Jonathan Snook has posted an update to a previous post about validating multiple input fields at the same time in a CakePHP application. This update changes the way the validation is handled and moves it over into a Behavior.
Using the new behavior is much like using the script as it was before. You can name the validation properties to include the action name and it'll automatically set that validation set as the default.
His behavior lets you define validation rules, both included in a default set and as callbacks. He includes an example of its use and the full code (all thirty lines of it) for the behavior itself.
Nick Halstead has announced a contest on his blog today for PHP developers everywhere to participate in - a programming competition surrounding a challenge he's created.
It has been a lot harder than I thought to come up with a fair programming challenge that would not take too long or require lots of knowledge in any particular framework or other associated technology. It could have been to make use of a whole host of currently available API's and to make a useful mash-up but these again require other external knowledge beyond just PHP. I finally settled on a logic problem that is hopefully not too hard to solve but will test a range of PHP skills.
The problem he's worked up involves changing a word, one letter at a time, into another word using user-defined lists and choice of word. There's several requirements you'll need to follow an d rules for things like the submission process and what server setup can be used.
So, what's the motivation? First prize is a copy of Zend Studio Professional and a year of support, second prize is a Zend t-shirt, and third is a Zend Pen. For full information on participating and on all of the rules you'll need to follow, check out Nick's full post.
The International PHP Magazine has posted the results from their latest poll of the week. This time they asked the slightly odd question of opinions on the PHP Throwdown event - "The Rules of PHP Throwdown Include".
Seems like the question might have confused some others because the votes were notably lower than in some previous weeks. There was a tie for first place, though - both coming in with 6.8% of the votes were the "You can use PHP4 or PHP 5, MySQL or SQLite, Ajax, HTML, XHTML, and Javascript but no Flash" and "All" options. Dead last with no votes was the "All applications must be licensed with a CC compatible license" option.
They've also posted a new poll for this week asking which of the options you think still ring true when it comes to PHP:
The contest runs until November 30th, and the top 5 submitters will all win upgraded WebThumb accounts. The top submitter will also win a copy of my book, Understanding AJAX.
Since previously, all that was required was a comment on this blog entry, people who've posted there need to listen up - an official submission needs to be made. Check out this page for the complete rules and all of the information you need to include in the submission email.
Lorenzo Alberton has posted a tutorial today about using teh PEAR::Pager package to create "pretty links" with a little help from mod_rewrite.
Most PHP pager classes can work just fine with GET parameters, correctly forwarding them through the pages. Few of them let you control the navigation links they create, though. This can be particularly annoying when you have some nice urls (thanks to some mod_rewrite rules o to your hand-crafted front controller) and the pager class can't respect them, showing the real, ugly links to the world.
If the above scenario is not new to you, then you should probably have a look at PEAR::Pager. It's a fully customizable package that should satisfy all your needs, including your preferred link format.
In his examples, he provides the mod_rewrite rules to use, a sample PHP script that would normally use the $_GET values (in an ugly URL) to paginate the results. He also compensates for if the page number is actually a part of the path and not just at the end of the file name.
IBM developerWorks has another new tutorial today with a look at locking down your PHP applications - "four security rules you can't violate".
In this tutorial, you'll learn how to add security to your PHP Web applications. It is assumed that you've been coding PHP Web applications for at least a year, so it won't cover the basics of the language (either conventions or syntax). The goal is to make you more aware of what you should be doing to secure the Web applications you're building.
This tutorial teaches you how to guard against the most common security threats: SQL injections, the manipulation of the GET and POST variables, buffer overflow attacks, cross-site scripting attacks, data manipulation inside the browser, and remote form posting.
You'll need a system already running PHP (at least version 4.x) and MySQL on a web server (Apache or otherwise). They look briefly at some of the common security issues plaguing web applications these days before moving on to the four rules:
Never trust outside data or input
Disable PHP settings that make security difficult to enforce
You can't secure it if you can't understand it
"Defense in depth" is your new mantra
They take a look at each of these and use the rest of the article (8 more pages) showing you how to keep yourself safe from these issues.
This new post from the Pathfinder blog takes a look at something a lot of sites overlook until it's too late - malicious injection attacks have started and there's only a few ways to deal with the problem:
Our first reaction is to pull the plug, analyze, and rebuild a secure and scalable solution. But pulling the plug is usually not an option. If a company relies on an application for leads or sales, they probably can't afford to shut it down for any length of time. Under these circumstances, triage is usually the best one can hope for.
Fortunately, there are a few things one can do to stem the bleeding. One of the more common problems with PHP-based applications is that they can allow the injection of malicious content, such as SQL or email spam. The solution? Grab an industrial size helping of Apache mod_security.
The post goes on to detail what mod_security is and how it can help - including how to enable it, Apache directives to configure it, and some examples of filter settings to apply.
