In this new post to Reddit, the author shares a bit of their knowledge on what they think everyone should know about strip_tags and some of the issues that can come with it (including security problems).

strip_tags is one of the common go-to functions used for making user input on web pages safe for display. But contrary to what it sounds like it's for, strip_tags is never, ever, ever the right function to use for this and it has a lot of problems.

Specific problems mentioned include "eating" of valid text, not preventing typed HTML entities, the whitelist of tags opening holes and character set issues that could have security implications. Other tools are recommended in both the article and the comments like HTML Purifier, the option of BBCode and Markdown.

Kevin Schroeder has a quick tip for anyone using phpcloud.com and having trouble with git and "remote end hung up" error messages.

If you are using phpcloud.com and are experiencing errors with git [...] and you are trying to push large files (not sure what is defined as "large") you may need to change some git settings.

He points out two settings - one for Windows and the other for Linux - that increase the buffer size to handle larger files that might be included in your repository.

In a new post to his blog Martin Psinas talks about some of his pains experienced with upgrading his code to use PDO instead of the mysql extension for database interaction.

I read not too long ago that the mysql library in PHP is being deprecated as of v6.0 in favor of mysqli or PDO, so of course I had to update all of my database code keep on top of things. I spent about 5 or 6 hours over the course of 2 days familiarizing myself with the new syntax and updating my code offline. Without any testing, I decided I could go ahead and push the code "live" because I'm just that over-confident sometimes, although I did make a backup in case anything went wrong (or so I thought).

Two problems jumped out immediately - a SQL error caused by this bug and the other being a problem with preparing his statement inside of a session handling method.

In a new post to his blog Ruslan Yakushev points out a new build of WinCache (the Windows caching tool for PHP) that makes life easier for WordPress users who want it to be able to to the auto-upgrade correctly.

The WinCache extension 1.1 for PHP has been released last year. Since then several customers reported a bug in the extension that prevents WordPress and other PHP applications from performing automatic upgrades or their plugins. This was reported on WordPress forum as well as on WinCache forum. The new build of WinCache with the fix for this problem is available now at the following location: https://sourceforge.net/projects/wincache/files/development/

He asks for feedback if things still don't work - either as a comment in the WinCache forum or as a bug to the PECL database. This will help them improve the support in future releases and make it even easier for those running WordPress on Windows to keep their sites running smoothly.

Rafael Dohms has posted a new tip for developers (and really anyone else that has to concentrate on mentally challenging tasks all day) that could sometime help you break through that wall you've hit in your code - take a mental break.

Developers are modern day artists whose masterpieces are not hung on walls but stretched out thin on web servers all over the world, yes that is very poetic, but I really try to look at developers as artists and puzzle solvers. [...] A different activity, to most its the simple act of going to get coffee or water, taking a stroll outside in the fresh air, some like sports, some like games.. everyone has their escape valve.

He gives an example of a friend (Chester) who, when he hit a mark he just couldn't pass, turned to a set of lego blocks to help clear his mind. The subconscious mind kicks in as you preoccupy the conscious and a lot of times the answer floats up to he top with little or no effort.

On their Blogspot blog today strattonbrazil talks about why they now find PHP boring as compared to other languages and is "dead to them" in future development.

After a brief scan of various PHP support sites, PHP development outside the realm of web development is basically negligible. I see no reason, in fact, besides some amazing library I might not be aware of, for me to use PHP for a non-web-based application.

They also share some opinions about the language itself - the syntax is ugly, using "arrows" to reference data, global functions to work with data types instead of a more OOP approach and a few more. They talk about the MVC frameworks that have grown up recently around the language and some of the templating libraries that have come with them. There's also a few things they'll miss like the excellent documentation and that it's so ubiquitous.

In this new post to his blog Cal Evans talks about a project he was working on that needed to interface with Twitter via their API. This, of course, requires OAuth but his script is all backend and Twitter requires a frontend to allow the application access.

There is no front end at all. It just collects info and stores it in a database so I can query it later. (I'm an old-school database guy and love just writing ad-hoc queries to see what I can see) Twitter wants to redirect you to a site once you have authorized access. Since I don't actually have a site to redirect it to, this was a problem.

His solution ("in two parts") involves tips from two different blog posts - this tutorial from Michelangelo van Dam and the other from Jaisen Mathai about using OAuth with Twitter. He's not releasing the source for his script just yet, though, so you'll have to do a little research on your own.

Mike Bernat has a new post to his blog today talking about what he considers the problem to be with both WordPress and Drupal - despite doing what they do well, they're not good examples for developers.

If a young developer said to you 'I want to learn by looking at existing code from a successful PHP project. Can you point me in the right direction?' Would you ever feel comfortable sitting them down in front of Drupal or WordPress code? What if they responded by saying: 'But they are the most well-known free, and open, products that use PHP. They're obviously doing something right, so why shouldn't I try to learn from their example?'

In his opinion, developers should set their sights elsewhere if they're looking for good examples. Both tools use what he calls the "old way architecture" that could hold developers back from some of the wonderful new enhancements that the language has to offer and best practices that might not be found in their codebase.

While some of the techniques used in WordPress/Drupal are undoubtedly solid and still state-of-the-art, the majority of the frameworks are ancient in web-development terms. PHP is growing as a language, and I for one want to see it regain some of the respect its lost.

Ilia Alshanetsky has a suggestion for those setting up PHP and Apache2 for the first time - beware of the default configuration!

About a week ago, I was doing some upgrades on my development machine and came across a rather nasty issue when it comes to how .php(s) files are associated with PHP in Apache. It seems that a number of distros including Gentoo (which is what I was using) are using the [same] configuration directive to make the PHP module parse PHP files

The problem comes from their use of "AddHandler" versus "AddType" when telling Apache which files to parse as PHP. The first allows anything with ".php" in its filename to be parsed while the second limits it to just files ending in ".php". Check your configuration to ensure you're not open to this issue, especially if there's scripts/files outside of your control.

On the SymfonyLab site today there's a new post about one person's experience in setting up Symfony2 on a Windows system and some of the issues they found.

've finally decided today to install symfony2 under Windows7 and see what the beast it is. Also it's interesting to see its status, I really can't believe s2 can be ready until end of year. So I've decided to go with simplest "sandbox" way and after unzipping verify my environment by using this script (as proposed in quick start manual): http://localhost/sandbox/web/check.php It turned out that I missed a few things.

These "few things" included having the wrong PHP version (not 5.3), manually defining the timezone information and uncommenting a few needed extensions for the framework to cooperate. He still received an error when loading the sample page, but quickly found a patch to correct the "InvalidArgument" error.