This February I was back at the PHPUK conference in London. The venue this year was 1 America Square with a historic wall through the middle of one of the rooms. There were three tracks to follow so unfortunately we couldn’t go to all the talks, but managed to cover two thirds.

It Depends – Gary Hockin

After a short welcome to the conference (and the new venue), Gary Hockin gave a talk about how decisions that we make every day have different outcomes based on the context. There are always trade-offs to consider for every choice we make and because one option is not chosen in one instance, it doesn’t mean it is unsuitable for all situations.

Know Your Enemies: Live Exploit of a PHP Engine Security Breach – Alexandre Daubois

Alexandre presented an interesting talk on real exploits or attempted exploits in PHP. The most interesting example to me was an attempt to add malicious code that would allow executing any code on a server running PHP as long as it’s connected to the internet. This was done by interpreting a specific header on incoming requests as code to run when given a certain prefix. It even made it to a release candidate before it was noticed by other contributors. This was done by exploiting a vulnerability in the version control server that allowed the malicious actor to submit the code changes under a different user. Luckily the code was spotted and removed before becoming widely available in a full release. This also influenced the decision to move the code into GitHub, so maintainers didn’t have to worry as much about the security of the code.

Packets, Protocols and PHP: Networking Fundamentals for Developers – Jessica Smith

This next talk discussed what happens behind the scenes whenever a network request is made over the internet. Jessica covered a lot during the 45 minutes and even though it isn’t knowledge that I’d usually consider a key part to my job, I think it is very useful to understand what is happening in the background when users are accessing your website. It still amazes me how we can send information across the world in seconds (or less) over the internet. Even with an explanation on how data is split into packets and how they are routed, it’s still hard to comprehend.

The Four Pillars of Observability – Florian Engelhardt

Next came a guide to monitoring live applications and how to quickly find when something is wrong with Florian. I found a lot of the tips to be relevant to websites I have worked on within the university such as the Short Courses Platform (SCP). Occasionally we have a bug in the site, and it can be very difficult to find what the actual cause of it is. Using metrics, logging, tracing, and profiling we can get a better idea of what is causing an issue and why it has started happening. As a developer, I’m used to using logs and error messages to get an idea about what is going wrong when something breaks, but Florian gave some interesting ideas that aren’t completely code related like monitoring live sales (or course enrolments for the SCP) and visualising them. If the numbers start to drop rapidly, then something has probably broken which means people can’t use the website properly.

Saving Time by Using a Debugger – Derick Rethans

Derick gave a demonstration on ways to use Xdebug to improve developer efficiency. Once setup, it can be a useful tool for stepping through PHP code and inspecting the current state of the web application to find out what is happening. Personally, I have used debuggers with C# and C++ code and found it useful there since I don’t have to recompile anything to add in some logs and inspect data. In interpreted languages like PHP, this isn’t something I have considered before, however I will definitely be finding it useful in my future work. Even though some technical issues disrupted the live demonstrations, Derick still managed to inspire me to check out Xdebug for myself and use with both personal and work projects.

Stepping away from the code… but not quite… – Wim Godden

This was one of my favourite talks of the day from Wim about how stakeholders in a project should approach the code, particularly emphasising when people in management or non-development roles need to step away from the code and let developers do their job. He talked about how people from outside of development teams, especially those with development experience, can often try to dictate the implementation of a feature rather than what the result of having that feature should be which can cause issues with development and often makes the process of adding a feature take longer. Providing high quality user stories that have good coverage of what the users need to be able to do on the application will be far more valuable to developers. He also talked about how the career progression of a developer doesn’t have to be continuously upwards within an organisation. Instead, it’s ok to move up and down or stay where we’re comfortable.

Escaping the Code Maze – Yannick Chenot

To finish off the day, Yannick discussed how we can make our code easier to understand by reducing the assumptions that can be made. Some languages are already stricter on some of the methods of explaining code such as providing types to variables with static types, whereas languages like PHP don’t enforce many rules like this. He demonstrated a few PHP classes and how the assumptions can be reduced by making simple changes that can greatly improve the readability of the code.

In conclusion

There were lots of interesting topic discussed throughout the day and plenty to think about afterwards. I will definitely be looking into Xdebug and different tools for monitoring and observing web applications. I found Wim Godden’s talk about how we should see code in different roles across an organisation interesting. I’d highly recommend watching/listening to the recording as this one is also relevant to less technical people who work with developers.

Elephants

I’ve also started a collection of PHP elephants with two from this conference.

PHPUK 2026 / Ed Green Blog by is licensed under a