PHPDeveloper.org

SitePoint PHP Blog: How to Expose PHP's Private Parts

Tue, 11 Nov 2008 09:32:14 -0600

On the SitePoint PHP Blog Troels Knak-Nielsen has worked up a way to "expose PHP's private parts" when it comes to finding out more about the object/variable he's working with (without a usual print_r or var_dump).

I've been tinkering with dumping PHP objects, and have found myself constantly running into a brick wall. The output from print_r and friends is fine in some contexts, but for larger structures, it would be nice to tidy the output up a bit and wrap it in some HTML.

His solution is to serialize the object into a string (keeping all related meta information) that can be passed around and parsed back into its original form for debugging. He's included the script that works bye taking in the string and manually parsing it back out into its parts into a useful array.

International PHP Magazine: Which of the Following Ensures Smooth Implementation of PHP Sessions?

Thu, 03 May 2007 11:14:00 -0500

The results from the latest poll the International PHP Magazine conducted this past week are in. The question they asked developers to respond to was "Which One of the Following Ensures Smooth Implementation of PHP Sessions?".

Options this time were:

Don't use underscore in host names
Commit your session before it redirects
Prevent session fixation
Don't expose session_id's

The results were pretty close for all of the options with one coming out on top (committing the session) and two tying for second - preventing session fixation and not exposing session IDs.

Subversion and Symfony users should cast their votes in this week's poll. It asks, of the four options given, which is your favorite "trick" to running the Symfony framework with Subversion.

Oscar Merida's Blog: Avoiding frustration with PHP Sessions

Fri, 30 Mar 2007 11:28:00 -0500

On his blog, Oscar Merida has a quick new post those just starting out with sessions should take a look at. He gives four quick tips of things to watch out for that can help your development process go smoother.

PHP's support for sessions make adding "state" to your web application super easy. Bus because the illusion of state is maintained by storing a Session ID via a user's cookies, you might find yourself losing potentially productive hours chasing down bizarre client side bugs or opening up a potential security hole. Here are 4 tips to help you avoid wasting your time and securing your site.

Items on the list are:

Don't use underscores in host names
Commit your sessions before redirects
Prevent session fixation (great security tip!)
Don't expose session_id's

Check out the comments - there's some good recommendations in there as well.