|
Zamujasa posted:
This is correct. Here's a pretty cool site that has this question (very bottom) and many other benchmarks: http://www.phpbench.com/ E: McGlockenshire posted:Stick the creation of the headers after the email format validation. Nearly wrote an essay on how header injection works. Ah cool man thank you. I'm going to check out http://www.phpsecure.info/v2/article/MailHeadersInject.en.php which I'm guessing is your website for more information on header injection. I'll look into an alternative $from as well. I run my own hosting service with SPF on the domain -- no problems yet since it's already added to my safe list, but I'll have to try with another e-mail I have and see what happens when I send it with the same address. Knyteguy fucked around with this message at 07:14 on Oct 8, 2012 |
# ? Oct 8, 2012 07:09 |
|
|
# ? Jun 4, 2024 01:56 |
|
Knyteguy posted:This is correct. Here's a pretty cool site that has this question (very bottom) and many other benchmarks: http://www.phpbench.com/ Prehistoric. Hasn't been updated since the PHP4 days, IIRC. Don't trust a single metric there without duplicating the benchmark.
|
# ? Oct 8, 2012 07:10 |
|
McGlockenshire posted:Prehistoric. Hasn't been updated since the PHP4 days, IIRC. Don't trust a single metric there without duplicating the benchmark. Ouch, good to know. This would actually be kind of a fun project.
|
# ? Oct 8, 2012 07:15 |
McGlockenshire posted:How to avoid crap PHP advice: Could anybody recommend some beginner to intermediate books on PHP, with a special emphasis on OOP, design patterns, security, or database integration? I definitely want a focus on the theory behind why coding one way is better than another. I can read through the code in beginner books just fine, I'm not an absolute beginner, but I have no grounding in the theory behind design/code choices and why certain approaches/functions are avoided now. I graduate uni in 2 months and want to spend the next 6 months reading a hell of a lot on PHP/SQL/jQuery. I figure I'll look at frameworks as my skill increases, but I want to know the fundamentals and the theory behind the language first. I guess what I'm looking for is a behind-the-scenes look at the function and design of the language, without being too verbose... Most beginners books teach you the interface approach to coding, i.e. "if you type this word followed by a bracket followed by a series of other words, it returns these values!" and I want a deeper look at how the language functions and communicates. Sulla Faex fucked around with this message at 11:23 on Oct 8, 2012 |
|
# ? Oct 8, 2012 11:21 |
|
Sulla-Marius 88 posted:Could anybody recommend some beginner to intermediate books on PHP PHP Objects, Patterns and Practice is a good one.
|
# ? Oct 8, 2012 12:32 |
-JS- posted:PHP Objects, Patterns and Practice is a good one. Thanks. I was waiting for some more people to reply so I could thank everybody at once rather than spamming, but that book looks pretty good.
|
|
# ? Oct 10, 2012 06:38 |
|
I dunno how many of you guys use a a real PHP IDE, but I have been using PHPStorm and its the first one I have actually laid out real money for. There are two drawbacks, 1. getting it setup and configured is a little convoluted especially when you setup debugging and unit tests and 2. it does not support debugging or previewing on sites using https which is loving weird (we ended up using a VPN to code from outside of the office). Given that, the autocomplete is unheard of awesome. It will autocomplete not only standard PHP stuff, but all the classes in your project. It will also autocomplete XML, CSS, javascript, SQL, etc., by evaluating strings using regular expressions. I found netbeans to be super flaky, and the Zend IDE thing to be even flakier and more convoluted. If you set it up to read your database structure, it will even autocomplete your database fields, like in the following screen, via some sort of unicorn magic it determined that I was writing SQL then found the matching db fields http://d.pr/i/SoLe Anywho, I recommend it as long as you are patient enough to get through the xdebug/phpunit setup without pulling out your hair.
|
# ? Oct 11, 2012 03:42 |
|
Begby posted:I dunno how many of you guys use a a real PHP IDE, but I have been using PHPStorm and its the first one I have actually laid out real money for. PHPStorm is fantastic and absolutely worth the money if you're doing any kind of serious PHP development. The initial setup is a little weird, but I put that down to PHP being kind of a pain in the rear end to set up on Windows (I've had similar experiences with most PHP IDEs). Plus, if you're using 5.4, it works with the built in webserver right out of the box.
