開発スタッフがアプリ関連の最新技術やニュースをご紹介します。

Standard methods for creating Eloquent Models like make(), create(), update, and save(). Laravel includes some other methods are that also really useful for creating and updating Models that I feel don’t get enough attention. So in this article, I’d like to go over some of these additional methods and explain how they might be useful.

1. firstOrNew

The firstOrNew method is really useful for finding the first Model that matches some constraints or making a new one if there isn’t one that matches those constraints.

You can take a piece of code that looks like this:

$user = User::where(‘email,’$request->email)->first();

if($user === null){

$user = new User([ ‘email’ => $request->email ]);

$user->name = $request->name;

$user->save();

}

And turn it into this:

$user = User::firstOrNew( [ ‘email’ => $request->email ] );

$user->name = $request->name;

$user->save();

You may also pass an array of additional attributes to set as the second parameter if no existing Model is found:

$user = User::firstOrNew([‘email’ => request(‘email’)],[‘name’ => request(‘name’)]);

$user->save();

2.firstOrCreate

I recently found the firstOr method while source-diving. The firstOr method retrieves the first Model from a query, or if no matching Model is found, it will call a callback passed. This can be really useful if you need to perform extra steps when creating a user or want to do something other than creating a new user:

$user = User::where(‘email,’$request->email)->firstOr(function(){

$account = Account::create([

return User::create([

‘account_id’ => $account->id,

‘email’ => $request->email

]);

]);

});

3.firstOr

I recently found the firstOr method while source-diving. The firstOr method retrieves the first Model from a query, or if no matching Model is found, it will call a callback passed. This can be really useful if you need to perform extra steps when creating a user or want to do something other than creating a new user:

$user = User::where(‘email,’$request->email)->firstOr(function(){

$account = Account::create([

return User::create([

‘account_id’ => $account->id,

‘email’ => $request->email

]);

]);

});

4.updateOrCreate

The updateOrCreate method attempts to find a Model matching the constraints passed as the first parameter. If a matching Model is found, it will update the match with the attributes passed as the second parameter. If no matching Model is found a new Model will be created with both the constraints passed as the first parameter and the attributes passed as the second parameter.

You can refactor this piece of code:

$user = User::where(‘email,’$request->email)->first();

if($user !== null){

$user->update([‘name’ => $request->name]);

}else{

$user = User::create([

‘email’ => $request->email,

‘name’ => $request->name

]);

}

To this using the updateOrCreate method:

$user = User::updateOrCreate([

‘email’ => $request->email,

‘name’ => $request->name

]);

Tsuki

今回はPHPでQRコードを生成するためのライブラリ「endroid/qr-code」を紹介したいと思います。

続きを読む

映画マトリックスの世界を題材にしたUnreal Engine 5 の技術デモ
「The Matrix Awakens: An Unreal Engine 5 Experience」
がPlayStation5とXbox Series X|S向けに12月10日から公開予定のようです。

続きを読む

Today I would like to share about some web security tools that should be used by developers. When we develop a software, we must also consider the aspects of security. So, in some situations, not only have to write secure codes but reverse testing is also needed. Let’s take a look at some web security tools as follows.

1. Zed Attack Proxy (ZAP)

Developed by OWASP (Open Web Application Security Project), ZAP or Zed Attack Proxy is a multi-platform, open-source web application security testing tool. ZAP is used for finding a number of security vulnerabilities in a web app during the development as well as the testing phase.

2. Wapiti

Wapiti is a open source project. Wapiti performs black box testing to check web applications for security vulnerabilities. As it is a command-line application, it is important to have a knowledge of various commands used by Wapiti. You can find all the Wapiti instructions on the official documentation. For checking whether a script is vulnerable or not, Wapiti injects payloads. This tool provides support for both GET and POST HTTP attack methods.

Vulnerabilities exposed by Wapiti are:

• Command Execution detection
• CRLF injection
• Database injection
• File disclosure
• Shellshock or Bash bug
• SSRF (Server Side Request Forgery)
• Weak .htaccess configurations that can be bypassed
• XSS injection
• XXE injection

3. Sqlmap

SQLMap is entirely free to use that allow automating the process of detecting and utilizing SQL injection vulnerability in a website’s database. This tool supports 6 types of SQL injection techniques:

• Boolean-based blind
• Error-based
• Out-of-band
• Stacked queries
• Time-based blind
• UNION query

4. Skipfish

Skipfish is a web application security tool that crawls your website and then checks each page for various security threats and provides a final security report. It is highly optimized for HTTP handling and utilizing minimum CPU.

5. Burp Suite

Burp Suite is a Java-based web penetration testing framework. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. The tool intercepts HTTP/S requests and acts as a middle-man between the user and web pages. The paid version provides a more agile automated testing tool with integrations with other frameworks such as Jenkins.

6. Nikto

The Nikto web server scanner is a security tool that will test a website for thousands of possible security issues including dangerous files, mis-configured services, vulnerable scripts and other issues. It is open source and structured with plugins that extend the capabilities.

Hope you enjoy that.

By Asahi

The PHP team has released PHP 8.1. Let’s see a bit of some main features they have added.

https://twitter.com/official_php/status/1463943033234276360

Improvements

There are many improvements as follow.

• Enumerations
• Readonly properties
• Pure Intersection Types
• never return type
• First-class Callable Syntax
• New array_is_list function
• and many more

We will walk through some feature more details.

Enumerations

PHP 8.1 supports Enumerations (Enums) natively, providing an API for defining and working with Enums:

enum Data
{
    case Draft;
    case Published;
    case Archived;
}
function acceptStatus(Data $data) {...}

Read-only Properties

Read-only properties cannot be changed after they are initialized. You can be confident that your data classes are consistent. PHP 8.1 can reduce boilerplate by defining public properties the author does not intend to change.

class Sample
{
    public readonly Data $data;
 
    public function __construct(Data $data)
    {
        $this->data = $data;
    }
}

First-class Callable Syntax

You can make make a closure from a callable by calling it and passing "...“

function sum(int $a, int $b) {
    // ...
}
 
$sum = sum(...);
$sum(1, 5);
$sum(5, 3);

and there are still more interesting features to look more detail. Please check the official documentation for more detail.

Yuuma