News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

The Code of a Ninja:
Salt, Hash and Store Passwords Securely with Phpass
June 16, 2014 @ 11:15:37

In this post to the CodeOfANinjs.com site, they walk you through password hashing, salting and storage using the PHPAss tool from OpenWall. The post itself is a bit older, but the content still provides a good example to teach the basics.

I think the main reason why we have to hash passwords is to prevent passwords from being stolen or compromised. You see, even if someone steal your database, they will never read your actual or cleartext password. I know that some PHP frameworks or CMS already provide this functionality, but I believe that it is important for us to know how its implementation can be made.

The tutorial shows you how to use the library and how to store the result in a simple "users" table in a MySQL database. The examples hash the password given from a simple form and use prepared statements (via PDO) to save it to the database. All PHP, HTML and CSS code you'll need - including the login form that checks the username/password - is included. There's also a few screenshots showing what the resulting forms and data should look like.

0 comments voice your opinion now!
phpass tutorial hash salt password storage mysql user

Link: http://www.codeofaninja.com/2013/03/php-hash-password.html

SitePoint PHP Blog:
Dependency Injection with Laravel's IoC
June 05, 2014 @ 11:51:08

The SitePoint PHP blog has a new tutorial posted showing you how to use the Laravel dependency injection container to handle dependencies in you Laravel-based applications. Younes Rafie introduces some of the basic concepts behind dependency injection and the various types to get everyone started on the same level.

As developers, we are always trying to find new ways to write well designed and clean code by adopting new styles, using design patterns, and trying new robust frameworks. In this article we will explore the dependency injection design pattern through Laravel's IoC component and see how it can improve our design.

He includes examples of the three basic types of injection - controller, setter and interface - with brief code examples of their implementation. He goes on to talk about the "Inversion of Control" principle (part of the SOLID set of principles) and how the Laravel dependency injection container helps by binding objects and instances for later retrieval. Code examples for session storage handling (through a MySQL database) are included that are automatically resolved as the class requires them.

0 comments voice your opinion now!
laravel dependency injection container ioc tutorial introduction session mysql

Link: http://www.sitepoint.com/dependency-injection-laravels-ioc

Code Yellow Blog:
What Your Framework Never Told You About SQL Injection Protection
May 23, 2014 @ 13:51:20

The Code Yellow site has recently posted an article pointing out an issue that's all too common in PHP frameworks, more specifically those that bundle some kind of ORM into their functionality. They wonder if your framework is telling you everything about what they're doing to prevent SQL injection.

We've discovered that SQL injection is to this day not a fully solved problem, even in most popular frameworks. In this post, we'll explain how these frameworks fail at escaping parts of a query, culminating in the discovery of a critical vulnerability in the popular Laravel framework which affects a large percentage of applications.

He starts with an illustration using the FuelPHP framework and the protection it offers from garden variety SQL injection attempts. Unfortunately, things start to break down when it gets much past this typical case. They found this same issue to be a wide-spread problem in many PHP frameworks and tools including the Laravel, CodeIgniter and CakePHP frameworks, each with their own ORMs. He also talks about issues with blacklisting and whitelisting and how, sadly, most of the frameworks just don't support it for model data filtering. There's a mention of some of the work they've done to help try and fix the issue (including patches and contacting authors) and some recommendations of how to correctly quote identifiers in SQL statements.

0 comments voice your opinion now!
sqlinjection framework whitelist blacklist identifiers escape prepared statements

Link: http://www.codeyellow.nl/identifier-sqli.html

Edd Mann:
Reversing a Unicode String in PHP using UTF-16BE/LE
May 12, 2014 @ 10:55:00

Edd Mann looks at an issue in his latest post that caused him problems in a recent project, reversing a Unicode string with UTF-16BE/LE.

Last week I was bit by the Unicode encoding issue when trying to naively manipulate a user's input using PHP's built-in string functions. PHP simply assumes that all characters are a single byte (octet) and the provided functions use this assumption when processing a string. [...] You should be aware that in 'Western Europe' we commonly only use the basic ASCII character-set (consisting of 7 bytes). This makes the transition to the popular 'UTF-8' Unicode representation almost seamless, as the two map one-to-one. I wish to however, discuss how to reverse a Unicode string (UTF-8) using a combination of endianness magic and the 'strrev' function.

He provides two different approaches to the problem. The first he calls the "naive" approach because it corrupts characters needing more than the two-byte representation. His second solution, the "endianness" method, converts the string to big-endian first (UTF-16) and then back to UTF-8 for more correct handling.

0 comments voice your opinion now!
unicode string utf8 utf16 bigendian endian convert reverse string

Link: http://eddmann.com/posts/reversing-a-unicode-string-in-php-using-utf-16-be-le

Sameer Borate:
Calculating descriptive statistics in MySQL
April 08, 2014 @ 10:46:22

Sameer Borate has shared some examples of how to generate some meaningful statistics about the contents of your database in a new post to his site today.

Descriptive statistics can be quite useful for simple analysis of records in a database. For example, to calculate average numbers of sales or products for a particular duration, or the Variance of sales for a month etc. We can easily calculate standard descriptive statistic measures in MySQL such as MEAN, SUM, STANDARD DEVIATION, VARIANCE, MIN and MAX using built-in functions.

He includes both the SQL and a bit of PHP code showing how to get these statistics (based on a simple data set of student scores). The PHP is required to more correctly evaluate the median and mode values as it's easier to evaluate those in PHP.

0 comments voice your opinion now!
mysql database descriptive statistics mean sum mode median

Link: http://www.codediesel.com/data/calculating-descriptive-statistics-in-mysql

SitePoint PHP Blog:
Optimizing MySQL
April 04, 2014 @ 11:54:48

The SitePoint PHP blog has posted the first two parts of their "Optimizing MySQL" tutorial series by Peter Nijssen. The first looks at general tips around indexes and the second shows some configuration tips to get the most from your database systems.

