SymfonyOnline June 2025: Detect Hidden Defects: Check Your PHP Tests
https://symfony.com/blog/symfonyonline-june-2025-detect-hidden-defects-check-your-php-tests?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
https://redd.it/1khpi39
@r_php
https://symfony.com/blog/symfonyonline-june-2025-detect-hidden-defects-check-your-php-tests?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
https://redd.it/1khpi39
@r_php
Symfony
SymfonyOnline June 2025: Detect Hidden Defects: Check Your PHP Tests (Symfony Blog)
🧪Join us at #SymfonyOnline June 2025 as Vincent Amstoutz explores how mutation testing can uncover hidden bugs in your code in his talk: Detect Hidden Defects: Check Your PHP Tests. 🐛
For personal projects, Magic Link Emails + Oauth only?
I plan to use a transactional e-mail provider as its extremely cheap to do so these days in terms of a side project/personal project volume (i.e. I probably will be within the free tier to $10/month) so it seems to make sense.
Given how forgotten passwords are basically the same as a magic link, I don't see any real security advantage to using them when I personally am not going to be up to snuff with my career project level security for obvious reasons. One person cannot self code-review for security very well and low interest open source projects are likely to not improve that significantly.
The obvious issue is if they don't use a supported Oauth provider and the e-mails get flagged as spam they might complain/stop using it given the lack of support but since its not financially relevant beyond maybe covering costs I don't see a reason to fix this potential problem. Especially when the same problem happens if they forget a password.
Thoughts?
EDIT:
Obviously, I'd have an expiration time on the links (like 20 min) and the ability to disable them for people who want a better security experience. (i.e. Google Oauth or Discord Oauth is gonna be 100% better than anything I implement anyway)
https://redd.it/1khupev
@r_php
I plan to use a transactional e-mail provider as its extremely cheap to do so these days in terms of a side project/personal project volume (i.e. I probably will be within the free tier to $10/month) so it seems to make sense.
Given how forgotten passwords are basically the same as a magic link, I don't see any real security advantage to using them when I personally am not going to be up to snuff with my career project level security for obvious reasons. One person cannot self code-review for security very well and low interest open source projects are likely to not improve that significantly.
The obvious issue is if they don't use a supported Oauth provider and the e-mails get flagged as spam they might complain/stop using it given the lack of support but since its not financially relevant beyond maybe covering costs I don't see a reason to fix this potential problem. Especially when the same problem happens if they forget a password.
Thoughts?
EDIT:
Obviously, I'd have an expiration time on the links (like 20 min) and the ability to disable them for people who want a better security experience. (i.e. Google Oauth or Discord Oauth is gonna be 100% better than anything I implement anyway)
https://redd.it/1khupev
@r_php
Reddit
From the PHP community on Reddit
Explore this post and more from the PHP community
I hate to admit this, but Laravel Cloud is nowhere near production-ready
I moved my app from DigitalOcean droplet(6$) to Laravel Cloud (~80$), a couple of weeks after it was released, and I hate to admit this but I wish I didn’t do that. I was ready to pay more money, thinking that I won’t have to care about downtimes anymore, but it’s actually the opposite.
- Random outages, sometimes up to 20 minutes
- Support replying 24 hours later, no matter the urgency of the issue
- Requests avg. spiking from 200ms to 20 seconds for periods of hours
Don’t get me wrong, Laravel team is awesome, and their products are top-tier, but I wish they’d admit that Cloud is just not prod-ready yet, so developers can make informed choices.
https://redd.it/1khvj50
@r_php
I moved my app from DigitalOcean droplet(6$) to Laravel Cloud (~80$), a couple of weeks after it was released, and I hate to admit this but I wish I didn’t do that. I was ready to pay more money, thinking that I won’t have to care about downtimes anymore, but it’s actually the opposite.
- Random outages, sometimes up to 20 minutes
- Support replying 24 hours later, no matter the urgency of the issue
- Requests avg. spiking from 200ms to 20 seconds for periods of hours
Don’t get me wrong, Laravel team is awesome, and their products are top-tier, but I wish they’d admit that Cloud is just not prod-ready yet, so developers can make informed choices.
https://redd.it/1khvj50
@r_php
Reddit
From the laravel community on Reddit
Explore this post and more from the laravel community
How to force Doctrine to always use a result set mapper for an entity?
