In the vast ocean of bad PHP programming books that serve only to perpetuate bad programming habits in the world of PHP, there are few PHP books that I would recommend more than George Schlossnagles’ Advanced PHP Programming. In Advanced PHP Programming George takes us all the way from simple (yet very important) syntax rules and standards, to advanced object oriented design patterns, profiling and debugging your php code, data caching, extending php and much much more. This insightful book illustrates the importance of security in PHP development and gives you many wonderful tools to develop large scale php applications. I would definitely give this book 2 thumbs up and highly recommend it to anyone wanting to break free from the typical PHP tutorial books. Anyone who wishes to get into the meat of PHP web development should read this.
I recently finished up a website for Qorvis www.fasterbettersafer.org. This is a website was for the United States Chamber of Commerce who is promoting better transportation in America. This site was built using Joomla as the CMS which allows our client to control almost every aspect of the site and update it on their own. Along with the beautiful designs Qorvis also built out a flash widget that can be placed on any user community or website.
One of the many common things we do as PHP developers is ftp files from one server to another. There are many times when I have needed this functionality and PHP has a wonderful API for ftp. Here is a quick wrapper class that I wrote that encapsulates much of the functionality for ftp:
A very overlooked part of PHP security is file uploading. A quick for instance. Lets say that you have a file uploader in which there is no security applied. Any file may be uploaded to the server. What if someone uploads a file that has a little extension by the name of ‘.php’? All that needs to be done now is in the file write a little script with ‘fopen’ and read all the files and echo them out to the browser. Now we have all the source code (maybe even usernames/passwords if we’re lucky) to the entire application. Not only that, but now we can write sql code to get all the data we want from the database. Then we could get really mean and update the database with some malicious javascript and have it download viruses or trojans on all the users computers who visit the website. Now google checks your website, realizes something bad is going on and decides to blacklist your website. Now mr. user comes along to your website, and he’s using firefox. Firefox checks with google to see if its ok to visit the website, google says ‘noooo’, firefox puts up a really scary red screen with a hand and an exclamation point and mr. user gets scared and decides never to come to this ‘bad’ site again. Then russia decides to launch ‘nucular’ missiles and we’re back in the cold war…. ok,, maybe not that last part but pretty much all the stuff before ‘nucular’ missiles I’ve experienced happening. So how do we stop the madness??
Updated on 01/22/2009 There is no such thing as a 100% secure anything in this world of hackers/counter hackers. Especially when it comes to the world of web development. One of the many methods hackers use to infiltrate web applications is through session fixation. Session fixation is a way that hackers can use to gain unauthorized access to another users login. So how do we guard against this?
PHP has typically been partnered along side of MySQL as a DBMS for a long time now. While MySQL is very powerful PHP can utilize many other DBMS’s as well such as PostgresSQL, Oracle, and even Microsoft SQL. The problem is that connecting to and using the different databases means you have to load different drivers with different coding conventions. For a long time you couldn’t use the same code with Microsoft SQL as you did with MySQL. Not until PDO.
So whats up with the hype?
To really appreciate JSON its good to understand XML and why an alternative to XML exists. XML is a powerful robust markup language that makes many things that were formerly very difficult much more feesable. One of those things is data interchange between different systems. Data interchange between different systems has always been possible, however up until recent years it has been very difficult because of the lack of a unified protocol. These days most modern languages and DBMSs have XML parsing functions that allow you to grab the data that you need and search and filter your data with Xpath. XML has many uses. Everything from styling to configuration files to web services and site maps. More recently, XML has been used to encapsulate data in AJAX HTTP requests. XML is very powerful in that it is platform independent so you can conceivably transfer data between multiple operating systems, languages, databases, and other systems and sub systems. You can see what XML looks like here Read the rest of this entry »
Smushit is an interesting web service that reduces the size of images by trimming off the "cruft" that is leftover in an image, but without reducing the quality of the image. Photoshop allows you to reduce the size of your image but it reduces the overall quality of the image. Smushit allows you to quickly upload your image to the smushit site, it then reduces the size of the image/images and then sends you a zip file with all the optimized images. Not bad for just a few minutes of work.
The new firefox 3.1 has just been released. Touting its new "tracemonkey" javascript engine it is certainly one of the most powerful browsers on the market to date. I’ve been using it throughout the day and am extremely impressed. Sites that use javascript heavily are far less clunky. Firefox 3.1 is just another example in the web trends we are now seeing. Clearly there is no doubt that javascript is not a dead language. Far from it. It is, and is becoming more and more the web standard. Web sites are no longer exciting if they don’t have javascript special effects and AJAX. We have yet to hear from Microsoft what IE is doing to keep up the pace with other browsers. Hopefully we will see something soon.
Yates Jarvis posted an interesting article on Google expanding their advertising on yahoo. Google adsense has been the gold standard for internet advertising for quite some time now and it just got better. It seems that these days everyone is trying to get a piece of Yahoo. Google has the most significant piece of the market share, but microsoft wants in. They have been trying to wiggle their way in with yahoo which hasn’t happened so far. Now it looks like Google has made headway with Yahoo and pushed Microsoft further away. Yahoo seems to (wisely) want to work both ends of the spectrum. Google has alot of technology and success, Microsoft has alot of money. Win win situation for them.