Before You Use Captcha: Form Protection Tips
23 Jan 2012
I ran into a great post on the PHP devnetwork forums here talking about some tactics to protect your forms without using Captcha.
First is the Honeypot method. The idea is to add a field to the form that bots would likely fill out but that is a hidden element on the form that should remain blank. twindev explains:
Fork a Process in PHP
10 Aug 2011
The other day I ran into a need to "fork" a process in a web app. Basically I needed to trigger a long-running process but immediately show the user a screen that said "running". I used a version of the following.
CakePHP Containable Behavior Example
6 Aug 2011
Recently a client needed a long page with a lot of data. I found CakePHP's Containable Behavior to be a quick and effective way to perform complex queries efficiently. Containable makes queries efficient because you only join the tables you need and you only fetch the columns whose values you need.
Below is an example that is similar to my code. Say you have a requirement to put 10 blog posts on a page, complete with associated slideshows and comments. Maybe it is a crazy web page or maybe it is the result of an API call. Anyhow, imagine your blog posts have an author who has an avatar. Each post may have a slideshow with any number of images. Posts may have many of comments and we want the comment text as well as the comment authors' names, emails, and avatars.
CakePHP Session Cookie Path
2 Jun 2011
In CakePHP I needed a way to have an app at "/app" but be able to share session data with another app. The easiest way is to set the Session Cookie path to "/". The problem is that Cake sets the session cookie to the base path--in this case "/app". There is no setting to override this behavior. But I discovered that if you start the session yourself, you can specify "/". Here is the code.
Escape Input and Output
30 Mar 2010
There is a surprising amount of confusion about XSS and SQL injection among the PHP programmers I've worked with. Here are some common ways to do it right and to do it wrong.
Wake Up! Do You Know Encryption?
26 Mar 2010
I'm surprised by how many developers aren't familiar with encryption. Many say to me that encryption is md5 and sha1.
Applications often need one-way encryption and two-way encryption. There are also public/private key encryption schemes like pgp which are not as commonly used in web applications.
Wrangling MS Word's HTML
27 Oct 2009
Oh boy.
Handling a paste from a Word document into a browser-based WYSIWYG editor is a pain in the butt. I'm using CKEDITOR, which does have a built-in tool for stripping Word's nasty HTML, but it doesn't work well. I also had no success using PHP's HTMLPurifier, htmLawed or Tidy alone.
pathConcat
21 Oct 2009
I developed the following php function after writing trim($path,'/') too many times. It took me a lot of iterations to pass all the unit tests, but it works with URI and file paths for all OSs. It goes as far as to account for the strange possibility of a path containing an escaped slash. It runs pretty quickly--less than twice as long as a simple use of join: join('/',$parts).
utf8_bin vs. utf8_general_ci
23 Sep 2009
After reading a thread on the phpbuilder forum I now understand the nuances of UTF-8 character coalation on MySQL. NogDog writes: