Jani Hartikainen has put together a handy script for those out there that like what the Zend Framework is all about but don't really need the whole thing to get the job done. If that's you, this script might be just what you need.

Did you ever want to use just a single component from Zend Framework, but couldn't figure out which files you needed? Well, here's a solution: Zend Framework packageizer script! Just pick the class you want, and you'll get it and all its dependencies in a nice zip file for you to consume.

The packager uses the tokenizer functionality PHP offers natively to look through the files for the package you're after and finds all of the files that might need to be included and pulls them right along into the zip file.

Kevin Waterson has posted a new article to his site today - an introductory look at security in your PHP applications.

One of the great benefits of PHP is its ease of access to new-comers. Its entry level is minimal and so attracts those looking for simple scripts to their sites. It is this same ease of access that becomes a problem as the new-comers begin to deal with input from users. Failure to adequately validate and sanitize data is the leading cause of security problems when dealing with PHP.

He looks at a few different areas that developers need to focus on (and be sure to filter on) like PHP_SELF, protection from email header injections, file inclusion and the use of error reporting to make handling user-generated errors "more correct".

Federico Cargnelutti has posted an interesting overview that graphically shows outlines for a few major PHP projects showing where the includes are coming from.

The includes of the system map out the dependencies of the system, which files depend on which, which subsystem depends on which. When working with a system, it's always useful to map out the dependencies before hand.

The software he's created the images for include WordPress, phpBB, and a few frameworks - Symfony, Zend Framework and CakePHP. He used the Inclued and Graphviz software to make the charts.

On his blog, Jaisen Methai posted about a very handy feature of PHP5 - the __autoload function.

It's one of the gems in PHP that I find to be relatively under used. It's common for PHP applications to break out classes into their own files. This becomes cumbersome when working on large projects as you wind up with numerous include/require calls for any given page.

He shows an example of its usage (loading class files dynamically from a specified directory) and mentions how it can help to make your code a lot less ugly. Comments on the post range in topics - from comparing it to include paths, how the idea was borrowed from PEAR, and how proper naming conventions can make its use even easier.

Matthew Turland is looking to "save you some grief" by pointing out an issue he recently had trouble with and eventually found out was a bug in PHP.

It's pretty rare that I encounter a bug in the software I run that hampers my ability to work or my server environment's ability to function normally. However, I encountered one last week that has taken me and several Rackspace support technicians nearly a week to figure out, namely PHP bug #43677.

The issue was that PHP seemed to be "forgetting" the include_path in the current script (not Apache). The bug has been found in PHP 5.2.5 (and possible in all of the 5.2.x releases as well). The problem has been fixed in the latest CVS version and a patch has been created for those that want to correct the problem right away.

In this DevX tutorial, Octavia Anghel shows how use PHP to create images based on the SVG libraries available to any browser.

Scalable Vector Graphics (SVG) is an XML specification for producing vector-based graphic content that you can create, modify, and manipulate dynamically from programming languages. Here, you'll explore the most important techniques and libraries for integrating SVG with PHP to create diverse graphic content'"from simple shapes to complex graphs.

They show a few different ways to get the job done including a straight 'echo' call with the output, sending a converted SVG document over with a PHP header or including another (or multiple) SVG documents into another and outputting them. They also talk about tools like the phpHtmlLib library, the PEAR::XML_SVG package and the PEAR::Image_Canvas package.

Cal Evans came up against a problem earlier in his development work - issues when he was trying to get his old include path.

What you SHOULD get back is a string describing your old include path. If you get false, you have hit the problem I hit last night. I went so far as to recompile 2 difference versions of Apache thinking (almost correctly) that it was something that had changed in my Apache config files.

If you're one of the "falsers" out there, check out the rest of his post of his solution around the problem. His problem stemmed from his trying to reassign a php_admin_value (instead of php_value where the script could override it) setting, specifically the one for the include_path.

He also points out that Zend Framework users might keep an eye out for this problem too as the Zend_Loader package changes the include path at times.

Matthew Weir O'Phinney notes today that the Zend_View_Enhanced and Zend_Layout components for the Zend Framework have officially joined the core.

With these two components, you can now create some truly complex views for your application with relative ease. [...] By having these as a standard part of the library, there are now standard ways to perform these tasks -- meaning consistency between applications.

He gives some brief examples of the use of the two newly included components: echoing out a DOCTYPE, adding a script to be loaded in the header and a more complex layout with a header, meta data, content and a footer section.

A new tutorial on DevShed today takes a look at a handy bit of functionality that's included with PHP5 - the automatic autoloading of classes.

As you might know, the "__autoload()" function, when used in a clever way, can eliminate almost completely the need to use the "require()/require_once()" and "include()/include_once()". [...] Now is the perfect time to move forward and start learning how to put the "__autoload()" magic function to work for you, and load your classes without having to include them manually into your PHP 5 object-oriented applications.

They show the more traditional approach with a code example (just using the require/include method) then show the difference in using a custom defined autoload function to tell the script where to find the libraries.

On the PHP Discovery blog, there's a new post reminding PHP developers of some of the more dangerous ways that remote execution could effect your site and some of the common entry points it can have.

PHP has numerous ways to execute raw PHP code unless you the programmer stops it. Best way in preventing these methods is making sure you check the input of what your users are inputting, and making sure you escape all malicious actions that a hacker,cracker, kiddy scripter might want to do to your website.

He summarizes four of the things from the Pro PHP Security book from Apress (by Chris Snyder and Michael Southwell) that can leave holes in you application for would-be explots - preg_replace, shell_exec/exec, eval (which we all know is only one letter from "evil" anyway) and require/include.