Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

DZone.com:
Hardening PHP: SQL injection - Complete walkthrough
Aug 12, 2011 @ 09:20:13

On DZone.com today there's a new post from Krzysztof Kotowicz sharing a presentation of his about protecting your application from SQL injection.

The materials teach how to use prepared statements, how to escape and write secure stored procedures. Many PHP projects are covered - PDO, Propel, Doctrine, Zend Framework and MDB2. Multiple gotchas and caveats are included. I discuss why escaping is usually the wrong choice, which practices to avoid or follow and how stored procedures sometimes offer no protection at all.

The presentation (as posted to Slideshare) starts with some of the basics - what SQL injection is and an example of how it could be used to bypass security. He covers how to use prepared statements in each of the technologies (with code snippets), methods for escaping data and how to create stored procedures that are protected from the same threats.

tagged: harden application sqlinjection pdo doctrine zendframework mdb2 presentation

Link:

David Coallier's Blog:
Simple DBAL, PHP5, Light, Fast, Simple.
Aug 28, 2007 @ 09:32:00

David Coallier has posted about a database abstraction layer that he's been developing for PHP 5.2.x only systems and wants some opinions on his methods:

I made a very light DBAL that uses PHP5.2.x only (Since many people seem to want that) and it has the exact same DSN syntax as MDB2 for now and the query method are also called the same (No API Changes). [...] The main goal of the DBAL is to have a very effective and light way of switching RDBMS but also the possibility to change your DBAL to something more "0feature complete" as such as MDB2.

He includes the list of query method names and the types of databases that he wants it to support (as well as mentioning the fact that it would be unit tested for reliability).

tagged: database abstraction layer dbal php5 light simple fast mdb2 database abstraction layer dbal php5 light simple fast mdb2

Link:

David Coallier's Blog:
Simple DBAL, PHP5, Light, Fast, Simple.
Aug 28, 2007 @ 09:32:00

David Coallier has posted about a database abstraction layer that he's been developing for PHP 5.2.x only systems and wants some opinions on his methods:

I made a very light DBAL that uses PHP5.2.x only (Since many people seem to want that) and it has the exact same DSN syntax as MDB2 for now and the query method are also called the same (No API Changes). [...] The main goal of the DBAL is to have a very effective and light way of switching RDBMS but also the possibility to change your DBAL to something more "0feature complete" as such as MDB2.

He includes the list of query method names and the types of databases that he wants it to support (as well as mentioning the fact that it would be unit tested for reliability).

tagged: database abstraction layer dbal php5 light simple fast mdb2 database abstraction layer dbal php5 light simple fast mdb2

Link:

Ifeghali's Blog:
Adding FK support to MDB2_Schema_Writer
Aug 10, 2007 @ 08:41:00

On the Planet SoC blog today, there's this look at how ifehhali added foreign key support to the MDB2_Schema_Writer as a part of his Summer of Code project to improve the PEAR::MDB2_Schema package.

MDB2_Schema_Writer is the responsible for dumping a database schema to a XML file. It walks into a database definition and outputs the correspondent XML tags.

He gives an example of checking a table (in $table) to see if it has constraints and check its validity. If everything's okay, the script pushes data into a buffer of specially formatted XML data.

tagged: mdb2 foreignkey support mdb2schemawriter mdb2 foreignkey support mdb2schemawriter

Link:

Ifeghali's Blog:
Adding FK support to MDB2_Schema_Writer
Aug 10, 2007 @ 08:41:00

On the Planet SoC blog today, there's this look at how ifehhali added foreign key support to the MDB2_Schema_Writer as a part of his Summer of Code project to improve the PEAR::MDB2_Schema package.

MDB2_Schema_Writer is the responsible for dumping a database schema to a XML file. It walks into a database definition and outputs the correspondent XML tags.

He gives an example of checking a table (in $table) to see if it has constraints and check its validity. If everything's okay, the script pushes data into a buffer of specially formatted XML data.

tagged: mdb2 foreignkey support mdb2schemawriter mdb2 foreignkey support mdb2schemawriter

Link:

CodePoets.co.uk:
How to use PHP and PEAR MDB2 (Tutorial)
Jun 07, 2007 @ 13:56:00

On CodePoets.co.uk, there's a new tutorial posted by David Goodwin showing how to use PHP with the PEAR MDB2 component to access your database backend.

While writing some PHP Training materials for Pale Purple, I thought I'd add an updated guide on PHP and database access. I've already done one on PEAR::DB, but PEAR::MDB2 is it's successor and has a slightly different API.... and as PEAR::DB is now deprecated, it's probably about time I rewrote it anyway.

David looks at what the MDB2 package is, how to install it, connecting to your database and including some error handling as well. He (thankfully) also touches on one of the most handy features of the package - the prepared statements and the security they can offer.

tagged: pear component mdb2 database tutorial security preparedstatement pear component mdb2 database tutorial security preparedstatement

Link:

CodePoets.co.uk:
How to use PHP and PEAR MDB2 (Tutorial)
Jun 07, 2007 @ 13:56:00

On CodePoets.co.uk, there's a new tutorial posted by David Goodwin showing how to use PHP with the PEAR MDB2 component to access your database backend.

While writing some PHP Training materials for Pale Purple, I thought I'd add an updated guide on PHP and database access. I've already done one on PEAR::DB, but PEAR::MDB2 is it's successor and has a slightly different API.... and as PEAR::DB is now deprecated, it's probably about time I rewrote it anyway.

David looks at what the MDB2 package is, how to install it, connecting to your database and including some error handling as well. He (thankfully) also touches on one of the most handy features of the package - the prepared statements and the security they can offer.

tagged: pear component mdb2 database tutorial security preparedstatement pear component mdb2 database tutorial security preparedstatement

Link:

David Coallier's Blog:
PEAR::DB is Deprecated, Got It?
Jun 04, 2007 @ 15:21:00

In response to several other posts lately about the PEAR::DB package in PEAR (and things that could be done to improve it), David Coallier got a bit fed up and shared his opinion - "PEAR::DB is deprecated, got it?"

All new features are made into MDB2 and not DB, the only thing that is being done on DB is security fixes. So MDB2 is first of all, faster, smaller (Because of it's driver and modularity), easier, and has more features (LOB handling, Iterator, etc) and better end-user documentation, quite solid docs indeed.

Of course, the comments of the post are full of people arguing to keep it around and others that agree with David, especially in light of a MDB2 driver for the Zend Framework he mentions.

tagged: pear db database mdb2 deprecated pear db database mdb2 deprecated

Link:

David Coallier's Blog:
PEAR::DB is Deprecated, Got It?
Jun 04, 2007 @ 15:21:00

In response to several other posts lately about the PEAR::DB package in PEAR (and things that could be done to improve it), David Coallier got a bit fed up and shared his opinion - "PEAR::DB is deprecated, got it?"

All new features are made into MDB2 and not DB, the only thing that is being done on DB is security fixes. So MDB2 is first of all, faster, smaller (Because of it's driver and modularity), easier, and has more features (LOB handling, Iterator, etc) and better end-user documentation, quite solid docs indeed.

Of course, the comments of the post are full of people arguing to keep it around and others that agree with David, especially in light of a MDB2 driver for the Zend Framework he mentions.

tagged: pear db database mdb2 deprecated pear db database mdb2 deprecated

Link:

PHP.net:
The PHP.net Google Summer of Code
Apr 16, 2007 @ 12:41:00

The PHP.net site has made the official announcement of the PHP projects involved with this year's Google Summer of Code:

The PHP team is once again proud to participate in the Google Summer of Code. Seven students will "flip bits instead of burgers" this summer:

On the list this year are:

  • LiveDocs - mentor Michael Wallner, student Hannes Magnusson
  • The PHP Interpreter - mentor Derick Rethans, student David Wang
  • XDebug - mentor Derick Rethans, student Adam Harvey
  • Doctrine - mentor Lukas Smith, student Konsta Vesterinen
  • PHPUnit - mentor Sebastian Bergmann, student Mike Lewis
  • MDB2_Schema - mentor Lukas Smith, student Igor Feghali
  • Jaws - mentor David Coallier, student Nicolas Bérard-Nault
Also, be sure to check out some of the other organizations and students participating on the Summer of Code website.

tagged: googlesummerofcode2007 xdebug jaws mdb2 livedocs googlesummerofcode2007 xdebug jaws mdb2 livedocs

Link: