Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

LineshJose.com:
How To: Create A Simple CSS Compressor Using PHP
Jun 06, 2012 @ 08:44:26

In this recent post to his blog Linesh Jose shows you how to create a simple PHP-based compressor for your CSS (using some string replacement methods and a regex or two).

CSS or Cascading Style Sheets is a language used to describe the presentation of a document written in a markup language. If you’re developing a very complex design for your site, CSS scripts become very long, and takes too much time to load. But a compressed CSS script can help your website load faster and easily maintain its functionality. Here, I’ve created a very simple CSS compressor using PHP to compress or reduce CSS script size.

You can read through the example code and see how it all works or you can download the code and see a live demo of it in action. His script does the compression on the fly, but it's not a far stretch to get it set up as a part of a build to output to a file on deployment.

tagged: css compress tutorial strreplace pregreplace

Link:

SitePoint PHP Blog:
How to Tidy Your WordPress Menu HTML
Jan 26, 2011 @ 09:37:59

On the SitePoint PHP blog today there's a new post from Craig Buckler for the WordPress users out there. The HTML that this popular blog/CMS tools spits out can sometimes be not-so-semantic. Craig shares a tip on cleaning up one aspect of it - the methods returning lists for menus or sitemaps.

love WordPress. I also love clean semantic HTML. Unfortunately, several of the standard WordPress theme functions return code that is a little untidy. For me, the primary culprits are wp_list_pages() and the newer wp_nav_menu(); both return an unordered list of page links.

He gives an example of a sample list generated by wp_nav_menu() that's full of badly formatted and unnecessary elements. To help fix the issue, he shares his regular expression-based call to strip out things like extra tabs, empty classes and all title attributes. Obviously you can customize this as you need, but it's a good start towards something that's a bit cleaner and up to code.

tagged: wordpress tidy html output pregreplace regularexpression menu

Link:

PHP Discovery Blog:
Dangers of Remote Execution
Nov 21, 2007 @ 13:48:00

On the PHP Discovery blog, there's a new post reminding PHP developers of some of the more dangerous ways that remote execution could effect your site and some of the common entry points it can have.

PHP has numerous ways to execute raw PHP code unless you the programmer stops it. Best way in preventing these methods is making sure you check the input of what your users are inputting, and making sure you escape all malicious actions that a hacker,cracker, kiddy scripter might want to do to your website.

He summarizes four of the things from the Pro PHP Security book from Apress (by Chris Snyder and Michael Southwell) that can leave holes in you application for would-be explots - preg_replace, shell_exec/exec, eval (which we all know is only one letter from "evil" anyway) and require/include.

tagged: danger remote execution pregreplace include eval shellexec exec require danger remote execution pregreplace include eval shellexec exec require

Link:

PHP Discovery Blog:
Dangers of Remote Execution
Nov 21, 2007 @ 13:48:00

On the PHP Discovery blog, there's a new post reminding PHP developers of some of the more dangerous ways that remote execution could effect your site and some of the common entry points it can have.

PHP has numerous ways to execute raw PHP code unless you the programmer stops it. Best way in preventing these methods is making sure you check the input of what your users are inputting, and making sure you escape all malicious actions that a hacker,cracker, kiddy scripter might want to do to your website.

He summarizes four of the things from the Pro PHP Security book from Apress (by Chris Snyder and Michael Southwell) that can leave holes in you application for would-be explots - preg_replace, shell_exec/exec, eval (which we all know is only one letter from "evil" anyway) and require/include.

tagged: danger remote execution pregreplace include eval shellexec exec require danger remote execution pregreplace include eval shellexec exec require

Link: