In this recent post to Reddit.com, the question of application security is asked - the poster wants recommendations on how he should keep his app safe from would-be attackers:

I can code fairly well in PHP these days, but my security isn't so hot. Is there a tutorial or plugin you guys can recommend as to how I should be protecting my php pages/inputs? I want to avoid common attacks like XSS, inputs with NULL or DROP TABLE etc?

Responses on the post include recommendations related to:

• Using the Chorizo scanner to find common issues in your code
• Using PDO for database connections (with bound parameters)
• Not trusting "$_SERVER"
• Data sanitization

There's also links to a few other resources with more details.

PHPMaster.com has a new tutorial posted today (by George Fekete) about preventing cross-site scripting attacks in your PHP-based applications.

Unfortunately, cross-site scripting attacks occurs mostly, because developers are failing to deliver secure code. Every PHP programmer has the responsibility to understand how attacks can be carried out against their PHP scripts to exploit possible security vulnerabilities. Reading this article, you'll find out more about cross-site scripting attacks and how to prevent them in your code.

Included in the tutorial is an example with a simple form and definitions of different types of XSS attacks - reflected XSS, persistent XSS and three ways to prevent them: data filtering, output filtering and data validation. He also links to a few "cheatsheets" to help even more (including this guide and a Zend Framework set of XSS test data.

In this new post to his blog Joshua Thijssen describes something that can help when processing large amounts of data (like, in his example, the text of a book) to search through the information and find if a certain piece of data is in the set - a bloom filter.

Most of my co-workers never really heard of bloom filters, and I'm continuously need to explain what they are, what their purpose is and why it's a better solution than other ones. So let's do an introduction on bloom filters. [...] Bloom filters have the property of being exceptionally fast AND exceptionally small compared to other structures but it comes with a price: it MIGHT be possible that our bloom filter thinks that an element is inside our set, when it really isn't. Luckily, the reverse is not possible: when a bloom filter says something is NOT in the set, you are 100% sure that it isn't part of the set.

He explains how the filter works, noting how it's better for memory consumption and how it's possible for it to give a "maybe" response instead of ab absolute "yes" or "no". He also points out a PHP extension, bloomy that takes the hard work out of it for you.

On NetTuts.com there's a new tutorial showing how you can create Instagram-like filters in PHP using the ImageMagick library/extension.

PHP comes bundled with GD (GIF Draw/Graphics Draw), which is a library for the dynamic creation of images. It can be used for simpler image operation, such as resizing, cropping, adding watermarks, creating thumbnails (Jeffrey wrote about it), applying basic photo filters - you've probably used it before. Unfortunately, if you want to create something more complex with GD, like Instagram effects, you can't. Luckily, though, we have ImageMagick!

He starts off by comparing the two graphics libraries and talks briefly about how to downliad and install Imagemagick on your development platform. Included is a PHP class to help you use it, coming complete with functions for changing the color tone of the image, adding a border and adding a vignette to the image. Also included are some "presets" represented in a few simple functions:

• Gotham
• Toaster
• Nashville
• Lomo
• Kelvin

There's also a few links to other resources you can use to find out more details on what Imagemagick has to offer.

Kevin Schroeder is looking for suggestions. He wants to know what the PHP community wants to hear about in upcoming webinars from Zend.

Just wrapped up a call working on our webinar schedule for the year. We've got a bunch of ideas but we'd like to also get your input as well. Yes, I know y'all want ZF2 webinars. We have that down. I would also like to do an HTML5 and mobile webinar but I need an SME (Subject Matter Expert) for that. [...] I would also love to have webinars on how to use various API's, even if there is not native PHP support. So, what kinds of webinars do you want?

Leave your suggestions in his comments along with one already suggesting a "Why PHP?" checklist of sorts to help encourage companies/employers to go with the language.

On 7php.com there's a new interview posted with Enrico Zimual of Zend - "Everything is an Array in PHP".

In this edition, I talked with Enrico Zimuel a computer geek since he was 9yrs old. He has written a couple of books namely "Secrets, Spies and Cipher Codes" published by Apogeo in 1999 and the recent "How to use the digital sign" published by Tecniche Nuove in 2010. Enrico has a pretty impressive 'geek' path. He also speaks at many international conferences [...]. You can find his presentations on slideshare.

Questions in the interview include:

• How do you find PHP now as compared to when you first started?
• Based on your experience, what are the good and bad parts of PHP?
• To someone who wants to become a better PHP developer, what is your advice?
• What are some good PHP blog or resources you highly recommend?

Read the full interview here.

In this most recent post to PHPMaster.com Alex Stetsenko takes a look at the Zend Job Queue functionality, a part of the Zend Server installation. He talks about some basic usage to make HTTP requests and a more extended example showing report generation.

Web applications usually follow a synchronous communication model. However, non-interactive and long-running tasks (such as report generation) are better suited for asynchronous execution. One way to off-load tasks to run at a later time, or even on a different server, is use the Job Queue module available as a part of Zend Server 5 (though not as part of the Community Edition). Job Queue allows job scheduling based on time, priority, and even dependencies

In his two examples, he shows the code involved to create a new Queue object and define a HttpJob in it. The first just calls a "sample.php" script that's exposed as a part of your external-facing site and shows how you can get the current status of the job. The more advanced example shows a call to a "report.php" script with a set of options defining things like "type", "length" and "priority". He also points out some other options that can do similar things like Gearman, NodeJs and RabbitMQ.

In this new press release Zend has announced the posting of the results from their "Zend Developer Pluse" survey - a survey taken of developers world-wide about their habits, preferences and desires.

Zend Technologies addresses [the question of how a new demand for a new generation of apps] in Zend Developer Pulse, a new survey series that takes the pulse of a vibrant community of developers from around the world. The company's first developer survey conducted in late November 2011 offers insights on emerging technology and career trends captured from 3,335 respondents. The findings are summarized in a report now available at [http://www.zend.com/topics/zend-developer-pulse-survey-report-0112-EN.pdf].

The press release mentions some of the details from the survey including that 66% of developers will be working with mobile app development projcts, that next-generation UI deveopment scored high in skillsets, there was a strong interest in cloud development and that there's been a strong rise in the need for PHP development skills in the last year.

You can read the entire report here.

New on PHPMaster.com there's a tutorial showing you how to use ClamAV support to work as a validation filter in a Zend Framework application. ClamAV is an open source project that helps identify malicious threats like trojeans, viruses and malware.

Ok, so you're pretty comfortable with using the Zend Framework, specifically the use of Forms. Along with that, you have a good working knowledge of how to combine a host of standard validators [...] but what do you do when a situation arises that's outside the scope of the pre-packaged validators and filters? Let's say you want to guard against users uploading files that contain viruses, for example. You would have to write a custom validator that checks the uploads aren't infected.

You'll need to install the ClamAV extension on your loal machine for the feature to work. Once it's there, though, it's as simple as setting up the validator (based on Zend_Validate_Abstract) and calling the "cl_scanfile" method on the uploaded file. Also included is the code for a sample controller with a Zend_Form instance and an upload file field to help prove it's working.

Kevin Schroeder has come back around and has posted a new tutorial to his blog showing how to connect PDT to the Zend Developer Cloud (the "PHP Development Tools" extension for the Eclipse IDE).

A couple of weeks ago I wrote a series of blog posts on how to connect to the Zend Developer cloud with various IDEs. Except one that I missed... PDT. The deployment plugin is already installed in PDT 3 and so you already will have the ability to push to the DevCloud instance.

The process is pretty simple thanks to that plugin - just create the project (or use an existing one), set up a new target for deployment then launch and deploy the PHP application directly. You can find out more about the "PHP Development Tools" on its Eclipse project site.