3 Layers of Static Code Analysis in PHP

Every developer should be running some form of static code analysis on their code regularly. A recent article I read about how this is done at Etsy makes for what I believe should be a minimum standard of code analysis for any team of developers work on a shared codebase. We shall assume you are committing your codebase to some form of version control on a regular basis.

The 3 layers can be summarised as:

1. Sanity Checks
2. Formal Checks
3. Security Checks

Sanity and Syntax Checks

In Stage 1 we perform basically a sanity check of the code. Are there any errors, missing semi-colon's or just plain stupid things being committed to our repository and code base. This is essentially a case of running php -l against all our files being checked in or changed to make sure we catch these before they are committed and let you fix them before they are picked up by the wider team.

Formal Checks

This stage involves a more global analysis of the source code files, checking for thing such as:

• Too many or too few arguments in a function/method call
• Undeclared global or local variables
• Use of return value of a function that actually returns nothing
• Functions that have a required argument after an optional one
• Unknown functions, methods, or base classes
• Constants declared twice

This can be accomplished by using tools such as PHPCodeSniffer. This allows us to ensure the above are picked up, and also that our code is in compliance with our agreed coding standard. Any issues, the commit is bounced back with the opportunity to resolve before being integrated into the repository.

Security Checks

The final layer of analysis, the security checks can be more thorough and use tools to scan our code for OWASP vulnerabilities, or as Etsy do - scan the repository with Antivirus and assess for dirty URLs.

Etsy claim they use ClamAV to check for any files or bad code which might make it's way into the repo, such as MSWord or PDF files that are suspicious.  ClamAV also scans URL's and checks these against Google's Safe Browsing List to pick up on suspected Phishing or malware sites.

It is also possible to check here to ensure things like passwords aren't committed to repositories or specific naughty functions or processes are used.  This can then trigger alerts for code reviews or ping back to the developer advising to fix ASAP.

PHP Traits

PHP 5.4 introduced the concept of traits. Until Traits PHP used a classical inheritance model in which one class could inherit only one class. In simple terms; before PHP 5.4 PHP used the single inheritance model which made it difficult to reuse the code.

Traits allow developers to reuse sets of methods freely in several independent classes living in different class hierarchies.

Traits are a mechanism for code reuse in single inheritance languages such as PHP. A Trait is intended to reduce some limitations of single inheritance by enabling a developer to reuse sets of methods freely in several independent classes living in different class hierarchies. The semantics of the combination of Traits and classes is defined in a way which reduces complexity, and avoids the typical problems associated with multiple inheritance and Mixins.

A Trait is similar to a class, but only intended to group functionality in a fine-grained and consistent way. It is not possible to instantiate a Trait on its own. It is an addition to traditional inheritance and enables horizontal composition of behavior; that is, the application of class members without requiring inheritance.


Check out PHP.net for more info.

Keeping Account Management REAL

Account Management should be methodical. A process to work through to ensure nothing is missed.  The best way to do this is to remember 4 key stages.

The four key stages in account management are:

Recognise – The needs of the business, the customers' requirements and the role of the account manager
Evaluate – Our current customer base, prospect list, category and planning process
Act – On our plans, the sales process and required resources
Learn – From what we've done, sharpen the axe and move forward

How to Lose Your Clients

If you are wondering how account management could cause you to lose a client, please pay close attention. In my experience, account management is almost as important as results. Clients typically terminate accounts when they are confused or just plain frustrated with you. What are the common account management mistakes you should avoid? What are the best tips for success?

Account Management Mistakes You Should Avoid

1. Not writing a fresh email

One of the biggest mistakes I see people making is sending an email to their client with all of their internal correspondences included.

In other words, they went back and forth a few times with colleagues, and instead of writing a fresh new email, they just replied to the client from the last email they received from their colleagues.

This allows the client to see what you are saying back and forth to one another. Depending on what was said, you could really end up with your foot in your mouth.

2. Not being prepared

It's so easy to just copy and paste what someone else said to answer a client's question. The problem is, most of the time we don't really read what they wrote or get involved in the conversation.

Next thing you know, the client is calling you to talk to you and you have no idea what is going on. They might have follow up questions with regards to the multivariate test you are running.

Do you even know what they are testing or what the timeline is? You can really make a fool of yourself, and the company, if you aren't careful here.

3. Not clearly defining roles

As their account manager, the client expects to work with you and only you. It is almost pointless for you to act as account manager if you are putting them in contact with your SEO, your PPC person, your usability expert, and your analytics analyst. Now the client has to try and keep five people straight.

This will really stress the client out, and things won't get done. If there is one person they work through, they'll be more responsive and they'll be less stressed.

4. Not staying in contact

As the account manager, the client is relying on you, and only you, to stay in contact with them. You should be prepared to keep them up to date with progress reports.

Some projects won't require as much input from the client, but by providing them with regular updates they'll know that you are working hard for them.

How to Succeed as an Account Manager

The best tip? Make sure you don't make the mistakes listed above. Clients are looking for three things from you:

1. Results
2. Communication (with them)
3. Internal communication

If you can provide them with insurance on those three things, you'll be off to a great start. My only other tip would be to never lie to a client. You'll only dig yourself in a deep hole and put yourself, your colleagues, and your company at risk. While you may not like the mistake you made, you should always fess up.

There are many ways to recover from a mistake. Lying isn't one of them.