News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Rob Allen:
Setting up PHP & MySQL on OS X Yosemite
October 20, 2014 @ 09:43:36

Rob Allen has posted a quick guide to help you get PHP and MySQL set up on Yosemite, the latest version of Apple's OSX operating system (just released last week).

t's that time again; Apple has shipped a new version of OS X, 10.10 Yosemite. Apple ships PHP 5.5.14 with Yosemite and this is how to set it up from a clean install. However, if you don't want to use the built-in PHP or want to use version 5.6, then these are some alternatives [including the Liip binary package, Homebrew or Zend Server 7.x).

He opts for the Homebrew method, installing it first then getting into the PHP and MySQL packages. This is all done from the command-line, so you'll need to be comfortable there. He includes the commands needed to install PHP, MySQL and Apache along with all configuration changes to make them work together. He also shows how to install Xdebug, PEAR, Composer and the Mcrypt & Intl extensions if needed.

0 comments voice your opinion now!
setup osx yosemite mysql homebrew package install apache intl mcrypt

Link: http://akrabat.com/php/setting-up-php-mysql-on-os-x-yosemite/

NetTuts.com:
How to Build Rate Limiting into Your Web App Login
September 22, 2014 @ 11:12:14

In this new tutorial on NetTuts.com, Jeff Reifman shows you how to build rate limiting into your application to help with issues on your login caused by possible brute force attacks.

Since one of the wealthiest corporations in the world [Apple] didn't allocate the resources to rate limit all of their authentication points, it's likely that some of your web apps don't include rate limiting. In this tutorial, I'll walk through some of the basic concepts of rate limiting and a simple implementation for your PHP-based web application.

He starts with a brief look at how (brute force) login attacks actually work and how that relates to the most common passwords used. He splits out the two main approaches to rate limiting in applications: limit based on failures by username or limiting by IP address. He then gets into the actual code examples, choosing a Yii framework-based application for his illustration. He creates a simple "failed login" database table, shows how to log the attempts and includes a snippet to purge items older than (by default) 120 minutes ago. Finally, he includes the code to check the table and see if the username has too many failures listen and, if so, denies them access.

0 comments voice your opinion now!
rate limiting login application tutorial mysql database

Link: http://code.tutsplus.com/tutorials/how-to-build-rate-limiting-into-your-web-app-login--cms-22133

Rob Allen:
Throw an exception when simplexml_load_string fails
September 09, 2014 @ 09:27:13

In a quick post to his site Rob Allen shares a class that he's created to handle and throw an exception any time that the load from a SimpleXML parsing fails.

I keep having to look up how to stop the warning that are emitted when simplexml_load_string & simplexml_load_file fail, so this time I've written the world's simplest little class to take care of it for me from now on.

His "Xml" class wraps around the SimpleXML functionality and checks to see if the resulting object is false. If it is, it uses some internal error handling to fetch the error message result and throws it as a "RuntimeException". This error string comes from a "getXMLErrorString" function that uses the libxml_get_errors function to get the resulting error list.

0 comments voice your opinion now!
simplexml load string file fail exception error handling

Link: http://akrabat.com/php/throw-an-exception-when-simplexml_load_string-fails/

SitePoint PHP Blog:
PINQ - Querify Your Datasets - Faceted Search
August 26, 2014 @ 10:58:22

The SitePoint PHP blog has continued their series showing the use of the PINQ library for PHP (a PHP implementation of the LINQ tool). In part one they introduced the tool and showed how to it could be used to query and sort data. In this second part they move on and show how to perform a multi-faceted search on data from a MySQL database.

We are not going to cover the full aspect of faceted search in this series. Interested parties can refer to relevant articles published on Sitepoint and other Internet publications. [...] Unfortunately, faceted search is not a built-in feature provided by MySQL yet. What can we do if we are using MySQL but also want to provide our users with such a feature? With PINQ, we'll see there is an equally powerful and straightforward approach to achieving this as when we are using other DB engines - at least in a way.

Building from the code from the first part of the series, they create a few more simple routes that let you define the different facets to use for the searching/sorting. He creates a custom facet class that uses the "traversable" handling of the PINQ to do the data manipulation. He creates a few different facet objects, each creating a customized filter. finally, he ties it all back into the endpoint and includes the updated markup to show the results. He finishes up the post mentioning a few limitations and improvements that could be made on the example as well.

0 comments voice your opinion now!
pinq query dataset mysql faceted search tutorial series part2

Link: http://www.sitepoint.com/pinq-querify-datasets-faceted-search/

SitePoint PHP Blog:
How to Create a Unique 64bit Integer from String
August 14, 2014 @ 12:55:33

In the latest post to the SitePoint PHP blog Vova Feldman shows you how to create an integer from a hash string that's both 64 bit and unique each time it's generated.

PHP provides the popular md5() hash function out of the box, which returns 32 a hex character string. It's a great way to generate a fingerprint for any arbitrary length string. But what if you need to generate an integer fingerprint out of a URL?

He describes the real-world situation he was facing - a rating widget that needed a randomized integer based on the page using it - and the two "sub-challenges" that make it up: url canonization and the string to unique 64 bit problem. He tackles each problem and shares code snippets showing the process and how it can be put to use. He also includes some interesting metrics at the end of the post showing the level of hash collisions (hint, it's a very low number).

0 comments voice your opinion now!
unique integer string 64bit tutorial md5 hash

Link: http://www.sitepoint.com/create-unique-64bit-integer-string/

The Code of a Ninja:
Salt, Hash and Store Passwords Securely with Phpass
June 16, 2014 @ 11:15:37

In this post to the CodeOfANinjs.com site, they walk you through password hashing, salting and storage using the PHPAss tool from OpenWall. The post itself is a bit older, but the content still provides a good example to teach the basics.

I think the main reason why we have to hash passwords is to prevent passwords from being stolen or compromised. You see, even if someone steal your database, they will never read your actual or cleartext password. I know that some PHP frameworks or CMS already provide this functionality, but I believe that it is important for us to know how its implementation can be made.

The tutorial shows you how to use the library and how to store the result in a simple "users" table in a MySQL database. The examples hash the password given from a simple form and use prepared statements (via PDO) to save it to the database. All PHP, HTML and CSS code you'll need - including the login form that checks the username/password - is included. There's also a few screenshots showing what the resulting forms and data should look like.

0 comments voice your opinion now!
phpass tutorial hash salt password storage mysql user

Link: http://www.codeofaninja.com/2013/03/php-hash-password.html

SitePoint PHP Blog:
Dependency Injection with Laravel's IoC
June 05, 2014 @ 11:51:08

The SitePoint PHP blog has a new tutorial posted showing you how to use the Laravel dependency injection container to handle dependencies in you Laravel-based applications. Younes Rafie introduces some of the basic concepts behind dependency injection and the various types to get everyone started on the same level.

As developers, we are always trying to find new ways to write well designed and clean code by adopting new styles, using design patterns, and trying new robust frameworks. In this article we will explore the dependency injection design pattern through Laravel's IoC component and see how it can improve our design.

He includes examples of the three basic types of injection - controller, setter and interface - with brief code examples of their implementation. He goes on to talk about the "Inversion of Control" principle (part of the SOLID set of principles) and how the Laravel dependency injection container helps by binding objects and instances for later retrieval. Code examples for session storage handling (through a MySQL database) are included that are automatically resolved as the class requires them.

0 comments voice your opinion now!
laravel dependency injection container ioc tutorial introduction session mysql

Link: http://www.sitepoint.com/dependency-injection-laravels-ioc

Code Yellow Blog:
What Your Framework Never Told You About SQL Injection Protection
May 23, 2014 @ 13:51:20

The Code Yellow site has recently posted an article pointing out an issue that's all too common in PHP frameworks, more specifically those that bundle some kind of ORM into their functionality. They wonder if your framework is telling you everything about what they're doing to prevent SQL injection.

We've discovered that SQL injection is to this day not a fully solved problem, even in most popular frameworks. In this post, we'll explain how these frameworks fail at escaping parts of a query, culminating in the discovery of a critical vulnerability in the popular Laravel framework which affects a large percentage of applications.

He starts with an illustration using the FuelPHP framework and the protection it offers from garden variety SQL injection attempts. Unfortunately, things start to break down when it gets much past this typical case. They found this same issue to be a wide-spread problem in many PHP frameworks and tools including the Laravel, CodeIgniter and CakePHP frameworks, each with their own ORMs. He also talks about issues with blacklisting and whitelisting and how, sadly, most of the frameworks just don't support it for model data filtering. There's a mention of some of the work they've done to help try and fix the issue (including patches and contacting authors) and some recommendations of how to correctly quote identifiers in SQL statements.

0 comments voice your opinion now!
sqlinjection framework whitelist blacklist identifiers escape prepared statements

Link: http://www.codeyellow.nl/identifier-sqli.html

Edd Mann:
Reversing a Unicode String in PHP using UTF-16BE/LE
May 12, 2014 @ 10:55:00

Edd Mann looks at an issue in his latest post that caused him problems in a recent project, reversing a Unicode string with UTF-16BE/LE.

Last week I was bit by the Unicode encoding issue when trying to naively manipulate a user's input using PHP's built-in string functions. PHP simply assumes that all characters are a single byte (octet) and the provided functions use this assumption when processing a string. [...] You should be aware that in 'Western Europe' we commonly only use the basic ASCII character-set (consisting of 7 bytes). This makes the transition to the popular 'UTF-8' Unicode representation almost seamless, as the two map one-to-one. I wish to however, discuss how to reverse a Unicode string (UTF-8) using a combination of endianness magic and the 'strrev' function.

He provides two different approaches to the problem. The first he calls the "naive" approach because it corrupts characters needing more than the two-byte representation. His second solution, the "endianness" method, converts the string to big-endian first (UTF-16) and then back to UTF-8 for more correct handling.

0 comments voice your opinion now!
unicode string utf8 utf16 bigendian endian convert reverse string

Link: http://eddmann.com/posts/reversing-a-unicode-string-in-php-using-utf-16-be-le

Sameer Borate:
Calculating descriptive statistics in MySQL
April 08, 2014 @ 10:46:22

Sameer Borate has shared some examples of how to generate some meaningful statistics about the contents of your database in a new post to his site today.

Descriptive statistics can be quite useful for simple analysis of records in a database. For example, to calculate average numbers of sales or products for a particular duration, or the Variance of sales for a month etc. We can easily calculate standard descriptive statistic measures in MySQL such as MEAN, SUM, STANDARD DEVIATION, VARIANCE, MIN and MAX using built-in functions.

He includes both the SQL and a bit of PHP code showing how to get these statistics (based on a simple data set of student scores). The PHP is required to more correctly evaluate the median and mode values as it's easier to evaluate those in PHP.

0 comments voice your opinion now!
mysql database descriptive statistics mean sum mode median

Link: http://www.codediesel.com/data/calculating-descriptive-statistics-in-mysql


Community Events





Don't see your event here?
Let us know!


release symfony tips interview language unittest package update opinion laravel podcast introduction api deployment library series framework zendserver install community

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework