Published June 30th, 2003 by Jim O'Halloran
PHP time_since() Function
This useful little PHP function shows the time between two dates in an “n days, x hours” format. Looks useful, and a bit cleaner than my own implementation of the same thing.
PHP
Published June 20th, 2003 by Jim O'Halloran
PHP Templating
Scott has blogged some useful likes for templating in PHP. I’ll need to have a good look at this stuff soon when I start working on my next PHP project.
Published April 29th, 2003 by Jim O'Halloran
Working with PEAR::DB and Smarty
ONLamp.com has an interesting article on using PEAR::DB and Smarty (template engine) together to create web apps in PHP. Interesting stuff…
By simple trial and error, developing new versions of my own libraries and reusing other libraries for my projects, I have found a better way to integrate a database-backed application with a powerful template engine.
I’m obviously talking about PEAR::DB and Smarty here, and I will show throughout this article my experiences and best practices in integrating these two amazing libraries. You will end up with a really nice setup, having an excellent separation between business logic and template logic.
Published March 24th, 2003 by Jim O'Halloran
Writing secure PHP
ONLamp has an excellent article on writing secure PHP. The included examples of exploits and fixes make it pretty easy to unserstand and read.
It is extremely easy to write applications that contain unintentional security holes. […] This article provides five steps to help identify or avoid such security holes in applications written using PHP.
Published March 21st, 2003 by Jim O'Halloran
Validating Email Addresses
SitePoint has an article on verifying a user’s email address by using DNS lookups.
To mickey@mouse.com. And donald@duck.com. And emailthis@hahaha.com. You get the idea — users are registering with bogus email addresses at domains that don’t even exist.
Obviously this validates the domain of the email address but not the username, but thats closer than a “that looks like an email address” check using a regex. A flaw in the exact approach described in the article is that email addresses can be in the form of “user@domain.tld” or “user@host.domain.tld”.
If I give my address in the “user@domain.tld” (eg. jim@jimohalloran.com) form I need MX records for my domain in the DNS. If I chose to give my address in “user@host.domain.tld” form (eg. jim@www.jimohalloran.com), then I only need A records. So I’d suggest that if you use this approach, you should check for both MX and A records before deciding that the domain is invalid.
Of course if you need to check that the entire address is valid, then you’ve got to send an email and get a confirmation reply back, but without going to that extreme, this is a good first check.
Published March 14th, 2003 by Jim O'Halloran
PHP with FreeTDS
Thought I’d better document this in case it trips someone else up. We use PHP 4.3.1 compiled with the FreeTDS library so that we can access a Microsoft SQL Server database from our PHP scripts. One of the queries our page does is along the lines of…
SELECT smalltable.a, smalltable.b, largetable.c, largetable.d, FROM smalltable INNER JOIN largetable ON smalltable.a = largetable.a WHERE largetable.x = ‘SOMESTRING’
a is the primary key of “smalltable”, a and x for the prmary key of “largetable”. Smalltable has about 100 records, while largetable has about 1.9 million. When queried in this way, the recordset contains about 70 records from each table, which we then loop through to build a HTML table.
The problem we experienced was that largetable.c and largetable.d (both float fields) consistently returned 0, even though when I ran the same SQL in Enterprise Manager on the server it returned the correct data.
When I had previously compiled PHP, I’d used the –with-mssql switch when running ./configure to compile in FreeTDS. If I recompiled with the –with-sybase-ct=/path/to/freetds switch instead, the system worked perfectly. In both cases I used the mssql_ functions in PHP to connect to and query the database, but the compile options affect how well they work. I really don’t know why this should be the case, but changing the compile options fixed it for me.
Published March 13th, 2003 by Jim O'Halloran
SmartGallery
Stumbled across SmartGallery today. Haven’t taken a look at it yet, but I’ve blogged it for future reference. I still need to update my photo gallery, and I’m looking for some sort of “semi-automated” solution.
SmartGallery is a simple picture gallery generator powered by mySQL and TemplatePower. The package includes an .sql file with the ‘CREATE TABLE’ scripts of 2 tables: gallery and picture.
Published February 25th, 2003 by Jim O'Halloran
PHP Goodness - Graphing, LinPHA and phpMyAdmin
PHPBuilder brings us an article on using GD to create dynamic graphs. Its a good introduction to GD, although the SQL could use a little work (it queries the database unnecessarily).
A new version LinPHA has been released. Looks like an interesting Photo Gallery type app. The interface is a little bright though.
Finally, phpMyAdmin 2.4.0 has been released. phpMyAdmin makes general administration of MySQL servers much easier. Recommended!
Published February 17th, 2003 by Jim O'Halloran
PHP and MS SQL
It’s a LAMP site, but the M isn’t MySQL. Can PHP on the Linux box make the connection to Microsoft SQL Server?
The answer is am emphatic yes! A Linux Journal Article solves the problem, but uses UnixODBC to do it. I did this a while back with the help of this PHPBuilder article, which compiles PHP directly with MS SQL support. I compile FreeTDS as follows…
cd /usr/src/freetds
./configure --with-tdsver=4.2 \
--enable-msdblib --enable-dbmfix \
--with-gnu-ld --enable-shared \
--enable-static --prefix=/usr/local/freetds
make
make install
Then compile PHP as follows…
cd /usr/src/php
rm configure
rm config.cache
./buildconf
./configure --with-mysql \
--with-apxs2=/usr/local/apache2/bin/apxs \
--with-sybase-ct=/usr/local/freetds
make
make install
My app has been in production for 4 or 5 months now with no problems.
Published January 22nd, 2003 by Jim O'Halloran
Top 10 Vulnerabilities - PHP Edition
A few days ago, I blogged the OWASP Top 10 security vulnerabilities. David Sklar has taken these and and shown how to avoid them in PHP. Which is a just read for any PHP programmer.
