News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Voices of the ElePHPant:
Interview with Morgan Tocker
March 03, 2015 @ 09:02:54

The Voices of the ElePHPant podcast has posted the latest in their series of interviews with PHP community members. In this new episode host Cal Evans talks with Morgan Tocker,

They talk about Morgan's talk at Sunshine PHP 2015 about tuning MySQL queries using some of the built-in tools). He also mentions some of the newer features of the EXPLAIN handling including more information provided and other metadata provided as a part of the output. They also talk about some of the "cost" data associated with different queries and how they effect performance.

You can listen to this latest episode either through the in-page audio player or you can grab the mp3 and listen to it at your leisure. If you enjoy the interview, be sure to subscribe to their feed.

0 comments voice your opinion now!
voicesoftheelephpant community interview morgantocker mysql

Link: http://voicesoftheelephpant.com/2015/03/03/interview-with-morgan-tocker/

Derick Rethans:
Questions from the Field Should I Escape My Input, And If So, How?
January 27, 2015 @ 09:22:04

In his latest post Derick Rethans shares his answer to a question he was asked at a recent PHP conference regarding the escaping of input before use in a MongoDB query.

At last weekend's PHP Benelux I gave a tutorial titled "From SQL to NoSQL". Large parts of the tutorial covered using MongoDB-how to use it from PHP, schema design, etc. I ran a little short of time, and since then I've been getting some questions. One of them being: "Should I escape my input, and if so, how?". Instead of trying to cram my answer in 140 characters on Twitter, I thought it'd be wise to reply with this blog post. The short answer is: yes, you do need to escape.

He uses the rest of the post to get into the longer answer, a bit more detail about why you should escape and what kinds of things can be done. He points out that, because of how MongoDB queries are created, SQL injection is much more difficult. He does remind you that superglobals can also be used to send arrays too which could lead to unexpected data input. He gives an example of how this would work and why it would be a problem.

So although MongoDB's query language does not require you to build strings, and hence "escape" input, it is required that you either make sure that the data is of the correct data type.
0 comments voice your opinion now!
escape input mongodb phpbnl15 question answer datatype

Link: http://derickrethans.nl/escape-input.html

Rob Allen:
Setting up PHP & MySQL on OS X Yosemite
October 20, 2014 @ 09:43:36

Rob Allen has posted a quick guide to help you get PHP and MySQL set up on Yosemite, the latest version of Apple's OSX operating system (just released last week).

t's that time again; Apple has shipped a new version of OS X, 10.10 Yosemite. Apple ships PHP 5.5.14 with Yosemite and this is how to set it up from a clean install. However, if you don't want to use the built-in PHP or want to use version 5.6, then these are some alternatives [including the Liip binary package, Homebrew or Zend Server 7.x).

He opts for the Homebrew method, installing it first then getting into the PHP and MySQL packages. This is all done from the command-line, so you'll need to be comfortable there. He includes the commands needed to install PHP, MySQL and Apache along with all configuration changes to make them work together. He also shows how to install Xdebug, PEAR, Composer and the Mcrypt & Intl extensions if needed.

0 comments voice your opinion now!
setup osx yosemite mysql homebrew package install apache intl mcrypt

Link: http://akrabat.com/php/setting-up-php-mysql-on-os-x-yosemite/

NetTuts.com:
How to Build Rate Limiting into Your Web App Login
September 22, 2014 @ 11:12:14

In this new tutorial on NetTuts.com, Jeff Reifman shows you how to build rate limiting into your application to help with issues on your login caused by possible brute force attacks.

Since one of the wealthiest corporations in the world [Apple] didn't allocate the resources to rate limit all of their authentication points, it's likely that some of your web apps don't include rate limiting. In this tutorial, I'll walk through some of the basic concepts of rate limiting and a simple implementation for your PHP-based web application.

He starts with a brief look at how (brute force) login attacks actually work and how that relates to the most common passwords used. He splits out the two main approaches to rate limiting in applications: limit based on failures by username or limiting by IP address. He then gets into the actual code examples, choosing a Yii framework-based application for his illustration. He creates a simple "failed login" database table, shows how to log the attempts and includes a snippet to purge items older than (by default) 120 minutes ago. Finally, he includes the code to check the table and see if the username has too many failures listen and, if so, denies them access.

0 comments voice your opinion now!
rate limiting login application tutorial mysql database

Link: http://code.tutsplus.com/tutorials/how-to-build-rate-limiting-into-your-web-app-login--cms-22133

Rob Allen:
Throw an exception when simplexml_load_string fails
September 09, 2014 @ 09:27:13

In a quick post to his site Rob Allen shares a class that he's created to handle and throw an exception any time that the load from a SimpleXML parsing fails.

I keep having to look up how to stop the warning that are emitted when simplexml_load_string & simplexml_load_file fail, so this time I've written the world's simplest little class to take care of it for me from now on.

His "Xml" class wraps around the SimpleXML functionality and checks to see if the resulting object is false. If it is, it uses some internal error handling to fetch the error message result and throws it as a "RuntimeException". This error string comes from a "getXMLErrorString" function that uses the libxml_get_errors function to get the resulting error list.

0 comments voice your opinion now!
simplexml load string file fail exception error handling

Link: http://akrabat.com/php/throw-an-exception-when-simplexml_load_string-fails/

SitePoint PHP Blog:
PINQ - Querify Your Datasets - Faceted Search
August 26, 2014 @ 10:58:22

The SitePoint PHP blog has continued their series showing the use of the PINQ library for PHP (a PHP implementation of the LINQ tool). In part one they introduced the tool and showed how to it could be used to query and sort data. In this second part they move on and show how to perform a multi-faceted search on data from a MySQL database.

