News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Edd Mann:
Reversing a Unicode String in PHP using UTF-16BE/LE
May 12, 2014 @ 10:55:00

Edd Mann looks at an issue in his latest post that caused him problems in a recent project, reversing a Unicode string with UTF-16BE/LE.

Last week I was bit by the Unicode encoding issue when trying to naively manipulate a user's input using PHP's built-in string functions. PHP simply assumes that all characters are a single byte (octet) and the provided functions use this assumption when processing a string. [...] You should be aware that in 'Western Europe' we commonly only use the basic ASCII character-set (consisting of 7 bytes). This makes the transition to the popular 'UTF-8' Unicode representation almost seamless, as the two map one-to-one. I wish to however, discuss how to reverse a Unicode string (UTF-8) using a combination of endianness magic and the 'strrev' function.

He provides two different approaches to the problem. The first he calls the "naive" approach because it corrupts characters needing more than the two-byte representation. His second solution, the "endianness" method, converts the string to big-endian first (UTF-16) and then back to UTF-8 for more correct handling.

0 comments voice your opinion now!
unicode string utf8 utf16 bigendian endian convert reverse string

Link: http://eddmann.com/posts/reversing-a-unicode-string-in-php-using-utf-16-be-le

NetTuts.com:
Refactoring Legacy Code Part 2 - Magic Strings & Constants
April 03, 2014 @ 12:47:46

NetTuts.com has posted the second part of their "Refactoring Legacy Code" series today continuing on from their beginning of the series. They continue the refactor of their "trivia" application.

Old code. Ugly code. Complicated code. Spaghetti code. Jibberish nonsense. In two words, Legacy Code. This is a series that will help you work and deal with it. We first met our legacy source code in our previous lesson. [...] The time for the first changes have come and what better way to understand a difficult code base than start to extract magic constants and strings into variables? These seemingly simple tasks will give us greater and sometimes unexpected insights into the inner workings of legacy code. We will need to figure out the intentions of the original code author and find the proper names for the pieces of code that we've never seen before.

They talk about refactoring out things like "magic strings" and other hard-coded return values and checks. They mention updating the tests to reflect these changes while keeping an eye out for "magic constants" as well.

0 comments voice your opinion now!
refactoring unittest magic string constant trivia

Link: http://code.tutsplus.com/tutorials/refactoring-legacy-code-part-2-magic-strings-constants--cms-20527

Dougal Campbell:
mysql vs mysqli in WordPress
March 07, 2014 @ 10:59:52

In his latest post Dougal Campbell shares his findings from a bug he was having with a plugin in WordPress. It revolved around the use of mysql or mysqli and errors being thrown to his logs.

The plugin had previously worked fine (it generates a sidebar widget), and I wasn't actively working on my site, so I wasn't really sure when it had quit working. In the course of debugging the problem, I discovered that the plugin was throwing warnings in my PHP error log regarding the mysql_real_escape_string() function. As a quick fix, I simply replaced all of those calls with WordPress' esc_sql() function. Voila, problem fixed.

He was interested in why this worked, though, and went digging in the code. As it turns out, the WordPress code tries to determine which mysql extension you have support for. As it turns out, his installation fit the "mysqli profile" so the "mysql_real_escape_string" wasn't available. To the WordPress users out there, he suggests esc_sql or $wpdb->prepare() instead.

0 comments voice your opinion now!
mysql mysqli wordpress escape string extmysql

Link: http://dougal.gunters.org/blog/2014/03/06/mysql-vs-mysqli-wordpress

Josh Adell:
Serializing Data Like a PHP Session
May 02, 2013 @ 09:11:33

In this new post Josh Adell looks at working with PHP sessions and how you can manually encode data to look as if it came from the normal session handling.

If you have ever popped open a PHP session file, or stored session data in a database, you may have noticed that this serialization looks very similar to the serialize function's output, but it is not the same. Recently, I needed to serialize data so that it looked like PHP session data (don't ask why; I highly suggest not doing this if it can be avoided.) It turns out, PHP has a function that encodes data in this format: session_encode.

Unfortunately, this method doesn't take arguments - it just outputs the encoded version of the current session data. So, he came up with his own encode/decode methods that use the PHP session, extract the serialized string and return it.

0 comments voice your opinion now!
serialize data session string unserialize

Link: http://blog.everymansoftware.com/2013/05/serializing-data-like-php-session.html

Sherif Ramadan:
How to Write an Operator Precedence Parser in PHP
January 21, 2013 @ 11:21:22

Sherif Ramadan has a post looking at creating a better operator precedence parser in PHP. His example is a fully PHP implementation that takes equation strings and evaluates them to create the result.

Operator precedence parsers are very simple on the surface. So don't feel in the least bit intimidated, because by the time you've read through this I hope to have you walk away with a solid foundation on how to write your very own operator precedence parser. The goal is to understand how to solve the problem of operator precedence parsing, and not necessarily to write your own parser. Learning how the problem can be solved is the most important thing to take away from this article.

He starts with an introduction to the concepts behind "operator precedence" including processing order and grouping. He also mentions infix and postfix (RPN) notations for handling different formats of equations. He used the "Shunting-yard Algorithm" and how it relates to handling the different parts of the equation, one at a time, in the correct order. He rest of the post is dedicated to the details of the execution in the tool, including code examples and the tokenization of the strings passed into it.

0 comments voice your opinion now!
operator precedence parser string token shuntingyard algorithm


Mike Purcell's Blog:
PHPUnit - Upgrade - Convert assertType to assertInternalType
May 21, 2012 @ 09:56:59

In this quick post to his blog, Mike Purcell mentions the deprecation of the "assertType" assertion and includes some code you can add to correct the issue in your tests.

We recently upgraded phpunit from a very old version to the current 3.6.x version (at time of writing). During the upgrade I noticed that assertType is no longer supported in many of our tests which were testing if something was a string, an array, or an object. So I had to write a quick script to update assertType to assertInternalType and figured I would post it for others if they needed to do the same.

The code goes into each of your tests (recursively) and finds the places where the "assertType" assertion is used and replaces it with its newer cousin "assertIntrnalType".

0 comments voice your opinion now!
phpunit unittest asserttype assertinternaltype string replace


Joseph Scott's Blog:
Why PHP Strings Equal Zero
March 15, 2012 @ 09:47:49

Joseph Scott has a new post to his blog looking at "why PHP strings equal zero" - that when you use the "==" operator on a string to compare to zero, it's true.

The issue of PHP strings equaling zero has come up a few times recently. [...] Running that will display Equals zero!, which at first glance probably doesn't make much sense. So what is going on here?

He gets into the specifics of what's happening - a bit of type jugging, less strict comparison since it's the "==" versus "===" and how the PHP manual talks about strings being converted to numbers.

While I still think it is odd that the string gets cast as an integer instead of the other way around, I don't think this is a big deal. I can't recall a single time where I've ever run into this issue in a PHP app. I've only seen it come up in contrived examples like the ones above.
0 comments voice your opinion now!
string equal zero type juggling conversion


Gonzalo Ayuso's Blog:
How to use eval() without using eval() in PHP
March 13, 2012 @ 10:09:52

In this new post Gonzalo Ayuso talks about "using eval without using eval" in PHP applications - executing PHP code without having to use the eval function to do it.

Yes I know. Eval() is evil. If our answer is to use eval() function, we are probably asking the wrong question. When we see an eval() function all our coding smell's red lights start flashing inside our mind. Definitely it's a bad practice. But last week I was thinking about it. How can I eval raw PHP code without using the eval function, and I will show you my outcomes.

He includes some sample code showing a basic script with a class and a loop executing normally, then an "eval version" that puts it all in a string and executes it. He offers a different method - not an ideal one since it requires being able to write to the local file system, but prevents the need for eval - writing the PHP code to a temporary file and using a "fake eval" to pull it in.

0 comments voice your opinion now!
eval execute string code temporary file include


Brandon Savage's Blog:
An XSS Vulerability In The Making
March 07, 2012 @ 12:02:46

Brandon Savage has a new post to his blog about what he calls a XSS vulnerability in the making, something to watch out for when you're doing validation in PHP involving the possibility of numbers as strings.

Back in September, Socorro received a security bug relating to the method we were using for processing inputs for the duration of certain reports. The vulnerability included a proof of concept, with an alert box popping up on production when the link was followed. [...] I was quite surprised at the root cause of the vulnerability. We had opted to compare the incoming data against a known set of valid values - a common practice when whitelisting certain inputs. [...] As expected, when this [example] code is tested, a string of '3' and an integer of 3 work equally well, and a string of '5' and an integer of 5 fail equally.

This automatic casting that PHP does internally caused another issue as well - if the string passed in even started with a valid number from their whitelist set, it still passed.

At first we thought this surely had to be a bug in PHP. However, Laura Thomson told me "If comparing two values, type juggling is performed first, which means that the string is converted to a number. This is done by taking the first number found in the string. So this may be confusing/a quirk/a gotcha, but it isn't a bug." And she's right: this isn't a bug per se, but it's certainly an interesting "gotcha."
0 comments voice your opinion now!
crosssitescripting xss type juggling string conversion internal


Refulz.com:
The __toString() Method - Objects as Strings
February 09, 2012 @ 09:27:19

On the Refulz.com blog there's a recent post introducing the __toString() magic method in PHP. This handy method allows you to define how to return an object when it's referenced as a string.

We started the study of PHP magic methods by learning about __get() magic method. [...] PHP is loosely typed language and same variable can be used or referred as string, number or object. The __toString() method is called when the code attempts to treat an object like a string. This function does not accept any arguments and should return a string.

Some quick code is included showing how it works - returning a combined string made from two private class properties when the object ($obj) is echoed out. They also show multiple ways of using the method in both pre- and post-PHP 5.2.

0 comments voice your opinion now!
tostring magic method object string



Community Events





Don't see your event here?
Let us know!


podcast language experience framework testing list laravel install introduction opinion symfony2 interview series code threedevsandamaybe refactor release developer community unittest

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework