On the CodeUtopia blog Jani Hartikainen has posted some thoughts on generic collections in PHP and a class he's created to try to introduce them to the language.

Strictly typed languages usually use "generic" collection classes instead of arrays. They are kind of like PHP arrays which the programmer can tell which type of items to accept. This is of course only natural when you don't have dynamic typing, but it can also be useful for avoiding programming errors, so I thought I'd try making a basic generic collection class in PHP...

He shows how ti works with a simple code example - creating a new collection type (a string) and pushing the data into it. Calling the add() method on the string throws an exception because of the data type defined. You can grab the code from his svn repository.

On the PHP in Action blog, there's a new post looking at a recent library that was posted to support type hinting on scalars. They agree with his choice of subjects, noting that they see type hinting as much more useful on scalars than on objects.

I admit that these judgments are hard to make. I could be wrong, more or less. Type hints are probably useful when code becomes stable enough and at the boundaries between modules. But I still tend to avoid using them until I get an actual bug that might have been prevented by a type hint. Their usefulness is and has to be an empirical question. The purpose of using them has to be catching errors earlier, so if they don't have that effect, there's no point.

He lists three reasons why he had given up on type hinting before, one being the limited usefulness when it came to objects. Applying it to scalars is a different matter, though, and can prevent improper passing of array/scalars when the other is needed.

On the Debuggable blog, Felix Geisendorfer shows how to create a string parser that allows you to pull out parts of the string you don't currently want manipulated to be put back later.

If you've ever written any non-trivial String processing code, you've probably ran into the situation where you wanted to exclude certain parts of your string for a certain operation. Usually that would mean you have to tokenize your string, or adjust the operation you want to run so it doesn't affect the part of the string you want to exclude from it. Both of those solutions can be fairly time intensive so I was looking for a shortcut and found one.

He provides the code for this string substitution class, a method substitute() that matches based on a regular expression and, if found, stores the parts for later use.

On the Ibuildings blog Ruud Alberts takes a look at iterators - what they are and how they're used (including the objects the SPL makes available).

Let's kickstart this blogpost by defining what an iterator actually is. According to wikipedia, an iterator is. A collection can pretty much be anything. The most obvious sources would be arrays, but other than that, iterations can be done over database resultsets, strings, datetime intervals, directories, file content and XML listings, to name a few.

He looks at the iterator interface that comes bundled in the SPL and how you can create a custom one to loop through your own data collection. He includes an example - a colorful string iterator that "pretties up" an HTML string with various colors.

Evert Pot has pointed out a handy tool that can make escaping strings in and out of your application simpler - Reform.

Reform is a tool that does exactly this. Reform allows you to escape your data for a javascript, xml, html or vbscript (yes it still exists) context. It provides libraries for Java, .NET, PHP, Perl, Python, Javascript and ASP. Pretty cool!

The utility is simply included into the application an called via the static methods it adds. His example shows the escaping of some output text in a Javascript string to correctly prevent it from falling into an evil XSS scheme.

Henrik continues his look at fluent arrays and strings in PHP with this second part of his series, adding JSON functionality into the mix.

Recently I've had the need to extend the interface further, among other things with JSON support. I've used code published by Nicolas Crovatti to do this.

His example shows how the script works to plot out some points for a table of stats. He follows this with an in-depth look at the different methods making up that fluent call (apply2Field, fill_ret, sum and plot). These make the array that can then be passed off to PHP, using json_encode to make an easy-consumable JSON message out of the results.

On his blog, Jonathan Street has posted some "random thoughts" on generating random (or not so random) strings in PHP.

Humans are astoundingly bad at being random and I just slapped the keyboard a few times until I felt I had the required 16 characters. Writing some code to produce a fairly random string is incredibly easy. I've easily done it a dozen times or more. Though only because it is easier to re-write it than to find where I put the last one

He gives two examples that work, but aren't the best possibilities for making truly random strings - one using mt_rand to select a random character from a string and the other using the same idea but instead using the char() function to replace the string of characters.

His other examples include the use of the uniqid function with the more_entropy setting enabled and an md5 or sha1 hash (for which he gives positives and negtives).

On the ProDevTips blog, Henrik has written up an extensive tutorial with plenty of code examples on working with something inspired by a few other languages - fluent arrays and strings.

I've been working some with jQuery and Ruby lately, as you might know they both have very neat fluent interfaces for writing short and easily understandable code. Especially Ruby's array and string handling should be something that can be done in PHP so I started googling. [...] It's probably very possible that what I'm looking for is already part of some PHP framework or such but I didn't want to spend more time looking than being productive.

Based on some Ruby examples, he defines a set of functions that can be use to create these fluent interfaces to the common PHP variable types (contained in a class for easy use). The entire source can be downloded here.

As Michael Kimsal points out, there's a new posting on his brother Mark's blog talking about alternatives to addslashes() in your applications.

I've seen a lot of people talking about mysql_real_escape_string() vs addslashes() vs addcslashes(). There seems to be a lot of real confusion about what these functions do (even with the php.net manual around), especially when it comes to character sets. [...] So, I've decided to lay it all out in a few charts so there is no confusion about what each function does and how each can help protect against SQL injection attacks.

He ran some tests based on what the function does to see if it helps with certain things like "escapes with single quotes instead of backslash" and "prevents multi-byte attacks". He compares the speed and testability of the functions as well as provides a multi-byte breakdown oh how the mysql_real_escape_string function works with different character sets.

Alex Netkachov has updated a post he made a while back (in 2006 in fact) about making Windows batch files (.BAT) that would do the same thing as some of the functions in PHP. He's added two more to it today - one for string replace and another for splitting a string.

The replace is as simple three line call, much the same as PHP's and the split call, while a bit more complex, is still pretty straight forward (it just needs a few extra variables).

Other methods in the post include a "switch" method, defining a procedure and updating variable by its name.