Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Alejandro Celaya:
Properly passing data from outer layers of a PHP application to the use case layer
Oct 17, 2017 @ 14:14:57

Alejandro Celaya? has a post to his site sharing some of his experience and advice about how to properly pass data from the outer layers of an app to the "use case" layer. In this situation, the "use case" layer is where most of the processing is happening (versus controllers, views, etc).

Lately, I've been digging a lot in different ways of improving software architecture. Mainly subjects like Clean Architecture, Domain Driven Design, and such.

Those topics cover a lot of advanced and complex practices, but today, I want to talk about a simpler subject. What is the best approach to pass data from outer layers of the application (actions, controllers, async jobs, CLI commands...) to services that are part of the use case layer, by taking advantage of some of the practices promoted by those subjects.

That's a task which is present in any kind of application and is very important to get properly done. You usually need to get data from different origins (a HTTP request, the input of the command line...), filter and validate it, and then use it to perform some kind of task.

He starts off by talking about some of his own previous attempts, starting with a tweet asking where filtering and validation should happen in applications. He then talks about a better approach that makes use of value objects for moving data between service layers. He then walks through a more real-world example (case study) making use of these value objects to handle a user password change.

tagged: passing data tutorial valueobject object layer processing validation filtering

Link: https://blog.alejandrocelaya.com/2017/10/16/properly-passing-data-from-outer-layers-of-a-php-application-to-the-use-case-layer/

Eric Ritz:
BOTW: PHP Array Filtering (Book Review)
Jul 25, 2013 @ 15:35:30

In a new post to his site Eric Ritz shares a book review of Sam Hennessey's "PHP Array Filtering" ebook in his "Use Case" series.

This week I read “PHP Array Filtering” by Sam Hennessy. My intent was to read another book but in the middle of the week Mr. Hennessy asked me to check out his book. I don’t know the author and we’d never spoken before, so I was surprised. I find it humbling when anyone asks my thoughts on anything programming related, so because of that - and since the book is a short read anyways - I decided to write about it today and write about my previous choice next Sunday.

Eric walks through some of the contents of the book noting that, because of the vast amount of array support in PHP, is probably a viable topic on its own for an ebook. He goes through the sections of the book, picking out specifically picking out the filtering section (main topic of the book and all). He also points out a few problems with the book, two things that were suggestions, not really errors. He recommends it for what it is, though - a reference book for those working with arrays.

tagged: ebook review samhennessey array filtering

Link: http://ericjmritz.wordpress.com/2013/07/21/botw-php-array-filtering

Rafael Dohms' Blog:
Filtering objects using annotations
Aug 12, 2011 @ 15:04:37

Rafael Dohms has an interesting new post to his site today looking at a library he's developed (inspired by the Symfony Validation library) to help filtering values with rules defined in annotations.

PHP does not have native Annotations support, however many projects have been using doc blocks to add value and semantics to code, like PHPUnit, Doctrine and Symfony. The Doctrine did a really good job in making available a Annotation parser kit, which allows you to bring the power of annotations into you own project. This opens up a few possibilities.

He shows the current use of the Validation library with a sample check of a $name variable for "not blank". His tool, DMS, extends this functionality and gives you access to both custom filtering methods and standard PHP functions to filter the resulting variable value. He includes an example showing two variables with filters StripTags, StripNewlines and Trim as well as the code to execute the filtering. You can get the library either ready to integrate with Symfony/Doctrine or as a standalone tool.

tagged: filtering symfony annotations validation library

Link:

Juozas Kaziukenas' Blog:
HTML filtering and XSS protection
Mar 23, 2009 @ 15:21:49

Juozas Kaziukenas has an example of how to keep you and your application's data safe from prying eyes by filtering input with the HTML_Purifier package.

It’s really hard to decide what data is acceptable, especially when user has permission to insert HTML content through form. [...] However, problem can be solved, and quite easily. Almost a year ago I was reading some random blog when I find out about HTML Purifier. Basically, it’s library which can filter and fix any HTML.

He gives an example - running a web scraping tool against a site with malformed HTML. By running it through the HTML_Purifier package first, the errors were corrected and the "more correct" HTML source could be parsed easily. The package also helps to protect from XSS attacks via a whole set of filters included by default.

tagged: html filtering xss protection htmlpurifier package

Link:

Stubbles Blog:
Stubbles 0.1.0 released
Apr 30, 2007 @ 18:07:00

The Stubbles framework team has released the latest version of their framework today - Stubbles 0.1.0:

The Stubbles team is proud to announce the release of Stubbles 0.1.0. This release is a first alpha version and contains the basic features of Stubbles like the Extended Reflection API, XML handling with XMLStreamWriter and XMLSerializer, Logging, Event handling, support for filtering and validating user input and session handling. The release additionally contains parts of packages that we announced to be in the next milestone 0.2.0.

