Developing applications has become simpler and simpler these days and the multitude of IDEs out there can help you keep all of your files organized and linked together so you know everything is in its place. There's one thing that only a handful out there can do, though - enforce coding standards. Thankfully, there's a tool that can help you keep your code following down the right path and PHPBuilder.com has a new tutorial about using it - PHP_CodeSniffer.

Although defined according to formal grammar and syntax, programming languages -- like their spoken counterparts -- often leave their users with a great deal of leeway for creative expression. [...] It can even be singularly counterproductive if you do not maintain stylistic consistency across projects, as you'll need to continuously re-acclimate to differing syntactical variations.

The PHP_CodeSniffer tool runs your code through a validation process and checks its structure against a coding standard (like the PEAR standard) and ensure it's formatted correctly. The tutorial shows you how to use the "phpcs" executable to test PHP, Javascript and CSSS files (using the Squiz standard).

On the PHP Security Blog today, there's This post with a little bit different take on the International PHP Conference - of course, more from the security side of things.

I really enjoyed my stay, because I learned a lot about how the german PHP community ticks and what information they miss in my documentation. However from a security point of view the PHP conference was a nightmare...

The NH Hotel had a open and free WLAN during the conference days, which I consider quite stupid at a place where lots of IT people are meeting. The connection to the internet was quite slow, so the danger of a large scale anonymous attack was quite low, but a lot of people were using the anonymity to perform XSS and SQL injection attacks on websites of other visitors.

While this dosen't have much to do with PHP itself, it is interesting to see that there was enough XSS and SQL injections going on to get noticed. Granted, some of it was probably at the request of someone else for testing purposes, but there's still potential there. I think the PHP Lounge was a good idea if for nothing else than providing developers with a sounding board for these kinds of issues, a way for them to have others help them test...

On the PHP Security Blog today, there's This post with a little bit different take on the International PHP Conference - of course, more from the security side of things.

I really enjoyed my stay, because I learned a lot about how the german PHP community ticks and what information they miss in my documentation. However from a security point of view the PHP conference was a nightmare...

The NH Hotel had a open and free WLAN during the conference days, which I consider quite stupid at a place where lots of IT people are meeting. The connection to the internet was quite slow, so the danger of a large scale anonymous attack was quite low, but a lot of people were using the anonymity to perform XSS and SQL injection attacks on websites of other visitors.

While this dosen't have much to do with PHP itself, it is interesting to see that there was enough XSS and SQL injections going on to get noticed. Granted, some of it was probably at the request of someone else for testing purposes, but there's still potential there. I think the PHP Lounge was a good idea if for nothing else than providing developers with a sounding board for these kinds of issues, a way for them to have others help them test...