|
# ? Oct 11, 2012 04:29 |
|
I use Komodo Edit (the open source edition of Komodo IDE). It does pretty well, aside from some weird oddities with long, minified javascript files. While not a full IDE, the free version hooks into your PHP binary, and gives you live syntax checking, as well as the ability to trace variable and class definitions back to their source (and code/documentation hints). bobthecheese fucked around with this message at 13:14 on Oct 11, 2012 |
# ? Oct 11, 2012 13:06 |
|
I'm using phpDesigner 8 and find it great to use. I haven't used it for debugging though. Always willing to try new ones so will give PHPStorm a go. EDIT: I notice it has a Symfony2 plugin, does anyone know if it has something similar for CodeIgniter? SimonNotGarfunkel fucked around with this message at 19:55 on Oct 11, 2012 |
# ? Oct 11, 2012 19:52 |
|
I'm on PHPDesigner 7 and am wondering if it's worth it to buy 8. I think I'd rather try new things.
|
# ? Oct 11, 2012 19:59 |
|
I've always liked UltraEdit or UEStudio. I've never really tried anything else though so I can't provide a good comparison to other products.
|
# ? Oct 11, 2012 20:57 |
|
I have not used UEStudio nor PHPDesigner, if any of you guys do give it a try, I would like to hear how it compares to your current IDE. One thing that we do is work on remote dev servers, and netbeans kinda failed at that after mountain lion broke webdav, so we had to start shopping around for other IDEs.SimonNotGarfunkel posted:I notice it has a Symfony2 plugin, does anyone know if it has something similar for CodeIgniter? I am not sure, however if the CI people ever got around to properly commenting their functions and methods it should have really great autocomplete which is probably all you would really need with CI. All you would need to do is add the codeignitor folder as a resource in your project. edit: Ok, nevermind. I guess they haven't yet properly commented their code yet. http://validwebs.com/346/code-completion-for-codeigniter-in-phpstorm/
|
# ? Oct 11, 2012 23:41 |
|
I'm gonna have a play around with PHPStorm 5 and Symfony2 this weekend. When using Symfony2, what's everyone's preferred ORM, Doctrine or Propel? I'm pretty familiar with Active Record so should be able to pick up Propel quite easily but what's generally considered the standard?
|
# ? Oct 12, 2012 22:14 |
|
SimonNotGarfunkel posted:I'm gonna have a play around with PHPStorm 5 and Symfony2 this weekend. Generally Doctrine is the standard with Symfony. I've never used Propel with it, but Symfony2 was released with default Doctrine2 support. Doctrine2 can be a beast (slow and overly verbose) sometimes, but I generally dig it. If you need to run a _ton_ of large complex SQL queries, Propel might be better suited. Of course, you can also use the Doctrine DBAL library to run complex queries if you need basic objects returned.
|
# ? Oct 12, 2012 22:47 |
|
What are the advantages of an ORM over just writing SQL?
|
# ? Oct 13, 2012 01:28 |
|
A good ORM, especially something that does Data Mapper (Doctrine2) or Row Data Gateway (ZF & ZF2) instead of Active Record, can make easy things easier and ease a great deal of complexity when having to deal with simple CRUD of individual records. Unfortunately you don't always need to accomplish simple, easy CRUD, and that's when it all goes to hell and you end up with a mess of code generation and configuration file creation and docblock parsing and table metadata scraping just to get poo poo done.
|
# ? Oct 13, 2012 01:56 |
|
Golbez posted:What are the advantages of an ORM over just writing SQL? Doctrine is the first real ORM I've ever used (aside from writing one of my own). My experience with it is related entirely with Symfony. The thing I'm digging about Doctrine is the repository manager and entity manager they have with it. A repository is a class related to an entity (essentially a model) and you can write methods that operate on that entity in the repository. It makes (functional) testing and dependency injection easy. It also keeps any custom SQL you have to write in a nice reusable class. Doctrine abstracts all of the boilerplate inserts and updates. Also handles a lot of your basic selects. But for complex queries you either have to drop down to the database abstraction layer class or write a query in Doctrine's own query language called DQL (I don't like DQL). So now you've completely removed the usefulness of an ORM because you have a mix of generic code (using the ORM) mixed with database specific code (your custom queries). This is basically what McGlockenshire is saying. So, like a lot of things, it's a grey area. It can greatly help with a lot of boilerplate code, or make your life hell for really complex queries.
|
# ? Oct 13, 2012 02:20 |
|
SimonNotGarfunkel posted:I'm gonna have a play around with PHPStorm 5 and Symfony2 this weekend. Doctrine, oh god yes use Doctrine. I didn't even know Propel was a choice for Symfony2, but stay away. Nearly any third party bundle you might want to use will use Doctrine. Golbez posted:What are the advantages of an ORM over just writing SQL? The main advantage of an ORM is making code reuse easy. Sure, you can create your own model classes and painstakingly write a bunch of support for reusing a couple queries... or you can use an ORM and bake all that poo poo in with no effort. Plus, it'll be 98% as fast as the raw SQL anyways, especially if you're using APC or similar. Also, most ORMs are database agnostic. Want to include an sqlite db in your test suite for fixtures? No sweat -- poo poo's supported. Have fun supporting that without an ORM.
