PHP Zone

Use single quoted strings unless you need to interpolate variables into your string. This saves PHP the time to scan the string for contained variables and saves about 50% execution time. here is a benchmark:

» Read More

Ivo Jansch at the "Achievo blog" has wrote a post about what he calls "Defensive programming". The problem is very simple but not all developers that take care of such thing:

Look at this code:

» Read More

So if your boss asks you for a beautiful backend for the application you are developing, tell him it will take long, generate it in minutes, and go fishing.

The version 0.6 of the Symfony framework is not yet released. Francois ZANINOTTO in a post at the Symfony project home page says that it will soon be released in a stable version. The post links to the detailed description of the new features of the 0.6..

Symfony is a great framwork and every time it comes a new version you think waoo!!!, this is the best, it can't be better.

» Read More

In a previous post entitled "Top 10 PHP MVC frameworks" I gave PRADO the 5th place.

PHPBuilder announced that the version 3.0 alfa of PRADO, the winner of the Zend coding contest, is released. PRADO is component-based and event-driven for developing Web applications in PHP 5.

» Read More

In my previous post "Pearing the Cake" I was looking to see if the separation between the cake framework and the cake application is easy. The answer is NO. There are many path constants used by both the framework and the application in many files. It is possible to do the separation, but I think in this case I will fork an other project from Cake and this wasn't my goal. So I created an other solution. I created a pear package from all files in CakePHP project and add some scripts to make the creation an the deployment of projects and applications easier.

» Read More

I have never read the PHP License before. But I'm surprised to read in The PHP Licence version 3.01 (the latest) that you cannot use the name "PHP" in your product name. But There are many scripts that use "PHP" in their name like phpmyadmin, phpbb, phpnuke, cakephp and many others. Are they all illegal ? do they have a written permission from group@php.net?

» Read More

You probably know that you can use PHP as scripting language. PHP CLI (PHP Command Line Interface) is there for that. It was first released in PHP 4.2.0 as experimental, but as of PHP 4.3.0, it is fully functional and enabled by default. In this example, I will write a very simple script that will list and email me all running process on my linux box and then I will add an entry in the crontab to run the script every day at 23:00

» Read More

CakePHP is an easy to use PHP MVC framework inspired by Ruby On Rails. It is one of the promising frameworks out there. In a previous article entitled "Top 10 PHP MVC frameworks" I gave it the 3rd place.

I tried to see today if it is easy to make it into a pear package. Why a pear package ? Because it will be easier to install with a command like:

pear install cakephp

and to update with a command like:

pear upgrade cakephp

» Read More

After one day from the release of PHP 5.1.2 which fixes about 90 issues, the PHP development team announced today the release of the version 4.2 of the PHP4 branch which fixes and corrects more than 30 issues.

The development team encourages all users of both branches to upgrade to these versions.

I was surprised today when I saw my article "Sending Email in PHP: The hacker way" was selected at PHP Magazine web site in the news page. I didn’t send them the article. I don’t know where they got it from and how they found my site. PHP Zone is only 12 days old and has few visitors per day.

» Read More

I didn’t miss it, but haven’t told about it. The symfony advent calendar is a set of 24 tutorials, published day-by-day last month to illustrate agile development of a web 2.0 application in PHP with the symfony framework. The result is "Askeet", an open source community based Q&A repository.

In a previous post titled "Top 10 PHP MVC frameworks", I chose Symfony as the best PHP MVC framework. It has a very good documentation. The "Symfony advent calendar" is a proof of the quality of symfony documentation.

» Read More

A hacker doesn't really need PHP to send an Email. He needs only a command prompt and a telnet program, that's all. But we are in the PHP Zone, so we will do it with PHP too. All the stuff here is for learning purpose. Don't use it to hack or to spam or to do any other illegal action.

First, a good start is to read the SMTP specification protocol. It helps to understand how things work. You can read the Request For Comments number 2821 document (RFC2821) for that. It's a good idea to read the entire document, but if you haven't the time, just read the chapter 4.

» Read More

I came across a site where the guy out there sells some php scripts. He has a demo page for a $6 rating system. I was wondering, with all the good design of the site, how secure his script is.
First of all, I write about form spoofing and take the guy's script as example after I informed him about the security hole in his stuff and I have seen that he has corrected the problem. I didn't even receive thanks from him :-(

Anyway, look at the demo page (before I do anything):

» Read More

PEAR 1.4.6 is released today. It is a minor bugfix release: 13 minor bugs was corrected in this release. I think the major change is the adding of PEAR_Frontend_Gtk2 support.

It is always a good idea to update when there is a new release, but I think if you haven't had a problem with the PEAR 1.4.5, it is not necessary to update the package. The only mojor problem that you should correct is in PEAR/command/Registry.php file on line 983:

» Read More

Development of PHP scripts without a preconceived plan to manage them is asking for a headache. The goal of a framework is to make the process of writing web-based applications simpler.

An application designed around MVC is easier to manage because it is split into tiers, which allow for independent development. This promotes code reusability by building models, which are reusable throughout the application.

What makes a good framework?

» Read More

In a forum I read:

EyeOs is a virtual desktop system entirely web-based and open-source. It's written in Ajax and PHP. Applications available include simple word processing, calendars, games and more. all you need is a local web server with PHP (e.g. XAMPP).

I don't really see the utility of creating new desktop for an OS. I surfed the EyeOs site and I can't find any info about the use or the utility of this application. Every OS has a desktop, so why a new one? The only phrase about EyeOS is in the introduction of the users manual :

You're about to discover a new work and organization method: A completely free (open sourced) desktop system running from your browser.

Yes, it is PHP/Ajax based and then?

The http-Referer header is nothing more than the web address of the page that referred a browser to the actual page.
If you are trying to "protect" a file by making sure that the http-referer value (or any other browser passed variable) is your own website, you can be bypassed by this simple technique. You cannot trust any browser passed variables.

Suppose you have a form that requests the user to enter his user name and a comment. The form sends the user inputs to, let say formprocess.php. In the formprocess.php you check if the http-referer is your site to prevent from spam comments:

» Read More

Cake is a rapid development framework for PHP which uses commonly known design patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. The primary goal is to provide a structured framework that enables PHP users at all levels to rapidly develop robust web applications, without any loss to flexibility.

From the Announcement:

» Read More

I have ported the Connections theme from WordPress to Nucleus to build this site. It is a very original designed theme. I like it. I want to share it with Nucleus users. In this theme there is a call to the BlogsList plugin. If you do not planify to use it, you have to change nothing because the call is enclosed in a test that checks for its existance, but if you planify to use it, you can download it too.

» Read More