Over the past decade, the PHP community has progressed through a handful of distinct eras that have each been marked by a focus on specific best practices. This is most evident in the types of talks presented at conferences and user groups and in the articles published by php|architect magazine, PHPDeveloper.org, and the blogs of those whose feeds are distributed through Planet PHP.
In thinking through this, I’ve come up with the following eras I think we, the PHP community, have had over the last ten years. These are in a general order, but eras overlap, and some have lasted longer than others, so there’s not a distinct beginning or end to each.
- Object-oriented programming and design patterns
- Web application security
- Coding standards and code organization
- Testing and continuous integration
OOP and Design Patterns
PHP 5.0.0 Beta 1 was released on June 29, 2003. The GA release came out on July 13, 2004. While PHP 4 had support for objects, inheritance, encapsulation, etc., it was during this time that the community began promoting best practices for object-oriented programming and the use of design patterns. Jason Sweat’s php|architect’s Guide to PHP Design Patterns was published in 2005, and there were many talks and articles published on good OOP practices and design.
It was also during this time that lots of folks began talking about web application security. Most notably, Chris Shiflett launched the PHP Security Consortium and later published Essential PHP Security, while Stefan Esser pushed for greater visibility and focus on fixing security issues deep in the PHP core, contributing the Suhosin extension, part of the Hardened-PHP Project. Other books were published, and we saw many talks on security at conferences. Recently, Chris Cornutt has raised the PHP security banner once again with websec.io.
OOP and design patterns best practices led to increased awareness and focus on the MVC design pattern. Many frameworks following this pattern—or variations on it—sprung up. Early frameworks Prado and CakePHP preceded Symfony and Zend Framework. There are too many others to name here, but all have contributed to where we are today. We’ve learned a lot from this proliferation of frameworks. It has allowed the community to try many different approaches, rather than settling on one particular way of doing things.
Coding Standards and Code Organization
The proliferation of frameworks brought us to where we are today with the PHP Framework Interoperability Group and the community standards PSR-0, PSR-1, and PSR-2. The frameworks are all working together, many following some of the same patterns, allowing components of frameworks to be used together. Componentization has taken hold, with Ed Finkler’s Micro PHP Manifesto being a rally cry for the use of smaller libraries that focus on doing one thing well, a variation on the single responsibility principle. Composer has arisen from the Symfony community, providing PHP libraries and applications a way to specify and manage external dependencies. PHP code is looking a lot better—just take a look at some of the repositories on GitHub.
This brings us to the era of testing. This is where we are today, but it’s not the first time anyone has ever talked or written about testing. Sebastian Bergmann has been doing this for years, but I think the community and ecosystem around PHP is now at a level of maturity where it’s become a major focus of developers and development shops. We not only care about what we build and getting the job done. We also care about the code we write and are treating it more and more as a craft. Testing goes hand-in-hand with treating code as craft. Chris Hartjes’s grumpy persona is leading the charge from his blog, Twitter account, and books, Guide to Building Testable PHP Applications and PHPUnit Cookbook, as well as his recent talks and keynotes at PHP conferences.
With the coming of the testing era, I’m seeing a lot of maturity in our community. The code we write is getting better. We’re following standards and best practices. We’re implementing a lot of good design principles. Many folks can explain what XSS, CSRF, and SQL injection are, and they can tell you how to protect against them. We’re writing libraries and components that work well together. And we’re starting to test—and automating those tests.
I think the decade since PHP 5 was released has brought us to a great place as a community. We’ve seen a lot of trends, and these have helped us mature as developers and have helped us establish community-supported best practices. With each new era, we can’t forget what we’ve learned, though. We must continue teaching and revising these best practices as we learn more.
I wonder what the next era of PHP development best practices will be.