There's been some talk floating around about a proposed additional syntax for creating arrays in PHP. Brian Moon sums it up nicely in a new post to his blog.

So, I was asked in IRC today about the proposed short array syntax for PHP. For those that don't know, I mean the same syntax that other languages (javascript, perl, python, ruby) all have. [...] It just feels like a good addition to the language. It is common among web languages and therefore users coming into PHP from other languages may find it more comfortable.

He compares it with other data type creation in PHP (you don't call int() to make an integer, so why call array() to make an array). However, according to a post from the internals mailing list, we might not be seeing this any time soon.

In this new post from Vidyut Luther on PHPCult.com, he mentions some difficulties he had installing some new PHP software - caused by bad habits the programmers used that caused trouble down the line. To help prevent further abuses of these issues, he lists out some of them.

His list so far is:

• Turning "register globals" on
• using shot open tags
• using the ASP style of tagging
• single-line condition statements (without the curly braces)
• improper use of exit()
• assuming settings on a remote server

For each of the above options, he briefly covers his opinion as to why they're wrong and can cause some serious headaches down the line. Most advanced programmers out there know about most of these issues, and have learned to work without them.

As noted in his latest blog entry, Chris Shiflett and the Pro::PHP podcast are again collaborating to bring the listening community more "Ask Chris" shows.

It's been a few months since Episode One, but thanks to Marcus, Ask Chris is back on the air. The format is a bit different - instead of doing separate shows, we'll be doing a short segment at the end of each interview.

This interview is with David Sklar of Ning. He and Marcus discuss Ning, of course, but David also provides some good perspective on the state of technology and how the definition of a programmer is becoming more and more inclusive.

This episode of Ask Chris is about email injection, a topic of growing concern for PHP developers.

You can find out more about this addition to the Pro::PHP lineup and how to subscribe to the podcast over on their site.

On the SitePoint PHP Blog today, there's a new post from Harry Fuecks with his take on the whole "PHP security" issue that's being tossed around lately.

There's another round of "Is PHP Secure?" debate happening right now. Chris drew attention to it, pointing to a post by Andrew van der Stock (who's a contributor to OWASP): PHP Insecurity: Failure of Leadership.

So the usual denials have been made (see replies to Chris's entry) - "Damn newbies", "Holes in PHP-based app != PHP insecure", etc., all of which I agree with. But...

He also mentions that this kind of talk could do more harm than good, making people that were on the edge lean back and take another look somewhere else. He also gives an example, a short bit of PHP and HTML that shines light on a typical XSS example - and asks if it's the developer's fault for not knowing, or the language's fault for not handling it right? Other topics he touches on as well are short tags and the use of filtering for all user input...

On Michael Kimsal's blog today, there's this new post with his method handling the "short tags" issue that plagues so many developers out there with a patch that makes it less of a problem.

For years I've been seeing people try to get rid of PHP "short tags" - Well, last year I made a quick patch to prove that the XML tag conflict was something that could be taken care of at the PHP parser level. It worked, but I lost that patch. So, I put it together again and would like some feedback. It seems to work OK on my end, and I'd like to see if this is something that we could get some traction behind.

He gives the source for the patch, a modification to one of the C files prior to compiling the PHP installation....