I have an entity Server which has a password field on it. We obviously don't store the password in the clear. The Server entity is loaded by the appropriate repo which calls a stored procedure and passes the key as query param and a result set mapper is configured. Many User's can be assigned to a Server.
If I call the appropriate service to retrieve the Server entity, without first loading a User entity, the result set mapper is used and I see the decrypted data and everything works correctly.
If however, I load the User entity first, doctrine Hydrates the associated Server entity without using my RSM and so the password is obviously not decrypted.
How can I tell Doctrine to always use my service or RSM when hydrating a particular entity? Or do you have any other suggestions/solutions on how to resolve this issue?
https://redd.it/1khxxod
@r_php
I have an entity Server which has a password field on it. We obviously don't store the password in the clear. The Server entity is loaded by the appropriate repo which calls a stored procedure and passes the key as query param and a result set mapper is configured. Many User's can be assigned to a Server.
If I call the appropriate service to retrieve the Server entity, without first loading a User entity, the result set mapper is used and I see the decrypted data and everything works correctly.
If however, I load the User entity first, doctrine Hydrates the associated Server entity without using my RSM and so the password is obviously not decrypted.
How can I tell Doctrine to always use my service or RSM when hydrating a particular entity? Or do you have any other suggestions/solutions on how to resolve this issue?
https://redd.it/1khxxod
@r_php
Reddit
From the symfony community on Reddit
Explore this post and more from the symfony community
New Laravel starter kit (with built-in billing)
https://youtu.be/jBl8XagjG1w
https://redd.it/1khv9bt
@r_php
https://youtu.be/jBl8XagjG1w
https://redd.it/1khv9bt
@r_php
YouTube
New Laravel starter kit (with built-in billing)
Laravel now ships with first- and third-party starter kits that make spinning up a full SaaS app faster than ever including billing, invoicing, and subnoscriptions. In this video, I walk through the new Chargebee-powered starter kit, show you how to get up…
New in Symfony 7.3: Mailer Security Improvements
https://symfony.com/blog/new-in-symfony-7-3-mailer-security-improvements?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
https://redd.it/1kid467
@r_php
https://symfony.com/blog/new-in-symfony-7-3-mailer-security-improvements?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
https://redd.it/1kid467
@r_php
Symfony
New in Symfony 7.3: Mailer Security Improvements (Symfony Blog)
Symfony 7.3 adds global email signing and encryption, plus stricter TLS for SMTP.
A package to handle passkeys in Laravel
https://spatie.be/blog/a-package-to-handle-passkeys-in-laravel
https://redd.it/1kidgff
@r_php
https://spatie.be/blog/a-package-to-handle-passkeys-in-laravel
https://redd.it/1kidgff
@r_php
spatie.be
A package to handle passkeys in Laravel
Passkeys are very convenient for users to log in: they don’t have to type in an email/password, you aren’t redirected to a third party for authentication, and it’s fast.
We've made a new package that makes it easy to let your users authenticate to your app…
We've made a new package that makes it easy to let your users authenticate to your app…
Where to host a simple php website?
I developed a simple personal website that has blog section and people can comment. For database I used sqlite to store comments. I plan to buy domain from namecheap, but what about hosting? I don't need anything fancy a cpanel with ftp connection will suffice.
https://redd.it/1khlaix
@r_php
I developed a simple personal website that has blog section and people can comment. For database I used sqlite to store comments. I plan to buy domain from namecheap, but what about hosting? I don't need anything fancy a cpanel with ftp connection will suffice.
https://redd.it/1khlaix
@r_php
Reddit
From the PHP community on Reddit
Explore this post and more from the PHP community
Do you use AI for generating unit Tests and which one?
It seems to be a more difficult task for programmer workflows who do not prefer strictly TDD.
The only tool I get, let's say 30% success rate is Jetbrains AI. Copilot, Tabnine plugins fails more and need permanently rework.
They use private method, try to mock class inherited methods, use deprecated reflections methods or deprecated phpunit features.
I though (according to marketing promises lol) plugins should see the the whole source.
Also generic AI fails mostly when copy paste class into the chat. Even when there is nothing to mock or extended.
It seems they are only able to test getter/setter.
What would you recommend for AI PHP testing support?
Greetings Niko
https://redd.it/1kifl8j
@r_php
It seems to be a more difficult task for programmer workflows who do not prefer strictly TDD.
The only tool I get, let's say 30% success rate is Jetbrains AI. Copilot, Tabnine plugins fails more and need permanently rework.
They use private method, try to mock class inherited methods, use deprecated reflections methods or deprecated phpunit features.
I though (according to marketing promises lol) plugins should see the the whole source.
Also generic AI fails mostly when copy paste class into the chat. Even when there is nothing to mock or extended.
It seems they are only able to test getter/setter.
What would you recommend for AI PHP testing support?
Greetings Niko
https://redd.it/1kifl8j
@r_php
Reddit
From the PHP community on Reddit
Explore this post and more from the PHP community
What's Your Favourite Architecture in PHP Projects?
I appreciate the ongoing exchanges here – a recent discussion actually inspired the topic for my latest 9th newsletter issue on handling MVP growth. It's good to see these conversations bearing fruit.
Following up on that, I'm diving into event-driven architecture, potentially for my next newsletter. I'm curious what your preferred architecture approach is, assuming I am mostly interested in larger, longer-living SaaS applications that need to scale in the future but can be handled by a simple monolith right now. And if you also use event-driven - what are your specific choices?
In my case, as I get older/more experienced in projects. I tend to treat event-driven architecture as my go-to approach. I combine it with CQRS in almost all cases. I have my opinionated approach to it, where I rarely use real queues and have most of the events work synchronously by default, and just move them to async when needed. I know no architecture fits all needs, and in some cases, I choose other approaches, but still treat the one mentioned before as my go-to standard.
https://redd.it/1kiezn0
@r_php
I appreciate the ongoing exchanges here – a recent discussion actually inspired the topic for my latest 9th newsletter issue on handling MVP growth. It's good to see these conversations bearing fruit.
Following up on that, I'm diving into event-driven architecture, potentially for my next newsletter. I'm curious what your preferred architecture approach is, assuming I am mostly interested in larger, longer-living SaaS applications that need to scale in the future but can be handled by a simple monolith right now. And if you also use event-driven - what are your specific choices?
In my case, as I get older/more experienced in projects. I tend to treat event-driven architecture as my go-to approach. I combine it with CQRS in almost all cases. I have my opinionated approach to it, where I rarely use real queues and have most of the events work synchronously by default, and just move them to async when needed. I know no architecture fits all needs, and in some cases, I choose other approaches, but still treat the one mentioned before as my go-to standard.
https://redd.it/1kiezn0
@r_php
Substack
PHP at Scale #9
Let’s discuss software architecture a bit. And before you decide you are a developer, not an architect, let me ensure you everyone will benefit from some basic software architecture knowledge :)
Implement passkey authentication in InertiaJS using Spatie's new Passkeys package.
https://danmatthews.me/posts/implementing-passkeys-in-inertiajs-using-spaties-new-passkeys-package-eb480
https://redd.it/1kigyuy
@r_php
https://danmatthews.me/posts/implementing-passkeys-in-inertiajs-using-spaties-new-passkeys-package-eb480
https://redd.it/1kigyuy
@r_php
danmatthews.me
Implementing passkeys in InertiaJS using Spatie’s new passkeys package
Spatie has just dropped a new passkeys package for Laravel that makes adding passkey authentication easy - but it currently doesn't include components for InertiaJS, so here's how we implemented it in less than 30 minutes.
Laravel Cloud: Any local ways to optimize/resize uploaded images?
Trying out the new Cloud. Seems nice, so far.
But haven’t been able to find a “local” to optimize/scale user uploaded images.
I tried with the spatie laravel image optimizer package, but nothing. I guess none of the packages it uses, is available on the Laravel Cloud instance.
Is there no way, other than using an external service through an API to resize my images, like Tinify?
Clarification: I already use the bucket in Laravel Cloud. Users upload usually 5mb from their camera roll. After OpenAI is done with OCR processing, I’d like to resize it to <1mb and just store that, for future reference, instead of 5mb.
https://redd.it/1kimud9
@r_php
Trying out the new Cloud. Seems nice, so far.
But haven’t been able to find a “local” to optimize/scale user uploaded images.
