The PHP Grind

Ben Ramsey’s Blog: Zend Executable Debugger Eclipse Plugin

Ben Ramsey has posted his look at a free tool that works with the Eclipse editor - the Zend Executable Debugger plug-in for Eclipse.

The Zend Executable Debugger plug-in is part of the all-in-one PDT package, but if you want to install it on your own—since it’s possible to use this debugger without the PDT and with PHPEclipse, for example—then you’ll need to install it using the Eclipse Update Manager (the easier way).

He mentions how to install the tool (including the information for the Update Manager) and attaches some screenshots of the tool in action - first of the installer and second of the plugin in action.

UPDATE: Ben added a note about XDebug support for the PDT software into the post as well:

Patrick Mueller has just posted some links to information about XDebug support for PDT. Now, for those not wishing to use the Zend Debugger, you may now use XDebug.

Continue Reading · Add comment

Hardened-PHP Project: WordPress Vulnerability Advisories (XSS & Trackbacks)

The Hardened-PHP Project has posted two new advisories today, both dealing with WordPress issues - one is a trackback problem with decoding the charset and the other an XSS vulnerability.

The first advisory notes that:

While testing WordPress it was discovered that WordPress supports trackbacks in different charsets when PHP’s mbstring extension is installed. This feature can be abused to bypass WordPress’s SQL parameter escaping which leads to an SQL injection vulnerability that can result in a compromise of the admin account and end in a server compromise.

The second advisory talks about a problem with the WordPress admin interface that leaves it open to cross-site scripting issues.

The WordPress group has already released an updated version to resolve both of these issues. It is highly recommended that you update your installation immediately to prevent the exploits of either of these vulnerabilities.

Continue Reading · Add comment

Job Posting: Community Connect Inc. Seeks Senior PHP Developer (New York, NY)

Continue Reading · Add comment

Zend Developer Zone: Book Review : PHP and MySQL by Example

As promised previously, Cal Evans has posted a full book review of the Prentice Hall book “PHP and MySQL by Example” by Ellie Quigley with Marko Gargenta.

Earlier, I posted a sample chapter of PHP and MySQL by Example written by Ellie Quigley with Marko Gargenta. Now I’d like to take a few minutes to do a fly-by of the entire book.

Cal works through some of the chapters talking about their contents, who they’re targeted at (where experienced developers can start and stop) and includes a list of the other topics covered between its covers including user defined functions, regular expressions, PHP & MySQL integration, and objects.

Overall, Cal found the book to be a good quality reference tool, but one that focuses a lot more on the basics of programming with PHP and MySQL rather than getting much more high level than touching on OOP or regular expressions.

Continue Reading · Add comment

Vexxhost.com: Top 5 new (and cool!) features in PHP5 that you probably haven’t heard of

From the Vexxhost.com blog today comes a quick overview of some of the “new and cool features” of PHP 5 that you might not have heard of - a top five list.

PHP5 has brought so much new features but because of its big syntax changes, a big percentage of the PHP developing base has not made the change. Here are the top new features that could change your mind.

The list they’ve created includes:

• Better error handling with exceptions
• Completely rewritten MySQL extension
• A heck of a lot more useful functions
• Finally! SQLite database support!
• The best damn OOP support period

with each having a bit of a explanatory paragraph…

Continue Reading · Add comment