On NetTuts.com there's a new tutorial about what they think is the one thing every web developer should understand - the HTTP protocol and how its used in web-based communications.

HTTP stands for Hypertext Transfer Protocol. It's a stateless, application-layer protocol for communicating between distributed systems, and is the foundation of the modern web. As a web developer, we all must have a strong understanding of this protocol. Let's review this powerful protocol through the lens of a web developer. We'll tackle the topic in two parts. In this first entry, we'll cover the basics and outline the various request and response headers.

They cover some of the basics of the protocol first including its statelessness, the concept of URLs and the HTTP "verbs" (like GET, POST and DELETE). They also briefly cover the HTTP response codes (ex. 200, 304) and the flow of the request and response to and from the web server. They also look at some of the basic HTTP headers and the actual low-level text formats of the requests/responses.

There's a section at the end of the post that links you to a few tools that you can use to view the HTTP messaging happening in your requests, some of which you might already have. They also briefly cover the use of HTTP in a few libraries - ExpressJS, Ruby on Rails and jQuery's Ajax handling.

In a response to this post that introduced some basic security methods for your applications, Anthony Ferrara has posted some corrections and updates to the suggested methods, even pointing out where some of them are completely wrong.

Today an article popped into my feed reader that raise my eyebrows. The article's title is "Building Secured Web Applications Using PHP - The Basics". The summary of the item looked interesting, so I decided to open it up...What I found blew me away. It was filled with loads of bad information including some down-right wrong suggestions. Let me go through point by point and shed some light on the subject...

His response goes back through the original article by section header and explains either why the advice was bad and/or the more correct way to do things.

Security is not something you can learn in a page. It's not something that you can learn in a single book. It takes a lot of time and effort. It should not be trivialized into a simple "Do this and you'll be secure" style post. It sends the wrong message...

On the Techie Talks blog today there's a post from Idrish Laxmidhar with a few simple reminders of things you can do to help with the basic security of your PHP applications, mostly surrounding filtering and escaping.

The list includes some of the basics like:

• Avoiding $_REQUEST when possible because of the ambiguity of where the information could come from
• Keep register_globals off (thankfully a default!)
• Checking values for specific data types before using them
• Filtering user input
• Disabling the error output (turning down the reporting levels) on a production environment

For some more good recommendations on good security practices in PHP applications, check out this list or some of the recommendations from the PHP manual itself.

Zend is hosting a webinar today covering some of the basics of PHP security for your site:

Security is not just important when you are doing financial transactions - an insecure Web site can be used by others for malicious purposes to launch attacks against other Web sites. There are a few must-knows for anyone who ventures out into the world of PHP Web development. In this webinar John Coggeshall will focus on the absolute necessities when doing secure Web development.

There's still time to register and get in on the hour long session (hosted by John Coggeshall). The time for the event is 9:00 am PST (GMT -07:00, San Francisco).

DevShed is starting off another design pattern series with part one of their look at the interpreter pattern - commonly used along with the Composite pattern to create more modular applications.

In this series, which is comprised of three articles, I'll provide you with numerous code samples showing how to implement this useful pattern, ranging from building a simple application for managing user information to creating a decent blogger.

As mentioned, their goal is to create a simple blogging application (eventually), but for now they just need to lay the foundation. They start with an introduction to the pattern via the creation of the User and UserServer classes. Next up is the creation of the UserInterpreter class to handle the requests and pass them along to the UserSaver. Finally, they show it in use, saving inputted user information into an array.

The HowTo Forge website has posted the first part in a new series of tutorials to help people (programmers and non) to get into PHP and be comfortable working with it.

This first part starts from the base they've already set (installation/configuration) and actually gets into the code.

This article is the first of a series of PHP guides that aim at teaching you the basics of PHP programming. By now, I hope you would have set up your system to start actual PHP programming. Lets start PHP programming.

They keep things simple and look at topics like:

• What are tags?
• Web Page Parsing
• Operators and Operands
• Variables

DevShed takes a look at another of the design patterns in a new series starting with this new tutorial - a look at the implementation of Adapter objects in PHP.

You may have already encountered situations in coding PHP applications in which you would like to use inheritance, but could not for one reason or another. Fortunately, there is an alternative for these situations that can help you achieve the same result. In this first article in a two-part series, you'll learn about the adapter pattern.

They start off with the basics of the Adapter pattern and move quickly into the first definition of a class using them - a directory processor. Once that's built, they show how it all works with a more practical example.

DevShed has started a small series today that seeks to guide you through the world of SQLite as is interfaced through PHP5.

If you use PHP 5 to build web-based applications that access a database, you might want to consider SQLite. A "lighter" option than MySQL, this database may still suit your purposes if you don't need all of MySQL's bells and whistles. This three-part series covers many of SQLite's most useful features.

Their post today, part one talks about the basics of the protocol and how to get started with it in PHP5. Since it's enabled by default, the chances of it being on your installation are great. They only really look at grabbing data from the database in this part, saving pushing data back in for another time.

In his latest tutorial, Alexander Netkachev shows how to, with some of the simple PHP functions, create an event system for your script, complete with callbacks.

The way how events are raised and how listeners are attached on the events is a part of a core in many modern applications. It plays an important role in some enterprise design patterns (MVC, for example).

He starts with the basics of event handling - some of the terms and descriptions of basic functionality that any good event handler would have. He describes the most common setup of an event-interaction relationship. Then, it's on to the code, showing first three different ways to call functions (by name, by variable, and by callback).

He finishes it off with a functional example that responds to a a call to fireEvent (five times) and handles each by calling the function in the callback information (myFunction).

Tobias Schlitt has covered the PHPWeekender event that happened this past weekend in two new posts over on his blog:

Day one (10.07.06) saw the start of the meeting, and included a three hour tutorial session giving people a crash course to what PHP is and how it functions at a basic level. Pizza for lunch, then right back into the classes - more basics, some XML talk, and XML-RPC/REST/SOAP as well (two different tracks).

Day two (10.07.06) is described in this post along with a summary of how the event went and the feedback from those attending. Topics today included best practices, PHP5's advanced OOP features, "Enterprise PHP", and a final keynote.

Keep an eye out on the PHPWeekender website for complete information, slides, and examples from the event as well.