WebReference.com has another excerpt from the Addison-Wesley book "PHP and MySQL Web Development" covering the connection between PHP and MySQL using their example from previous chapters.
In this chapter, we explain how to access the Book-O-Rama database from the Web using PHP. You learn how to read from and write to the database and how to filter potentially troublesome input data.
The chapter looks at setting up the connection, choosing the table, running queries against it, getting the information from the results and using prepared statements to do it all in a bit safer way. They also briefly touch on other interface methods (like the PEAR MDB2 library).
WebReference.com continues their series looking at user administration in content management systems. This time they look at the importance of user roles and some code to add to help manage them.
Although the operations are simple, it is vital that they be handled correctly. It is generally a poor principle to allow access to the mechanisms of a system rather than providing an interface through class methods. The latter approach ideally allows the creation of a robust interface that changes relatively infrequently, while details of implementation can be modified without affecting the rest of the system.
Their code includes methods to get all roles for a user, check to see which they are permitted to use, add a "permit" role and remove it back out. The tutorial is an excerpt from the Packt book PHP5 CMS Framework Development (Martin Brampton).
In an excerpt from this book from Packt Publishing, Martin Brampton look sat access control for content management systems and considerations that need to be made to make it effective.
Now we have some ideas about database, we quickly run into another requirement. Many websites will want to control who has access to what. Once embarked on this route, it turns out there are many situations where access control is appropriate, and they can easily become very complex. In this chapter we look at the most highly regarded model'"role-based access control'"and find ways to implement it. The aim is to achieve a flexible and efficient implementation that can be exploited by increasingly sophisticated software.
He looks a the different kinds of access control (discretionary access control, mandatory access control) and topics surrounding them like:
Adding Hierarchy
Avoiding Unnecessary Restrictions
Special Roles
Implementation Efficiency
Real Difficulties
The tutorial finishes up with the start of a hierarchical access control system (including a few screenshots showing the tables and their relationships).
PHPBuilder has posted an excerpt from an Apress book today - "Beginning Ajax with PHP: From Novice to Professional". It's from the third chapter that introduces the PHP and Ajax combination.
While the concept of Ajax contains a handy set of functionality for creating actions on the fly, if you are not making use of its ability to connect to the server, you are really just using basic JavaScript. Not that there is anything truly wrong with that, but the real power lies in joining the client-side functionality of JavaScript with the server-side processing of the PHP language using the concept of Ajax.
The article's pretty light on the code, but it does give a full example of showing and hiding dynamic content pulled from a backend PHP script (calendar information). Outside of that they just discuss general topics like "Why PHP and Ajax?" and the difference between client-side and server-side processing.
DevShed wraps up their look at databases in PHP (a excerpted from "Programming PHP, Second Edition") with this new tutorial showing how to insert and work with PDO prepared statements.
Concluding our discussion of databases and PHP, we'll finish building the [administration portion of the website] example that we started last week.
They start with the code for the administration page for adding a new record to the table - in this case, a business. They give the code to handle the submit and how to display a list of the current businesses. They wrap it up with a look at working with PHP Data Objects (PDO) and using them to create prepared statements.
Continuing on from this previous post, DevShed has this new tutorial posted. Another excerpt from O'Reilly's "Programming PHP, Second Edition" (by Kevin Tatroe, Rasmus Lerdorf, and Peter MacIntyre), this section gets more into connecting to the database, making a query and returning some information.
They start off looking at the DSNs mentioned previously and include a bit of error checking around it to handle anything that might come up. The next step is, of course, to make a query against the information in your database. They also include an example of the fetchRow method to push the returned results into a variable.
The variable is built out as an array, so they show what that array looks like "on the inside" and how you can reference the different values that make it up.
DevShed has started a new series looking at working with PHP and databases with this new tutorial posted today, an excerpt from the O'Reilly book "Programming PHP, Second Edition".
We focus on the PEAR DB system, which lets you use the same functions to access any database, rather than on the myriad database-specific extensions. In this chapter, you'll learn how to fetch data from the database, how to store data in the database, and how to handle errors. We finish with a sample application that shows how to put various database techniques into action.
In this first part of the series, they look at what kinds of things are possible with the database connection, some of the basics of using the PEAR DB class and working with data source names to help with the connection.
DevShed has a new book excerpt from a good standby security resource from O'Reilly - Chris Shiflett's "Essential PHP Security". This time, they focus on the chapter talking about sessions and cookie security.
This chapter discusses sessions and the inherent risks associated with stateful web applications. You will first learn the fundamentals of state, cookies, and sessions; then I will discuss several concerns - cookie theft, exposed session data, session fixation, and session hijacking-along with practices that you can employ to help prevent them.
The chapter talks about how the statelessness of HTTP causes problems, how cookies can be stolen because of it and what kinds of things you can do to keep you and your users safe (like session fixation).
Filed under their "Advanced Topics" sections today is a new article from WebReference.com that looks at some security techniques developers can use in their apps to help keep their and their user's information safe from prying eyes. It's an excerpt from Larry Ullman's book "PHP 5 Advanced: Visual QuickPro Guide".
This chapter will begin by rehashing the fundamentals of secure PHP programming. These are the basic things that I hope/assume you're already doing. After that a quick example shows ways to validate different kinds of data that might come from an HTML form.
The third topic is the new-to-PHP 5 PECL library called Filter. Its usage isn't very programmer-friendly, but the way it wraps all of the customary data filtering and sanitizing methods into one interface makes it worth knowing. After that, two different uses of the PEAR Auth package show an alternative way to implement authorization in your Web applications. The chapter will conclude with coverage of the MCrypt library, demonstrating how to encrypt and decrypt data.
The security tips in this part of the series range from turning off register_globals (you do have it off, don't you?) to form validation with things like regular expressions and the ctype functions.
The Zend Developer Zone has posted the final part of their excerpts from the Manning Publishing book "PHP in Action" today with part three of the Design Patterns chapter.
You know you've been waiting for it, here it is. The final installment of Chapter 7 of PHP in Action by Dagfinn Reiersol. Without further comment, here's the introduction to this section in Dagfinn's own words: "In this section we discuss an Iterator and a Composite."
Dagfinn briefly mentions what the two patterns are about - a "canned loop" and making tree structures easy. Check out the PDF for the remainder of the chapter.
On the Zend Developer Zone, there's a new post pointing to the second part of their look at the Manning Publishing book "PHP in Action".
If you've been anxiously awaiting part two of this series then your wait is over. Here's a short introduction to the section part of this series written by the author of the book, Dagfinn Reiersol. I had the privilege of meeting Dagfinn at phpuk last week. Below the introduction is the link I know you've been waiting for.
The new PDF they link to focus on two different patterns - the Decorator (a wrapper class) pattern and the Null Object (an object that works like the others but does nothing behind the scenes) pattern.
PHPBuilder.com has posted a new article (an excerpt from the "Foundations of PEAR" book from APress) focusing on the authentication aspect and components PEAR has to offer.
After all, nearly all authentication is identical in its basic functionality, and there's usually no good reason to spin off your own code if it's already written for you.
They talk about three packages - the Auth package, Auth_HTTP, and the Auth_PrefManager. They describe the Auth package in depth in this article - common uses, related packages, required packages, what the constructor is like and descriptions of the functions the package provides.
PHPBuilder.com is back with part two of their look at building an application combining PHP and Ajax (as excerpted from the Apress book "Beginning Ajax with PHP: From Novice to Professional"). Part one for the series is here.
A nice feature that I first noticed as being received positively by the Internet community is the auto-complete feature in Gmail. [...] The next example will show you how to do the same thing - although it's not quite as in-depth as the Gmail solution.
They start with the CSS and Javascript to make the application work, including a simple XMLHttpRequest object for the Ajax connection. The "autocomplete" function is called via an onKeyPress event in the form on the page, grabbing the content and firing off a request to the backend script. The also include a series of screenshots that show the different steps of the process from entering the information down to outputting the results.
In another part of their series of excerpts from the Zend PHP Certification Guide (from Zend), DevShed has posted this article talking about debugging and performance issues and methods.
Making mistakes is human, and so is fixing them. In your day-to-day programming adventures, it's inevitable to introduce bugs in your PHP code, especially when you're writing very complex applications with tens of thousands of lines of code spread across tens of files.
In this article they look at things like flattening if statements, spplitting single commands across multiple lines, and the difference between =, ==, and ===.
PHPBuilder is back with the second part of their excerpt from the book Pro PHP Security (Apress)looking at finding and preventing SQL injections in your applications.
Topics it's broken out into include:
Kinds of Injection Attacks
Multiple-query Injection
INVISION POWER BOARD SQL INJECTION VULNERABILITY
Demarcate Every Value in Your Queries
They start off pretty basic - watch what you're directly including in your SQL statement - and move on to how attackers can end your SQL and push in their own and more. The Invision vulnerability is a more real-world example of what can go wrong when filtering isn't done right. The tutorial's rounded off with some of the functions and methods you can use to check the input and filter out the bad from the good.
PHPBuilder.com continues in their series of exceprt from the Sams Publishing book "PHP 5 in Practice" with this quick snippet showing how to create an interactive web application
by combining PHP and Ajax.
A full discussion of Ajax is not within the scope of this book and would be mostly a discussion of JavaScript, not PHP. However, the listings in this section demonstrate one quick example that shows how Ajax can call a PHP script, pass it data, and display the results back to the user.
Their simple example makes a "time service" that can be pulled from any remote script (in the domain, of course). The PHP for the backend is simple - just echoing out the current time, and the HTML/Javascript is simple too, making a basic XMLHttpRequest call to the backend script.
Continuing on with their series pulling from the great book from George Schlossnagle, "Advanced PHP Programming", DevShed has posted this new tutorial looking at the use of overloading with object oriented programming in your PHP 5 scripting expeditions.
Last week, we discussed design patterns and polymorphism. This week, we examine overloading and more. Let's bring together some of the techniques developed so far in this chapter and use overloading to provide a more OO-style interface to the result set. Having all the results in a single object may be a familiar paradigm to programmers who are used to using Java's JDBC database connectivity layer.
The first page shows (mostly in code) how to grab the information from the database and pull it all into the single, tidy result set. They dump this new data packet into the hands of the SPL and iterate through it, pulling out the key/value pairs along the way.
Finally, they look at two of the special functions PHP has to make life a little easier when working with objects - __call and __autoload. Both provide some of that great "automagical" functionality that makes life better.
PHPBuilder.com has another in their series of excerpts from the Sams Publishing book "PHP 5 in Practice" today - a look at paginating results on a website.
When creating browse or search functionality on a website, you many find that you end up with more data than the page can easily display at once. In these situations it makes for a better user experience to give users only a certain number of results and then present them with options to see the next and/or previous pages.
The code listing is slightly complex, but it does provide a good, clear look at how to paginate the values in an array. They also explain a bit about the two functions that make it possible - http_build_ query and array_chunk.
PHPBuilder has another excerpt posted from the book "PHP 5 in Practice" from Sams Publishing. It takes a quick look at a method to simulate graphical charts with some XHTML and CSS tricks (and PHP's help).
When you need to present data in a chart on a web page, it is often worthwhile to generate graphical charts. This method is covered later in Section 18.4, "Creating a Graph/Chart Library"; however, sometimes for a quick chart CSS can suffice. Listing 9.4.1 presents a function that creates a visual chart of data using CSS and XHTML only.
You can find the code they're talking about for "Listing 9.4.1". They explain it briefly, but it's a quick "here's what it looks like" and less of a "here's the logic behind it" kind of post. Never the less, it's still quite useful.
DevShed has posted an excerpt from the book "Advanced PHP Programming" from George Schlossnagle as this new tutorial detailing the creation of standalone PHP scripts.
If you've ever been interested in making significant use of PHP outside of a web environment, this article will show you how. The first of three parts.
This chapter describes how to reuse existing code libraries to perform administrative tasks in PHP and how to write standalone and one-liner scripts. It gives a couple extremely paradigm-breaking projects that put PHP to use outside the Web environment.
In this first part, they groundwork is laid - they introduce the CLI interface PHP already has and show how to handle input/output and work with parsing the command line arguments passed in.
For those anxiously looking forward to Joshua Eichorn's "Understanding Ajax" book, there's a note on his blog you'll want to check out.
The lead story at ComputerWorld.com is an excerpt from my book Understanding AJAX. If you are thinking about buying the book, but needed more information to make a decision nows your chance.
The sample chapter is the first, teaching about the basics of Ajax - how its structured, what it does, even alternatives to it. You can also check out the table of contents and see what other topics are being covered.