The Stubbles framework is one that seeks to "combine your favorite features from other programming languages and frameworks" and is flexible enough to allow for easy interfacing with other frameworks/components like PEAR or the Zend Framework.

tagged: stubbles version release reflection xml log event filtering session stubbles version release reflection xml log event filtering session

Link:

Stubbles Blog:
Stubbles 0.1.0 released
Apr 30, 2007 @ 18:07:00

The Stubbles framework team has released the latest version of their framework today - Stubbles 0.1.0:

The Stubbles team is proud to announce the release of Stubbles 0.1.0. This release is a first alpha version and contains the basic features of Stubbles like the Extended Reflection API, XML handling with XMLStreamWriter and XMLSerializer, Logging, Event handling, support for filtering and validating user input and session handling. The release additionally contains parts of packages that we announced to be in the next milestone 0.2.0.

The Stubbles framework is one that seeks to "combine your favorite features from other programming languages and frameworks" and is flexible enough to allow for easy interfacing with other frameworks/components like PEAR or the Zend Framework.

tagged: stubbles version release reflection xml log event filtering session stubbles version release reflection xml log event filtering session

Link:

Zend Developer Zone:
Two Security Tips - Naming Scheme & Input Filtering
Mar 08, 2007 @ 15:26:00

The Zend Developer Zone has posted two more handy security tips - one concerning file/directory naming and the other about input validation.

From the first tip:

Don't rely on obscure names to keep your application safe. You should always check permissions, test for vulnerabilities with testing tools and keep an eye on your log files for suspicious activity. When designing your applications and web sites though, don't make it easy for bad people to do bad things. Don’t use default or common names for your files and directories.

And from the second:

It's a sad fact of life but users are evil. Users want nothing more than to find a way to exploit your application. As soon as you let your guard down and start thinking "I'm only selling small stuffed animals so how evil can my users really be?" you've lost the battle.

You can catch up on these and the other previous security tips on this page on the Zend Developer Zone website.

tagged: securitytips naming scheme file directory input filtering securitytips naming scheme file directory input filtering

Link:

Zend Developer Zone:
Two Security Tips - Naming Scheme & Input Filtering
Mar 08, 2007 @ 15:26:00

The Zend Developer Zone has posted two more handy security tips - one concerning file/directory naming and the other about input validation.

From the first tip:

Don't rely on obscure names to keep your application safe. You should always check permissions, test for vulnerabilities with testing tools and keep an eye on your log files for suspicious activity. When designing your applications and web sites though, don't make it easy for bad people to do bad things. Don’t use default or common names for your files and directories.

And from the second:

It's a sad fact of life but users are evil. Users want nothing more than to find a way to exploit your application. As soon as you let your guard down and start thinking "I'm only selling small stuffed animals so how evil can my users really be?" you've lost the battle.

You can catch up on these and the other previous security tips on this page on the Zend Developer Zone website.

tagged: securitytips naming scheme file directory input filtering securitytips naming scheme file directory input filtering

Link:

Zend Developer Zone:
PHP Built in Input filtering
Oct 31, 2006 @ 18:51:00

The Zend Developer Zone has a new tutorial posted today by Pierre dealing with one of the things becoming (and should have always been) important to PHP developers - filtering input. Specifically, it deals with using the Filter extension built into PHP 5 to take care of anything malicious or incorrect that the user might throw at the application.

Security becomes the top priority (or activity) of many PHP developers. Its place and importance keeps growing in every single project, open source or commercial. Every conference provides a talk about security and you can read PHP security on the magazine cover pages.

The article is broken down into different sections, including:

  • Don't trust external data
  • Why Filter?
  • How does it work?
  • Prerequises/Installation/Considerations
And, of course, what would a tutorial be without some examples. Pierre shows a simple form that filters, a sanitizing form, and some more complex processing using a callback.

tagged: tutorial input filtering extension php5 example tutorial input filtering extension php5 example

Link:

Zend Developer Zone:
PHP Built in Input filtering
Oct 31, 2006 @ 18:51:00

The Zend Developer Zone has a new tutorial posted today by Pierre dealing with one of the things becoming (and should have always been) important to PHP developers - filtering input. Specifically, it deals with using the Filter extension built into PHP 5 to take care of anything malicious or incorrect that the user might throw at the application.

Security becomes the top priority (or activity) of many PHP developers. Its place and importance keeps growing in every single project, open source or commercial. Every conference provides a talk about security and you can read PHP security on the magazine cover pages.

The article is broken down into different sections, including:

  • Don't trust external data
  • Why Filter?
  • How does it work?
  • Prerequises/Installation/Considerations
And, of course, what would a tutorial be without some examples. Pierre shows a simple form that filters, a sanitizing form, and some more complex processing using a callback.

tagged: tutorial input filtering extension php5 example tutorial input filtering extension php5 example

Link:


Trending Topics: