Archive for June 1st, 2006
PHP Developer - June 1st, 2006
In a previous post on the Internet Storm Center website, they mentioned an issue that had come up with the Invision Board PHP/MySQL message board system by which a user clicking on a certian kind of link would push a .wmf exploit to the user.
More information about the exploit and the updates that the Invision Board team have made to counteract it can be found in this board pasting.
Unfortunately, there has also already been an incident with the exploit, causing the boards of “a large company” that was using it as a forum for its customers. Links started showing up that were causing problems, redirecting users to another server’s page that pushed the bad .wmf file to them.
If you are running an Invision Board version before 2.1.6, it is stringly suggested you upgrade.
(0 comments)
Continue Reading ·
PHP Developer - June 1st, 2006
In his latest post, Jason Lefkowitz takes on something that’s praised by PHP developers and non-PHP developers alike - the documentation for the project. There’s just something he finds messy about the whole business.
Really, it has more to do with the way that PHP’s structured than the actual documentation. It’s just a case of art imitating life.
Now, having lots of libraries isn’t necessarily bad Java has an even more Herculean list. It only becomes a problem when you make no distinctions between them in the docs like PHP.
PHP just throws a huge list of libraries at you and leaves you to figure out which one you need. Theres no overarching “Database” package instead you get Postgres functions and Oracle functions and Firebird functions and MySQL functions, all sprinkled throughout the list.
He also comments that the entire listing is also cluttered with other functionality, things that most developers would toss aside if they came across - they just don’t need them.
His point isn’t without merit - there is definitely a need to reorganize things in the manual to make them a bit more “topic friendly”. The documentation is already one of the most well-maintained in the Open Source community, so the content is there, maybe it’s just the structure that needs to be changed.
(0 comments)
Continue Reading ·
PHP Developer - June 1st, 2006
Jean-François Bustarret talks about a topic in his new post the entire PHP community could definitely benefit from - PHP accelerators.
In the article, he looks at what accelerators are, how they work, and some of the ones that are currently out there in the market:
With the ground rules established, he breaks out the analysis into a few different rounds/categories including: support/maintenance, the accelerator’s actual performance (including the code they used) and the results he discovered (all graphed out), and, finally, how they handle file updates made to the system.
In the end, there just isn’t one that’s a clear winner. What it really boils down to is what kind of situation you’re in - Zend’s option is good if you can pay for everything, otherwise, you’d do well to go with eAccelerator.
(0 comments)
Continue Reading ·
PHP Developer - June 1st, 2006
Greg from Serberus.net has written in today to let us know about a new MySQL patch that’s been released which fixes some of the issues PHPers were seeing with the database, including problems with the mysql_real_escape_string function.
MySQL have finally released a patched version of MySQL 5 which addresses the potential SQL injection issue with mysql_real_escape_string() and changing character set - see here.
They also describe a workaround for users who can’t upgrade to the latest release.
He also mentiones that this was as issue that Ilia Alshanetsky has blogged about this very issue back in January.
(0 comments)
Continue Reading ·
PHP Developer - June 1st, 2006
IBM developerWorks has posted this new tutorial, the first part in a two-part series looking at the development of a PHP/Ajax application using Saxjax.
Asynchronous JavaScript and XML (Ajax), is arguably the most popular new Web technology. In this two-part “Developing PHP the Ajax way” series, you will create a simple photo album as an online Web application, entirely in PHP and the Simple Ajax Toolkit (Sajax). You’ll begin by writing a simple photo album using the standard method of PHP development and later apply Sajax to make it an active Web application.
There’s no hesitation on their part - they just jump right in and start in with the image pager class to handle the display of a number of images at a time. The files are stored in a directory on the local filesystem (as they should be) and pulling them in is just a matter of reading the directory. They integrate in basic back/forward and the ability to enlarge the images and the basic gallery is complete.
Now, it’s time for the fun stuff - they take the processing that the PHP script was doing to grab the files/display them/etc and move it to the backend, replacing it with a simple Ajax call to another PHP file to grab the image information to display. They even finish off this part of the series with a method for implementing metadata for the images, an XML file with a summary of the file’s attributes, date taken - anything you want, really.
(0 comments)
Continue Reading ·