PHPBuilder.com has the latest in their series looking at beginner level PHP and some of the core concepts that go with it ("The ABC's of PHP"). This latest tutorial looks at string and text handling.

In the last part of this series we looked at what a variable was in general. Today we'll be covering strings and text. We'll look at the contents those variables would typically hold.

Topics include the differences between single and double quotes, appending to a string and special characters (like line feeds and tabs). Code snippets are provided for each to help you visualize what they mean.

Rob Allen has posted this look at using hooks inside of action helpers (a follow-up from his previous article on action helpers):

Hooks are a feature of action helpers that allow you to automatically run code at certain points in the dispatch cycle. Specially, there are two hook functions available for action helpers: preDispatch and postDispatch. These allow you to ensure that some functionality is always run for each request.

He creates a simple action helper that grabs a random quote from an array and drops it into a property of the helper. By defining a preDispatch method inside of the helper, the HelperBroker knows to pull the method in an execute it immediate before the rest of the actions are executed. A calls to addHelper with the hooks defined is all it takes to glue it together with the execution.

Evan Sims has posted about the launch of a CodeIgniter-driven application that brings the bash.org quoting abilities to the world of Twitter.

Today marks the launch of TwitterBash, a concept conceived and design by my good friend Judson Collier. [...] TwitterBash takes the concept of the long Internet-famous bash.org, which allows folks to post snippets and quote conversations from IRC, and applies it to Twitter. Just sign up for an account, then head to the submit page. Pop in the permalink for a tweet you want to quote and you're done.

The site runs on the PHP5 CodeIgniter framework allowing for fast and easy development. There's already a pretty good amount of content, so go over and check it out (and submit some of your own).

Christopher Jones has posted about an update to the development for PHP 5.3 that makes escaping SQL even easier in scripts - NOWDOCS.

Escaping quotes or other meta characters in SQL can be painful unless you get lucky with your quoting style. [...] Even with PHP's "Heredoc" syntax something will need escaping, but with PHP 5.3's new "Nowdoc" syntax no escaping is needed.

The only difference between HEREDOC and NOWDOC is that the initial keyword (like the first END in this statement: <<<'END' text here END;) that can make worrying about complex quoting rules a thing of the past.

Gareth Heyes has a quick new post to his blog today about the use of htmlentities and the false assumptions some developers have about it:

When someone uses htmlentities I've seen it time and time again that they expect that it filters variables from all XSS. This is wrong of course because the function requires a second parameter ENT_QUOTES which correctly replaces quote characters. Some developers aren't even aware that quotes can lead to XSS injection.

He reminds developers of the second parameter - the ENT_QUOTES parameter that correctly replaces quotes. Other people have mentions things in the comments as well like another optional parameter to force an encoding type and opinions about the function's use.

Terry Chay has some of his own comments surrounding the latest episode of the Pro::PHP Podcast, an interview with Ed Finkler about the state of PHP security.

Ed Finkler agrees with me. Thanks Ed. :-) Listen to the podcast. It's a realistic assessment of the state of security in PHP.

He also includes a favorite quote from the podcast (as said by Ed):

If web developer doesn't understand common security issues they shouldn't be considered developers...[Web applications] essentially are dealing with data that someone is inputting there. As a developer of web applications, you are essentially stewards of that data.