Archive for the ‘PHP’ Category

An introduction to PHP’s static scoping

Thursday, July 29th, 2010

The static keyword is a core feature of PHP’s object oriented programming. Unfortunately, there doesn’t seem to be much in the way of easy introductions available online, so I’d like to give a brief overview of how the keyword functions, and how it should be used.

PHP actually has two distinct uses for the static keyword. The first and most common usage is related class method and property scoping, the second to variable scoping within in a single function. (more…)

Includes are not functions

Wednesday, July 28th, 2010

Over the last week I’ve been working with a commercial PHP eCommerce package. Amongst some shockingly bad code one of the patterns that has stood out has been the use of includes a kind of pseudo-function. Dozens of files in the application are in the following format. (more…)

Digging deeper into PHP’s static scoping

Friday, March 19th, 2010

Redditor troelskn made an interesting observation about my recent blog post about Singletons, pointing out that static variables defined within a method behave completely differently to regular static properties. I use static method variables often but still found this behaviour surprising. I decided this was a good opportunity to find out exactly how static methods, properties and variables work in PHP. (more…)

Singletons: What can they teach us about PHP?

Wednesday, March 10th, 2010

Why would I be showing you how implement singletons in PHP? Don’t I know that the singleton pattern suffers from obvious shortcomings? Of course I do, but I have an ulterior motive. Singletons are a simple way to show off some of the features of PHP you probably don’t get to see and use too often. Now we’ve got that covered let’s see some code. If you haven’t seen a Singleton before the premise is simple: there should only ever be one instance of our class. (more…)

Simple Atom / RSS Reader for PHP

Monday, February 8th, 2010

I was recently looking for a simple RSS reader for PHP. There are a few out there, like Magpie RSS. These seem like adequate projects, but much too high level for the scripts I was throwing together. I need to read a couple of different feed formats: namely WordPress’ RSS feed and Flickr’s Atom feeds. I decided to put together a single-class implementation which didn’t do anything more than the bare minimum.

(more…)

Abusing the Cache: Tracking Users without Cookies

Friday, January 29th, 2010

I’ve been doing a little bit of research into ways to misuse browser history and cache and came across a very simple technique for tracking users without the need for cookies. Firstly, a demo. If you watch the HTTP requests you’ll see that there are no cookies being used.

(more…)

Securing Your PHP Code – Databases

Saturday, April 5th, 2008

SQL injection is a well trodden topic so I won’t go into too much detail.

For those who don’t know, the problem occurs when you fail to properly escape variables being placed into your strings. For example the SQL statement "SELECT * FROM users WHERE name = '$name'" will fail if $name is set to ' or '1' = '1. The string will be expanded to produce SELECT * FROM users WHERE name = '' or '1' = '1'. This is obviously not what you wanted, and could lead to very bad results when coupled with DELETE or UPDATE queries.

(more…)

Securing Your PHP Code – Server Security

Saturday, April 5th, 2008

When protecting your server environment you’ll want to ensure that two things happen. Firstly, you’ll want to keep your scripts from prying eyes; you want to make sure that you don’t accept input that will break your code. Secondly, and most importantly, you want to stop anyone from executing their own code on your servers.

(more…)

Securing Your PHP Code – XSS

Saturday, April 5th, 2008

Today I’m going to start a three part series looking at security issues affecting web developers. The specifics apply to PHP developers, but the general concepts carry across all technologies.

Any significant website is going to consist of three core layers: the client side code (HTML and JavaScript), server code (PHP) and a storage layer (MySQL). As a developer you should be aware of the security implications of each layer of technology and how you can best secure your code.

(more…)