Hi everyone,
It's a week full of exciting updates and the latest news on the php community. This week we have the first testing release of PHP 8.6, which starts the PHP 8.6 release cycle. In Podcasts this week we have new episodes from No Compromises and this week they discuss why having a human partner still beats relying on AI alone. Over at North Meets South, Jake shares lessons from rebuilding a permissions system around flexible roles, while at The Laravel Podcast Matt Stauffer sits down with Jeremy Butler, product design lead at Laravel, to trace his path from building an app to sell advertisements. Finally in our Reading section we have articles on Engineering High-Performance Server Environments with Apache and PHP, Designing a Scalable Laravel Folder Structure, and The 4 Memory Layers That Could Change How We Build AI Agents.
We have all that and more, so we do hope you enjoy this week's newsletter. If you have an article, tutorial or podcast that you would like to be featured in our newsletter, feel free to reach out to us at [email protected].
All the best,
Adrian
|
Please help us by clicking to our sponsors:
Give Your Unused Startup a Second Chance
List your unfinished SaaS, app, or project for free. Sell it, find a co-founder, or let someone else bring it to life. No fees, no hassle - just new opportunities!
|
Articles
The Future of PHP: What PHP 8.5 Means for Modern Web Development
In this article, we explore the major improvements expected in PHP 8.5, practical developer benefits, Laravel ecosystem impact, and how AI is changing the way PHP applications are built.
A Source Code Handover Checklist for Small Web Projects
This checklist is written for developers, freelancers, and buyers who need to receive a PHP, Laravel, or mixed web source package and make sure it can actually be deployed.
Laravel Middleware Execution Order Explained: Why Your Middleware Runs in the Wrong Order
Laravel middleware can be perfectly written and still behave unexpectedly. You may notice authentication running too late, permission checks failing, tenant initialization not working, logging middleware missing important data, or custom middleware executing in an order you didn't expect.
Why URL Encoding Can Break PHP Security Checks — and What Actually Works
One overlooked detail in request inspection can leave your security checks blind to real attacks.
One Laravel Feature That Can Save You From Duplicate Payments and Race Conditions
Imagine this: A user clicks the "Pay Now" button twice. Or two requests hit your API at the exact same time.
PHP 8.2 in 2026: Why It's Still the Best Choice for News & E-commerce CMS
This isn't a "PHP is actually cool now" hype piece. It's the concrete reasons a boring, typed, request-per-page runtime is still the right default for news and e-commerce CMS work in 2026 — and the honest places where it isn't.
10 Laravel Vulnerabilities You’re Probably Overlooking
Let’s walk through ten real-world weak spots in Laravel applications, not as a boring checklist, but the way an attacker sees them — with mechanics, examples, and a hacker’s eye for elegance.
|
Tutorials and Talks
Building a Plugin-Free Newsletter Popup on WordPress: Custom REST Endpoint Mailchimp API v3
A client wanted a newsletter popup on their WooCommerce/Divi site to hand out a lead-magnet PDF and grow their Mailchimp audience. The obvious paths — a popup plugin, or Mailchimp's own hosted popup — both lose on the things I actually care about: page weight, brand control, and not loading someone else's JavaScript on every pageview.
A "days since last maintenance" badge — color-coding staleness across many sites
When you maintain a number of WordPress sites, showing the "last maintenance date" in the site list is the obvious move. A column of dates like 2026-05-21. But in actual use, that alone falls short.
The Blade Gotcha That 500s Your Page: Directives Inside Component Attributes
You can't put a Blade directive (@if/@endif) inside a component tag's attribute list. Blade compiles component tags before directives, so the view won't compile — the page 500s.
Quieting PHP 8.2+ deprecated noise from older WP-CLI — three layers to keep JSON parse clean
Our multi-site maintenance tool fires wp plugin list --format=json against the sites it manages. One day, against a specific shared host (Xserver in Japan), this call started failing — and the failure mode was unusually subtle.
Easy set up of PHP Xdebug on VS Code
If you want to debug your PHP code in VS Code, Xdebug is the best tool. This guide will help you set it up on Ubuntu in a few minutes.
Migrating Laravel to Symfony Without Rewriting Your Domain
You've been handed the ticket everyone dreads: move the app off Laravel and onto Symfony. Maybe the team standardized on Symfony. Maybe a Messenger-and-Doctrine shop acquired you. Maybe someone decided Eloquent's global scopes had cost enough Friday nights.
Symfony: Validating & Secure your API Requests
This article walks through the modern, "senior-level" approach to request validation in Symfony 7, and clarifies a point that's often misunderstood: where XSS protection actually belongs.
Consuming APIs with Laravel’s HTTP Client: A Practical Guide
This guide walks through building a real integration the way you’d structure it in production: wrapped in a service class, driven by config, with proper response handling, error handling, and logging.
5 Laravel Bugs AI Wrote Into My Codebase (And How I Caught Them)
Your AI assistant ships code that runs. That’s not the same as code that’s safe. Every one of these five bugs passed code review. Not because anyone was careless. Because all five looked completely normal. The syntax was clean. The app loaded. Nothing crashed in testing. They only became “bugs” weeks later, in production, under real traffic, with real user data. |
News and Announcements
Worker Metrics on the WorkerStopping Event in Laravel 13.18
Laravel 13.18.0 adds worker metrics to the WorkerStopping event, graceful signal handling for schedule:work, priority-based registration for artisan dev commands, and a batch of fixes across the Number helpers, cache, and scheduler.
PHP 8.5.8, PHP 8.4.23 & PHP 8.3.32 Released!
The PHP development team announces the immediate availability of PHP 8.5.8, PHP 8.4.23 & PHP 8.3.32. This is a security release. All PHP 8.5 users are encouraged to upgrade to this version.
PHP 8.6.0 Alpha 1 available for testing
The PHP team is pleased to announce the first testing release of PHP 8.6.0, Alpha 1. This starts the PHP 8.6 release cycle, the rough outline of which is specified in the PHP Wiki.
June 29 – July 5, 2026 - A Week of Symfony #1018
This week, Symfony released Twig 3.28.0, with improvements to macros and the sandbox. In addition, we published a case study on using Symfony in the industrial sector. Lastly, we proposed a redesign of the exception page for Symfony applications.
Twig 3.28.0 released
Twig 3.28.0 is out. This release sharpens error reporting with column numbers, brings back dynamic macro calls through the dot operator, and continues to polish the sandbox with less runtime overhead and finer-grained allow-listing. As usual, it also ships a batch of deprecations that pave the way for Twig 4.0.
Meet TYPO3: Supporting the Open-Source Foundation of Its Ecosystem
TYPO3 is an open-source enterprise content management system built with open web standards. It provides a robust feature set for scalable, multisite, multilingual, and highly connected digital platforms. TYPO3 is also a verified Digital Public Good and part of the Open Website Alliance through the TYPO3 Association.
This Week in PHP Internals | July 1, 2026
The Deprecations RFC turned into a fight about honesty, Rob Landers opened Primary Constructors, and a user wrote a heartfelt "Disheartening Rant" about async — while the two flagship votes (Generics and __exists) both fell and the small, focused changes sailed through.
A Copy/Paste Detector CLI for PHP 8.5+
phpcpd-next scans your PHP code and reports blocks that have been copy/pasted from one place to another — the kind of duplication that's easy to miss in review and painful to keep in sync later.
|
Podcasts and Vlogs
The Stack Overflow: Agent orchestration is so two-years ago
Ryan welcomes Saahil Jain, CTO of You.com, to discuss why building agents with a 2024 mindset is a mistake as modern models improve at long-horizon tasks, why heavy orchestration layers can hurt model performance more than help it, and why the 2026 competitive edge actually comes from information retrieval and unique data paired with end-to-end evaluation.
No Compromises Podcast: Why having a human partner still beats relying on AI alone
In the latest episode of the No Compromises podcast, we discuss why human collaboration still matters in a world where AI seems to have all the answers.
North Meets South Podcast: Better API docs, customer support lessons, and cannoli
Jake shares lessons from rebuilding a permissions system around flexible roles, temporary permission leases, and delegated user management. He also discusses adding Apple Pay and Google Pay, plus designing automated text-message payment flows that use numbered choices instead of complicated keywords.
Software Engineering Radio: SE Radio 727: Jeroen Janssens and Thijs Nieuwdorp on Using Polars
Jeroen Janssens, a senior developer relations engineer at Posit, and Thijs Nieuwdorp, a developer relations engineer at Polars, speak with host Gregory M. Kapfhammer about Polars, a Python package for transforming, analyzing, and visualizing data.
Shoptalk Show: 722: The No-AI Talk Challenge, Picking Rails Tooling, Dark Mode?
Chris & Dave have been challenged to not talk about AI this episode - do they succeed? How do I optimize tracking pixels in my web app, what's the best book on CMS and authoring experiences, picking the best tooling in Rails that won't be obsolete, SPF, DNS, and D-Marc, adding dark mode to a website, and dealing with good old fashioned F.A.R.T.
WP Builds: 474 – Exploring the AI generation gap: why young people seem skeptical about AI
The conversation focused on generational attitudes towards AI, with a particular emphasis on skepticism among young people, how younger generations ideologically distrust big tech and perceive AI as “cheating,” especially in creative fields like art and music.
Laravel Podcast: Mastering Design Systems with Jeremy Butler
In this episode, Matt Stauffer sits down with Jeremy Butler, product design lead at Laravel, to trace his path from building an app to sell advertisements to shaping the look and feel of Cloud, Nightwatch, and Forge.
PHP Architect: The PHP Podcast 2026.07.02
Eric’s new laptop won’t share its screen. John lost a fight with a leaf blower. PHP 8.6 alpha dropped. 100+ people showed up to make PHP seem cool again.
Mostly Technical: 139: High On Fable
Ian and Aaron talk about saving a kid's life (!), Solo's big update, and an emerging controversy - do you still need to read the code?
Syntax: Google fires Workspace CLI Creator
Google fires the engineer behind its Workspace CLI tool, OpenAI previews GPT-5.6 with three new model tiers, and Astro 7 lands with a full Rust rewrite. Plus: Coinbase cuts token costs with smarter routing, and more in this week's Syntax Live.
|
|
Who changed that booking? A drop-in audit log for CakePHP with TimescaleDB
Somebody cancels a reservation, a refund goes out, and three days later a client asks: who changed this, and when? If your honest answer is "let me check the log we don't have," you've got a gap worth closing, and it doesn't need a new service or a queue to fix.
Contract from Code, Client from Contract: Getting Rid of Triple Duplication in an API
In the previous article, I explained how to get rid of the first duplication. With the sunrise-studio/symfony-openapi bundle, you can generate an OpenAPI document from code and avoid the separate documentation step.
Architects of the Web: Engineering High-Performance Server Environments with Apache and PHP
A deep-dive architectural brief on engineering, securing, and tuning Linux web infrastructure from bare metal up.
Designing a Scalable Laravel Folder Structure
In the previous article, we explored why many Laravel projects become difficult to maintain. Now it is time to build a folder structure that can grow alongside your application.
The 4 Memory Layers That Could Change How We Build AI Agents
About 3 months ago I was hired to build Simplifika AI, a customer-support assistant powered by AI. The goal is simple: help customers resolve questions using the company’s own knowledge base. But the deeper I got into the project, the clearer it became that there was room to go well beyond the usual approach.
Fat Controllers No More: Architecting Clean Laravel Apps with Services and Repositories
When you first start building applications in Laravel, the framework makes it incredibly easy to move fast. But as business requirements grow, you inevitably face a classic architectural dilemma: Where do I put my business logic?
|
Interesting Projects, Tools and Libraries
phalcon/incubator
Adapters, prototypes or functionality that can be potentially incorporated to the C-framework.
php-standard-library/result
Result type capturing success or failure as a value for controlled error handling.
pestphp/pest-plugin-parallel
The Pest Parallel Plugin.
couchbase/couchbase
The PHP client library provides fast access to documents stored in a Couchbase Server.
cerbero/json-parser
Zero-dependencies pull parser to read large JSON from any source in a memory-efficient way.
dave-liddament/test-splitter
Splits up PHPUnit tests so they can be ran in parallel (e.g. on GitHub actions).
dereuromark/cakephp-queue
The Queue plugin for CakePHP provides deferred task execution.
utopia-php/cache
A simple cache library to manage application cache storing, loading and purging.
uploadcare/uploadcare-php
Uploadcare PHP integration handles uploads and further operations with files by wrapping Upload and REST APIs.
captainhook/captainhook-phar
PHP git hook manager.
|
Jobs
------
Do you have a position that you would like to fill? PHP Weekly is ideal for targeting developers and the cost is only $75/week for an advert. Please let me know if you are interested by emailing me at [email protected] |
Please help us by clicking to our sponsor:
Protect your PHP Code
Why not try SourceGuardian 17. Click here to download a 14 Day Trial copy. Protect your code using Windows, Linux or Mac and run everywhere with our free Loaders. |
So, how did you like this issue?
|
|
|
|