But how you are going to do all this work with cookies and session id? Luckily, PHP has cURL extension which simplifies connecting to remote addresses, using cookies, staying in one session, POSTing data, etc. It's really powerful library, which basically allows you to use all HTTP headers functionality. For secure pages crawling, I've created very simple Secure_Crawler class.

The class uses the built-in cURL functionality to send the POST information (in this case the username and password, but it can be easily changed for whatever the form requires) and provides a get() method to use for fetching other pages once you're connected.

It became apparent over the past year or so that PDO has been a good and valuable addition to PHP. [...] We believe that having direct involvement from the data access providers would be most effective, which is why we set out to try and get them on board.

There were three steps they would need to make to push things to version two (documentation, define scope/direction and organize data provider integration methods) and the proposal that has caused a huge stir in the community - the idea of requiring a CLA contributors would need to sign.

Comments to this point from the community include:

• Richard Thomas
• Antony Dovgal
• some of Wez's own comments
• Mike Willbanks
• Christopher Jones
• Lukas Smith
• Paul Jones
• Pierre-Alain Joye
• Jay Pipes
• Derick Rethans
• Marco Tabini
• Kristian Kohntopp
• Some PDO humor from David Coallier and Travis Swicegood
• Marcus Borger (and his part two)
• Richard Heyes
• Till's blog entry
• Say No to the CLA

As you might know, the "__autoload()" function, when used in a clever way, can eliminate almost completely the need to use the "require()/require_once()" and "include()/include_once()". [...] Now is the perfect time to move forward and start learning how to put the "__autoload()" magic function to work for you, and load your classes without having to include them manually into your PHP 5 object-oriented applications.

They show the more traditional approach with a code example (just using the require/include method) then show the difference in using a custom defined autoload function to tell the script where to find the libraries.

PHP has numerous ways to execute raw PHP code unless you the programmer stops it. Best way in preventing these methods is making sure you check the input of what your users are inputting, and making sure you escape all malicious actions that a hacker,cracker, kiddy scripter might want to do to your website.

He summarizes four of the things from the Pro PHP Security book from Apress (by Chris Snyder and Michael Southwell) that can leave holes in you application for would-be explots - preg_replace, shell_exec/exec, eval (which we all know is only one letter from "evil" anyway) and require/include.

I just noticed today, that PHP's try catch blocks require curly braces. Anybody has an idea why it is like that? I have used curly braces by default up until now, so I just stumbled upon this weirdness today.

He includes two examples, one with a curly brace after the catch clause and the other without. This is different than several other control structures (like ifs) that don't require the curly brace when there's only the one line following it.

They build on the previous code, showing how to:

• preselect items from a multiple select list,
• process image submit buttons
• checking the mandatory fields
• checking the values of select lists

This should be well known, and people should be aware as to why they are using either or. But, I've noticed lately that a lot of people new to PHP or programming are not aware of the difference. Depending on what you need you, need to decide what the differences are.

It's a short post, but for someone just getting into PHP, it's some handy information to have. He looks at both functions and gives what they're good for. He does throw in a few caveats, though - including an issue with parse errors in included files pre-PHP 4.3.5...]]> Thu, 05 Jan 2006 06:56:33 -0600