|
# ? Oct 14, 2012 07:46 |
|
Golbez posted:What are the advantages of an ORM over just writing SQL? They make basic CRUD applications easier, and can provide a limited amount of portability (You don't need to know SQL syntax specific to any DB engine). As soon as you get to complex relationships, almost all ORMs turn out to be nearly useless. They either produce horrible, slow, SQL; can't handle basic joining properly (let alone complex joins or exclusion joins); or fake joins by firing off hundreds of SQL queries. Personally, I try to avoid ORMs because of these issues. I don't tend to make many 'basic' CRUD applications, so complex joins are usually required. If you want to be able to write your application logic just using classes and not have to worry about SQL most of the time, then an ORM can help. You can't beat writing your own models properly including all the specific search, read, and save SQL, though. That being said, there is one ORM that I've use which I would swear by. Problem is that it's in python. SQLAlchemy allows me to compile my queries with custom complex joins, and the resulting SQL is almost exactly how I would have written it myself. It's still slower than just writing my SQL, though. I'm one of those people who doesn't like any of the PHP frameworks that I've ever used (including code ignighter and cake PHP) because I feel that they mainly get in the way and don't actually add anything that isn't already built into PHP. I keep running into them, and feeling like I'm beating my head on a brick wall. They have a place and a purpose, but mainly I feel that those are "far away from me". I feel much the same about ORMs. When I want to implement something and don't think instantiating 500 objects to find 1 is a sound method of writing code, I feel that they're getting in my way. I can't break out of the style of using them easily without creating horrible code, so I'm inclined to not use them at all. Not everyone wants (or needs) to understand SQL at the depth that I do (and I don't understand it anywhere near as well as many other people). It would make them better at writing code if they could, but if they can get by with an ORM then at least they're probably not introducing too many security holes.
|
# ? Oct 14, 2012 08:42 |
|
Eloquent ORM is used in the Laravel framework and it's basically the only ORM I have ever used that I've not just "not-hated" but actually loved. It actually handles all the relationships (one-to-one, one-to-many, many-to-many) without issue which is great when you want to say, remove a post and also delete all the entries from your compound tables etc.
putin is a cunt fucked around with this message at 01:45 on Oct 15, 2012 |
# ? Oct 15, 2012 01:29 |
|
I'm helping a friend with a website and I'm cobbling together some php code from various guides to make a login script. But I'm getting a parse error on the last line, where it says ?>, which seems strange. Could anyone have a look at it and tell me what I'm doing wrong? code:
|
# ? Oct 16, 2012 03:33 |
|
Fleur Bleu posted:I'm helping a friend with a website and I'm cobbling together some php code from various guides to make a login script. But I'm getting a parse error on the last line, where it says ?>, which seems strange. Both if statements are missing their terminating brackets also your script is hilariously vulnerable to sql injection also we know your db password &password=';%20drop%20database%20hpy;
|
# ? Oct 16, 2012 03:41 |
|
Unless I'm missing something, nothing about what you have posted is usable (or should be used) for numerous reasons. Someone can probably recommend some good tutorials but they're pretty hard to come by because most of them are very outdated.
|
# ? Oct 16, 2012 03:45 |
|
Glory of Arioch posted:Both if statements are missing their terminating brackets Thanks for the pointers, I'll have to work on it some more then! Glory of Arioch posted:&password=';%20drop%20database%20hpy; Haha, yeah that looks pretty bad. Mister Chief posted:Unless I'm missing something, nothing about what you have posted is usable (or should be used) for numerous reasons. Someone can probably recommend some good tutorials but they're pretty hard to come by because most of them are very outdated. I started off with some I found on the web, but I'll have to dig deeper to get decent probably. I'm having a look at http://www.php.net/manual/en/security.database.sql-injection.php now. Thanks for the help guys.
|
# ? Oct 16, 2012 03:59 |
|
Never use the mysql_ or mysqli_ functions. They're very old and deprecated. Look into PDO as well: http://php.net/manual/en/book.pdo.php
|
# ? Oct 16, 2012 05:02 |
|
No, mysqli_ is Ok, it just happens that doing prepared statements with it is a royal bitch.
|
# ? Oct 16, 2012 06:07 |
|
I have some 12-year-old person pestering me via email for information about how I built my website's CMS. I created my CMS as an exercise in PHP and MySQL. It does what I want it to do, and it's robust, but it's not very good or easy to use and it uses very bad practice, so in principle I refused to share the code with him because it would just result in more badly-written CMSes. But I don't want to discourage him from coding. Can anyone suggest a good tutorial that I can point him at instead?
