Everything tagged with "php"

Just a few short years ago, options for Open Source PHP ecommerce platforms were extremely limited, and often the only way to put together an ecommerce store online was to have a bespoke system built. Not any more, though - now there are plenty of options. We take a look at the top five contenders to see what each has to offer.

Read the rest of this post »

When Rasmus Lerdorf first put PHP together, he - quite sensibly, despite his heritage - chose not to write it in Greenlandic or Danish. Good job too - that would have been rather unpleasant to work with. He opted instead, being in Canada, for a more local tongue. No, not French. Not Canadian English either. No, he went for that bastard dialect of the Queen's English commonly referred to as "US English".

PHP developers in Britain have been grumpy about this ever since. What was he thinking? And more importantly, how do we undo this travesty? How do we developers ensure the traditions of the British Empire continue to be upheld, even in the digital age?

A Slap in the Face

$variable_name

The first, but maybe the most important, of many changes that will allow PHP to achieve a more elegant feel is to remove that symbol so beloved by the US and replace it with something altogether more refined. More solid. More ... sterling.

£variable_name

Getting Started

<?php
    echo 'Hello World!';
?>

How many of today's British programmers have been put off at the outset by the brazen informality of this simple yet obscenely Americanised program, colloquially referred to as "Hello World"? A more Imperial, formal introduction might encourage a greater proportion of young British talent to remain with the language and thus give the broader community a more urbane air.

<?php
    announce 'Good morrow, fellow subjects of the Crown.';
?>

Abbreviations

Few things are more abhorrent to the British than unnecessary abbreviations. "Text speak" is unheard of on the streets of London, as the natural ingrained British grammarian simply refuses to stoop to sending messages of the "c u soon traffic kthxbye" variety, instead proferring something altogether more elegant: "Dear Sir/Madam. I will arrive as soon as time allows, which I expect to be within the hour. I assure you the horses shall not be spared. Yours respectfully." (slower to type, yes, but we do not like to be rushed).

PHP, on the other hand, is full to bursting with abbreviations and acronyms which are entirely unnecessary:

str_replace()
is_int()
var_dump()
preg_match()
json_encode()
mysql_connect()

The following changes should improve things:

string_replace()
is_integer()
variable_dump()
perl_regular_expression_match()
javascript_object_notation_encode()
my_structured_query_language_connect()

Edit: I have corrected the expansion of "preg_match" - thanks to those who pointed it out.

Eloquence

if ($condition) {
    // Code here
} else {
    // Code here
}

Shakespeare would be ashamed to see his native tongue twisted into this monstrosity. Brevity is to be applauded in the right context - in some dark corner, where it shall be seldom seen - but not here. The if ... else block is the most used conditional code in all of PHP, so it must be made as inoffensive as possible. There are many options for its replacement, but this may be the strongest:

perchance (£condition) {
    // Code here
} otherwise {
    // Code here
}

The same naturally applies to the Americanised switch ... case construct, which one can only describe as clunky and unpleasant:

switch ($variable) {
    case $option1:
        //Code here
        break;
    case $option2:
        //Code here
        break;
    default:
        //Code here
        break;
}

Words such as "switch", "break" and "default" are hard on the reader and lack context. The Right Honourable biggerthancheeses was kind enough to contribute a more gentrified suggestion (and has some interesting ideas, particularly around replacement of "include()" with something like "i_might_be_partial_to()", demonstrating a natural talent for the Imperialisation of programming languages):

what_about (£variable) {
    perhaps £possibility:
        //Code here
        splendid;
    perhaps £other_possibility:
        //Code here
        splendid;
    on_the_off_chance:
        //Code here
        splendid;
}

Spelling

imagecolorallocate()
serialize()
newt_centered_window()
connection_status()

Words fail me at this point. How is any self-respecting gentleman expected to make head or tail of these "words". It beggars belief that anyone could allow such distortions of words to be entered into a programming language. They, along with the cornucopia of similar errors, should be reverted to their proper forms immediately:

imagecolourallocate()
serialise()
newt_centred_window()
connexion_status()

Manners

try {
    // Code here
} catch (Exception $e) {
    // Handle exception
    die('Message');
}

The try ... catch block is an excellent example of PHP's lack of manners. Far too direct to be allowed in the new PHP. Additionally, the word "die" is so very depressing. This new block, although more verbose, is vastly more polite and upbeat:

would_you_mind {
    // Code here
} actually_i_do_mind (Exception £e) {
    // Politely move on
    cheerio('Message');
}

Class

Perhaps nothing is as important and ingrained in the British psyche as the notion of class and, while there are few opportunities for change within this part of PHP, the changes that there are to be made here are important.

class Republic {
    public $a;
    private $b;
    protected $c;
}
$example = new Republic();

To begin with, the current system has no place for class hierarchy and this is unacceptable. So we shall begin by giving classes specific levels - upper, middle, working - and no class can access the methods of one of a higher level without the explicit permission of the higher order class (of course, though it might then have access, it would not be a true member of the higher order and could not itself grant higher order access to other lower order classes). "Public" and "Private", in the British class system, are often synonymous (see, for example, school system nomenclature), so these must be adjusted, as should the "Protected" property visibility. The word "new", while passable, has a much more appropriate replacement in matters of class.

upper_class Empire {
    state £a;
    private £b;
    hereditary £c;
}
£example = nouveau Empire();

The Sun Never Sets ...

It is hoped that these few simple changes will improve the reputation and status of PHP among other languages. No longer will it be the poor American cousin - instead it can take its rightful place as the - British - King of the scripting languages.

Thanks

Many thanks to Mark and Pat, former colleagues, who helped start this resurrection of the British Empire in the pub on Friday.

1. Yes, connexion.

The fourth part of the Writing Secure PHP series, covering cross-site scripting, cross-site request forgery and character encoding security issues.

Read the rest of this post »

The second version of the PHP Cheat Sheet, a quick reference guide for PHP, with functions references, a regular expression syntax guide and a reference for PHP's date formating functions.

Read the rest of this post »

Adding and removing variables to and from URLs using PHP can be a relatively simple process admittedly, but I have a couple of functions I use often to make the process even less time-consuming.

Add Querystring Variable

A PHP function that will add the querystring variable $key with a value $value to $url. If $key is already specified within $url, it will replace it.

function add_querystring_var($url, $key, $value) {
    $url = preg_replace('/(.*)(?|&)' . $key . '=[^&]+?(&)(.*)/i', '$1$2$4', $url . '&');
    $url = substr($url, 0, -1);
    if (strpos($url, '?') === false) {
        return ($url . '?' . $key . '=' . $value);
    } else {
        return ($url . '&' . $key . '=' . $value);
    }
}

Remove Querystring Variable

A PHP function that will remove the variable $key and its value from the given $url.

function remove_querystring_var($url, $key) {
    $url = preg_replace('/(.*)(?|&)' . $key . '=[^&]+?(&)(.*)/i', '$1$2$4', $url . '&');
    $url = substr($url, 0, -1);
    return ($url);
}

I have been looking for a way to convert the BBC weather feed for my area to iCal, so I can subscribe to it. It's date-based, after all, and RSS never seemed to me to be an appropriate format for subscribing to weather information. iCal always struck me as being "better" for that purpose. Of course, the BBC only have an RSS feed for local weather. What I needed was a converter.

After some hunting, I discovered that Dean Sanvitale had written a PHP script to convert RSS feeds to iCal format. However, his site (codent.com) appears to be long since abandoned and the script is no longer available from there. Fortunately, the Wayback Machine did have a copy. Dean originally released the script under a Creative Commons License which, fortunately, allows me to make the script available to download from this site (note: the script is available from this site under the same license).

So, if you're looking for a way to convert an RSS feed to iCal, this PHP script will do the job. Thanks Dean!

Source: rss2ical.txt

The problem that led to this snippet of code was that when posting from a form to a PHP script, you may sometimes want to have several fields with the same name and different values. For example, you might want people to be able to tick boxes to indicate which cities they have been to from a list. You would normally add "[]" to the name of the field inputs, like so:

<input type="checkbox" name="cities[]" value="London"> London
<input type="checkbox" name="cities[]" value="Paris"> Paris
<input type="checkbox" name="cities[]" value="Berlin"> Berlin
<input type="checkbox" name="cities[]" value="Madrid"> Madrid
<input type="checkbox" name="cities[]" value="Rome"> Rome

When the form is received by PHP, whichever items are ticked in the cities list above are accessible in the array $_POST['cities']. This is very handy.

Unfortunately, the addition of square brackets causes trouble with JavaScript, especially with a "Select All" function - which allows you to check all boxes at once by clicking a single one. This script works around that using regular expressions.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Checkbox Fun</title>
<script type="text/javascript"><!--
 
var formblock;
var forminputs;
 
function prepare() {
  formblock= document.getElementById('form_id');
  forminputs = formblock.getElementsByTagName('input');
}
 
function select_all(name, value) {
  for (i = 0; i < forminputs.length; i++) {
    // regex here to check name attribute
    var regex = new RegExp(name, "i");
    if (regex.test(forminputs[i].getAttribute('name'))) {
      if (value == '1') {
        forminputs[i].checked = true;
      } else {
        forminputs[i].checked = false;
  }
    }
  }
}
 
if (window.addEventListener) {
  window.addEventListener("load", prepare, false);
} else if (window.attachEvent) {
  window.attachEvent("onload", prepare)
} else if (document.getElementById) {
  window.onload = prepare;
}
 
//--></script>
</head>
 
<body>
 
<form id="form_id" name="myform" method="get" action="search.php">
 
  <a href="#" onClick="select_all('area', '1');">Check All Fruit</a> | <a href="#" onClick="select_all('area', '0');">Uncheck All 
Fruit</a><br><br>
 
  <input type="checkbox" name="area[]" value="1" />Apples<br />
  <input type="checkbox" name="area[]" value="2" />Bananas<br />
  <input type="checkbox" name="area[]" value="3" />Chickens<br />
  <input type="checkbox" name="area[]" value="4" />Stoats
 
  <br><br><a href="#" onClick="select_all('location', '1');">Check All Locations</a> | <a href="#" onClick="select_all('location', 
'0');">Uncheck All Locations</a><br><br>
 
  <input type="checkbox" name="location[]" value="1" />Brighton<br />
  <input type="checkbox" name="location[]" value="2" />Hove<br />
 
</form>
 
</body>
</html>

The third part of the Writing Secure PHP series, covering weak passwords, clients and more advanced topics.

Read the rest of this post »

A quick reference guide for MySQL, including functions (both in MySQL and PHP), data types, and sample queries. Available in PDF and PNG formats.

Read the rest of this post »

As requested by everyone, PDF versions of the PHP, CSS and mod_rewrite cheat sheets are now online. Enjoy!

I'm fed up with having to visit php.net to look things up. This A4 cheat sheet is designed to sit by your desk and make your life easier.

Read the rest of this post »

Mozilla and Google's prefetching functions are a nice addition to browser technology in many ways. Unsurprisingly, they are not very well thought through. The main two problems with the prefetching idea are that it messes with log files and it means every link on a page could potentially be followed despite the consequences (dangerous in a site administration context).

It appears from the FAQ that Google only intends their accelerator to prefetch specific pages, that have been specified with the <link> tag. However, many people are claiming that normal links have been prefetched.

To prevent prefetching of a page is simple: add the following PHP to the page you do not want prefetched:

if ((isset($_SERVER['HTTP_X_MOZ'])) && ($_SERVER['HTTP_X_MOZ'] == 'prefetch')) {
    // This is a prefetch request. Block it.
    header('HTTP/1.0 403 Forbidden');
    echo '403: Forbidden<br><br>Prefetching not allowed here.';
    die();
}

This will serve a "forbidden" header to the prefetcher. Normal browsing should be unaffected.

Learn how to improve your security a little further with the second part of this PHP tutorial.

Read the rest of this post »

A tutorial explaining how to retrict access to a directory on a web server using .htaccess.

Read the rest of this post »

PHP and SQL Server are a powerful combination, however sometimes data stored in a text type column is truncated for no apparent reason after 4096 characters. Here's how to fix the problem.

Read the rest of this post »

Learn how to avoid some of the most common mistakes in PHP, and so make your sites more secure.

Read the rest of this post »

Functions to count the number of syllables in a word or sentence, and work out the readability of text.

Read the rest of this post »

The Gunning-Fog Index is a measure of text readability based upon sentence length and difficult words in a passage.

Read the rest of this post »

A tool to help automatically fix most common (X)HTML errors before outputting a page to the user.

Read the rest of this post »

High-traffic sites can often benefit from caching of pages, to save processing of the same data over and over again. This caching tutorial runs through the basics of file caching in PHP.

Read the rest of this post »

Ternary conditionals (using the "ternary operator", sometimes known as the "trinary operator") are a part of PHP that many simply steer clear of, despite their usefulness. They can save a great deal of time when writing code and can make for much easier code to read and edit later on. They look strange to many people though, which might explain why they are not as widely used as they could be.

Consider a normal conditional statement, like the following. It begins by evaluating a condition. If that condition is true, it follows one path. Sometimes, an alternate path is specified if the condition is not true (the 'else' section). Sometimes, you can have a list of several possible conditions in a row (using 'if ... elseif ... else' or 'switch ... case').

if (condition) {
    variable = value-if-true;
} else {
    variable = value-if-false;
}

However, a simple situation like the above is a perfect candidate to convert to a ternary conditional. You have one condition, and if it is true, the variable is given a certain value - if false, a different value. A ternary conditional can accomplish the same thing, concatenating it into one simple line of code.

variable = (condition) ? value-if-true : value-if-false;

Ternary conditionals take the above form. You do not necessarily need to have a "variable = " section (as you will see later on), but usually that is what this is used for. The above does exactly the same thing as the 'if ... else' statement earlier. If the condition evaluates to true, the variable will be assigned the value in the "value-if-true" section, otherwise it will receive the "value-if-false" value.

In practice, you could use the ternary conditional to, for example, greet a user depending on whether it is currently morning or afternoon. Using traditional code ('if ... else'), you might write something like this:

if (date("G") < 12) {
    echo 'Good morning';
} else {
    echo 'Good afternoon';
}

The same statement, using a ternary conditional, would look like this:

echo (date("G") < 12) ? 'Good morning' : 'Good afternoon';

Note that in this example, we've used "echo", rather than assigning a value to a variable. The above is exactly the same as this, which does make use of a variable:

$greeting = (date("G") < 12) ? 'Good morning' : 'Good afternoon';
echo $greeting;

Another situation in which I often use ternary conditionals is when displaying rows of data. It can often be much easier for a user to see what is going in if the rows alternate background colour, and the following code can be useful for that:

$i = 1;
echo '<table>';
while ($data = mysql_fetch_array($result)) {
    echo '    <tr>';
    echo '        <td bgcolor="';
    echo (($i % 2) == 0) ? '#eee' : '#ddd' ;
    echo '">';
    echo $data['field'];
    echo '        </td>';
    echo '    </tr>';
    $i++;
}
echo '</table>';

The above code will cycle through a result set, displaying each item in a new row. The background colour of the row will alternate between shades of grey, controlled by the ternary conditional on the bold line.

Ternary conditionals make for tidier code. Use them - if not for yourself, then for whoever is going to end up editing your scripts!

How to validate email addresses according to ISO standards with PHP.

Read the rest of this post »

An introduction to PHP, one of the most popular programming languages on the web.

Read the rest of this post »

VBScript's DateDiff function is a powerful way to express differences between dates, and PHP lacks a similar function. Here's a replica of VBScript's DateDiff function in PHP.

Read the rest of this post »