Digging deeper into PHP’s static scoping

Redditor troelskn made an interesting observation about my recent blog post about Singletons, pointing out that static variables defined within a method behave completely differently to regular static properties. I use static method variables often but still found this behaviour surprising. I decided this was a good opportunity to find out exactly how static methods, properties and variables work in PHP. Read more.

Singletons: What can they teach us about PHP?

Why would I be showing you how implement singletons in PHP? Don’t I know that the singleton pattern suffers from obvious shortcomings? Of course I do, but I have an ulterior motive. Singletons are a simple way to show off some of the features of PHP you probably don’t get to see and use too often. Now we’ve got that covered let’s see some code. If you haven’t seen a Singleton before the premise is simple: there should only ever be one instance of our class. Read more.

Getting started with Python and Django in 23 frustrating steps

Should I or shouldn’t I? Should I ditch my well-worn PHP and the frameworks I know so well to go with this new-fangled (silent-d)Jango thingy I hear the cool kids talking about? It’s a big decision, as this project is going to be the big one (you know, the one that will change the world and all that).

I’ve worked with PHP for over six years. It has it’s warts (and how) but it’s very much a known quantity at this point. On the other hand, when I have used Python it’s been a much more pleasant experience. The fact that this is a personal project makes the decision easier: let’s ditch old mate LAMPhp go with LAMPy. It’s almost dinner time and the latter sounds like it’d go well with an ale anyway. So, starting with a brand new dev box, where do I begin? Read more.

Cleaning up uncommitted subversion working folders

Today I stumbled across an unused working folder in a dark and dusty corner of one of our development servers. The directory had a couple of dozen un-checked in changes. Some were from barely a month ago while others dated back years. Not wanting to discard any important modifirations I cobbled together a bash command to show me when each file was last modified (the file’s mtime). Read more.

Simple Atom / RSS Reader for PHP

I was recently looking for a simple RSS reader for PHP. There are a few out there, like Magpie RSS. These seem like adequate projects, but much too high level for the scripts I was throwing together. I need to read a couple of different feed formats: namely WordPress’ RSS feed and Flickr’s Atom feeds. I decided to put together a single-class implementation which didn’t do anything more than the bare minimum.

Read more.

Abusing the Cache: Tracking Users without Cookies

I’ve been doing a little bit of research into ways to misuse browser history and cache and came across a very simple technique for tracking users without the need for cookies. Firstly, a demo. If you watch the HTTP requests you’ll see that there are no cookies being used.

Read more.

Windows Gadgets and Invalid Packages

I’ve recently upgraded to Windows 7 and decided to experiment with the in built gadgets. Windows gadgets are built on web technologies; each gadget is really just a couple of HTML pages glued together with JavaScript. This is good in principle but there are enough differences between the gadget environment and Internet Explorer to make testing difficult.

Read more.

A First Look at Python

So I’ve been looking at and using Python recently. I thought I’d share some of my thoughts for those who haven’t had a chance to play with the language yet. I’ll try to avoid a preachy OMG-I’ve-just-discovered-the-best-thing-ever post, or to simply write another Python tutorial. I’ll look at the good and bad points of the language.I first looked at Python a month or two ago. The guy and girls over at programming.reddit.com push it as the language to end all languages, so I decided to grab a copy of the (free!) Dive Into Python book. I started putting together a smallish personal project, but with no external pressure it petered out. When a discussion came up at work (a PHP shop) on how to quickly write a reliable server daemon I pushed the idea of Python. It took a little convincing, but the results speak for themselves.

Read more.

Securing Your PHP Code – Databases

SQL injection is a well trodden topic so I won’t go into too much detail.

For those who don’t know, the problem occurs when you fail to properly escape variables being placed into your strings. For example the SQL statement "SELECT * FROM users WHERE name = '$name'" will fail if $name is set to ' or '1' = '1. The string will be expanded to produce SELECT * FROM users WHERE name = '' or '1' = '1'. This is obviously not what you wanted, and could lead to very bad results when coupled with DELETE or UPDATE queries.

Read more.

Securing Your PHP Code – Server Security

When protecting your server environment you’ll want to ensure that two things happen. Firstly, you’ll want to keep your scripts from prying eyes; you want to make sure that you don’t accept input that will break your code. Secondly, and most importantly, you want to stop anyone from executing their own code on your servers.

Read more.