I had the pleasure of attending the 2025 PHP UK Conference in London on 19th of February. The speakers were amazing, and each session gave us practical tips on the challenges we face as software developers and the cutting-edge tech being developed by other developers.
The conference had two tracks concurrently running most of the day, so you could choose which talks were most interesting. Luckily, I was there with a work colleague, so we were able to cover both tracks and not miss out on any talks. I have highlighted some of the talks that really inspired me to think differently and unlock a toolkit of ideas to level up my developer skills.
Craig Francis talked about “Ending Injection Vulnerabilities,” a topic that every developer should know about. Even though PHP has improved, SQL injection attacks still happen a lot. Craig showed us real-world examples that were used in production which left many reviewing their code bases. He stressed that languages make it easy to add vulnerable code with just one line of code (which works), but it’s harder to make secure code with several lines of code – something that should change by making secure code just as easy to write as insecure one. He also said that escaping inputs or using Object-Relational Mapping (ORM like Eloquent) isn’t enough. Instead, we should take a “zero-trust” approach to any data that users send and make sure that security principles like using prepared statements and validating every user input are followed. On top of that, we should make sure that we actually use the functions provided by these ORMs as they’re meant to be used, so we don’t open backdoors on otherwise secure code.
Liam Hammett’s session, “Beyond Requests: Supercharging API Monitoring with Guzzle Middleware,” was a real eye-opener for me. I have used Guzzle before, but Liam showed me how to use middleware to log requests, view traces, and observe metrics. This way, I can easily monitor my application’s performance. He also showed us how to use Graphana, Tempo, Prometheus, and Loki to monitor different log levels and API telemetry from our application. We have a few apps that could really benefit from this kind of logging and monitoring, like our Class Group Builder, Bulk unenrol tool or our infrastructure servers that currently host the Short Courses Platform.
Ivo Lukac’s shared “Learn to Appreciate Legacy,” a heartwarming story about a fictional developer named Zed, was also really moving. Through Zed’s struggles with a messy and old codebase, Ivo showed us how legacy code often contains important business logic and institutional knowledge. It hit home for me because I have often complained about “legacy code” that we have running on some of our old apps, instead of seeing its value. Ivo’s positive outlook has me rethinking how I approach maintenance work. He shared some strategies for maintaining and refactoring such code without breaking everything and leaving every file that you’ve worked on better than you found it. The lesson? Legacy code is just code that’s been pushed to production!
Finally, Kevin Dunglas closed off the talks with “Give Your PHP Apps Superpowers with FrankenPHP”. This modern PHP server, built on Caddy, handles concurrency easily and supports real-time features out of the box. It also boosts performance by preloading classes. The “worker mode” was the coolest part for me, as it lets you run persistent processes for tasks like queued jobs without external services. I can’t wait to try it on a side project, maybe a chat app, and see how it simplifies my workflow. As far as I could tell, for developers, it’s a game-changer, combining PHP’s simplicity with the enterprise-grade power of Go.
With so many exciting talks happening at the same time on two tracks, it’s easy to miss out on others. It would be awesome if the organisers could split the talks over two days so everyone can hear everything. On the bright side, this conference made me realise that PHP is still evolving and there’s always something new and exciting coming from the community.
As I get back to my projects, I’m inspired to pay closer attention to every input, monitor APIs smartly, respect legacy code, and use tools that push PHP to its limits. Conferences aren’t just about learning new tricks—they remind us why we love this craft. We have the chance to build a better world, one line of code at a time!
