PHP UK Conference
20 Feb 2026 at 1 America Square

As a consultant I'm often asked absolute questions, "Is $x better than $y?". The answer is nearly always "It Depends". Software development is a constant game of give and take. Every day we (consciously or not) make numerous decisions and trade-offs in order to get our code shipped. I've found that making these tradeoffs front of mind when I'm working means easier and better decisions. Let's take a look at some of the more common decisions we make day-to-day and try and figure out what the compromises are. Hopefully you'll start looking at more decisions as tradeoffs, and make better choices yourself in future.

Static analysis tools like PHPStan have become essential for PHP developers, and all projects can greatly benefit from custom rules tailored to their specific needs. In this talk, I will guide the audience through the process of writing custom PHPStan rules to enforce project-specific standards and catch domain-specific bugs, and freeing up valuable time by automating repetitive code review tasks.

I've always loved creating things - designing systems, writing code, and shaping solutions by hand. So when AI tools started to dominate the conversation, I wasn't sure how they would fit into my world in a way that still let me do the parts I love most. That question became real when I was tasked with evolving a large Laravel application towards an event-driven model. Faced with unfamiliar accounting concepts and event sourcing patterns, I turned to AI not to write code, but to help me learn, think, and explore. In this talk, I'll share how AI became a valuable design partner as I navigated this architectural shift. From bridging domain gaps to shaping key decisions and incrementally evolving a live system, this is a practical story about integrating new tools without losing your craft. Whether you're exploring event-driven design or curious about how AI can fit into your workflow, this talk offers practical lessons from a real-world journey.

All programming languages have their foundations: the engine that interprets your code and makes everything run. In PHP, this is the Zend Engine, a critical piece of software that powers millions of applications worldwide. When everything works, you don't even think about it. You deploy to production, and the engine does its magic behind the scenes. But what happens when something goes wrong in that core? What if a subtle bug opens the door to a full security breach? Suddenly, the invisible foundation becomes the most important part of the story. Let's shine a light on two such cases: a recent, real vulnerability in the PHP engine (which has since been patched), and a backdoor that, just a few years ago, actually made it into the release candidate and allowed remote code execution. We'll walk through how each issue could be exploited and, most importantly, what lessons developers can draw from them. And yes, there will be live, local, sandboxed demos of both exploits in action. Ready to dive in?

In modern architectures, loosely coupled subsystems collaborate via events rather than giving each other direct instructions. This is referred to as event sourcing if the entire state of an application can be reconstructed from these events. I teach you proven strategies and best practices for testing event-based software. Using PHP and PHPUnit as examples, you will see how tests can be implemented to generate visual documentation of event-based software through their execution.

1

This talk grew out of a side project that got wildly out of hand. I set out to build a quick Laravel app to make one of my favourite podcasts searchable - just a weekend hack, a bit of "vibe coding" to scratch an itch. Instead, it became EverythingIsShowbiz.com, a fully fledged PHP + AI transcript engine with semantic search. What started as an experiment turned into a practical crash course in where AI actually fits into PHP workflows: from managing GPU-heavy transcription jobs, to cleaning up potentially-libellous misheard phrases, making AI output trustworthy at scale, and all on a side project budget! Along the way, I learned a lot about the gap between AI hype and engineering reality. We'll explore the messy middle - where Laravel pipelines replace notebooks, admin tools become sanity savers, and side projects quietly teach us the same lessons as production systems. This talk is for anyone who's ever been asked, "can you do that... but add AI in?" and wants to know what that really looks like in PHP. A small reminder that PHP still belongs in the future - even when that future comes wrapped in AI.

3

Whether you're building APIs, deploying microservices, or just curious about what happens beneath the surface of your applications, understanding networking is essential. This talk explains the core concepts of networking - from the basics of TCP, UDP and the OSI model, to more advanced topics like routing, BGP and anycast. You'll gain a practical understanding of how data moves across the internet, how routing decisions are made, and why these concepts matter when building scalable, resilient applications. No prior networking experience required

I'll show how we're building native mobile apps with PHP and go deeper into how it works

Achieving optimal performance and reliability requires more than monitoring — it demands observability. Discover how metrics, logging, tracing, and continuous profiling empower you to understand, debug, and optimize your application at every level. We'll explore each pillar and demonstrate how to instrument your PHP application for actionable insights. Real-world examples will leave you equipped to make your PHP applications observable, resilient, and performant.