|
# ? Oct 16, 2012 18:17 |
|
McGlockenshire posted:No, mysqli_ is Ok, it just happens that doing prepared statements with it is a royal bitch.
|
# ? Oct 16, 2012 18:22 |
|
Ever since we upgraded to gnupg 2, the PGP stuff in PHP doesn't work. Specifically, we can't add a key because, in gnupg2, this always loads a program rather than just taking input, and thus it simply fails for a web application. I haven't found too many people with the problem but I have found some, and I've found no solutions. I'm just surprised this isn't a bigger complaint. Does anyone know ANYTHING we can do other than just give up on using passphrases in gnupg?
|
# ? Oct 17, 2012 14:20 |
|
Golbez posted:Ever since we upgraded to gnupg 2, the PGP stuff in PHP doesn't work. Specifically, we can't add a key because, in gnupg2, this always loads a program rather than just taking input, and thus it simply fails for a web application. I haven't found too many people with the problem but I have found some, and I've found no solutions. I'm just surprised this isn't a bigger complaint. Does anyone know ANYTHING we can do other than just give up on using passphrases in gnupg? From glancing at the list of improvements in gpg2 they mostly seem like desktop-application oriented features (S/MIME signing and smartcard support), so I'm pretty confident in tossing this problem into the "if it ain't broke, don't fix it" category. I guess you could alias gpg2 to gpg2 --passphrase-fd 0 or replace the gpg2 binary with a script that does that, so you can supply the passphrase in STDIN (which should work like gpg does). No guarantees! qntm posted:I have some 12-year-old person pestering me via email for information about how I built my website's CMS. The Gripper fucked around with this message at 18:16 on Oct 17, 2012 |
# ? Oct 17, 2012 15:10 |
|
The Gripper posted:You can probably just stick with the original gpg, it's still being maintained. gnupg2 came with (I think, I didn't set this up) RHEL 6, and there's no official package of gnupg1 for that now, and we're having trouble getting a gnupg 1 we picked up elsewhere to coexist with our gnupg2, which is apparently intertwined into enough things as to make uninstallation impossible. I think.
|
# ? Oct 17, 2012 15:27 |
|
Golbez posted:gnupg2 came with (I think, I didn't set this up) RHEL 6, and there's no official package of gnupg1 for that now, and we're having trouble getting a gnupg 1 we picked up elsewhere to coexist with our gnupg2, which is apparently intertwined into enough things as to make uninstallation impossible. I think. Unless PHP was doing some other magic, it should work.
|
# ? Oct 17, 2012 15:29 |
|
The Gripper posted:Then you'll have to try the second suggestion, --passphrase-fd 0 should accept the password from the command line (I did some asking and apparently it's pretty commonly used as echo PASSPHRASE | gpg2 --passphrase-fd 0 ... to avoid the agent popup). So... instead of using the built-in gnupg functions, we simply pipe everything to an external program?
|
# ? Oct 17, 2012 16:07 |
|
Golbez posted:So... instead of using the built-in gnupg functions, we simply pipe everything to an external program?
|
# ? Oct 17, 2012 16:51 |
|
The Gripper posted:For some reason I was under the assumption PHP was just exec'ing gpg/gpg2, I must have been thinking of some other thing. It uses built in functions, like http://us.php.net/gnupg_adddecryptkey
|
# ? Oct 17, 2012 17:57 |
|
Golbez posted:It uses built in functions, like http://us.php.net/gnupg_adddecryptkey I'm actually surprised that GPGME still pops up that pinentry prompt, since it's a library designed specifically for applications to interface with. That seems like a stupid as hell idea, kind of a hand-holding "no application developer can be trusted to do things right" attitude to it. The solutions on their mailing list for "why on earth can't I just provide a passphrase you idiots" are all like this http://lists.gnupg.org/pipermail/gnupg-users/2007-April/030927.html The Gripper fucked around with this message at 18:07 on Oct 17, 2012 |
# ? Oct 17, 2012 18:04 |
|
I'm looping through wordpress posts and want a new line after every three posts. Right now I have code:
|
# ? Oct 21, 2012 13:47 |
|
Use modulus. It returns the remainder of the number of posts divided by 3 and if that is 1 we know that the post count is 1 greater than a multiple of 3.code:
Mister Chief fucked around with this message at 14:04 on Oct 21, 2012 |
# ? Oct 21, 2012 14:01 |
|
|
# ? Jun 4, 2024 01:56 |
|
Perfect, thanks
|
# ? Oct 21, 2012 14:14 |