Joseph Scott has a new post to his blog looking at "why PHP strings equal zero" - that when you use the "==" operator on a string to compare to zero, it's true.

The issue of PHP strings equaling zero has come up a few times recently. [...] Running that will display Equals zero!, which at first glance probably doesn't make much sense. So what is going on here?

He gets into the specifics of what's happening - a bit of type jugging, less strict comparison since it's the "==" versus "===" and how the PHP manual talks about strings being converted to numbers.

While I still think it is odd that the string gets cast as an integer instead of the other way around, I don't think this is a big deal. I can't recall a single time where I've ever run into this issue in a PHP app. I've only seen it come up in contrived examples like the ones above.

Brandon Savage has a new post to his blog about what he calls a XSS vulnerability in the making, something to watch out for when you're doing validation in PHP involving the possibility of numbers as strings.

Back in September, Socorro received a security bug relating to the method we were using for processing inputs for the duration of certain reports. The vulnerability included a proof of concept, with an alert box popping up on production when the link was followed. [...] I was quite surprised at the root cause of the vulnerability. We had opted to compare the incoming data against a known set of valid values - a common practice when whitelisting certain inputs. [...] As expected, when this [example] code is tested, a string of '3' and an integer of 3 work equally well, and a string of '5' and an integer of 5 fail equally.

This automatic casting that PHP does internally caused another issue as well - if the string passed in even started with a valid number from their whitelist set, it still passed.

At first we thought this surely had to be a bug in PHP. However, Laura Thomson told me "If comparing two values, type juggling is performed first, which means that the string is converted to a number. This is done by taking the first number found in the string. So this may be confusing/a quirk/a gotcha, but it isn't a bug." And she's right: this isn't a bug per se, but it's certainly an interesting "gotcha."

In this new post to Symbiotix.net they take a look at a migration they made taking their site and content over from a WordPress installation into a new Drupal site.

We've been running a small educational non-profit - Edulogos - for over three years now. Until recently edulogos.org has been little more than a Wordpress blog with a few extra pages and an off the shelf theme. [...] We decided it was high time to redesign the site and move it over to Drupal to give it room to grow. Like repotting a plant. "Liefde en substral", as they used to say in our home country.

They talk about the planning stages of the move - what version control they were going to use, which Drupal modules they were going to install - and walk you through the installation and configuration process step by step. They used git and github as their chosen method for deploying the site.

Tiffany Brown has a new post today showing how you can gather some statistics about the (successful) use of your e-commerce Zen Cart website with the help of Google Analytics.

Google Analytics allows you to collect pretty robust data about how users move through your e-commerce site. Here's how to make it work with Zen Cart, an open source shopping cart.

You'll need to already have a Google Analytics account set up for the application, a Zen Cart instance installed and have at least a passing knowledge with using PHP and MySQL. There's two steps to the process - a creation of a custom functions file (code provided) and a modification to two other files (the checkout success page and global footer) to send additional information to the Analytics service.

The tilllate.com blog has a new post about a milestone in their development process - the removal of two old legacy components with ones from the Zend Framework making it running 100% on the Framework code.

The gallery and the user registration. The whole site tilllate.com is now running on Trevi, our extension of Zend Framework. With a reach of 2.5 million unique clients a month, tilllate.com is one of the world's biggest installation of Zend Framework.

They talk about the two upgraded parts of their older system - the move up to the Zend_Db database abstraction layer and a change to use memoization in the Zend_Date and Zend_Config components.

Andrei Zmievski has posted an encouraging note on his blog about the progress of PHP6 concerning the number of functions that have been correctly converted to support Unicode.

Well, PHP boys and girls, this feels like quite a milestone: 50% of the 3084 functions that are bundled with PHP 6 have been upgraded to support and work safely with Unicode.

He includes a small chart beside the post as well showing where things are currently at like the safe vs unsafe functions.

Sara Golemon brings us some news from the front about PHP6 in her latest blog entry today.

While everyone else has been busily gearing up for the release of PHP 5.2 and the new features that are going to come with it, Andrei and his small band of merry babelonians (yours truly included) have been making inroads on preparing PHP6 for a preview release. In the past week we've managed to roughly double the number of builtin functions (those which are part of the main distribution) that have been reviewed for unicode safety, either flagging them as good or upgrading their functionality

She also talks about what kinds of functions this entailed and how far along they are total (around 22%). She also encourages anyone that wants to get involved to help to jump right in.

Following up on some of his previous posts to the SitePoint PHP Blog, Harry Fuecks has posted this quick guide with some "hot UTF-8 tips" to share with the community.

As a result of all the noise about UTF-8, got an email from Marek Gayer with some very smart tips on handling UTF-8. What follows is a discussion illustrating what happens when you get obsessed with performance and optimizations (be warned - may be boring, depending on your perspective).

He talks mainly about using the native PHP functionality to avoid the mbstring issues that could arise by restricting locale behavior and using a fast case conversion function to handle strings correctly. The other tip involves delivery methods to those not able to recieve UTF-8 formatted content - checking their character set and responding accordingly.