Akash Mehta
OSDC Brisbane, 2009
With the release of PHP 5.3, the PHP platform now includes an extremely feature-rich language capable of rivalling many enterprise solutions. With every new language release, approaches to PHP - both architectural and development - are constantly evolving and can potentially alienate PHP veterans.
Today, typical PHP applications make use of namespaces (or pseudo-namespaces via static), dependency injection, extensive database abstraction layers (especially using the data gateway pattern), plugin hook systems, and autoload-powered folder structures, to name a few. Every new PHP application has access to the cutting edge, but with this level of evolution, it's easy to lose track of what exactly the cutting edge is.
In this paper, I'll explore the current state of play for PHP web development, progress as a language, the nature of applications in deployment, and explore progress on PHP frameworks. In the talk, I'll also demonstrate samples from current open source codebases, as well as proprietary applications, and identify the design patterns and development approaches used.
PHP has come a long way in its fifteen year history. From templating on steroids, to simple CMSs, forum and blog engines and now enterprise scale Java-style applications, PHP - both as a language and as an ecosystem - has been constantly evolving. So where do we stand today? In this presentation, I'll explore the state of PHP as it's used in production, its progress as a language, and some application code bases and frameworks.
Most PHP applications currently deployed fall into three well defined categories.
Small PHP-powered "dynamic" websites are by far the largest group of PHP applications deployed, encompassing web presences for small businesses, low-traffic semi-dynamic blogs, simple forums and very basic CMS-powered sites. These applications are generally developed by a single developer, or (more often) deployed from off-the-shelf solutions by persons with minimal development experience. Scaling up to one of these sites from a static HTML operation is extremely common.
While these sites tend to serve their purpose well, low budgets generally result in overlooked security vulnerabilities, potential quality control challenges, as well as less than ideal implementation approaches. Applications are commonly deployed to shared servers. Design patterns are rarely utilised and maintenance tends to be a challenge, with new developers typically proposing (and executing) a complete rewrite.
The last few years have seen a significant increase in the deployments of "social" web applications; these applications are characterised by significant ongoing end user interaction following deployment, especially data input and data dissemination. A number of off the shelf products exist to power such sites, with notable open source options including Vanilla, Wordpress and Drupal. Many startups tend to produce applications that fall into this category, especially those exploring social networking.
The range of open source applications available to power these sites has led to significant fragmentation in their respective markets; widely used applications have even become popular targets for scriptable security exploits. When deployed from existing solutions, these applications tend to be heavily customised with code inserted through plugin APIs; applications developed from the ground up (e.g. by startups) tend to achieve the same level of complexity. Deployment targets include shared servers, VPS systems, dedicated servers and even "cloud hosting" environments.
Development tends to be considerably more organised than those applications falling into the "dynamic websites" category; version control systems, bug trackers and release schedules are standard. Small to mid-size development teams enable a certain degree of inherent quality control, resulting in reasonably robust applications; scalability is also a feature of these applications.
Alongside the social portals, businesses have been steadily increasing their development of custom PHP applications, typically to augment internal processes and facilitate client management, or even provide a core product or service via the internet. These applications tend to be characterised by considerable structure to deal with all the finer details of a given domain, as well as development with a focus on future extensibility and maintenance.
Frameworks of some description are extremely common in these applications, although in-house development of a custom framework is not uncommon. Among open source frameworks, the Zend Framework appears to be making significant inroads into enterprise development.
Very few of these deployments appear to be based on off-the-shelf solutions; a select few open source projects - including SugarCRM and KnowledgeTree - have seen successful deployments, while most other projects have targeted consumers and small businesses.
Developers working on these corporate applications are considerably more likely to come from a non-PHP background, especially those with software engineering education that covered Java systems.
PHP 5.3 was released earlier in mid-2009, and with it, a number of features designed to aid large-scale application development. Namespaces are at the top of the list; with appropriate use of namespaces, merging two (or more) large PHP applications could finally be possible. Initially planned for PHP 6, the back-porting of namespaces to PHP 5.3 allows developers to take advantage of this functionality today, without having to handle backwards-incompatible changes immediately.
These backwards-incompatible changes are part of a significant cleanup of PHP as a language, slated for PHP 6. The removal of magic quotes, safe mode and register globals will be a relief to developers and web hosts alike, while removal of the ereg extension (in favour of preg) should simplify the state of regular expressions for new PHP developers.
Along with class-level constants, improved unicode handling, garbage collection for circular references and stronger Windows support, PHP 6 is significantly more effective for large scale application development.
FLOW3 is a cutting edge (possibly bleeding edge) PHP application framework developed alongside TYPO3. While still in development, it was one of the first open source PHP systems to require PHP 5.3.0, well before PHP 5.3.0 final had been released, and demonstrates a number of language features only recently introduced to PHP. The following is a sample file from FLOW3's alpha 4 release:
<?php
declare(ENCODING = 'utf-8');
namespace F3\FLOW3\Log;
/*... */
/**
* A general purpose default Logger
*
* @version $Id: Logger.php 3102 2009-08-26 13:20:36Z robert $
* @license GNU Lesser General Public License, version 3 or later
* @scope prototype
*/
class Logger implements \F3\FLOW3\Log\SystemLoggerInterface {
/**
* @var \SplObjectStorage
*/
protected $backends;
/** .. */
public function __construct() {
$this->backends = new \SplObjectStorage();
}
The framework itself is internationalised; namespaces are used extensively, and the namespaces and classes correspond to a reasonably logical filesystem structure - this particular file is stored in Packages/Framework/FLOW3/Classes/Log/Logger.php, a path that can quite reasonably be derived from the class name and the namespace used. (This is also beneficial for implementing autoload, in order to enable developers to pull in components of a use-at-will framework with minimal code overhead.) Commenting for individual properties also declares the namespaced type - in this case, an instance of the global SplObjectStorage class being stored in $backends.
This general style of application development - minimal bootstrap code, handing over to a large collection of highly structured classes (using PHP 5+ syntax), a file for every class and Javadoc-style commenting - is extremely common today. With tertiary IT graduates increasingly working on PHP projects after studying Java, this style may be all but assumed in a few years time. (A few open source PHP applcations, and undoubtedly countless proprietary systems, have not yet adopted this practice; Wordpress is a notable example.)
PHP frameworks have largely stabilised in the last 12 months, with few new projects appearing; general growth in the popularity of existing frameworks has been evident instead.
The PHP global namespace is filled with functions that model functionality in other languages and systems, especially C. One side effect of this is the standard complaint of namespace clutter, and frameworks are increasingly moving towards providing an abstraction layer over standard PHP functionality (especially functions), in order to offer API stability, provide recent additions to the standard library in older versions of PHP, and generally create a top-to-bottom solution for appilcation development. For example, The json_encode and json_decode functions were introduced in PHP 5.2, and the Zend Framework provides an API for JSON (Zend_Json) on any PHP 5.x runtime by reimplementing the function in PHP when it is unavailable.
CakePHP has reached its 1.3 release (including a new Javascript helper and improved code generation), Zend Framework 1.9 is now available (with message queuing, LDAP support and a SQL Server connector), CodeIgniter is now at 1.7 (with improved form validation and library management), and Symfony 1.2 is stable (better everything; Doctrine ready to go out of the box).