On PHPMaster.com today there's a new tutorial from Sneha Heda looking at error handling in PHP - the types of errors that can come up, how to throw your own and how to catch them appropriately.

Errors are the most common event a developer faces when programming. [...] To help reduce the number of errors in your code, and to mitigate their effects, proper error handling is essential in your web application. This article is a crash course in PHP error handling. You'll learn about PHP's built-in error reporting levels, and how to handle errors with custom error handlers and exception handling.

She starts with the different error reporting levels PHP offers, everything from the lightweight E_NOTICE out to E_ALL|E_STRICT. With this as a reference, she shows how to create a custom error handler (using set_error_handler). Also included is a look at exceptions and some of the more detailed information that comes with them - line numbers, messages, file the error was thrown from, etc.

Brian Swan has a new post to his MSDN blog today that looks at working with the SQL Server Reporting Services SDK and PHP to automatically create some reports based on the date in your database.

In this post I'll dive into the SSRS SDK for PHP that was recently released by the Interoperability team here at Microsoft. [...] The documentation in the SDK is complete with explanations for the classes that make up the SDK, code examples, and a "hello world" example. However, in this post, I'll build a simple web page (code attached to this post) that renders the Sales report that I created last week.

He starts off with an overview of how all of the technology will fit together and some of the things you'll need to have before you can get started - a user with the right permissions and a connection to the server. The "SSRSReport" class in the SDK gives you quick access to load a report based on a named location. You can then use methods like "RenderAsHTML" to output it as HTML or one of other methods (like CSV, text, PDF, etc).

On the ZendCasts.com site there's a new screencast continuing their look at the Zend_Tool component by combining it with Zend_Log to do some easy reporting.

This video uses a collection of powerful PHP libraries in order to illustrate how easy it really is to build a command-line tool for reporting against XML files. We start off by logging visitor statistics in the controller into a log file with Zend_Log. Once data has been collected, we're then able to utilize SimpleXML, Zend_Date and the Zend_Tool component to build out a very simple reporting tool.

He suggests one possible use is to create a cron job that will regenerate the reports nightly. You can view the screencast in the post or download a copy of the project to get started right away.

Kevin Waterson has posted a new article to his site today - an introductory look at security in your PHP applications.

One of the great benefits of PHP is its ease of access to new-comers. Its entry level is minimal and so attracts those looking for simple scripts to their sites. It is this same ease of access that becomes a problem as the new-comers begin to deal with input from users. Failure to adequately validate and sanitize data is the leading cause of security problems when dealing with PHP.

He looks at a few different areas that developers need to focus on (and be sure to filter on) like PHP_SELF, protection from email header injections, file inclusion and the use of error reporting to make handling user-generated errors "more correct".

Padraic Brady has made a few updates to the PHPSpec software he's developed in preparation for the first stable release - additions to the reporting functionality to give as much information as possible.

PHPSpec is closing in on its first stable release, so the time had finally come to spruce up its output! No more the simple reporting of failed specs - now you get a few more details in a readable format, exceptions and errors even come with traces. In addition, I've implemented specdoc output as an option (using "-s") so you can get a list of specs in their plain text form.

He's also included an example of the new output in the post as well, showing the results of both successful and errored responses. You can check out the actual spec files on the googlecode repository for the project and get more details on the project itself (including the latest development snapshots) on the project's website.

The Zend Developer Zone has starting up their own contribution to the security side of the PHP community - a "Security Tip of the Week" starting with the first three new ones posted just recently:

• Tip number one involves a good recommendation - keeping your PHP version up to date. Many security issues and exploits have come around because of older versions and the issues they hold.
• Tip number two focuses on the errors that your site gives to the viewing public and the information they can betray (file locations, etc)
• Tip number three talks about using other applications to help you find issues in your code that you might not even know were there - such as Chorizo and the PHPSecInfo reporting tool.

Stay tuned for even more security goodness from Cal and the Zend Developer Zone over the coming weeks...

Devshed has posted a new article covering one of the hottest topics in the PHP community right now - security.

Security in a scripting language such as PHP is more developer-dependent than language-dependent. In other words, although the language offers you the tools to create secure code, it cannot prevent insecure code. Thus, the degree to which code is secure almost entirely depends on how security conscious a developer is.

The article looks at three security-related topics:

• Register globals
• error reporting
• code exposure

and for each provides explanation and code where needed to help the reader understand the issues and possible problems with them.

Stoyan Stefanov has posted some of his tips to his blog today. Specifically, they deal with the PEAR::DB class, demonstrating some of the optimization of the package he's discovered in his coding experience.

If you use PEAR::MDB2, you can set a custom debug handler and collect all the queries you execute for debugging and performance tunning purposes, as shown before. But what if you're using PEAR::DB? Well, since PEAR::DB doesn't allow you such a functionality out of the box, you can hack it a bit to get similar results.

He creates a simple app to help with the illustration - a number of select queries to grab zipcode information from the database. As it stands, the PEAR::DB package doesn't handle the debugging well, so he adds in a few more lines to buffer the connection and some reporting code to check the resulting output (as well as some of his sample reports).

The Zend Developer Zone has posted a press review with some good news for PHP developers all over - Zend and Acutate are collaborating to provide reporting (BIRT) to PHP.

he collaboration between Zend and Actuate has resulted in new capabilities in the 3.0 version of the Zend Platform, which is available today for download as a pre-release version at www.zend.com. Zend Platform 3.0 allows PHP developers to quickly integrate reporting capabilities, including charting, to web applications by calling Actuate BIRT reports via the Zend Java Bridge.

New functionality included in this collaboration includes flexibility when generating the reports (output formats/export options), an easy-to-use visual environment, and an integrated charting system including various graphing formats (like pie, chart, area, scatter, and stock).

Check out the full press release for the full story on this collaboration.

In his travels as a PHP developer, Jamie Wong has gathered some helpful debugging tips that are shared in this latest post to his blog.

Here are some bugfixing rules and tips I've learned working all these years with PHP. I emphasize mostly on fixing bugs than preventing them, which is another subject worth of its own article. I've moved to Rails, but I wanted to finish this post as a farewell and thanks to every article and documentation that was useful to me. Hope this is useful to you too.

Topics covered include:

• Assume nothing
• Turn Error Reporting to show all errors
• Read the error message
• Understand the bug
• "Scooby-Bug, where are you?"
• Get as much information as possible

Each has some explanation below it and, in some places, a bit of code to clarify the point.