In this article we will look at how to start a project while considering its related security issues. We will focus on form validation as well as other topics such as site structures. To demonstrate the topics that we will be discussing, we will create a site that will enable a user to log in, log out, register and manage passwords.

They look at things like the overall structure of the site (including how it lives on the file system) and protecting your application from dangerous user input through forms.

Filtering data. We all have to do it. Most, if not all of us, despise doing it. However, unbeknown to most are PHP's filter_* functions, that allow us to do all sorts of filtering and validation. Using PHP's filter_* functions, we can validate and sanitize data types, URLs, e-mail addresses, IP addresses, strip bad characters, and more, all with relative ease. This is part one of two, covering filter_var() and the different constants and flags that can be set.

This method, using the filter extension, takes a lot of the work out of making sure that user-submitted data is what it should be. They include examples of how to filter numeric types, URLs, email addresses and how to sanitize the data to be sure there's no cross-site scripting or SQL injections to be found. This is a great reference if you're looking to get started with the filter extension.

In this article we take a look at the PHP tokenizer and its potential at analyzing and processing PHP source code. We will build several working examples, which you can start using and extending for your own purposes.

The author, Stan Vassilev, explains what the tokenizer is for, how it parses the code (via a lexer) and how to get at the tokens that are created. He uses the token_get_all and token_name functions to get the information and creates a wrapper class around them to strip whitespace and comments.

Yesterday, I saw one of my friend was working on the the contact form and was filtering the user input data(posted variables) individually. He was using a function in PHP to filter the input and using tedious approach while calling the filtering function for each variables with coding each of them in single line . Today, I'm going to show you how can you filter the posted variables easily using callback function in PHP.

He shows how to create a filter_data function (for removing HTML embedded in the data) and how to implement it around your data. It could be extended pretty easily to do more than one filtering method to protect your information even more.

[It's] a set of classes in the SPL that implements various iterating patterns: ArrayIterator, AppendIterator, FilterIterator, LimitIterator and NoRewindIterator. Hopefully you'll get a idea of what these are capable of and that you can get some new ideas for your day-to-day tasks.

He breaks it down into example of each, explaining what they can be used for, how they work and a code example of each in action (with output). You can find more information in iterators and their functions in the SPL section of the manual.

This article walks through the brainstorming stage of planning for what is in this instance, a hypothetical user-centric web application. Although you won't be left with a complete project '" nor a market ready framework, my hope is that each of you, when faced with future workloads, may muse on the better practices described. So, without further ado...Are you sitting comfortably?

The tutorial is broken up into a few sections based around an example with a few points of failure (about book information). They work through the thought process behind the code, using the $_REQUEST variables correctly, preventing SQL injections, filtering the HTML output and a sample code download for you to see how it's all tied together.

They're mentioned in passing in the Zend_View documentation, but not reviewed in detail anywhere in the Reference Guide as of version 1.5.2. I was curious enough about how to implement markup minification that I decided to trace through the Zend_View source code in attempt to discern how output filters actually worked. As it turns out, it's actually pretty simple.

He explains a simple example of how they work, using a Zend_View object to build the filters on (addFilterPath/setFilterPath), and how he created his own output filter - the Minify filter. A minifier removes the comments and whitespace in the output to help reduce its size.

We decided that this one package should be split into subpackages: one subpackage per region/country. Some advantages of this approach are that each driver / filter / subpackage gets it's own stability and version number - we wouldn't have to keep increasing the version number of Date_Holidays each time a new driver is added or when an existing driver gets a significant number of fixes.

To replace your current version of the package (with all of the regions built in) with a new version that still contains all versions, uninstall the Date_Holidays and grab the "Date_Holidays#all" package. Otherwise, you can check out the PEAR page for the main package and see the subpackage list if you only need one for your area.

HTMLPurifer is possibly the most understated underpublicised quality library in PHP today. I consider it a fundamental standard library that is automatically included in every PHP web application I start these days.

This latest release candidate (their first!) includes updates on two major features - the use of autoloading and a change to the way you use the filters. Check out a demo of it in action or just download this latest release and try it out for yourself.

I've uploaded the 0.3 release of Inspekt, the input filtering and validation library for PHP4 and 5. With this release, Inspekt completes the goals of the original specification for the OWASP SpoC007 project. I believe it is ready for "real-world" use.

Along with the new code being released there's also more documentation, API docs, a PEAR channel and a mailing list.