We are not going to cover the full aspect of faceted search in this series. Interested parties can refer to relevant articles published on Sitepoint and other Internet publications. [...] Unfortunately, faceted search is not a built-in feature provided by MySQL yet. What can we do if we are using MySQL but also want to provide our users with such a feature? With PINQ, we'll see there is an equally powerful and straightforward approach to achieving this as when we are using other DB engines - at least in a way.

Building from the code from the first part of the series, they create a few more simple routes that let you define the different facets to use for the searching/sorting. He creates a custom facet class that uses the "traversable" handling of the PINQ to do the data manipulation. He creates a few different facet objects, each creating a customized filter. finally, he ties it all back into the endpoint and includes the updated markup to show the results. He finishes up the post mentioning a few limitations and improvements that could be made on the example as well.

0 comments voice your opinion now!
pinq query dataset mysql faceted search tutorial series part2

Link: http://www.sitepoint.com/pinq-querify-datasets-faceted-search/

SitePoint PHP Blog:
How to Create a Unique 64bit Integer from String
August 14, 2014 @ 12:55:33

In the latest post to the SitePoint PHP blog Vova Feldman shows you how to create an integer from a hash string that's both 64 bit and unique each time it's generated.

PHP provides the popular md5() hash function out of the box, which returns 32 a hex character string. It's a great way to generate a fingerprint for any arbitrary length string. But what if you need to generate an integer fingerprint out of a URL?

He describes the real-world situation he was facing - a rating widget that needed a randomized integer based on the page using it - and the two "sub-challenges" that make it up: url canonization and the string to unique 64 bit problem. He tackles each problem and shares code snippets showing the process and how it can be put to use. He also includes some interesting metrics at the end of the post showing the level of hash collisions (hint, it's a very low number).

0 comments voice your opinion now!
unique integer string 64bit tutorial md5 hash

Link: http://www.sitepoint.com/create-unique-64bit-integer-string/

The Code of a Ninja:
Salt, Hash and Store Passwords Securely with Phpass
June 16, 2014 @ 11:15:37

In this post to the CodeOfANinjs.com site, they walk you through password hashing, salting and storage using the PHPAss tool from OpenWall. The post itself is a bit older, but the content still provides a good example to teach the basics.

I think the main reason why we have to hash passwords is to prevent passwords from being stolen or compromised. You see, even if someone steal your database, they will never read your actual or cleartext password. I know that some PHP frameworks or CMS already provide this functionality, but I believe that it is important for us to know how its implementation can be made.

The tutorial shows you how to use the library and how to store the result in a simple "users" table in a MySQL database. The examples hash the password given from a simple form and use prepared statements (via PDO) to save it to the database. All PHP, HTML and CSS code you'll need - including the login form that checks the username/password - is included. There's also a few screenshots showing what the resulting forms and data should look like.

0 comments voice your opinion now!
phpass tutorial hash salt password storage mysql user

Link: http://www.codeofaninja.com/2013/03/php-hash-password.html

SitePoint PHP Blog:
Dependency Injection with Laravel's IoC
June 05, 2014 @ 11:51:08

The SitePoint PHP blog has a new tutorial posted showing you how to use the Laravel dependency injection container to handle dependencies in you Laravel-based applications. Younes Rafie introduces some of the basic concepts behind dependency injection and the various types to get everyone started on the same level.

As developers, we are always trying to find new ways to write well designed and clean code by adopting new styles, using design patterns, and trying new robust frameworks. In this article we will explore the dependency injection design pattern through Laravel's IoC component and see how it can improve our design.

He includes examples of the three basic types of injection - controller, setter and interface - with brief code examples of their implementation. He goes on to talk about the "Inversion of Control" principle (part of the SOLID set of principles) and how the Laravel dependency injection container helps by binding objects and instances for later retrieval. Code examples for session storage handling (through a MySQL database) are included that are automatically resolved as the class requires them.

0 comments voice your opinion now!
laravel dependency injection container ioc tutorial introduction session mysql

Link: http://www.sitepoint.com/dependency-injection-laravels-ioc

Code Yellow Blog:
What Your Framework Never Told You About SQL Injection Protection
May 23, 2014 @ 13:51:20

The Code Yellow site has recently posted an article pointing out an issue that's all too common in PHP frameworks, more specifically those that bundle some kind of ORM into their functionality. They wonder if your framework is telling you everything about what they're doing to prevent SQL injection.

We've discovered that SQL injection is to this day not a fully solved problem, even in most popular frameworks. In this post, we'll explain how these frameworks fail at escaping parts of a query, culminating in the discovery of a critical vulnerability in the popular Laravel framework which affects a large percentage of applications.

He starts with an illustration using the FuelPHP framework and the protection it offers from garden variety SQL injection attempts. Unfortunately, things start to break down when it gets much past this typical case. They found this same issue to be a wide-spread problem in many PHP frameworks and tools including the Laravel, CodeIgniter and CakePHP frameworks, each with their own ORMs. He also talks about issues with blacklisting and whitelisting and how, sadly, most of the frameworks just don't support it for model data filtering. There's a mention of some of the work they've done to help try and fix the issue (including patches and contacting authors) and some recommendations of how to correctly quote identifiers in SQL statements.

0 comments voice your opinion now!
sqlinjection framework whitelist blacklist identifiers escape prepared statements

Link: http://www.codeyellow.nl/identifier-sqli.html


Community Events

Don't see your event here?
Let us know!


library video interview language api version introduction framework example series unittest laravel voicesoftheelephpant php7 list community opinion podcast release laravel5

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework