date("Y-m-d H:g:s", strtotime($data))
If that needs explanation then I cannot help you… 
Posts Tagged ‘ PHP ’
Something that can become annoying when working on a php project is all of the includes you have to do. More to the point is all of the path changes you have to do. Depending on how the project was built it could be an easy task such as ‘include(”../file.php”)’. However in the real world sometimes your working on a project that you’ve inherited and the folder structure can be much messier than that. A handy tool in some circumstances is a recursive function that requires the name of the file and the function finds the file recursively through your folder structure:
static function include_file($name, $include_type = 'include', $relative_uri = "..") { $ignore_files = array( 'cgi-bin', '.', '..' ); $dir = opendir($relative_uri); while(false !== ($file = readdir($dir))) { if (! in_array($file, $ignore_files)) { if(is_dir("$relative_uri/$file")) { self::include_file($name, "$relative_uri/$file"); } elseif (!is_dir("$relative_uri/$file")) { if ($file == $name) { if ($include_type == 'include') { include("$relative_uri/$file"); } else if ($include_type == 'include_once') { include_once("$relative_uri/$file"); } else if ($include_type == 'require') { require("$relative_uri/$file"); } else if ($include_type == 'require_once') { require_once("$relative_uri/$file"); } closedir($dir); return true; } } } } @closedir( $dir ); return false; }
Here’s an example of how to use the function:
// Basic usage include_file('test.php'); // Require instead of include include_file('test.php', 'require'); //Recursive search in a particular folder include_file('test.php', 'include', 'app_lib');
Something to note in the $relative_uri parameter we have a default string of ‘..’. This could be the path to the root of the project such as ‘c:\…’ or ‘/etc/…’ (depending on what operating system you are using). That will force the default of that parameter to recursively search your entire application structure.
Use this function with care as it does cost some overhead scanning for files. However I’ve found this to work perfectly for smaller applications that don’t have millions of users connecting to it.
PHP has typically been partnered along side of MySQL as a DBMS for a long time now. While MySQL is very powerful PHP can utilize many other DBMS’s as well such as PostgresSQL, Oracle, and even Microsoft SQL. The problem is that connecting to and using the different databases means you have to load different drivers with different coding conventions. For a long time you couldn’t use the same code with Microsoft SQL as you did with MySQL. Not until PDO.
********************UPDATE***************************
I’ve changed a couple things in the class. First I’ve changed the get rowcount and get columncount to functions so they are run on demand instead of every time you execute a query. I’ve also added in a function to get the last inserted ID from an insert query which is very handy. I’ve also added in a function to close the opened cursor to free up memory and the function runs in the destruct magic method.
*****************************************************
One of the most common things any programmer will have to do is work with strings. Whether it be validating, checking value or sanitizing. Something I find helpful is to wrap functionality in classes so I can easily reuse them later. Here are a few string functions that I’ve found helpful. Don’t hesitate to comment with string functions you’ve found helpful!
class string { /** * Checks to see if string is only alphabetic * * @param string $value * @param boolean $ignore_spaces * @return boolean */ static function isAlpha($value, $ignore_spaces = false) { if (!isset($value)) { return false; } if ($ignore_spaces) { $value = str_replace(" ", "", $value); } return ctype_alpha($value); } /** * Checks to see if string only contains letters and numbers * * @param string $value * @param boolean $ignore_spaces * @return boolean */ static function isAlphaNum($value, $ignore_spaces = false) { if (!isset($value)) { return false; } if ($ignore_spaces) { $value = str_replace(" ", "", $value); } return ctype_alnum($value); } /** * Checks to see if a string is numeric * * @param string $value * @param boolean $ignore_spaces * @return boolean */ static function isNumeric($value, $ignore_spaces = false) { if (!isset($value)) { return false; } if ($ignore_spaces) { $value = str_replace(" ", "", $value); } return ctype_digit($value); } /** * Checks to see if string is a valid phone number * * @param string $value * @return boolean */ static function isPhone($value) { if (!isset($value)) { return false; } if(ereg("^[0-9]{3}-[0-9]{3}-[0-9]{4}$", $value) || ereg("^\([0-9]{3}\)-[0-9]{3}-[0-9]{4}$", $value) || ereg("^\([0-9]{3}\)[0-9]{3}-[0-9]{4}$", $value) || ereg("^\([0-9]{3}\) [0-9]{3}-[0-9]{4}$", $value) || ereg("^[0-9]{3}[0-9]{3}[0-9]{4}$", $value) || ereg("^[0-9]{3} [0-9]{3} [0-9]{4}$", $value) ) { return true; } else { return false; } } /** * Checks to see if a string is an email * * @param string $value * @param boolean $check_domain * @return boolean */ public static function isEmail($value, $check_domain = false) { if (!isset($value)) { return false; } if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $value)) { if ($check_domain == true) { list($userName, $mailDomain) = split("@", $value); if (checkdnsrr($mailDomain, "MX")) { return true; } else { return false; } } return true; } else { return false; } } /** * Checks to see if a string is a valid zip code * * @param string $value * @param boolean $extended * @return boolean */ static function isZip($value, $extended = false) { if (!isset($value)) { return false; } if (!$extended) { if(ereg("^[0-9]{5}$", $value)) { return true; } else { return false; } } else { if(ereg("^[0-9]{5}$", $value) || ereg("^[0-9]{5}-[0-9]{4}$", $value)) { return true; } else { return false; } } } /** * Validates credit card number * * @param string $value * @return boolean */ static function isCreditCard($value) { if (!isset($value)) { return false; } if (ereg("(^(4|5)\d{3}-?\d{4}-?\d{4}-?\d{4}|(4|5)\d{15})|(^(6011)-?\d{4}-?\d{4}-?\d{4}|(6011)-?\d{12})|(^((3\d{3}))-\d{6}-\d{5}|^((3\d{14})))", $value)) { return true; } else { return false; } } /** * Strips html out of a string * * @param string $value */ static function stripHTML(&$value) { if (!isset($value)) { exit; } $breaks[] = "<br>"; $breaks[] = "<br />"; $search = array('@<script[^>]*?>.*?</script>@si', // Strip out javascript '@<style[^>]*?>.*?</style>@siU' // Strip style tags properly ); $value = preg_replace($search, '', $value); $value = str_ireplace($breaks, "\r\n", $value); $value = trim($value); $value = strip_tags($value); $value = html_entity_decode($value, ENT_QUOTES); $value = addslashes($value); } static function cleanHTML(&$value) { $search = array('@<script[^>]*?>.*?</script>@si', // Strip out javascript '@<style[^>]*?>.*?</style>@siU' // Strip style tags properly ); $value = preg_replace($search, '', $value); $value = htmlentities($value); } }
Most PHP developers will check to see if a page request method is ‘POST’ by checking to see if an input exists by isset() function and if the value of that input is null or not. While this works a better method of checking the method is:
// you can check: 'GET', 'HEAD', 'POST', 'PUT' if ($_SERVER['REQUEST_METHOD'] == 'POST') { //do something }
This requires less overhead, is a bit more elegant and more reliable.
Something every web developer has to do a lot is redirecting your web page to another location. For PHP developers it usually looks like this:
< ?php header('Location: http://www.mylocation.com'); ?>
This works well enough as long as headers have not been sent. A common mistake for PHP developers is to use ob_start() to put all content into the output buffer. This can be useful for other functions such as compression, but it’s not a good habit to get into just to compensate for sloppy code. Here is a simple little function that can help redirect using multiple methods.
I recently finished up a website for Qorvis www.fasterbettersafer.org. This is a website was for the United States Chamber of Commerce who is promoting better transportation in America. This site was built using Joomla as the CMS which allows our client to control almost every aspect of the site and update it on their own. Along with the beautiful designs Qorvis also built out a flash widget that can be placed on any user community or website.
One of the many common things we do as PHP developers is ftp files from one server to another. There are many times when I have needed this functionality and PHP has a wonderful API for ftp. Here is a quick wrapper class that I wrote that encapsulates much of the functionality for ftp:
A very overlooked part of PHP security is file uploading. A quick for instance. Lets say that you have a file uploader in which there is no security applied. Any file may be uploaded to the server. What if someone uploads a file that has a little extension by the name of ‘.php’? All that needs to be done now is in the file write a little script with ‘fopen’ and read all the files and echo them out to the browser. Now we have all the source code (maybe even usernames/passwords if we’re lucky) to the entire application. Not only that, but now we can write sql code to get all the data we want from the database. Then we could get really mean and update the database with some malicious javascript and have it download viruses or trojans on all the users computers who visit the website. Now google checks your website, realizes something bad is going on and decides to blacklist your website. Now mr. user comes along to your website, and he’s using firefox. Firefox checks with google to see if its ok to visit the website, google says ‘noooo’, firefox puts up a really scary red screen with a hand and an exclamation point and mr. user gets scared and decides never to come to this ‘bad’ site again. Then russia decides to launch ‘nucular’ missiles and we’re back in the cold war…. ok,, maybe not that last part but pretty much all the stuff before ‘nucular’ missiles I’ve experienced happening. So how do we stop the madness??
Updated on 01/22/2009 There is no such thing as a 100% secure anything in this world of hackers/counter hackers. Especially when it comes to the world of web development. One of the many methods hackers use to infiltrate web applications is through session fixation. Session fixation is a way that hackers can use to gain unauthorized access to another users login. So how do we guard against this?