On DevShed today there's a new tutorial looking at a method for protecting your application (your MySQL/PHP application) forms from malicious attacks like SQL injections.
It has been known for a while that if a form is unsecured, malicious code in the form of MySQL injection will be initiated to attack the site. HTML forms such as drop down menus, search box, check boxes are all susceptible entry points of this type of abuse. This article will explain what happens in this kind of attack, and how to prevent it.
Daniel Cousineau has a new blog post showing off a plugin he's made for Zend Framework applications that allows you to run a script before each controller.
Recently at work I had the need to run a script before every single controller (namely to add a plugin folder to Dwoo) for a specific module that I did not desire for any other modules. I could have subclassed all my controllers to extend a custom action controller that handled this in the init() method, however I'm lazy so I wrote a quick Zend Controller Plugin to handle this for me.
The plugin actually runs when the routeShutdown method is used (after the routing is done, but before the controller is called) and pulls in the contents of the specified file and executes it like the code was already embedded. Complete code is included.
The PHPFreaks.com website has posted a recent tutorial looking at a tool that can help you protect you and your web applications from possible malicious users - PHPIDS.
PHPIDS (PHP-Intrusion Detection System) is a simple to use,
well structured, fast and state-of-the-art security layer
for your PHP based web application. The IDS neither strips,
sanitizes nor filters any malicious input, it simply
recognizes when an attacker tries to break your site and
reacts in exactly the way you want it to. Based on a set of
approved and heavily tested filter rules any attack is given
a numerical impact rating which makes it easy to decide what
kind of action should follow the hacking attempt.
They look at the installation of the tool, an example configuration (that sets up some logging and caching settings) and a PHP script to enable the functionality. Then you can use the auto_prepend Apache directive to load it on each page and protect your site quickly and easily.
On the SocialGeek blog there's a recent post that looks at making stubs for your URLs, making them easier to read and remember.
This is where the fun begins of course. How many times have you been confronted with someone sending you an indecipherable, thus untrustworthy link? Right, so we agree that for a user, it is important to have a clean URL that is readable and includes the title of the page or (at least) some description related to the content. Slug time!
They explain what slugs are (and how they're useful for users) as well as how to convert a title into a "slugged" string by replacing anything that's not an A-Z or 0-9 character to remove the less URL friendly characters.
The Fliquid Studios site has posted their introduction to using the Google Search API via a cURL interface in PHP.
A lot of people these days use 3rd party sites or services to gain SEO data about their site or service. A lot of these people simply do not realize just how simple it is to build some tools to gain statistics from the big search engines. In this post I plan to give you a very basic introduction on how to go about getting some search engine statistics from Google using their API.
They show how to create the connection (including the URL to search on) and a form that can be used to submit the terms back to the script. A demo and downloadable code are included.
DevShed has posted the fifth part of their series looking at CodeIgniter and its use to make a simple blogging application. The focus this time is on the output, working with the views to "pretty up" the resulting pages.
Although in its current state, the blogger works well, its visual presentation looks pretty primitive. Therefore, in this fifth part of the series I'll be adding some CSS styles to the view files that comprise this blog application to improve its look and feel.
They start with a review of the code so far - a simple blogging app with the ability to let users comment on each entry. The HTML and CSS you'll need to add to the views to make the output look more like this.
Robert Basic has posted an example of the use of the Zend_Auth component of the Zend Framework inside of an example controller.
So, here's what I'm going to do: authenticate an user against a database table using Zend Framework's Zend_Auth component. It's really a piece of cake. You can see a working example here: http://robertbasic.com/dev/login/.
He sets up a registry instance, a database table for the logins and the sample controller with both login and logout functionality. Complete code (and links to Zend Framework documentation are included).
In this new post to his blog Jani Hartikainen looks at implementing the Data Access Object pattern in your PHP applications.
The advantage of this is that you can easily implement different methods to persist objects without having to rewrite parts of your code. I'm again going to use the programming language quiz game I wrote as an example. Since I initially wrote it to use Doctrine ORM directly, and both the old and new code are available, you can easily see how the code was improved.
He starts off with a look at the pattern itself (including a diagram of how an example would work with Doctrine) followed by the creation of the models for his Questions example. Add in the factory to create an instance and an exmaple of it in action and you're there.
Ian Selby has posted a new tutorial today looking at something that can be very handy in the right situations - dynamically adding new functions to an already defined PHP class.
I've gotten a lot of great suggestions for features [for PHP Thumbnailer], and have wanted to add them, but at the same time don't as I would prefer not to bloat the class with all sorts of functionality. So I started thinking about how I could provide certain functionality for people that want it, without either simply making it a part of the class (and making it more bloated as a result), or coming up with all sorts of extended classes to maintain and distribute.
His solution was to add functionality dynamically to the class as plugins. Each plugin is defined as its own class (to keep things standardized) and will be included/executed by a base controller class. He includes some sample code showing how to create a basic user object that can store the first and last names of the user in question.
The PHP::Impact blog has a new post looking at how to run PHP on a Jetty (Java) web server using Quercus.
Tomcat and Jetty are very similar. Jetty can be invoked and installed as a stand alone application server. It has a flexible component based architecture that allows it to be easily deployed and integrated in a diverse range of instances. The project is supported by a growing community. The Jetty team has a history of being responsive to innovations and changing requirements.
They walk you through the "quick install" version of Jetty, getting it running, installing Quercus and configuring the Jetty web server to work with it.
