Tony Bibbs has posted a mini-case study about how, at his work, they cut their use of the Zend_Log component of the Zend Framework in half:

As part of the framework we use at work, we borrow what we feel are the best components out there and logging is a key part of that. Logging should be simple to setup, easy to use and should minimize work on the developer. After all, you are going to do a lot of logging, right?

He shows how, with a few changes to how they log (creation of a custom logger), it reduces the number of calls to load a Zend_Registry object each time something needs to be recorded. His code is included in the post along with examples of it in action.

In his latest blog entry, Ilia Alshanetsky has proposed (and provided) a patch that can help with one of the more abused of the popular PHP functions out there - mail().

One of the problems with solving the mail() abuse is figuring out who is doing it or perhaps what script was exploited to do it, since the mail() function does not offer any logging mechanism.

To address this problem, he's supplied this patch you can apply to your source to add two new options to the mail function:

• enable the addition of the X-PHP-Originating-Script header
• mail.log (takes a filename) allows you to enable logging of every single mail() call

Check out his entry for more details on configuration options and other functionality included with the patch.

In his latest post on the ThinkPHP blog, Andreas Uhsemann steps through a simple conversion he made from using a MySQL database with his application to using PDO on an Oracle system.

At first, one would notice that nothing was happening at all. Just a white screen, and no entries in the error log. Even if one turns on error messages explicitly (you never know the current php.ini settings) with error_reporting(E_ALL), nothing is changing.

He had the connection all set up (manual tnsnames entry and all), but there was something wrong and he couldn't see it. After changing the error reporting level (to no avail), he went for PDO's error handling. The result was an "invalid character" error from the extra semi-colon on the end of the statement.

php|architect's A/R/T article repository has a new tutorial posted today with a look at logging in your application (the entire application) with the help of the Zend Framework by Stefan Koopmanschap.

There are different reasons for logging information, different strategies for what and how to log, and of course different ways of implementing it. This article will look at why you would want to log, what you want to log and how to do it.

They introduce application-level logging, how it can help, what it can show you, and how it can make finding security issues even easier. They get into the code a bit later on, showing how to use the Zend file functionality to write out to a simple log file. They enhance it with a bit more information in the message, and show how to set a prefix/suffix to each line automatically (like a timestamp and a newline).

On the SitePoint PHP blog today, Maarten Manders talks about some updates he made to the "pretty blue screen" created originally by Harry Fuecks to handle more error types.

I modified it to handle errors as well and added some features which make it useful in productive systems as well: Error logging, Error Mailing, and Configuration.

The script logs or mails unique errors only once to prevent your log file or mailbox to be spammed with the same error again and again. It also takes care of the error level including shutup operator. It's a little bit hacky but did well on our dev servers (where errors tend to happen) in the past few weeks.

The link to grab this latest version of a handy bit of functionality is here - two different files, one for the error handler and one for the exception handler. He also includes a sample code snippet of how to use it.

As was mentioned in one of his previous blog posts, Sebastian Bergmann has been working up his own PHP version of an aspect-oriented framework. According to this new post, he's already done some work on the project and has created a page with more information.

As I wrote earlier, I am not satisfied with the Current State of AOP for PHP and started to work on AspectPHP a while ago. Today I am going to share my ideas on the subject.

What sets AspectPHP apart from other implementations of Aspect-Oriented Programming is its simplicity: aspects are plain PHP classes that declare pointcuts using annotations.

He gives an example of this kind of functionality, including a bit of code to illustrate. The example logs all method calls and, in this case, simply outputs them to the browser.

Unfortunately, he also mentions that, at this time, he doesn't have any code for the framework that he can release, but you can check out the site he's created for more information.

PHPit.net is back today with another new tutorial - this time it concerns the safe handling of passwords in your PHP scripts.

If you're ever going to create a script that involves users or passwords, which is very likely, you'll probably run across security issues with handling the passwords. You can't just store the passwords in clear text in your database, and great care must be used when managing the passwords (for example during login).

In this article I will show you everything that you have to think about when handling passwords in PHP, and how to solve some common problems.

They offer suggestions like storying them hashed (md5 or sha1), protecting them with a salt, SSL certificates, and how to manage their use with things like cookies and sessions.

On his blog today, Sebastian Bergmann has posted this quick entry about a cool feature of the upcoming version of PHPUnit - a graphical representation of the test execution.

Another new feature of the next version of PHPUnit is the ability to generate a graphical visualization of the test execution using GraphViz.

This graph (SVG version), for example, shows the graphical visualization for the execution of the tests declared in the MoneyTest sample that comes with PHPUnit.

The MoneyTest sample mentioned comes with the PHPUnit download, but the code was altered to cause it to fail. You can see the result in this graphic...

From the PHP Security Blog today, there's this look at a way to not configure your logging in PHP - some issues that he points out in the examples from the recent "Essential PHP Security" book.

Today I had the pleasure to look at code examples from a recently released book. I guess readers of my blog know exactly what book I am referring to.

I will only cover the first 2 code examples that explain how to configure and use PHP's logging capabilities for now because they [...] reveal some nice insights.

The first example he talks about some issues with using ini_set to put the errors logged in the Apache error_log. His issue with the method being the permissions on the log file (assuming a "sane configured webserver"). The second issue is in another example, one that tries the same logging method, but uses the set_error_handler method to do so...