2

Value Objects can be one of the most powerful tools in your modelling toolbox. They make code expressive, maintainable, deterministic and cohesive. Yet they are sometimes misunderstood and it's often difficult for developers to realise where and how they can use them. In this talk you will learn how to identify value objects in the wild, what their properties are and how to create your own!

In this talk I explain how to use Xdebug to get more productive writing PHP code, focussing on the improvements in Xdebug 3.5 such as Native Path Mapping, to make the debugging experience better and easier to set up. Beyond that, this session also goes through a few complicated scenarios that are harder to debug, and shows solutions to these conundrums. I will also focus on the new features.

0

At first AI is a ton of buzzwords and hype, but how do we integrate AI in our existing products / software projects in a meaningful and realistic manner? Let's have a look how Symfony AI enables us to bring AI-based or even agentic features, not only chatbots, into our PHP applications or scaled architecture. If you are looking for input on how to approach AI, need ideas where to get started or find out what's realistic at first - let this talk be your inspiration!

2

In this talk, we'll explore options for PHP performance analysis. From understanding how the PHP virtual machine and OPCodes work, to performing your reliable and meaningful benchmarks, and how to use request profiling using open-source and commercial offerings. You will leave with an overview of the available tools and an understanding of how to use them in your day-to-day. Learning how to spot bottlenecks and optimize them away efficiently and confidently.

APIs are the foundation of our applications today and need to be secure. From broken authorisation and authentication to injection attacks, the OWASP API Security Top 10 identifies the most critical security issues facing APIs today. In this talk, we'll walk through the items on the list and explore these security flaws and look at how to prevent them. By the end of this session, you'll have a clear understanding of the most critical API security risks and be equipped with the knowledge to build more secure APIs.

The PHP Foundation is a non-profit organization formed in 2021 by PHP contributors, ecosystem leaders, and companies supporting the use and adoption of PHP. In this session, we'll recap The Foundation's accomplishments in 2025, and take a look forward at plans for an even better PHP in 2026.

In many developers' lives comes a time when they move on from "coder" to "lead" to "architect" (or similar terminology) and maybe all the way to CTO. After a while it gets harder to grasp the concepts the "coder" people are talking about, even though it seems like just yesterday. And it's not imposter syndrome, it's something entirely different ! In this talk, we'll walk through this journey, which is not always a one-way street, to illustrate that how you approach this journey makes all the difference to yourself and your team.

At MongoDB, I help maintain the open-source tools that help PHP developers use our product. Without active, stable OSS, we shrimply wouldn't have any users. In this session, I'll share why open source is essential to your product's success, and how to get involved in the ecosystems that support it. Through real-world examples, you'll learn strategies for contributing effectively, the value of community trust, and getting leadership buy-in to invest engineering time in OSS. You'll leave with practical ways to strengthen your product by strengthening its open-source foundations.

API Platform is a totally open-source, out-of-the-box framework for making APIs that follow all the Web's best practices (standards, RFCs...) since its release, in 2015. In this talk, we'll see how in a matter of seconds, thanks to the contributions of around 1,000 developers since the framework was created, we can easily have a robust API with auto-generated documentation, via the Swagger UI, whether for a REST or GraphQL API. Through concrete examples and feedback, we'll explore how to contribute to API Platform and use it in your projects, whatever the complexity of your APIs. We'll look at extending automatic documentation, adding custom filters, and integrating your own custom data sources.

Exploring a code base is like navigating a maze with a partial map. While some paths are correctly indicated, some are mislabelled or turn out to be dead ends. Take a childless class not marked as final, for instance – the keyword’s absence is like a sign pointing to a dark tunnel leading nowhere. How many such paths do we accidentally – or deliberately – leave open? This presentation introduces the Closed-by-Default Principle, a reframing of existing principles focussed on keeping those paths shut, relieving the developer’s cognitive load in the process. It is also an exploration of PHP’s evolution over time, each version introducing features to keep the maze as navigable as possible. We’ll also see how to leverage static analysis tools to automate the corresponding rules, giving developers the assurance that all paths lead somewhere.