On his blog, Roshan Bhattarai shares a few tips on keeping your application safe by filtering user-submitted data.

Yesterday, I saw one of my friend was working on the the contact form and was filtering the user input data(posted variables) individually. He was using a function in PHP to filter the input and using tedious approach while calling the filtering function for each variables with coding each of them in single line . Today, I'm going to show you how can you filter the posted variables easily using callback function in PHP.

He shows how to create a filter_data function (for removing HTML embedded in the data) and how to implement it around your data. It could be extended pretty easily to do more than one filtering method to protect your information even more.

For a recent REST web service project, Lorna Mitchell had to put together a server for the remote clients to use. She started with a GET request then moved to handling a POST request then to a PUT request - that's where the difficulty came in:

PHP doesn't have a built-in way to do this, and at first I was a little confused as to how I could reach this information. It turns out that this can be read from the incoming stream to PHP, php://input.

Pulling from that stream gave her the raw data she needed (nicely urlencoded too) that she could parse out and use. She includes a simple example that has a check for the REQUEST_TYPE in the _SERVER superglobal to see how the request should be handled (PUT versus GET).

Havard Eide has a recent post to his blog that looks at a part of the Standard PHP Library (SPL) that can be used with objects to store them for later use - SplObjectStorage.

In this post I will look at SplObjectStorage: a container that allows to store objects uniquely without the need to compare them one by one.

He lets the code to most of the talking, showing how to do the standard operations for a data store - adding objects (both unique and the same), updating objects in the store, checking to see if an object is already added and removing an object from storage.

Padraic Brady has posted about a new inclusion that Google has announced will be included in the authentication methods for their APIs - OAuth.

The Google Data API support comes with a few gotchas. Its documentation show a clear preference for using GET instead of POST, though the Google OAuth server does appear to natively support POST requests for everything with the exception that it has a small bug which interprets an empty POST request body as a sort of phantom empty parameter.

He notes that the library he's been working on (and submitted to both the Zend Framework and PEAR) it up to the 0.0.3 release including functionality marked as beta for the Consumer portion.

On the ThinkPHP blog today, there's a new post from Stephanie Ehrling about simulating an LDAP connection and data request to PHP with LDIF.

An LDIF file is a simple text file that can contain those LDAP information, which can be separated into two groups. On the one hand, it can hold exported LDAP data in a text format. The other purpose of LDIF is to use it for importing data into an LDAP based system. So it can contain data to be imported or just commands that shall be processed. This is an important fact, because that opens the door to an interesting workaround.

This workaround allows you to import large amounts of data quickly and easy by dumping it into the server via a simple PHP script. The code is included in the post, but you'll need to have the binaries to get the LDIF and LDAP functionality working together.

Kae Verens has posted a review of another of Packt Publishing's PHP-related offerings, "Learning PHP Data Objects" by Dennis Popel (published in Aug 2007).

Learning PHP Data Objects, by Dennis Popel, is an introduction to PDO, which walks through the building of a believable test example - a library manager for your home library. [...] I really couldn't find very much about this book that I didn't like. Ignoring the appendices, the book is 154 pages purely devoted to teaching PDO through examples, including error handling, working with BLOBs, even the creation of the M in MVC (Models).

The review mentions Models, Active Record and how the book creates a Library manager application that includes the use of prepared statements and transactions.

Daniel Cousineau submitted a new blog post he's come up with that looks at using hierarchical data in a MySQL database.

I recently had fun with an all-to-common issue with SQL driven websites: hierarchical data. For those who don't like big words, think trees. Other people have already discussed storage methods, and I would actually highly suggest you read the writeup if you haven't already.

He includes a sample table you can work from and some code that can be used to generate a select (based on a $depth variable) parent/child values from it. A few simple function calls later and you have a nested array or lots of little subarrays maintaining the parent/child relationships the database has.

The Zend Developer Zone has a new article that supplements a podcast from the PHP Abstract series recently given by Lorna Mitchell on "Data Importing".

It is a simple walkthrough of some examples of the techniques mentioned in the podcast. It is much easier to visualise queries and data structures if written down, so here we look at an example of each of the points mentioned.

Her examples convert employee information over from one table to another via some SQL queries and splits out the information into the parts to fill the table (done with inserts and updates).

The Zend Developer Zone has posted their latest episode of the PHP Abstract podcast series. This time, Cal's brought in Lorna Mitchell from Ibuildings to talk about importing data.

Today our special guest is Lorna Mitchell. Lorna is a Developer at Ibuildings in the UK, and is based in Leeds in the North of England. She is a Zend Certified Engineer and the senior member for phpwomen.org in Europe. Today, Lorna will be talking to us about Data Importing.

There's three ways to get this new episode - you can either download the mp3 of the show, listen using the in-page player or subscribe to the show's feed and get this and other great episodes automatically.

On the ThinkPHP blog today, Stephanie Ehrling has posted about a method for PHP to take in the output of the Nike+ equipment and put it into a usable form.

There is no official API that allows you to use the raw data. Nevertheless the data are sent to the Flash via XML so there is a chance to use them. For PHP Rasmus Lerdorf himself has implemented a class to access these data. The class allows to authenticate a user and fetch the running data of a user in a XML-Format

She gives an example of it in action - simple creation of an object then a call with the username and password. Behind the scenes, the data is pulled in and dropped into a SimpleXML object that includes total distance, total calories burned and data on the most recent run.