To help alleviate some recent complaints about the pseudo-random nature of the random functions in PHP, Scott MacVicar has proposed an alternate solution:
With all these potential different ways to get some pseudo random data it would be hard to do this in native PHP. Now we could do this in C and implement all the code ourselves but why risk implementing our own random functions and potentially making a mistake? The answer is OpenSSL, we already have an OpenSSL module and obviously they have some random functionality built in for when you go to generate SSL certificates.
You can make a call to the openssl_random_pseudo_bytes (in PHP 5.3) to grab the number of bytes you need and pass in a "strong" value to get a more cryptographically secure value.
On DevShed today, there's a new tutorial posted looking at two things that can cause headaches for PHP developers (especially when evaluating and comparing values) - nulls and empty strings.
Anyone who has programmed for any length of time has encountered the concepts of null and empty strings. They are not the same, and confusing the two can cause some serious problems. This article deals with these concepts in the context of PHP and MySQL.
They start with a bit of a quiz before getting into how to handle them correctly - making null "safe" and working with it correctly in a MySQL context. SQL statements and table structures are included for their examples.
Johannes Schluter has posted showing how the new version of Netbeans (with PHP support) offers SQL completion support.
NetBeans 6.5 is soon to be released. After 10 years of NetBeans that's the first version of Sun's OpenSource IDE featuring PHP support. While 6.5 is waiting to be packaged the development didn't stop and the first features for the successor, NetBeans.next, are already being developed. David Van Couvering just showed a preview of a cool new feature: SQL completion in PHP strings, if it does what the screenshot promises that's a damn great addition in my opinion.
Sameer has come up with an easy way to build out query strings to use in your GET requests:
Passing variables with a url is such a frequent thing programmers do that most of you may think this post is unwarranted. We call this method of passing variables as GET, the other being POST. It is one of those things which can be easily done in php. [...] The best way to pass GET variables is to use the http_build_query() function available from php version 5; which takes an array of variables and builds a nice URL encoded string which you can append to a url. And example is shown below.
He includes two code examples - one showing "the old way" of building it out by hand and the other using the http_build_query function. You pass in an array and what to connect them with and it builds out the string, no matter how many arguments there are.
On the CodeUtopia blog Jani Hartikainen has posted some thoughts on generic collections in PHP and a class he's created to try to introduce them to the language.
Strictly typed languages usually use "generic" collection classes instead of arrays. They are kind of like PHP arrays which the programmer can tell which type of items to accept. This is of course only natural when you don't have dynamic typing, but it can also be useful for avoiding programming errors, so I thought I'd try making a basic generic collection class in PHP...
He shows how ti works with a simple code example - creating a new collection type (a string) and pushing the data into it. Calling the add() method on the string throws an exception because of the data type defined. You can grab the code from his svn repository.
On the PHP in Action blog, there's a new post looking at a recent library that was posted to support type hinting on scalars. They agree with his choice of subjects, noting that they see type hinting as much more useful on scalars than on objects.
I admit that these judgments are hard to make. I could be wrong, more or less. Type hints are probably useful when code becomes stable enough and at the boundaries between modules. But I still tend to avoid using them until I get an actual bug that might have been prevented by a type hint. Their usefulness is and has to be an empirical question. The purpose of using them has to be catching errors earlier, so if they don't have that effect, there's no point.
He lists three reasons why he had given up on type hinting before, one being the limited usefulness when it came to objects. Applying it to scalars is a different matter, though, and can prevent improper passing of array/scalars when the other is needed.
On the Debuggable blog, Felix Geisendorfer shows how to create a string parser that allows you to pull out parts of the string you don't currently want manipulated to be put back later.
If you've ever written any non-trivial String processing code, you've probably ran into the situation where you wanted to exclude certain parts of your string for a certain operation. Usually that would mean you have to tokenize your string, or adjust the operation you want to run so it doesn't affect the part of the string you want to exclude from it. Both of those solutions can be fairly time intensive so I was looking for a shortcut and found one.
He provides the code for this string substitution class, a method substitute() that matches based on a regular expression and, if found, stores the parts for later use.
On the Ibuildings blog Ruud Albertstakes a look at iterators - what they are and how they're used (including the objects the SPL makes available).
Let's kickstart this blogpost by defining what an iterator actually is. According to wikipedia, an iterator is. A collection can pretty much be anything. The most obvious sources would be arrays, but other than that, iterations can be done over database resultsets, strings, datetime intervals, directories, file content and XML listings, to name a few.
He looks at the iterator interface that comes bundled in the SPL and how you can create a custom one to loop through your own data collection. He includes an example - a colorful string iterator that "pretties up" an HTML string with various colors.
Reform is a tool that does exactly this. Reform allows you to escape your data for a javascript, xml, html or vbscript (yes it still exists) context. It provides libraries for Java, .NET, PHP, Perl, Python, Javascript and ASP. Pretty cool!
The utility is simply included into the application an called via the static methods it adds. His example shows the escaping of some output text in a Javascript string to correctly prevent it from falling into an evil XSS scheme.
Henrik continues his look at fluent arrays and strings in PHP with this second part of his series, adding JSON functionality into the mix.
Recently I've had the need to extend the interface further, among other things with JSON support. I've used code published by Nicolas Crovatti to do this.
His example shows how the script works to plot out some points for a table of stats. He follows this with an in-depth look at the different methods making up that fluent call (apply2Field, fill_ret, sum and plot). These make the array that can then be passed off to PHP, using json_encode to make an easy-consumable JSON message out of the results.
