Even more good news for mysqlnd users out there - according to this new post on the Internet Super Hero blog, some of the tuning options it enables can help you save 40% of the memory you were using before.

mysqlnd saves memory. It consumes half as much memory as libmysql. This is what we have been convinced of. This is what we taught you. Then I tried to test it and made Andrey get nervous for a few hours'¦ Meanwhile he is fine again and we can announce: mysqlnd saves memory, not only in theory, we tested it - we can proof it, can we?

The proof comes in the form of a few "tricks" and some of the settings that the software can use to optimize buffer sizes. Benchmarks (and the code to run them) are also included to show what the differences are between mysqlnd and libmysql.

Cicso product users should check out this latest issue Secunia has released today - a problem with the htmlentities and htmlspecialchars functions that can lead to buffer overflows.

The vulnerabilities are caused due to boundary errors within the "htmlentities()" and "htmlspecialchars()" functions. If a PHP application uses these functions to process user-supplied input, this can be exploited to cause a heap-based buffer overflow by passing specially crafted data to the affected application.

Successful exploitation may allow execution of arbitrary code, but requires that the UTF-8 character set is selected.

Products affected include the Network Analysis Modules (NAM) for Cisco 6500 switch, Cisco 7600 router/Branch Routers and the CiscoWorks Wireless LAN Solution Engine (WLSE) and CiscoWorks Wireless LAN Solution (among others, check out the advisory for a more complete list).

There are some patches that have been released to correct this issue (like the one for the Cisco Unified Application Environment) but others are still yet to come. They recommend limiting access to only trusted IPs and devices only to reduce the risk of the problem being exploited.

Stoyan Stefanov has posted some of his tips to his blog today. Specifically, they deal with the PEAR::DB class, demonstrating some of the optimization of the package he's discovered in his coding experience.

If you use PEAR::MDB2, you can set a custom debug handler and collect all the queries you execute for debugging and performance tunning purposes, as shown before. But what if you're using PEAR::DB? Well, since PEAR::DB doesn't allow you such a functionality out of the box, you can hack it a bit to get similar results.

He creates a simple app to help with the illustration - a number of select queries to grab zipcode information from the database. As it stands, the PEAR::DB package doesn't handle the debugging well, so he adds in a few more lines to buffer the connection and some reporting code to check the resulting output (as well as some of his sample reports).

PHPit.net has posted yet another fine tutorail today, this time discussing the creation of HTML widgets with the help of PHP.

They start with an example of using an output buffer callback, a precursor to making your own HTML tags. It grabs the tag from the page, parses it out to perform an action, and spits back out the result. He also implements an HTML parser (one of his own) to correctly parse out the (correctly formatted) HTML into a PHP array. From there, it's just a simple matter of defining your own HTML tags and outputting the custom result inside the handler.

Finally, they get to the Repeater control, a method for displaying the results of the "HTML in PHP" array with all of its custom-tag glory.

DevShed has posted part two of their series on speeding up your page load times with HTTP compression, this time looking at a more object-oriented approach to handling the data you want to compress.

They start with the creation of a simple data compression class, with functions to see if the browser supports gzip encoding and to get/send/compress the actual data. With the sample class created, they put it to the test with a more real-world example - echoing out user information from a MySQL database.