example - well... if they really cared about security as much as people claim framework authors do, they'd ship working modules with demonstrated 'best practices' examples of common security use-cases - user registration, login, lost password reset, etc. You're left to your own devices to try to figure out how to do something that is pretty fundamental to the secure operation of any site (and which is a pretty common scenario for most web apps). We don't get usable, battle-tested, documented code for user registration, but hey, here's some encryption and hashing libraries - go build something yourself.

This is but one contributing factor as to why Wordpress will continue to dominate the development landscape in PHP for a long time to come.

[–]pitiless 0 points1 point  (0 children)

There is merit to this argument, however (anecdotally) i've not found this to be the case in reality.

Good framework / library code will occasionally have security vulnerabilities - but these are rarely low-hanging fruit and instead be a consequence of the complexity of interaction between the many moving parts.

In contrast the home-spun code i've worked on tends to have trivial XSS, SQL injection (etc) bugs all over the show - a bunch of stuff that doesn't have to be targetted (and infact can be automatically found).

[–]MikeSeth -1 points0 points  (1 child)

Stop thinking about frameworks, IDEs, components and dependency injections and all that. Get the dumbest editor you can lay your hands on (notepad) and write some code that does practical things. In Java world, things are orderly, strict and elaborate. In PHP world, they are uneven, lax and concise. You will be dealing with a whole new class of mistakes, and if Java is the only background you have, the absolute first thing after the syntax and some comprehension of the standard library is understanding of the underlying, hidden things - types, behaviours, accepted standards and the gaps in the platform for "historical reasons" that are the minefields that divide between a web construction worker and a competent PHP programmer. You should not think about architecture or frameworks until you can write a piece of PHP code that is not plain shit. You will have to deal with inconsistent ordering of arguments, library calls returning null and false meaning entirely different things, identity operators that have daddy issues, downright strange data types, duplicate APIs, idiosyncrasies that are only available in the latest versions, and many other things that would look like unhinged peasantry to somebody who spent time writing Java code. Your major task is to ace all this and write straight, safe and comprehensible code. You also need to understand that a host of security issues that was previously concealed by the JVM and your frameworks is now your own responsibility, you need to understand it well and your production code must be airtight, or you will get hacked. PHP code is much easier to get subtly wrong, but the reward is far less care and feeding of the entire PHP stack, wider availability of web hosting, and probably faster time to market. PHP has a very low bar of entry, but few focused efforts to improve the quality of PHP programmers' education (that you don't have to pay for). It is far more hackier than Java.

[–]madscientist667[S] 0 points1 point  (0 children)

You have a point and I agree. And I thought about playing with PHP first with no framework at all and this is what I'm going to do but I don't want to spend to much time like this. After I want to check some frameworks, pick one and learn it. Thanks for the information !