I tried with the spatie laravel image optimizer package, but nothing. I guess none of the packages it uses, is available on the Laravel Cloud instance.
Is there no way, other than using an external service through an API to resize my images, like Tinify?
Clarification: I already use the bucket in Laravel Cloud. Users upload usually 5mb from their camera roll. After OpenAI is done with OCR processing, I’d like to resize it to <1mb and just store that, for future reference, instead of 5mb.
https://redd.it/1kimud9
@r_php
Reddit
From the laravel community on Reddit
Explore this post and more from the laravel community
Advantage Database Server
I have a website primarily coded in PHP on an Ubuntu server and we were hoping to get data from an Advantage Database Server which is on a Windows Server. We're running PHP 8.3 currently. The closest thing I could find is the SAP SQL Anywhere PHP Module (The SAP SQL Anywhere PHP Module | SAP Help Portal). Is anyone else able to get this to work?
https://redd.it/1kipyk7
@r_php
I have a website primarily coded in PHP on an Ubuntu server and we were hoping to get data from an Advantage Database Server which is on a Windows Server. We're running PHP 8.3 currently. The closest thing I could find is the SAP SQL Anywhere PHP Module (The SAP SQL Anywhere PHP Module | SAP Help Portal). Is anyone else able to get this to work?
https://redd.it/1kipyk7
@r_php
Does Laravel Cloud offer API?
Just like Laravel Forge- can I create resources via API? I would like to use it to manage my clients' instances (it's impossible to manage such volume manually).
I did not find anything in official docs which seems strange to me. Maybe I'm naive but I would expect at least the same feature parity when releasing another tool from the same company that created Forge.
https://redd.it/1kiptpr
@r_php
Just like Laravel Forge- can I create resources via API? I would like to use it to manage my clients' instances (it's impossible to manage such volume manually).
I did not find anything in official docs which seems strange to me. Maybe I'm naive but I would expect at least the same feature parity when releasing another tool from the same company that created Forge.
https://redd.it/1kiptpr
@r_php
Reddit
From the laravel community on Reddit
Explore this post and more from the laravel community
We’ve just published a React-style HTML components renderer – thoughts?
https://packagist.org/packages/nititech/html-components
https://redd.it/1kixofm
@r_php
https://packagist.org/packages/nititech/html-components
https://redd.it/1kixofm
@r_php
packagist.org
nititech/html-components - Packagist
Create intuitive, reusable HTML components
Am I wrong to combine c# with my XAMPP backend?
I apologize if this is a dumb question and I truthfully searched to see if this had been asked.
I developing a Windows desktop application that requires an authentication system. The data is on an Apache server (well, a WAMP/XAMPP) stack for now). I chose this environment because I have limited knowledge on .NET and just need this tool done. All of the backend API's are in PHP. User database is in mySQL.
Is there anything necessarily wrong with what I'm doing? I know how to handle API's and make sure that all the data is secure, such as sending over HTTPS, not storing database information in the application itself, encryption, tokens, brute force etc. I'm specifically referring to the general concept, if this is a "no no". With C# being a MS product, I am sure the standard is to go with ASP.
For anybody that might be wondering why I am now making a Windows application for a PHP web-based application, it's because my application now requires CPU intensive tasks and there is data that I am getting from the desktop itself (GPS).
Thank you.
https://redd.it/1kjeso9
@r_php
I apologize if this is a dumb question and I truthfully searched to see if this had been asked.
I developing a Windows desktop application that requires an authentication system. The data is on an Apache server (well, a WAMP/XAMPP) stack for now). I chose this environment because I have limited knowledge on .NET and just need this tool done. All of the backend API's are in PHP. User database is in mySQL.
Is there anything necessarily wrong with what I'm doing? I know how to handle API's and make sure that all the data is secure, such as sending over HTTPS, not storing database information in the application itself, encryption, tokens, brute force etc. I'm specifically referring to the general concept, if this is a "no no". With C# being a MS product, I am sure the standard is to go with ASP.
For anybody that might be wondering why I am now making a Windows application for a PHP web-based application, it's because my application now requires CPU intensive tasks and there is data that I am getting from the desktop itself (GPS).
Thank you.
https://redd.it/1kjeso9
@r_php
Reddit
From the PHP community on Reddit
Explore this post and more from the PHP community