If you're looking for an approachable guide that teaches you how to implement an easily-customizable service layer in PHP, then take a peek at this article series. In a step-by-step fashion, it walks you through the development of a sample web application, which uses a service to perform CRUD operations on a domain model composed of a few user entities.

Service layer types covered in the series are:

• Working with database entities
• Data Mappers
• Database adapters
• Handling Entity Collections
• User Services
• Dependency Injections
• Modeling Domain Objects

Since the start of the Doctrine MongoDB Object Document Mapper project people have asked how it can be integrated with the ORM. This blog post demonstrates how you can integrate the two transparently, maintaining a clean domain model. This example will have a Product that is stored in MongoDB and the Order stored in a MySQL database.

His code shows how to define the document and entity for the connection (a Product and Order) and creating an event subscriber to lazy load the product. He creates a sample Product and an Order for it and save them to the database. He also includes code to pull an order back out by its ID number and get an Order object back out (with Product data inside).

In the last post, I introduced Dependency Injection and show useful cases where it allows classes decouplng. I also wrote about the problem of how to inject a service in a class that has to be instantiated not application wide but in the business logic.

He creates an example that shows a not-so-good place to use dependency injection and offers a solution - a factory that creates the objects as they're needed instead of having them floating around when they're not needed. He also talks about the difference between two types of business objects to consider in dependency injection: entities and services (hint: one depends on the other).

The standard htmlentities() function will encode special characters so that they display OK in the browser. However, sometimes you might want to encode different languages to entities too. I just found a script that will do that in the form of an html encode application.

He includes an example showing how to encode a string of non-english characters out to an easy-to-display HTMLified string.

Coming in at number one by an overwhelming lead was "Not escaping entities and SQL input" (a definite problem indeed) with the next highest option, "Not using a Framework" a full twenty percent lower. The next two options were closer (descending) - "Using old PHP versions" and "No or little use of Object Orientation".

There's a new poll this week for your consideration - this time asking which stage, of the five options, should come first in the development cycle of a typical content management system. Head on over and cast your vote today!

While we were searching for a hole in htmlspecialchars() and htmlentities() to bypass the encoding of certain chars to exploit a possible eval() injection hole in another application we discovered that the implementation contains a possible bufferoverflow that can be triggered when the UTF-8 charset is selected.

The issue has been corrected in the latest PHP 5 release - version 5.2 - but is still present in the PHP 4.4 series (they have a recommended patch until the new version is posted). You can get complete information about this issue from the full vulnerability listing.