Whenever you're working on a project, are you consistent? Are you consistent in your coding style, consistent in your documenting, consistent in your database naming conventions? Better yet, do you and your team have a coding standard which you consistently adhere to? If you don't, you're buying yourself and others a world of pain - which is painlessly simple to avoid. Today I'm banging the drum, shouting from the street corner, calling from the cathedral spire, imploring you to do one thing, above all else - pick a coding standard and then BE CONSISTENT!

His five reasons for implementing (and effectively using) a coding standard are:

• Poor, Inconsistent Code - Causes You Pain
• Your Code is Easier to Read
• Your Code is Easier to Understand
• Your Code is Easier to Maintain
• Your Code is Easier to Collaborate on

Check out the post for summaries of each point.

Most of us use PHP from a IDE or using a simple text editor with a browser, rarely dropping down to the command-line for running php programs. But php provides some interesting and quick options you can use to perform various common tasks or to debug some nasty installation problems. Below is a list of some useful options you should be familiar with.

Among those on his list, handy options like the ability to define which php.ini file to use (-c), showing what modules are compiled into the current binary (-m) and a syntax highlighted output of the file (-s).

As PHP developers, we commonly resort to browsing the Web for people with similar programming problems. Now that we have The PHP Anthology, why should we? While the book certainly does not cover everything, there is something for everyone, and even the few sections you find useful make it all worthwhile.

He talks about the book's target audience, the quality of the examples it provides and some of his suggestions on how the book could have been even better.

There's always a bridge between textbook knowledge of programming - syntax, procedure etc. - and the real world knowledge that you get from actually developing real applications. Here are five things every PHP developer should be familiar with before they begin developing web applications in PHP

The list is:

• Frameworks
• Templating engines Code availability
• Don't reinvent the wheel
• IRC is a wonderful thing

I'm a particular fan of that last one and regularly hang out in the same ##php channel over on Freenode.

Although Textpattern's default installation provides a lot of useful features, it doesn't try to be everything for everybody. Instead, it has an intelligent PHP based plugin system that allows programmers to write their own add-on code to enhance its functionality.

The list consists of:

• zem_contact_reborn
• SimplePie RSS Parser
• hak_tinymce
• md_versions
• asy_sitemap
• stw_category_tree
• etx_crumbs
• sgb_url_handler

Each of the above has a description, the features is has and options it allows the user to customize.

I recently finished reading Essential PHP Security by Chris Shiflett (O'Reilly). It was a good, quick read, and for me it was mostly a review of principles I had previously read on Chris's blog. The main principles are filter input and escape output. Using separate arrays for each kind of data is a best practice.

Richard also includes a quick code example of this kind of filtering on POST data, HTML information, and MySQL output.

Thanks to everyone who wrote to let me know that Essential PHP Security was Slashdotted yesterday. Slashdot still amazes me. I think the book's Amazon.com Sales Rank is a testament to the power of Slashdot.

He notes that the book has been very well recieved (at #354 in the Books section on Amazon) and has garnered some great reviews as well. It's great to see that the community is snatching up this great resource. It can only help to further the cause of enhanced security in PHP applications overall.]]> Tue, 14 Feb 2006 18:40:50 -0600 http://www.phpdeveloper.org/news/4549 http://www.phpdeveloper.org/news/4549 Chris Shiflett has a new post on his blog today that points to a sample chapter of his book, "Essential PHP Security", that's been posted over on MySQL's Developer Zone.

The sample chapter of Essential PHP Security for MySQL's Developer Zone is now available: Chapter 2, Forms and URLs.

This chapter discusses form processing and the most common types of attacks that you need to be aware of when dealing with data from forms and URLs. You will learn about attacks such as cross-site scripting (XSS) and cross-site request forgeries (CSRF), as well as how to spoof forms and raw HTTP requests manually. By the end of the chapter, you will not only see examples of these attacks, but also what practices you can employ to help prevent them.

If you haven't gotten a chance to check out the book, you definitely should. It's recieved greate reviews by people all over the community, and thought smaller, contains a lion's share of information about PHP security matters...]]> Thu, 22 Dec 2005 11:00:47 -0600 http://www.phpdeveloper.org/news/4450 http://www.phpdeveloper.org/news/4450 Chris Shiflett has created a companion site for his O'Reilly book "Essential PHP Security" - PHPSecurity.org.

PHPSecurity.org, the companion web site for my new book, Essential PHP Security, is now online. Many thanks to Amy Hoy for the excellent design!

I've included the table of contents, the (unfortunate) errata, some reviews, and the code repository.

He also notes that, while there are partial examples in the book, there is no complete example that could be used to do anything malicious (the parts are there, obviously, but just not in once place). Overall, though, he says that the book has been doing well, and has gotten a very warm reception from the community - hence the expansion out to the new site...]]> Wed, 07 Dec 2005 07:03:43 -0600