MySQL is one of the most used databases in conjunction with PHP. Making sure that your MySQL databases are running at their best is one of the most important aspects you have to consider whenever your web application grows. In this series of 3 standalone articles, we will have a look at how we can optimize our MySQL installation. We will take a look at which optimizations we can perform on our database, on our MySQL configuration and how we can find potential problems when MySQL is not performing well.

The first tutorial walks you through a brief introduction to indexes, shows you how to find duplicates and unused indexes that might be hanging around. The second post deals with the configuration topics using the Percona pt-variable-advisor. They also make use of the MySQLTuner tool for even further enhancement. Finally, the article finishes with a look at cross-server configuration comparison and how to see the differences.

0 comments voice your opinion now!
mysql series performance percona configuration indexes

Link: http://www.sitepoint.com/series/optimizing-mysql/

NetTuts.com:
Refactoring Legacy Code Part 2 - Magic Strings & Constants
April 03, 2014 @ 12:47:46

NetTuts.com has posted the second part of their "Refactoring Legacy Code" series today continuing on from their beginning of the series. They continue the refactor of their "trivia" application.

Old code. Ugly code. Complicated code. Spaghetti code. Jibberish nonsense. In two words, Legacy Code. This is a series that will help you work and deal with it. We first met our legacy source code in our previous lesson. [...] The time for the first changes have come and what better way to understand a difficult code base than start to extract magic constants and strings into variables? These seemingly simple tasks will give us greater and sometimes unexpected insights into the inner workings of legacy code. We will need to figure out the intentions of the original code author and find the proper names for the pieces of code that we've never seen before.

They talk about refactoring out things like "magic strings" and other hard-coded return values and checks. They mention updating the tests to reflect these changes while keeping an eye out for "magic constants" as well.

0 comments voice your opinion now!
refactoring unittest magic string constant trivia

Link: http://code.tutsplus.com/tutorials/refactoring-legacy-code-part-2-magic-strings-constants--cms-20527

Ulf Wendel:
The performance penalty of the early MySQL Fabric support for PHP
March 13, 2014 @ 12:16:23

In his latest post Ulf Wendel looks at the performance issues around the recently introduced MySQL Fabric support included in the mysqlnd extension.

PECL/mysqlnd_ms 1.6 is currently being modified to support sharding and fully automatic server and client failover when using MySQL Fabric (slides) to manage a farm of MySQL servers. PECL/mysqlnd_ms is a mostly transparent load balancer that works with all PHP MySQL APIs (PDO_MySQL, mysqli, ...). The idea is, that if, for example, a MySQL server fails, the plugin talks to MySQL Fabric to learn about alternative servers that Fabric has provisioned automatically. This "talks to" gives implies a performance penalty for applications.

He takes a look at what's happening "behind the scenes" when it comes to using the Fabric functionality and sharding (based on the use of mysqlnd_ms_select_shard). He traces through the execution path and how much slower then end result is. He includes some results from the connection debugging and the number of queries a single request makes.

0 comments voice your opinion now!
mysqlnd performance penalty mysql fabric support

Link: http://blog.ulf-wendel.de/2014/the-performance-penalty-of-the-early-mysql-fabric-support-for-php/

Dougal Campbell:
mysql vs mysqli in WordPress
March 07, 2014 @ 10:59:52

In his latest post Dougal Campbell shares his findings from a bug he was having with a plugin in WordPress. It revolved around the use of mysql or mysqli and errors being thrown to his logs.

The plugin had previously worked fine (it generates a sidebar widget), and I wasn't actively working on my site, so I wasn't really sure when it had quit working. In the course of debugging the problem, I discovered that the plugin was throwing warnings in my PHP error log regarding the mysql_real_escape_string() function. As a quick fix, I simply replaced all of those calls with WordPress' esc_sql() function. Voila, problem fixed.

He was interested in why this worked, though, and went digging in the code. As it turns out, the WordPress code tries to determine which mysql extension you have support for. As it turns out, his installation fit the "mysqli profile" so the "mysql_real_escape_string" wasn't available. To the WordPress users out there, he suggests esc_sql or $wpdb->prepare() instead.

0 comments voice your opinion now!
mysql mysqli wordpress escape string extmysql

Link: http://dougal.gunters.org/blog/2014/03/06/mysql-vs-mysqli-wordpress

Johannes Schlüter:
On rumors of "PHP dropping MySQL"
February 24, 2014 @ 13:44:21

There's been some rumors floating around about the possibility of PHP's MySQL support going away in upcoming versions of the language. In his latest post Johannes Schlüter tries to bring a bit of clarity to these rumors and what's actually being removed.

Over the last few days different people asked me for comments about PHP dropping MySQL support. These questions confused me, but meanwhile I figured out where these rumors come from and what they mean. The simple facts are: No, PHP is not dropping MySQL support and we, Oracle's MySQL team, continue working with the PHP community.

He suggests that the confusion might have come from the recent changes to "soft deprecate" the oldest ext/mysql functionality and warn users against using it in their applications. He talks about the history of MySQL support in PHP and one project that removing it could adversely effect (WordPress).

0 comments voice your opinion now!
mysql support remove rumor extmysql deprecate wordpress

Link: http://schlueters.de/blog/archives/177-On-rumors-of-PHP-dropping-MySQL.html


Community Events





Don't see your event here?
Let us know!


community series refactor introduction install podcast developer language interview release unittest opinion framework laravel threedevsandamaybe wordpress code list configure testing

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework