Are your apps sufficiently protected against SQL injection? Do you currently validate and sanitize all types (strings, numbers) and methods (forms, cookies, query strings) of user input before using it in a database query? If not, it’s only a matter of time before serious pwnage…
This article is good primer for newbies and reminder for gurus…
SQL Injection Attacks by Example
If you aren’t already using prepared statements, now’s as good a time as any to start:
The PHP Hacker Night last Thursday was excellent. John, Jonathan, Alvaro and I got together to talk PHP over dinner and dessert. My notes from the evening are on my blog if anyone is interesting. I learned some really cool things and was glad I went:
http://www.richardkmiller.com/blog/archives/2006/06/report-on-php-hacker-night
With the recent discussion on the mailing list about dates and times and how they are stored in a MySQL database; I figured this article would provide some additional information on how others use dates and times. The article offers code examples and provides some clear logic and why not to use the normal timestamp for everything.
Check out the article @ PHPit!
Ever had a hard time explaining web standards to someone? a client? a boss? or even a friend? Of course you have. Every wished there was a simple, visual way to help somone who is not technically minded understand? Natalie Jost of Standards for Life, has created something that I am sure you will find helpful or at least make you smile: standards in a nutshell.
Kevin Hale has published an excellent article on protyping web applications. He discusses the role of the designer and the engineer and tried methods for wireframing large scale projects.
Cody Lindley gives a cool little example of how to add scrolling capabilities to your data grids with css and provides some great examples.
Check it out @ Cody Lindley!
Zend has a preview release of the new eclipse plugin for PHP. Here is the link to check out the instructions for adding it to your eclipse version. If you have the UPHPU this will not work as the Zend Eclipse PHP IDE plugin requires that you have the full Eclipse SDK with the WST Plugin.
http://www.zend.com/phpide/
If you have the UPHPU Eclipse version you can upgrade your version to the eclipse SDK by using the update manager in eclipse.
Help -> Sofware Updates -> Find and Install. Then you need to grab pretty much all the stuff in there that is for the SDK.
Once you have the SDK then you can add the WebTools package that is required for the Zend Eclipse PHP IDE by setting up a new remote download site with the following values:
Name: WebTools
URL: http://download.eclipse.org/webtools/updates/
Then you can add the Zend Remote Update site with the following values:
Name: PHP IDE
Value: http://downloads.zend.com/phpide/
That will allow you to download and install the plugins. If you need any additional help i will be on irc to answer any install questions.
I just finished reading an article on Linux.com that talks about useful tools that a system administrator uses. This is a great article to read and glean if you are doing any system administration with your PHP development. At work and as a contractor I can only stress the importance that a developer needs to be familiar with system administration. You can check out the article here.
Here are some command line tools that i use almost on a daily bases to help out with system administration tasks.
These are just some of the ones that I use. One point I would like to make is that by becoming familiar with additional commands you will start to become more proficient in your system admin tasks; obviously resulting in a sharper developer.
There has been some recent activity on the PHP Developer mailing list about the addition of JSON into the PHP Core. After reading the thread, I did a little research on JavaScript Object Notation (JSON). Here is a great website to read more about it.
FireBug is a new tool that aids with debugging Javascript, DHTML, and Ajax. It is like a combination of the Javascript Console, DOM Inspector, and a command line Javascript interpreter.
Other fun features:
* XMLHttpRequest Spy - Ever wonder what all them newfangled Ajax websites are up to? Watch the requests fly by in the console!
* One web page, one console - Tired of slogging through a zillion errors in the JavaScript Console trying to find the one you want? The FireBug console is built into the bottom of the browser, and only shows you errors and log messages that came from the page you’re looking at.
* JavaScript Error Status Bar Indicator - It’s a sin that Firefox doesn’t include this by default, like IE does. When there is an error in the page, the status bar will let you know with a big red blob.
* Logging for web pages - Sick and tired of “alert debugging”? Jealous of all your C programmer buddies with their fancy printf? Now you can log text and objects to the FireBug console from any web page. See my website for more info on this.
administered by Anavi Design
colocated at Tier Four