An Introduction to MongoDB – SitePoint PHP

Introduction to MongoDB

MongoDB is a cross-platform, open-source, NoSQL database, used by many modern Node-based web applications to persist data.

In this beginner-friendly tutorial, I’ll demonstrate how to install Mongo, then start using it to store and query data. I’ll also look at how to interact with a Mongo database from within a Node program, and also highlight some of the differences between Mongo and a traditional relational database (such as MySQL) along the way.

Terminology and Basic Concepts

MongoDB is a document-oriented database. This means that it doesn’t use tables and rows to store its data, but instead collections of JSON-like documents. These documents support embedded fields, so related data can be stored within them.

MongoDB is also a schema-less database, so we don’t need to specify the number or type of columns before inserting our data.

Here’s an example of what a MongoDB document might look like:

{ _id: ObjectId(3da252d3902a), type: "Tutorial", title: "An Introduction to MongoDB", author: "Manjunath M", tags: [ "mongodb", "compass", "crud" ], categories: [ { name: "javascript", description: "Tutorialss on client-side and server-side JavaScript programming" }, { name: "databases", description: "Tutorialss on different kinds of databases and their management" }, ], content: "MongoDB is a cross-platform, open-source, NoSQL database..."

As you can see, the document has a number of fields (type, title etc.), which store values (“Tutorial”, “An Introduction to MongoDB” etc.). These values can contain strings, numbers, arrays, arrays of sub-documents (for example, the categories field), geo-coordinates and more.

The _id field name is reserved for use as a primary key. Its value must be unique in the collection, it’s immutable, and it may be of any type other than an array.

Tip: for those wondering what “JSON-like” means, internally Mongo uses something called BSON (short for Bin­ary JSON). In practice, you don’t really need to know much about BSON when working with MongoDB.

As you might guess, a document in a NoSQL database corresponds to a row in an SQL database. A group of documents together is known as a collection, which is roughly synonymous with a table in a relational database.

Here’s a table summarizing the different terms:

SQL Server MongoDB
Database Database
Table Collection
Row Document
Column Field
Index Index

If you’re starting a new project and are unsure whether to choose Mongo or a relational database such as MySQL, now might be a good time to read our tutorial SQL vs NoSQL: How to Choose.

With that said, let’s go ahead and install MongoDB.

Installing MongoDB

Note: if you’d just like to follow along with this tutorial without installing any software on your PC, there are a couple of online services you can use. Mongo playground, for example, is a simple sandbox to test and share MongoDB queries online.

MongoDB comes in various editions. The one we’re interested in is the MongoDB Community Edition.

The project’s home page has excellent documentation on installing Mongo, and I won’t try to replicate that here. Rather, I’ll offer you links to instructions for each of the main operating systems:

Is all code in vendor infrastructure code? – Matthias Noback

During a recent run of my Advanced Web Application Architecture training, we discussed the distinction between infrastructure code and non-infrastructure code, which I usually call core code.
One of the participants summarized the difference between the two as: “everything in your vendor directory is infrastructure code”.
I don’t agree with that, and I will explain why in this article.

Not all code in vendor is infrastructure code

Admittedly, it’s easy for anyone to not agree with a statement like this, because you can simply make up your own definitions of “infrastructure” that turn the statement false.
As a matter of fact, I’m currently working on my next book (which has the same title as the training), and I’m working on a memorable definition that covers all the cases.
I’ll share with you the current version of that definition, which consists of two rules defining core code.
Any code that doesn’t follow both these rules at the same time, should be considered infrastructure code.

Rule 1: Core code doesn’t directly depend on external systems, nor does it depend on code written for interacting with a specific type of external system.

Rule 2: Core code doesn’t need a specific environment to run in, nor does it have dependencies that are designed to run in a specific context only.

Following this definition means that as soon as a piece of code reaches out to something outside of the running application (e.g. it connects to the network, touches the file system, requests the current time or random data), it should be considered infrastructure code.
As soon as a piece of code could only runs in a particular environment (a web application, a CLI application, etc.) it should also be considered infrastructure code.

These rules don’t say anything about whether core code lives in src/ or in vendor/, and rightfully so.
Imagine you have a piece of code you are allowed to call core code because it matches its definition.
If you now move this code to a separate repository on GitHub, publish it as a package, and install it in your project’s vendor/ directory with Composer, would that same piece of code suddenly become infrastructure code? Of course not. The location of code doesn’t determine what kind of code it is.

So whether or not something is vendor code doesn’t determine if it’s infrastructure code. What makes the difference is whether or not you can run that code in complete isolation, without making external dependencies available, and without preparing the environment in some way.

Unit tests and core code

This may remind you of Michael Feather’s definition of a unit test:

A test is not a unit test if:

  • It talks to the database
  • It communicates across the network
  • It touches the file system
  • It can’t run at the same time as any of your other unit tests
  • You have to do special things to your environment (such as editing config files) to run it.

Tests that do these things aren’t bad. Often they are worth writing, and they can be written in a unit test harness. However, it is important to be able to separate them from true unit tests so that we can keep a set of tests that we can run fast whenever we make our changes.

In fact, following my definition of core code, we can conclude that core code is the only code that can be unit tested. This doesn’t mean that you can’t test infrastructure code, it only means that such a test could not be considered a unit test. These tests are often called integrated or integration tests instead.

Most, but not all code in vendor is infrastructure code

So there is no strict relation between being-infrastructure-code and being-inside-the-vendor-directory.
However there is somewhat of an inverse relation: much of your application’s infrastructure code lives in your vendor directory.
You could also say that you write most of the core code yourself.

Let’s take a look at some examples of code that lives in vendor, but would (according to my rules) not be called infrastructure code:

  • An event dispatcher library
  • An assertion library
  • A value object library

Libraries that only deal with transforming data (like some kind of data transformer, mapper, or serializer) could be considered non-infrastructure code as well.

In practice, you can use the following checklist to find out if code (wherever it lives, in src or vendor)

Truncated by Planet PHP, read more at the original (another 1256 bytes)

PHP Internals News: Episode 41: __toArray() – Derick Rethans

PHP Internals News: Episode 41: __toArray()

In this episode of “PHP Internals News” I chat with Steven Wade (Twitter, GitHub, Website) about the __toArray() RFC.

The RSS feed for this podcast is, you can download this episode’s MP3 file, and it’s available on Spotify and iTunes. There is a dedicated website:


Derick Rethans 0:16

Hi, I’m Derick. And this is PHP internals news, a weekly podcast dedicated to demystifying the development of the PHP language. Hi, this is Episode 41. Today I’m talking with Stephen Wade about an RFC that he’s produced, called __toArray(). Hi, Steven, would you please introduce yourself?

Steven Wade 0:35

Hi, my name is Steven Wade. I’m a software engineer for a company called follow up boss. I’ve been using PHP since 2007. And I love the language. So I wanted to be able to give back to it with this RFC.

Derick Rethans 0:48

What brought you to the point of introducing this RFC?

Steven Wade 0:50

This is a feature that I’ve I’ve kind of wish would have been in the language for years, and talking with a few people who encouraged it’s kind of like the rule of starting a user group right? If there’s not one and you have the desire, then you’re the person to do it. A few people encouraged and say: Well, why don’t you go out and write it. So I’ve spent the last two years kind of trying to work up the courage or research it enough or make sure I write the RFC the proper way, and then also actually have the time to commit to writing it and following up with any of the discussions as well.

Derick Rethans 1:18

Okay, so we’ve mentioned the word RFC a few times. But we haven’t actually spoken about what it is about. What are you wanting to introduce into PHP?

Steven Wade 1:25

I want to introduce a new magic method. The as he said, the name of the RFC is the __toArray(). And so the idea is that you can cast an object, if your class implements this method, just like it would toString(). If you cast it manually to array then that method will be called if it’s implemented. Or as, as I said, in the RFC, array functions will it can it can automatically cast that if you’re not using strict types.

Derick Rethans 1:49

Oh, so only if it’s not strictly typed. So if its weakly typed would call the toArray() method if the function’s argument or type hint array.

Steven Wade 1:58

Yes, and that is actually something that came up during the discussion period, which is something again, this is why we have discussions, right? Is to kind of solicit feedback on things we don’t think about it, we may overlook or, and so someone did point out that it is, you know, it would not function that way, or you would not expect it to be automatically cast for you, if you’re using strict types.

Derick Rethans 2:17


Steven Wade 2:18

The RFC has been updated to reflect that as well.

Derick Rethans 2:20

So now the RFC says it won’t be automatically called just for type hint.

Steven Wade 2:24


Derick Rethans 2:24

Not everybody is particularly fond of magic methods. What would you say about the criticism that introducing even more of them would be sort of counterproductive,

Truncated by Planet PHP, read more at the original (another 16164 bytes)

PHP 7.2.28 Released – PHP: Hypertext Preprocessor

The PHP development team announces the immediate availability of PHP 7.2.28. This is a security release.All PHP 7.2 users are encouraged to upgrade to this version.For source downloads of PHP 7.2.28 please visit our downloads page, Windows source and binaries can be found on The list of changes is recorded in the ChangeLog.

Implementing an opaque type in typescript – Evert Pot

Say, you’re in a situation where you have a user type, that looks a bit as

export type User = { firtName: string; lastName: string; email: string;
} function save(user: User) { // ...
} const user = { firstName: 'Evert', lastName: 'Pot', email: '',
} save(user);

But, instead of accepting any string for an email address, you want to
ensure that it only accepts email addresses that are valid.

You might want to structure your user type as follows:

type Email = string; export type User = { firtName: string; lastName: string; email: Email

This doesn’t really do anything, we aliased the Email to be exactly like a
string, so any string is now also an Email.

We can however extend the email type slighty to contain a property that
nobody can ever add.

declare const validEmail: unique symbol;
const validEmail = Symbol('valid-email'); type Email = string & { [validEmail]: true
} export type User = { firstName: string; lastName: string; email: Email

In the above example, we’re declaring a symbol. This is similar to using
const validEmail = new Symbol('valid-email');, but it doesn’t exist
after compiling.

The unqiue symbol type is a type that can never be created.

We’re adding a property with this key to our Email string. A user can only
add this property, if they have an exact reference to the original symbol.

Given that we don’t export this symbol, it’s not possible anymore for a user
to construct an

Truncated by Planet PHP, read more at the original (another 13090 bytes)

What Is PHP, Why Is It So Popular, and What Are the Advantages of PHP?

What Is PHP?

PHP is a highly flexible language for writing server-side scripts that can run on virtually any platform, including Linux, Microsoft Windows, and even proprietary platforms such as IBM i. Developers can also use the language to write in both procedural and object-oriented styles.

What Is PHP Used for?

PHP is most commonly used to develop websites and web applications. More and more, however, developers use it to build backend APIs that are consumed by frontend web applications, mobile apps, and IoT devices including wearables.

Validating default PHP session ID values – Rob Allen

I recently needed to validate the value created by PHP for its session ID. After a bit of research, I realised that there are two interesting php.ini config settings that relate to this value:

  • session.sid_length is the number of characters in the ID
  • session.sid_bits_per_character controls the set of characters used. From the manual:

    The possible values are ‘4’ (0-9, a-f), ‘5’ (0-9, a-v), and ‘6’ (0-9, a-z, A-Z, “-“, “,”).

Therefore, to validate the session ID we need to create a regular expression that looks for the correct set of characters of the expected length.

I wrote function to do this:

function isValidSessionId(string $sessionId): bool
{ $sidLength = ini_get('session.sid_length'); switch (ini_get('session.sid_bits_per_character')) { case 6: $characterClass = '0-9a-zA-z,-'; break; case 5: $characterClass = '0-9a-z'; break; case 4: $characterClass = '0-9a-f'; break; default: throw new \RuntimeException('Unknown value in session.sid_bits_per_character.'); } $pattern = '/^[' . $characterClass . ']{' . $sidLength . '}$/'; return preg_match($pattern, $sessionId) === 1;

You could use it like this:

$name = session_name();
if (isset($_COOKIE[$name])) { if (!isValidSessionId($_COOKIE[$name])) { // invalid - return an error, just send back a 500 or something exit; }

As far as I can tell, we can’t use session_id() as we haven’t started the session yet, however as the session is just a cookie at the HTTP level, we can use $_COOKIE instead.

Note also that the manual has an excellent section on Sessions and Security which is worth reading.

PHP Internals News: Episode 40: Syntax Tweaks – Derick Rethans

PHP Internals News: Episode 40: Syntax Tweaks

In this episode of “PHP Internals News” I chat with Nikita Popov (Twitter, GitHub, Website) about a bunch of smaller RFCs.

The RSS feed for this podcast is, you can download this episode’s MP3 file, and it’s available on Spotify and iTunes. There is a dedicated website:


Derick Rethans 0:16

Hi, I’m Derick. And this is PHP internals news, a weekly podcast dedicated to demystifying the development of the PHP language. This is Episode 40. Again, I’m talking with Nikita. Perhaps we should rename this podcast to the Derick and Nikita Show at some point in the future. This time we’re going to talk about a bunch of smaller RFC that he produced related to tweaking PHP syntax for PHP 8. Nikita, would you please introduce yourself?

Nikita Popov 0:42

Hi, I’m Nikita and I do PHP core developement on behalf of JetBrains. We have a couple of new and not very exciting RFCs to discuss.

Derick Rethans 0:53

Sometimes non not exciting is also good to talk about. Anyway, the first one that caught my eye was a RFC called static return type. So we have had return types for well, but what is special about static?

Nikita Popov 1:07

So PHP has three magic special class names that’s self, referring to the current class, parent referring to the well parent class, and static, which is the late static binding class name. And that’s very similar to self. If no inheritance is involved, then static is the same as self introducing refers to the current class. However, if the method is inherited, and you call this method on the child class, then self is still going to refer to the original class, so the parent. While static is going to refer to the class on which the method was actually called.

Derick Rethans 1:51

Even though the method wasn’t overloaded

Nikita Popov 1:54

Exactly. In the way one can think of static as: You can more or less replace static with self. But then you would have to actually copy this method inside every class where.

Derick Rethans 2:09

You have not explained the difference between self and static. Why would you want to use static as a return type instead of self?

Nikita Popov 2:17

There are a couple of use cases. I think the three ones mentioned in the RFC are. The first one is named constructors. So usually in PHP, we just use the construct method. Well, if we had to give this method, a type, a return type, then the return type will be static. Because of course, the constructor always returns while the class you’re actually constructing, not some kinda parent class. And named constructors are just a pattern where you use a static method instead of a constructor, for example, because you have multiple different ways of constructing an object and you want to distinguish them by name.

Derick Rethans 2:57

Could we also call those factory methods?

Nikita Popov 3:00

Yeah, that’s also related pattern. So for named constructors, you usually also want to return the object that it is actually called on.

Derick Rethans 3:09

It makes sense attached there because of that then creates a contract that you know that is named constructor is going to return that same class and not something else. Because there’s no requirements that would otherwise require that same class, like you’d h

Truncated by Planet PHP, read more at the original (another 26960 bytes)