When uploading files in PHP, its quite common for people to check the MIME type for the file uploaded against an array of allowed mime types. This may seem like common sense, however, its extremely unreliable. The mime type given in the array is the mime type sent by the browser to the script. Most browsers, if not all, determine the mime type based upon the file's extension - which may not reveal the true mime type of the file we are dealing with.
January 19th, 2006
The PHP Extension Community Library (PECL) is a collection of modules/extensions that you can install to enhance your version of PHP. The categories range wildly from Authentication to Image Handling, and from Encryption to XML. However, installation of the PECL libraries can sometimes be a bit tricky for the beginner. There are two main ways to install the PECL libraries. Note that if you installed PHP from an RPM or similar package, you will also need the PHP-devel package as well.
You can view all the PECL modules available at the PECL website. Some useful modules are:
January 19th, 2006
The PHPLondon mailing list have organised the UK's first PHP conference. Details are promising for an interesting day, and I've already booked my ticket! If you plan on going, leave a comment in the blog!
Conference tickets are just £50 each at the moment so make sure you get in there quickly! There is a limited number of seats too!
Speakers:
- Harry Fuecks, author of JPSpan, talking about AJAX and how it sucks.
- Matt Zandstra talking about an object oriented approach at Yahoo.
- Derick Rethans talking about the new Ez Components.
- Christopher Kunz from the Hardened PHP project will scare your pants off.
- Pawel Kozlowski will describe the PHP Pico container and dependency injection
January 11th, 2006
Sometimes, albeit rarely, I've needed to get at the raw POST data in a PHP file. You can of course get the POST data using $_POST, however, this is after PHP has processed it (i.e. magic quotes may have been applied, thus escaping the data). You can access the raw POST information using the following:
You can access the php://input wrapper as if it were a file, and use the Filesystem functions. More information on the PHP wrappers can be found in the PHP Manual.
January 5th, 2006
Here's a nice script I just put together for placing files on DAV-enabled web space, catering for SSL and HTTP authentication. It'll even log the result as presented from an Apache + mod_dav server.
Enjoy!
Continue Reading January 2nd, 2006
I thought I'd do a few small tutorials on data validation. Pretty much all websites now require some sort of user input, be it in the form of a newsletter or user registration, or a shopping cart. Its important that this data that is inputted is validated, else you'll find the wrong sort of data is inputted - either due to a malicious user, or a stupid one!
A lot of people get into PHP as its rather easy to code, but they overlook the most simple of input validation routines to ensure that the data coming from the end user matches what they expect. The golden rule of writing a PHP application is to never trust the user input, whether its come from a form via POST, the URL via GET or even a cookie.
Continue Reading December 21st, 2005
At work recently, I had to grab the sum of totals from multiple rows meeting certain conditions in a mysql table. Rather than get each total and add them in PHP in a loop, I decided to get MySQL to do all the legwork for me:
SELECT sum(amount)
FROM table
WHERE id = '$id'
AND condition = '1'
GROUP BY id;
That should return you a summation of the amount columns for all rows matched in the the WHERE statemtents.
December 21st, 2005
From my search stats, its quite clear that a lot of people are struggling with installing the Oracle XE rpm. As a result, I've uploaded the rpm that I used for my installation on Fedora Core 4. You can download this directly at http://www.jellyandcustard.com/downloads/libaio-0.3.104-2.i386.rpm or from the command line by executing this just before installing Oracle XE:
rpm -ivh http://www.jellyandcustard.com/downloads/libaio-0.3.104-2.i386.rpm
Happy installing!
Continue Reading December 10th, 2005
Finally, it appears a beta leak has appeared of Google Earth for Mac OS X. Macs were originally left out of the software release, with google saying:
At this time, Google Earth supports Windows only; however, we hope to support Mac and Linux OS soon. In the meantime, although it might be slower, some Mac users have had success running Google Earth with a PC emulator.
Well here we go. You can download the beta of this software here
December 10th, 2005
At the heart of every dynamic website is a way for the user to interact with the data it provides, and one very common way of interacting with with such data is by the use of HTML Forms. Generally (and hopefully obviously), a form is "submitted" when the user activates an HTML input element with the type attribute set to submit. However, most user agents will also submit a form when you give focus to an input element with attribute set to text and hit return. With PHP, the most common way to test if a form has been submitted is to simply test if the $_POST/$_GET array is empty or not, however when using the aforementioned multiple submit button techniques, a problem arises:
- sensible user agents (Gecko based browser, for example) will simply act as though the first submit button had been pressed, and proceed normally.
- MSIE (Internet Exploder?) will submit the form without passing any submit elements in the resulting array, which can cause all kinds of problems if you want to test their validity
The Solution? It is perfectly valid to have multiple input elements with the same name attribute, so simply place a hidden field with the same name/value as your preferred default action. For example:
November 28th, 2005
Next Posts
Previous Posts