After 6 hours of massive anxiety, stress, near tears, one pound on my desk, and some hair pulling, I tracked down the source of a nagging Disallowed Key Character error that I received while using CodeIgniter: an extra line break.

She eventually figured out that the newline and carriage return characters are not allowed as a part of the framework. Unfortunately, it was a random newline after a controller's code that did it for her.

In a nutshell, sessions are the way that we "maintain state" from one page to the next, that is, how we identify specific users across multiple page requests. The ability to track users as they go from one page to the next using sessions allows us a number of options, such as tracking where they are going (web statistics) or to verify credentials for a specific section of the site.

First, there's a little mini-intro to sessions for those unsure on their use. It's followed by a look at some session vulnerabilities that could be introduces by malicious users looking to break things on your site (including HTML/Javascript injection, as their example shows).

They recommend a three step plan to get started with the validation of your user's sessions - making it easy for users to log out when they want to, use unique aspects of the remote machine to define the session and to validate all user input, especially things that will be put into a session variable.

The list of tips include things like:

• Qualify yourself to stand out from the crowd
• Get more exposure to yourself in the PHP community
• Do well on job interviews
• Evolve in your career making your employer profit more

Check out the post for more great tips.

I use Vim for all my editing needs -- TODO lists, email, presentation outlines, coding in any language... everything. So, I thought I'd start sharing some of my vim habits and tools with others, particularly those that pertain to using Vim with PHP.

He includes tips for things like mapping keystrokes (to the PHP interpreter and linter), using the Project plugin to make setting up projects easier and a mention (again) of ctags.

• Pagination Recall
• Subdomaining with Cake
• Using your application svn revision number
• What's Up, Docs?
• Automatic JavaScript and CSS Packer
• Baking with Markdown and dp.SyntaxHighlighter
• Attachments
• DarkAuth - another way...
• Testing Components with CakePHP 1.2 test suite
• Cake PHP Rocks

Also be sure to check out the rest of The Bakery for more great CakePHP-related articles, tutorials and helpful hints.

When it comes to PHP security, you often think of input filtering, SQL injection prevention, XSS in user submitted content and so on. Well, forget about that. They're all pretty trivial compared to what I feel is by far the most important security issue of any web application. Read on to find out why.

Their number one thing to do to keep safe and secure? "Keep your systems updated." They point out that security a web site is one thing but securing the system that it runs on/has been developed on is another (and improperly patched, it could cause some huge problems).

Now, the best way to keep on top of potential vulnerabilities in your underlying systems is with updates. Sometimes, however, you need to go a little further. [...] Watching the web is also a good idea; major security vulnerabilities generally make it to the front page of Digg.

Some websites use other technologies like Java and face the exact same problems. There are different variables involved here and the most common one is database. So I thought i would post a couple of articles related to performance and tuning.

This this post of the series focuses on the first of the two - APC - and talks about places it's used and includes some general performance recommendations. These include "Don't try to throw everything at your poor database" and the importance of XDebug.

Despite the proliferation of debugging tools, especially real-time debuggers, "debugging by print statement" remains the most common form of debugging in most programming languages.

An example of its use is included by way of a debug() function that returns the message it a bit friendlier format.