In a new post to his site Bob Majdak looks at using SQL in PHP and some of the challenges he's come across (some of them with his own tools). He talks about things line inline SQL, loading SQL by unique key or creating a "build object".

There is no right or wrong way, but no matter what there is no *pretty* way to do SQL inside of a PHP application. I have been having a personal debate with myself all week about how to make SQL statements nicer in an application without going to a huge DBAL package like Doctrine.

He looks at each idea and provides some of the pros and cons about each of them, noting that he hasn't quite decided on which is the best method. Some sample code is included to help clarify the points, showing the "find by unique key" version and how a more complex query might be created with the "builder object."

On PHPMaster.com there's a new tutorial posted showing you how to generate one-time use URLs that could be used for various things across an application, including things like account verification links.

A one-time URL is a specially crafted address that is valid for one use only. It's usually provided to a user to gain privileged access to a file for a limited time or as part of a particular activity, such as user account validation. In this article I'll show how to generate, implement, and expire one-time URLs.

Included in the post is the SQL to create a sample "pending_users" table that includes a "token" column for storing the generated hash. Code is also included for generating the hash and checking the incoming URL to see if it matches the requested user (and hasn't expired).

As a matter of general house keeping you could write a secondary script to keep expired tokens from accumulating in the database if a user never follows them. The script could be run periodically by an administrator, or preferably set up as a scheduled task or cron job and run automatically.

New on the ServerGrove blog today is a quick post talking about how you can enforce key constraints on a MongoDb with Doctrine in Symfony.

Of course you can define unique indexes to prevent duplicate values and there are a couple of different syntax options to do so, which are clearly defined in the official documentation. But defining and creating the indexes is not enough. You must specify when you want to enforce the constrain, this is due to the fact that the PHP driver needs to tell MongoDB to throw an error when a duplicate key is found.

The fix is as simple as adding a "safe" option to the "flush()" call on your database object. If you give it a value of "true", the ORM is smart enough to handle things on its own.

Havard Eide has a recent post to his blog that looks at a part of the Standard PHP Library (SPL) that can be used with objects to store them for later use - SplObjectStorage.

In this post I will look at SplObjectStorage: a container that allows to store objects uniquely without the need to compare them one by one.

He lets the code to most of the talking, showing how to do the standard operations for a data store - adding objects (both unique and the same), updating objects in the store, checking to see if an object is already added and removing an object from storage.

Brian Moon had a problem - one of his cron jobs was lasting for much longer (hours!) than it should have been. He tweaked, tested and debugged the script and finally came down to a call to in_array, something he comments on as being "quite slow".

See, this job is importing data from a huge XML file into MySQL. After it is done, we want to compare the data we just added/updated to the data in the table so we can deactivate any data we did not update. [...] We then compared the two arrays by looping one array and using in_array() to check if the value was in the second array. [...] So, that was running for hours with about 400k items. Our data did not contain the value as the key, but it could as the value was unique.

He method, replacing the in_array call that had to do a full array scan for each time through the loop with an isset/unset combo on the unique key, changed the execution time down from about 4 hours to 0.8 seconds.

On the Internet Super Hero blog, there's a post that looks at how PDO is implemented in PHP and wonders if the PDO::FETCH_UNIQUE constant is broken (as something to fix before even considering the move to PDO2).

I spent quite a lot of time comparing the different behaviours of the various drivers in the hope I could find out how PDO drivers are supposed to work. The PDO documentation and the specification do not cover each and every detail. PDO really needs some love...

He picks out the FETCH_UNIQUE constant as one that needs a little work and tries to track down exactly what it's doing. One issue he found was that it requires combination with other flags to make the unique part of it work correctly (like FETCH_OBJ or FETCH_COLUMN). He works through several examples, both ones that apply the unique call and others that don't, comparing the results.

In his latest post, Sebastian Bergmann spotlights another new feature of the upcoming PHPUnit release - distributed testing.

One of the new features in the upcoming PHPUnit 3.1 release is the support for distributed testing through the ability to log test result and code coverage data to a database. This way, the same test suite can be run on different platforms with the results being aggregated in the database. For this to work, however, we need a key in the database that identifies test runs from different machines as being related. A Subversion revision number is a perfect candidate for this.

He includes a sample script that helps with the storage of the results in the database by grabbing a unique id for the machine pushing the updates in.

If you've ever had the frustration of working with Ajax in Internet Explorer and have noticed it caching the requests/results, you might want to check out this new post on the JSLabs blog for a helpful hint.

While working on an AJAX project over the weekend, I ran into the following issue: (through a GET request), every time I tried to call a certain function, It was returning the same data (which was supposed to be different each time)

First, he tried just changing the headers (via PHP's header function) to see if IE would understand the new message, but to no avail. He finally figured out that, despite whatever headers were sent or how much the content changed, what he really needed to do was to provide the script some kind of unique identifier with each request (just appended to the url) so that IE knew the request was different. His weapon of choice was a date/time value.

On The Bakery, there's a new expanded tutorial (from this) that talks about how to check for duplicate records in your CakePHP model.

[Here's how to] validate a form field (such as a user name field), both in add and edit form and make sure that the selected user name does not already exist in the database [via a] function repeated only once (in app/app_model.php).

The example model they give defines an isUnique method that essentially runs an automatic check (a count() call) on the table to see if the given information exists. The example Model, View, and Controller are all given.

A new tutorial has been posted to the WebCheatSheet.com website demonstrating a method for secure file uploads with PHP.

In spite of security issues that should be addressed before enabling file uploads, the actual mechanisms to allow this are straight forward. In this tutorial we will consider how to upload files to some directory on your Web server. We will also discuss security issues concerned with the file uploading.

They break it up into the two key parts - the HTML form and the PHP script that handles the resulting upload request. The "secure" part comes in with the validation of the upload. In this case, making sure it's a JPEG file, that its size is less than 350 KB, and that a file by that name doesn't already exist.