The SitePoint PHP blog has a new post by Taylor Ren looks at big numbers in PHP and the functionality it has to handle arbitrary precision via three modules - GMP. BC Math and php-bignumbers.

In this article, we will review the PHP capability to provide arbitrary precision number calculation / big integer calculation by reviewing 3 PHP modules: GMP, BC Math and php-bignumbers. We will demonstrate two real-world examples to see the powers/limitations of each. The first one will be calculating PI to arbitrary precision – well, for the sake of the article, we will restrict the precision, say, to 1000 digits; the second will be a simple demonstration on RSA encryption/decryption.

He briefly looks at how to get the tools installed (via at-get or Composer) and a sample script to ensure that they're all included correctly and working. He includes a comparison between the three libraries, listing both strengths and weaknesses relative to the others. He then gets a bit more in-depth and shows how to calculate PI with each option (code is on GitHub) and the results of the benchmarking. He also includes a second example of calculating the RSA algorithm based on their process.

In a new post to his blog Sean Coates shares a technique he's used to pull an arbitrary incrementer from a certain set of characters.

On several recent occasions I had a need for an incrementer that uses an arbitrary character set and I thought I'd share my code with you. I've used this code in the GPL Virus that I wrote to poke fun at the Wordpress/Thesis/GPL debacle, as well as in some clean up I'm doing for the extremely useful JS Bin project.

He's used the technique in an upcoming URL shortening service to make the shortest possible URLs without overlap. He tried a few methods including using base_convert but they had their limitations. Ultimately, he settled on a custom function that, based on a given character set and increments over it recursively.

As mentioned by the International PHP Magazine, Maksymilian Arciemowicz has posted about some testing he's been doing on the newly released PHP 5.2.4 and has still found some issues with it.

In 30 August PHP Team have released new version PHP with number 5.2.4. We have tested this version and now we can say, that not all issues from PHP 5.2.3 are patched. It is possible bypass safe_mode, open_basedir and disabled_functions.

The issue he describes is the lack of a "mail.force_extra_parameters" setting in the php.ini still making it possible to exploit the mail() function to execute arbitrary PHP code.

As mentioned by the International PHP Magazine, Maksymilian Arciemowicz has posted about some testing he's been doing on the newly released PHP 5.2.4 and has still found some issues with it.

In 30 August PHP Team have released new version PHP with number 5.2.4. We have tested this version and now we can say, that not all issues from PHP 5.2.3 are patched. It is possible bypass safe_mode, open_basedir and disabled_functions.

The issue he describes is the lack of a "mail.force_extra_parameters" setting in the php.ini still making it possible to exploit the mail() function to execute arbitrary PHP code.