PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information
PhpRiot Latest Blog Posts
Displaying blog posts 201 to 220 of 277

html Sanitisation: The Devil's In The Details (And The Vulnerabilities)

html Sanitisation: The Devil's In The Details (And The Vulnerabilities)
html Sanitisation (defined below) has been with us for a long time, ever since the first genius who came up with the idea of allowing potentially untrustworthy third party html to be dynamically patched into their own markup. The years have not taken this kindly, and third-party html inclusion has remained one of the most complex and underappreciated vectors for security vulnerabilities. In this article, I take a look at some of the solutions PHP developers rely upon to perform html Sanitisation. Mostly...

Auth/ACL implementation strategies

Auth/ACL implementation strategies
I'm going to talk more about ACLs than Auth. Auth is simple, it's the ACL that will trip you up.A Since both concepts are coupled together when you're making a login system, I feel it's appropriate to at least touch on Auth. What I want to cover is the ways we can create the ACL object to suit needs based on the scale of the project. I'm going to assume that readers have a passing familiarity with using the Auth and Acl objects and may have even implemented them into projects. Zend_Auth The reason I say...

Bollysite Blog: Upgrading php 5.1 to php 5.3 with xcache rebuild on Centos 5

Bollysite Blog: Upgrading php 5.1 to php 5.3 with xcache rebuild on Centos 5
In this quick tutorial on the Bollysite blog showing how to upgrade your CentOS install of PHP from 5.1 to 5.3 along with xcache.CentOS 5 comes with php 5.1 version. There is no official PHP 5.2+ release for upgrade since last 3 years. [...] As a result, Developer had to implement alternative functions to integrate twitter, myspace OAuth API. Today wordpress has officially said bye bye to php 4 and mysql 4. So finally, I gathered some courage to mess with my current php installation. I followed the...

Want your own Cloud API?

Want your own Cloud API?
Ever considered developing a RESTful API? Ever wondered what is FRAPI and how it works? Well apart from reading the frameworks's website, there was no real way to assess FRAPI as a RESTful API Framework - Not until recently. In order to ease adoption and make it more accessible for people to evaluate FRAPI, we've put an Amazon AMI together. This AMI comes pre-installed with Linux Lucid Lynx (Ubuntu 10.04 LTS), NGINX as the webserver, Memcached - (And no, port 11211 isn't opened to the public), PHP5-FPM,...

Running mod_php and FastCGI side-by-side

Because we're in full throes of Zend Framework 2.0 development, I find myself with a variety of PHP binaries floating around my system from both the PHP 5.2 and 5.3 release series. We're at a point now where I'm wanting to test migrating applications from ZF 1.X to 2.0 to se see what works and what doesn't. But that means I need more than one PHP binary enabled on my server... I use Zend Server on my development box; it's easy to install, and uses my native Ubuntu update manager to get...

NETTUTS.com: The Problem with PHP's Prepared Statements

NETTUTS.com: The Problem with PHP's Prepared Statements
On NETTUTS.com there's a new tutorial talking about the problem with PHP's prepared statements, mainly due to their flexibility.There are a couple issues that appear to make these methods less flexible than we'd hope. For one, we must utilize the bind_result method, and pass in a specific number of variables. However, what happens when this code is within a class, and we won't immediately know how many variables to pass? Luckily, there's a solution! I'll show you what it is in today's video tutorial.The...

Cal Evans' Blog: PHP, Community and User Groups

Cal Evans' Blog: PHP, Community and User Groups
In a new post to his blog today Cal Evans looks at PHP, the community and how user groups fit into the mix . He shares opinions from the community and a video taken of a roundtable at this year's TEKX .

DesignLuv.com: A style guide for PHP developers

DesignLuv.com: A style guide for PHP developers
On DesignLuv.com today they've posted what they call a style guide for PHP developers - some types on writing well-styled, easy to read code.If you're a new developer and are trying to hone in on your coding style, maybe try giving the following a go. These are simply some conventional formatting methods that are generally appreciated and supported by PHP developers and will improve the overall readability of your code.They talk about a few different subjects - variable names, class and method naming,...

Johannes Schluter's Blog: Scalar type hints in PHP trunk

Johannes Schluter's Blog: Scalar type hints in PHP trunk
As Johannes Schluter mentions in his latest blog post, another new feature has been added to the trunk of the PHP project - scalar type hints.So in my blog series I try to cover all additions to PHP trunk so I have to mention scalar type hints.He gives examples of both simple hinting (ensuring a value is a float) and a more complex example setting an attribute on a PDO connection (checking for an integer). Sample error messages are included as well. He also gives some advice on mixing strong and weak...

64-bit integers in MongoDB

64-bit integers in MongoDB
64-bit integers in MongoDB London, UK Monday, August 9th 2010, 14:23 BST The current project that I'm working on relies heavily on MongoDB, a bridge between key-value stores and traditional RDBMS systems. Users in this project are identified by their Facebook UserID, which is a "64-bit int datatype". Unfortunately, the MongoDB PHP Driver only had support for 32-bit integers causing problems for newer users of Facebook. For those users, their nice long UserID was truncated to only 32 bits which didn't...

Community News: Latest PEAR Releases for 08.09.2010

Community News: Latest PEAR Releases for 08.09.2010
Latest PEAR Releases: Validate_ES 0.6.0 HTML_Safe 0.10.1 Validate_SE 0.1.0 Validate_NO 0.1.0 Validate_LU 0.1.0 Validate_LI 0.1.0 File_MARC 0.5.2 Services_Digg2 0.3.0

Content Security Policy introduction

Content Security Policy introduction
I blogged Content Security Policy about this a 2 year ago when it was still called 'Site Security Policy'. It started as a specification and an add-on, and turned into a patch a bit later. Finally it made it into Firefox 4 beta 1. I think CSP is the next web security revolution, so make yourself aware of how it works and the implications.So what is it? The short version is that it's a very effective measure against cross-site scripting. By specifying a policy through the 'X-Content-Security-Policy', you...

Reason #184 why PHP sucks

Reason #184 why PHP sucks
class Blah { public static function hello($id) { printf("Static"); } public function hello() { printf("Instance"); } } Blah::hello(5); $x = new Blah(); $x-hello(); You knows it...

Telecommuting Culture

Telecommuting Culture
A few years back, I'm not even sure when, I started looking at job postings of companies I found interesting. The point wasn't to find a new job, but to understand the company a bit more. You can almost always discover what technology a company is using if they're hiring. I found out Plurk uses Python through this method, that Twitter hasn't given up on Ruby, and even when it doesn't make sense Washington DC shops still use Drupal.That last company is what gave rise to this tweet:They're pretty blunt...

Scalar type hints in PHP trunk

Scalar type hints in PHP trunk
So in my blog series I try to cover all additions to PHP trunk so I have to mention scalar type hints. float $f) { echo $f."\n"; } for ($i = 1; $i 0.33333333333333 0.66666666666667 Catchable fatal error: Argument 1 passed to print_float() must be of the type double, integer given, called in typehints.php on line 7 and defined in typehints.php on line 2 Is expected behavior in PHP's trunk. If you want such a thing to work please use the numeric type hint. In case that wasn't enought fun: There's...

VMWare on Debian Unstable

VMWare on Debian Unstable
VMWare on Debian Unstable London, UK Saturday, August 7th 2010, 16:08 BST In the past week I've been doing some work on the MongoDB PHP Driver, and while running the test cases I noticed that there are some issues with it when you run out of disk space. It's sadly hard to reproduce so I set out to create a VMWare image for the MongoDB developers to reproduce this issue.

Cal Evans' Blog: PHP, Community and User Groups

Cal Evans' Blog: PHP, Community and User Groups
In a new post to his blog today Cal Evans looks at PHP, the community and how user groups fit into the mix. He shares opinions from the community and a video taken of a roundtable at this year's TEKX.Those that know me know that the PHP community is near and dear to my heart. I am always looking for ways to support it, usually to the chagrin of my employer. We have the greatest community of any programming language I know of and I like helping people find ways to participate in it.The video is a...

Microsoft PHP driver for SQL Server 2.0 released

Microsoft PHP driver for SQL Server 2.0 released
The SQL Server team just announced the release of their latest PHP driver for SQL Server. Details about the release can be found at http://blogs.msdn.com/b/sqlphp/archive/2010/08/04/microsoft-drivers-for-php-for-sql-server-2-0-released.aspx. A major highlight of this release has been the introduction of PDO drivers for SQL Server. This means the PHP application developer now need not care about database but rather focus on the application code. As part of this release I was one of the fortunate ones to...

First Development Milestone of ZF 2.0 Released

First Development Milestone of ZF 2.0 Released
Yesterday, the Zend Framework team tagged the first development milestone of Zend Framework 2.0 (2.0.0dev1). It is immediately downloadable from the Zend Framework servers: ZendFramework 2.0.0dev1 zip package ZendFramework 2.0.0dev1 tar.gz package NOTE! This release is not considered of production quality, and is released solely to provide a development snapshot for purposes of testing and research. Use at your own risk.

Change Garcia's Blog: DevDerby

Change Garcia's Blog: DevDerby
In a new post to his blog Chance Garcia talks about a new event that's happening in Bloomington, Illinois in September - a "Dev Derby" as a part of the The Combine.This is a one-day programming event which challenges teams, representing different programming languages, to build a web-based application for use by non-profits. The code will be released as open source, giving it life after the day has ended. There will be 5 teams competing. My suspicions say that there will be a Rails team and a CF team in...