News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Hari KT:
Aura Input Form Inside Slim Framework
September 08, 2014 @ 10:55:13

Hari KT has a new post to his site today showing how you can integrate the Aura PHP components into a Slim framework application for input handling, like from a form. Aura PHP is a set of decoupled components for things like CLI handling, dependency injection and SQL requests (among others).

Rob Allen wrote about Integrating ZF2 forms into Slim. I did write how you can use Aura.Input and Aura.Html to create standalone form for PHP. This time I felt I should write about integrating aura input inside Slim.

He includes the Composer configuration to install the HTML and Input components as well as an up-to-date version of the Slim framework. Code showing how to create the form class (a "Contact form") is included, showing both the creation of the elements and the filtering/validation checks put on each. He shows how the Slim routes would handle the request as well as how the view processes the request and displays the form via a helper. You can get the full working code in this repository over on GitHub.

0 comments voice your opinion now!
auraphp framework slim form input html tutorial

Link: http://harikt.com/blog/2014/09/02/aura-input-form-inside-slim-framework/

Greg Freeman:
Processing data with PHP using STDIN and Piping
November 18, 2013 @ 10:24:56

Greg Freeman has a post today looking at using streams and STDIN in PHP to handling incoming data (like to a CLI script).

PHP streams are still lacking in documentation and are rarely used compared to other PHP features. This is a shame because they can be really powerful and I have used them to gain a lot of performance when doing things such as processing log files. One of the more powerful features of Linux is the ability to pipe in data from another program, it's often faster to offload tasks to an existing linux user space program than to do it in PHP and the added benefit is that you gain multi core processing which is not possible with standard PHP.

He talks briefly about the "pipe" character and how it allows you to send the output from one command to another. He shows how to mimic this same kind of input handling in PHP using the "php://stdin" stream and a fopen function call. He gets a bit more in-depth into how the streams work (blocking) and a bit of configuration and data you can get about the current streams. The post finishes with an example of a non-blocking input handler that will automatically end execution if no data is given within three seconds.

0 comments voice your opinion now!
data process stdin input handling tutorial pipe

Link: http://www.gregfreeman.org/2013/processing-data-with-php-using-stdin-and-piping/

Paul Jones:
Aura Has New Releases Input, Sql, and View
September 18, 2013 @ 09:58:54

As Paul Jones mentions in his most recent post (pulled from the Aura blog), the Aura framework has some new releases of its component packages - specifically Input, Sql and View.

On the heels of last week's slew of releases, we have three followups! The Aura.Input package got a feature-level bump to 1.1.0, with a new FormFactory. Thanks to Hari KT for championing that one. Aura.Sql is now at 1.3.0, due to lots of work from MAXakaWIZARD to provide SQLite- and PostgreSQL-specific query objects. Finally, the Aura.View package got a bugfix and is now at 1.2.1; it handles content-type negotiation better for those times when there is no Accept header.

If you'd like more information about the Aura framework, check out the project site or each of the packages that make it up. Aura is a decoupled set of components without additional dependencies.

0 comments voice your opinion now!
aura framework release input sql view component dependency

Link: http://paul-m-jones.com/archives/4731

David Müller:
Why URL validation with filter_var might not be a good idea
September 20, 2012 @ 08:09:31

David Müller has a new post to his site today showing why validating URLs with filter_var is a good thing for the security of your application.

Since PHP 5.2 brought us the filter_var function, the time of such [regular expressions-based] monsters was over. [With] the simple, yet effective syntax [and] with a third parameter, filter flags can be passed, [...] 4 flags are available [for URL filtering].

He shows how to use it to filter out a simple XSS issue (a "script" tag in the URL) and some examples of issues that the filter_var function doesn't prevent - like injection of other schemes (like "php://" or "javascript://"). He recommends adding a wrapper around the method to check for the correct scheme (ex. "http" or "https" for URLs) and reminds you that filter_var is not multibyte capable.

0 comments voice your opinion now!
filtervar url validation security filter input


PHPMaster.com:
Input Validation Using Filter Functions
June 01, 2012 @ 15:53:28

On PHPMaster.com today there's a good tutorial that gives you some methods to do one of the most important things in any application - validating input. Their examples show how to use some of PHP's own filter functions to accomplish this.

Filter functions in PHP might not be sexy, but they can improve the stability, security, and even maintainability of your code if you learn how to use them correctly. In this article I'll explain why input validation is important, why using PHPs built-in functions for performing input validation is important, and then throw together some examples (namely using filter_input() and filter_var()), discuss some potential pitfalls, and finish with a nice, juicy call to action.

He talks about why validation is important to protect your application (and users) from malicious things like cross-site scripting. He emphasizes the use of PHP's own filter methods because they are established and, well, included in the language - no additional libraries needed. Example code is included showing how to use them to filter email addresses and check that something is an integer.

You can find out more about these functions on their manual pages: filter_input, filter_var.

0 comments voice your opinion now!
input validation filter tutorial bestpractice filtervar filterinput


DevShed:
Sanitizing Input with PHP
December 13, 2011 @ 11:49:31

DevShed.com has a new tutorial posted today looking at how to sanitize data in your application, specifically data coming from the user, when calling shell commands.

Neglecting to sanitize user input that may subsequently be passed to system-level functions could allow attackers to do massive internal damage to your information store and operating system, deface or delete Web files, and otherwise gain unrestricted access to your server. And that's only the beginning.

He starts with a "real world" example of non-filtered data that could pass through a "rm" command and erase your entire drive. He offers two solutions for preventing this sort of hack using the escapeshellcmd and escapeshellarg functions.

0 comments voice your opinion now!
sanitize input shell command tutorial escapeshellcmd escapeshellarg


Reddit.com:
How do YOU sanitize input?
November 03, 2011 @ 11:04:02

On Reddit.com there's a recent post that asks the question How do YOU sanitize input in your PHP applications?

I am developing some software for my high school using HTML, CSS, MySQL, and most importantly PHP. [...] So I pose this question, what is YOUR favorite way to sanitize input for inserting, updating, or selecting from a database? Also, is there any way you prefer to verify that input is of a certain type, and only of that type ie, if you're expecting an int or a string, how would you make sure you are receiving one?

Answers on the post touch on things like:

0 comments voice your opinion now!
input sanitize database filter opinion


DeveloperDrive.com:
Common Mistakes to Avoid When Coding in PHP
October 19, 2011 @ 09:17:59

On the DeveloperDrive.com site today, there's a new post with a few reminders for PHP developers out there of things it's easy to forget when writing your applications - some common mistakes to avoid.

Despite the high expectations placed on them at times, developers are human. They were the last time we checked anyways. As humans, we are bound to make mistakes from time to time. And simple, common mistakes often slip past our filters the more comfortable we become with something. [...] But knowing what these common mistakes are and how to avoid them can really help speed up the development process and keep our clients smiling.

His list includes three big ones that, if forgotten, could end up being detrimental to your application (sooner or later) - poor housekeeping/organization of code, forgetting punctuation and forgetting to validate input from users.

0 comments voice your opinion now!
common mistake development organization syntax filter input


DeveloperDrive.com:
What Web Developers Need to Know About Cross-Site Scripting
October 17, 2011 @ 13:39:23

On the DeveloperDrive.com site there's a recent post anyone wondering about cross-site scripting should give a read. They introduce you to the basic concept and two things you can do to help prevent them.

This little fable describes the most common vulnerability found in web sites, the Cross Site Scripting (XSS) attack. According to a report from WhiteHat Security 83 percent of websites they tested have had at least one serious vulnerability and 66 percent of all websites with vulnerabilities are susceptible to XSS attacks making it the most common vulnerability web developers face. To fix this, it takes 67 days on average. Tools like WebScarab and Paros Proxy can be used to scan sites for possible vulnerabilities.

They offer two simple pieces of advice that it's all too easy to forget when developing applications - validate all user input to ensure it's what it should be and escape any untrusted output (even sometimes your own!) before pushing it out to the page.

0 comments voice your opinion now!
crosssitescripting xss introduction validate filter input output advice


Amazium Blog:
PHP in the Dark Input/Output
September 05, 2011 @ 11:25:32

On the Amazium blog Jeroen Keppens has a recent post looking at some of tools available to you when needing to filter input and escape output in your applications. This post specifically covers filtering on command line applications.

When you need data input in a web context, you send a GET/POST request to your script. On the command line, things work differently. In this blog post, we will talk obout input and output in php-cli.

The post is broken up into a few different sections:

Tools mentioned include everything from getopt and PEAR's' Console_Getopt out to using file descriptors and working with readline.

0 comments voice your opinion now!
input output filter arguments readline options



Community Events





Don't see your event here?
Let us know!


list language bugfix laravel interview framework release code introduction series conference api development podcast community symfony threedevsandamaybe deployment zendserver tips

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework