News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

NetTuts.com:
Form Validation in Symfony 2
June 12, 2014 @ 10:15:29

NetTuts.com has continued their screencast series introducing the Symfony 2 framework and some of the basic concepts around things like routing, templating and controllers. In this latest post they build on a previous post and show how to use the form validation already built into the framework in some custom forms.

Today we're going to continue where we left off last time, where we learned how to build reusable forms in Symfony 2. In this video, we'll learn how to validate the data that has been submitted to our form to ensure it is in the correct format, meets our data's requirements and then process the form submission accordingly. [Once finished we'll] now have a working form, which validates our data and displays the validation error messages back to the user.

The screencast (also viewable on YouTube) is only about ten minutes long and shows you how to validate a form with an email address and that the other field is "not blank". He does base it off of the form created in the previous tutorial so if you haven't done that one yet, it's better to start there and come back.

0 comments voice your opinion now!
form validation screencast symfony2 tutorial series

Link: http://code.tutsplus.com/tutorials/form-validation-in-symfony-2--cms-21397

PHPClasses.org:
Did You Mean Advanced Email Validation in PHP
April 09, 2014 @ 11:50:21

In this most recent post to the PHPClasses.org blog Manuel Lemos talks about invalid email addresses and shows the use of this package to evaluate them.

When you take users' email addresses, for instance in a site sign-up form, there are great chances that the addresses may be incorrect because of a typing mistake or it is not possible to deliver the message to the specified address for some reason. This e-mail validation package can detect and prevent that users enter incorrect addresses even before you accept them.

He starts the post with a list of six types of invalid email addresses including everything from simple typing mistakes out to temporary rejection from "gray listing". He shows how set up the class and briefly covers some of its methods and what they do. Also included is an example if it in use to validate the address. There's also a brief section at the end talking about using OAuth to work around users not wanting "yet another account" or to share their details with an untrusted application.

0 comments voice your opinion now!
email validation tutorial package example

Link: http://www.phpclasses.org/blog/package/13/post/2-Did-You-Mean-Advanced-Email-Validation-in-PHP.html

Lorna Mitchell:
OAuth Middleware for Slim
October 09, 2013 @ 11:53:37

Lorna Mitchell has posted about some middleware for the popular Slim (micro)framework that helps with OAuth functionality.

OAuth can be anything you want it to be, the standards are lax and give you plenty of room for getting the right implementation for your system. However you proceed, though, you'll need to check an access token on every request - and in a Slim application, a middleware can help enormously since it hooks in to every request by design. I've recently implemented this and thought I would share.

She's created a basic middleware component that can be easily dropped into the framework to handle the checking of the tokens via an "AuthService" object. She also includes a brief snippet of how she generates the codes, combining the output of bin2hex and openssl_random_pseudo_bytes.

0 comments voice your opinion now!
oauth middleware slim access token validation generate

Link: http://www.lornajane.net/posts/2013/oauth-middleware-for-slim

The PHP.cc:
Urban Legends and Error Handling
June 27, 2013 @ 09:23:16

In this new post to the PHP.cc blog, Stefan Priebsch looks at the relationship between urban legends and error handing in PHP.

Ending up in such a situation [as the tourists in the urban legend] is not the fault of the underpass: the error, made somewhere upstream, merely shows up right when approaching the underpass, and is usually difficult (or at least tedious) to handle. PHP as a programming language, just like any dynamic language, may at first appear to not need overly strict validations of data. Validation of data, however, is directly related to error handling: If data is invalid, this should be an error or an exception (if you write OOP code, which you should be doing). This error needs to be handled somewhere.

He talks about how things like field and value validation can help prevent errors further down the road. He mentions the split between application and domain logic and suggests that it's the role of the app logic to prevent bad data from making it thorough to the domain.

In software development, it is crucial that you handle any errors as soon as they occur. This requires you to actually realize that an error has occurred.
0 comments voice your opinion now!
urban legend error handling domain application logic validation

Link: http://thephp.cc/viewpoints/blog/2013/06/urban-legends-and-error-handling

Elijah Horton:
Sandboxing Untrusted Code With PHPSandbox
April 29, 2013 @ 11:56:37

Elijah Horton has a recent post to his site sharing a tool he's developed to sandbox and validate PHP code of user-contributed code.

Few quotes related to the PHP language are as pithy and resoundingly accurate as the phrase: "Eval is evil." The reasons are myriad: the eval() function basically gives whatever code is passed to it unlimited control of the parser, and this freedom makes eval() both a temptation for developers, who may need to dynamically control PHP at runtime, and a panacea for hackers who are ever-searching for more servers to add to their botnets. So, how does one make use of the extreme power available through runtime evaulation of PHP, without exposing one's server to near-certain rooting? Through a sandbox.

His tool - PHPSandbox, uses the PHP-Parser library to deconstruct the PHP code its given and look for issues. He gives an example of a call to mail and how it would catch the issue. He shows how to install it via Composer, how to configure it with whitelisted methods/functions. It also includes a way to overwrite function calls with a bit safer alternative.

0 comments voice your opinion now!
sandbox protection contributed code validation function

Link: http://www.fieryprophet.com/blog/detail/sandboxing-untrusted-code-with-phpsandbox

Vance Lucas:
Valitron The Simple Validation Library That Doesn't Suck
March 05, 2013 @ 11:43:24

Vance Lucas has created a "validation library that dosen't suck" and posted about it to his site - his Valitron library.

Valitron is a simple, minimal and elegant stand-alone PHP validation library with NO dependencies. Valitron uses simple, straightforward validation methods with a focus on readable and concise syntax.

He created the library because of frustration with other tools that had (sometimes major) dependencies on other packages. All he wanted was something lightweight and easy to use that was flexible about how it handled its validation rules. Valitron lets you apply a validation (like "required") against multiple fields in the provided data and includes checks for things like length, valid IP, active URL, alpha-numeric, date format and regular expression match. You can also add custom validation rules via a callback/closure.

0 comments voice your opinion now!
validation library valitron simple dependencies


WebDevRadio:
Episode #105 - Font tools, design thoughts, parallel deployment & my Florida road trip
December 17, 2012 @ 11:48:09

The latest episode of WebDevRadio has been posted - Episode #105, "Font tools, design thoughts, parallel deployment, and my Florida road trip".

Hello all from sunny Florida :) Recently discovered jquery validation plugin only 6 years too late, and have found some tools that work in conjunction with it, including Pajama, a PHP library. Also have some links to font combination articles and tools, and have recently been using "parallel deployment" in Tomcat 7.

The Pajama PHP library does "hybrid validation" and follows the rules of the jQuery validation plugin but for the server side. You can listen to this latest episode either through the in-page player or by downloading the mp3. You can also subscribe to their feed to get the latest shows.

0 comments voice your opinion now!
webdevradio ep105 podcast pajama validation episode


Ulrich Kautz:
PHP Validation & Sanitization
November 28, 2012 @ 11:57:35

Ulrich Kautz has recently taken a look at validation and sanitization of data in PHP applications. He talks about several different methods - both in core PHP and in various frameworks.

Validation and sanitization are extremely important topics, any developer should be aware of. Especially with powerful, modern frameworks, people seem to forget about the underlying concepts and wrongly assume it's already solved somehow. Correctly used and early on integrated, both play the central role in defending against attacks on your application.

He talks a bit about why you should care about the topic, some of the common issues/threats that could come up because of it and some general information on what validation and sanitization are. He looks at implementation with the filter extension and touches on functionality from Symfony 2, Laravel 3, CakePHP 2 and shares his own data filtering module with examples of its use.

0 comments voice your opinion now!
validation sanitization framework filter extension tutorial security


David Müller:
Why URL validation with filter_var might not be a good idea
September 20, 2012 @ 08:09:31

David Müller has a new post to his site today showing why validating URLs with filter_var is a good thing for the security of your application.

Since PHP 5.2 brought us the filter_var function, the time of such [regular expressions-based] monsters was over. [With] the simple, yet effective syntax [and] with a third parameter, filter flags can be passed, [...] 4 flags are available [for URL filtering].

He shows how to use it to filter out a simple XSS issue (a "script" tag in the URL) and some examples of issues that the filter_var function doesn't prevent - like injection of other schemes (like "php://" or "javascript://"). He recommends adding a wrapper around the method to check for the correct scheme (ex. "http" or "https" for URLs) and reminds you that filter_var is not multibyte capable.

0 comments voice your opinion now!
filtervar url validation security filter input


NetTuts.com:
Build Web Apps From Scratch With Laravel Filters, Validations, and Files
August 01, 2012 @ 13:55:10

NetTuts.com has posted the latest in their series about the Laravel framework with this new post, a look at creating filters, validators and working with files.

In this Nettuts+ mini-series, we'll build a web application from scratch, while diving into a great new PHP framework that's rapidly picking up steam, called Laravel. In this lesson, we'll be learning about some very useful Laravel features: filters, and both the validation and files libraries.

They continue improving their sample application ("Instapics") and show you how to:

  • Create a filter to run before or after the request is handled
  • Apply a set of validation rules to a given dataset
  • Handle custom error messaging
  • Work with local files and uploads

They then take all of this and apply it to their application, creating an "auth" filter and login form, creating a form and doing some validation on its results and letting the user upload an image file.

0 comments voice your opinion now!
laravel framework tutorial filter validation files



Community Events





Don't see your event here?
Let us know!


install framework configure series refactor threedevsandamaybe language developer code unittest list introduction interview opinion wordpress laravel testing podcast community release

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework