In this new post to Reddit, the author shares a bit of their knowledge on what they think everyone should know about strip_tags and some of the issues that can come with it (including security problems).

strip_tags is one of the common go-to functions used for making user input on web pages safe for display. But contrary to what it sounds like it's for, strip_tags is never, ever, ever the right function to use for this and it has a lot of problems.

Specific problems mentioned include "eating" of valid text, not preventing typed HTML entities, the whitelist of tags opening holes and character set issues that could have security implications. Other tools are recommended in both the article and the comments like HTML Purifier, the option of BBCode and Markdown.

On the Erskine Labs blog today there's a new post from Wil Linssen with a suggestion to PHP developers who specialize in the language - take the time to learn another language and broaden your skills.

So many languages share fundamental principles, and indeed many are even derived from the same concepts, but because they differ in their approach there's something new to understand in each. It's these differences that will frequently bolster your understanding of your primary language, or indeed of programming as a whole.

He notes that it's not just PHP developers that pigeon hole themselves into one language - developers on other languages do to. He recommends they lift their heads up and branch out and stop attacking other languages with "language X is best" articles.

It's stepping outside of your comfort zone and engaging with the underlying concepts of the languages and tools you are using that will enable you to grow as a developer.

In a new post to his blog Johannes Schluter suggests an alternative to using prepared statements in PHP applications using a database - creating a handler method that allows for dynamic queries as well as proper escaping of values.

Now prepared statements were a nice invention some 30 years ago abut they weren't meant for making things secure and so they do have some shortcomings: One issue is that preparing and executing a query adds a round-trip to the server where it then requires resources. [...] With prepared statements you first have to build the list of place holders (the exact amount of place holders (?) separated by a comma, without trailing comma) and then bind the values and mind the offsets when having other values - this typically becomes ugly code.

He includes the code for his alternative, a function using the mysqli extension to let you create dynamic SQL that still uses placeholders and proper escaping to prevent both SQL injection issues and resources problems caused by the multiple hops back to the database.

In a new post to his blog Stefan Koopmanschap shows you how to get DocBlox installed for your documentation-generation needs as an alternative to phpDocumentor.

People using PHP that want API documentation usually automatically think of phpDocumentor, which used to be the de facto standard for generating API documentation from your PHP projects. However, the project has been dormant for a long time now and definitely does not support new PHP features such as namespaces, so it was really time to look for an alternative. In this blogpost, I'll show you how I set up my Jenkins CI to use DocBlox, one of the new API documentation generators currently available.

The DocBlox project is in active development and supports additional things in top of the current feature set phpDocumentor includes. Stefan gives you the exact XML you'll need to include in your Jenkins build file (and the phpDocumentor line it will likely replace) that builds out the documentation to a given path. He's given an example of his full build file to give you some context too.

New on BinarySludge.com today there's a tutorial looking at redundant and fault tolerant session storage via a few different technologies that can store session data with a custom session handler.

If a PHP application has deeply embedded usage of the $_SESSION superglobal, removing state is difficult. Instead removing the dependency between a user's session data and the single server it's stored on achieves the same fault tolerance.

They focus on a REST-ful approach to session handling, that it should be "kept entirely on the client" so there's no issue if something happens to the primary session data source. They point out that, while the technologies that can be used to replace it are similar, there's still some issues around using things like memsached, Sharedance, Hazelcast or MySQL to store session details.

Court Ewing has written up a post looking at an alternative to a commonly used bad design pattern - the global registry dependency - a method that uses a singleton to control access to a class-wide instance of an object.

This gives you flexibility when configuring and setting your adapter, and it allows you to instantiate a new service without having to explicitly set commonly used dependencies, but you are ultimately just replacing one hardcoded object call with another. This means you are still limited in your ability to unit test the class properly, and you will have a difficult time debugging if you ever need to find out exactly when and where your database adapter was configured.

In his simple solution uses static methods to assign the database adapter when the bootstrap process is started instead of when the object is created. This adapter is assigned to an abstract class, so it's created even outside the class instantiations. There's one caveat to doing things this way, though - depending on the needs, you might have to have more than one abstract class and things could get tricky.

On the SitePoint PHP blog, there's a new post offering your three more lightweight database management solutions than the typical phpMyAdmin install.

For much of the time, developers just want to check some data, alter a few records, or back up the database. The phpMyAdmin and MonoQL zipped distributions range from 2MB to 7MB, and they're overkill for most day-to-day administration. You're using a sledgehammer to crack a peanut. Here are three lightweight MySQL administration alternatives you should consider. They're all PHP-based, open source, and great for quick database tasks.

The three that made their short list are:

• SQL Buddy
• Adminer
• PHP Mini Admin

Others suggested in the comments include Chive and DBKiss.

Pavel Shevaev has put together what he calls "yet another Ant alternative" - a tool written in PHP to create project related tasks in a style that matches the Ant and rake methods.

There is a lib-taskman project on the google code hosting where you can find the full documentation, sources and latest releases. It's probably not that elegant as rake but if you want to stick to PHP and have Ant-alike functionality without any XML programming then taskman may turn out to be handy. taskman is very simple to use, it requires only one include, all its code resides in one PHP file, and it has no external dependencies.

He includes a basic use example that sets up the build with "task_hello", "task_comma", "task_world" and "task_say" methods that each do some basic output to show the flow of the process. He also gives examples of possible uses for the tasks like database bootstrapping, auto-code generation, project deployment, etc. He also mentions two other PHP-based projects that do similar things - pake and Phake.

On the IBuildings techPortal today there's a new tutorial from Vito Chin that wants to help you understand what APC (the Alternative PHP Cache) is all about and get you on the road to using it in your application.

APC is a performance-enhancing extension. It should not be confused with a magic pill, although having it around does provide a positive impact on performance! If configured incorrectly, APC can cause unexpected behaviour, however when implemented optimally APC can be a useful weapon in your arsenal. In this post we will examine APC's capabilities and it's application both as an opcode cache and in its less common usage as a data cache.

He starts off by comparing/contrasting it with memcache, nothing that APC is more targeted towards PHP and is more useful for caching smaller bits of information (like objects). He talks about the importance of using APC for an application, what the system really caches and some of the limitations that come with it. There's code snippets to help illustrate some of the points and the article is rounded out with a look at file caching, the time-to-live setting and how you can monitor your cache's health.

The Web Designer Online blog has posted a list of their top ten alternatives to the popular phpMyAdmin database management package.

Now, I agree that phpMyAdmin is one of the best out there and is is very user friendly. I myself also used phpMyAdmin much until recently… I got introduced to another program which within an hour became my favourite and also this led me to research others out there. Thus, this post!

Other options included in their list are:

• Adminer
• Navicat
• SQLWave
• SQLyog
• DBDesigner 4

Be sure to check out the comments for more thoughts and ideas to add to the list.