On PHPMaster.com there's a continuance of a previous article about security in PHP applications talking about a few more considerations when trying to make things secure.

In a previous article, I talked about some common security vulnerabilities that can affect your PHP web application. But there are other things besides those ten (okay, seven) attacks to think about when you’re developing. And so, this article offers a compendium of miscellaneous things that are security related; things you should do, things you shouldn’t do, things that other people might try to do, whatever it takes to make an article long enough for my editor to be satisfied with it.

He talks some about the settings that you might need to tweak in your "php.ini" server-side configuration file, some hints on filtering data (like using filter_input) and what to watch out for with error reporting. He also mentions session fixation and the protection of user data and passwords to keep them out of the hands of would-be attackers.

On PHPMaster.com today there's a good tutorial that gives you some methods to do one of the most important things in any application - validating input. Their examples show how to use some of PHP's own filter functions to accomplish this.

Filter functions in PHP might not be sexy, but they can improve the stability, security, and even maintainability of your code if you learn how to use them correctly. In this article I’ll explain why input validation is important, why using PHPs built-in functions for performing input validation is important, and then throw together some examples (namely using filter_input() and filter_var()), discuss some potential pitfalls, and finish with a nice, juicy call to action.

He talks about why validation is important to protect your application (and users) from malicious things like cross-site scripting. He emphasizes the use of PHP's own filter methods because they are established and, well, included in the language - no additional libraries needed. Example code is included showing how to use them to filter email addresses and check that something is an integer.

You can find out more about these functions on their manual pages: filter_input, filter_var.

According to this announcement on the Zend Developer Zone, the latest version of the Zend Framework (still beta, but almost there!) has been released - Beta 0.9.3.

This is an update to the Zend Framework Beta Release. The Zend Framework developers have been working very hard to improve the quality every week, and this Beta Refresh release includes their efforts so far. There have been 77 issues fixed since 0.9.2.

Updates in this release also include major changes to several modules - Zend_Controller, Zend_Db, Zend_Filter_Input, Zend_Pdf, and Zend_Service. Check out the Changelog for complete information on the updates.

There's also some great news included:

The next release should be Zend Framework 1.0.0 release candidate 1. The purpose of the 1.0 release is to reach a state of feature and API stability, and future development must enforce backward-compatibility. When we reach the milestone of 1.0.0 RC1, we will create a branch in our source code repository.

According to this announcement on the Zend Developer Zone, the latest version of the Zend Framework (still beta, but almost there!) has been released - Beta 0.9.3.

This is an update to the Zend Framework Beta Release. The Zend Framework developers have been working very hard to improve the quality every week, and this Beta Refresh release includes their efforts so far. There have been 77 issues fixed since 0.9.2.

Updates in this release also include major changes to several modules - Zend_Controller, Zend_Db, Zend_Filter_Input, Zend_Pdf, and Zend_Service. Check out the Changelog for complete information on the updates.

There's also some great news included:

The next release should be Zend Framework 1.0.0 release candidate 1. The purpose of the 1.0 release is to reach a state of feature and API stability, and future development must enforce backward-compatibility. When we reach the milestone of 1.0.0 RC1, we will create a branch in our source code repository.