Op Tweakers.net staat er een zeer goed artikel over SQL injectie en XSS, met PHP en MySQL voorbeelden:
http://tweakers.net/reviews/2531/sql-injectie-en-xss-de-beste-verdediging.html
Feb 28
A few days ago I had to set up a new environment for an old PHP application. The webserver runs on PHP 5.1.1, and could not be upgraded.
One of the databases is a MS SQL Server 2008. PHP has extensions for all kinds of databases, so I enabled php_mssql.dll in php.ini. When I tested the connection, I got a fatal error: Cannot connect to database…
Well, after a few hours of searching, I found this blog:
http://www.davidlauzon.net/2009/02/ms-sql-server-2008-with-php/
It describes perfectly my problem, and the solution. I downloaded MS SQL Server 2008, copied the file “ntwdblib.dll”, and replaced the two existing files in WAMP with the file I downloaded. After a restart of Apache, the MS SQL database was found.
It seems that PHP 5.1.1 (released november 2005) does not support more recent versions of MS SQL Server, but luckily there is a solution!
Thanks to all the bloggers out there, who make problem-solving a lot easier!
Mar 03
When I executed a query created with Zend_Db_Select in a Zend_Db_Table, I got the following error message:
“Select query cannot join with another table”
What is happening here? A very simple select statement with a join is not allowed in Zend_Db_Select?
To solve this mysterious matter, I decided to Google the error message, off course. Luckily, one of the first results I got was the Zend Framework manual, a page on Zend_Db_Table. Luckily? Not really, because the documentation only mentions “You can allow JOIN clauses on a select to allow multi-table lookups”. That’s great, but… HOW?
But as always, the documentation comes to the rescue! On the Zend_Db_Select page a comment points in the right direction. There exists an undocumented function “setIntegrityCheck(false)“. And if you see the code of Zend_Db_Table_Select, in the assemble() function, it becomes even more clear: there is indeed a parameter “$_intgrityCheck” that can ensure that selected columns are only from the primary table.
So I pass this function in my Zend_Db_Select statement, and now it is possible to do joins!
Feb 15
I got a really strange problem while implementing a menu with Zend_Navigation. I added this piece of code in the Bootstrap.php:
protected function _initNavigation() { $this->bootstrap('layout'); $layout = $this->getResource('layout'); $view = $layout->getView(); $config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/navigation.ini'); $navigation = new Zend_Navigation($config); $view->navigation($navigation); }
This is fine for creating a menu or breadcrumbs, but there is one big problem: after this code is in use, all custom variables and the View Helper Include path are not available any more in the layout phtml file.
For example “echo $this->name” just echoes null. Or the custom view helper “$this->myHelper()” cannot be found because the View Helper include path only contains the path to Zend View Helpers.
And writing the same code in the phtml file of a simple action does work!
So what is the relation between the code above and the problems mentioned?
It all starts at the first line of the function “_initNavigation()”: there is a bootstrap function for the layout. Unfortunately it is necessary to add another line to not have the problems above. It is needed to also bootstrap the view! So the code becomes:
protected function _initNavigation() { $this->bootstrap('layout'); $this->bootstrap('view'); $layout = $this->getResource('layout'); $view = $layout->getView(); $config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/navigation.ini'); $navigation = new Zend_Navigation($config); $view->navigation($navigation); }
Now the layout AND the view are bootstrapped, and the custom view helpers and variables can again be used in the layout phtml file.
I found this interesting issue in the ZF Jira: ZF-9537. It has already been reported, but it is not an issue (see status). So this is supposed to be normal behaviour? Does anyone has a good explanation for this?
Feb 14
Zend Navigation: Breadcrumbs minimum depth
Zend Framework
Comments Off
Creating breadcrumbs with Zend Framework is really easy:
- Create a menu structure (ini file, php array, …)
- add a small peace of code in the view file: “echo $this->navigation()->breadcrumbs()”
- open your page and you see… nothing
This is what happened to me on the home page of my most recent project. All though the ZF manual indicates you just have to echo the breadcrumbs, nothing appeared.
The problem was this: my menu started at level zero, and ZF sets the minimum level that will be displayed to one. Luckily there is the documentation, but it is really annoying that the method “setMinDepth()” is not in the API, so it took me much longer to find out this method existed.
Dec 02
Url view helper
Zend Framework
Comments Off
When creating a link in a view file to another page of your application, Zend Framework provides a view helper that is very handy: Zend_View_Helper_Url.
echo $this->url(array( 'module' => 'abc', 'controller' => 'def', 'action' => 'ghi', 'param1' => '1', 'param2' => '2' ); // output: "/abc/def/ghi/param1/1/param2/2"
If you don’t provide the module, controller or action, the current module, controller or action will be used as default values.
I think this is a very easy way to create links inside an application, without retyping every time your controllers or actions.
Nov 30
PHP Benelux Conference 2011, Antwerp
Conferences
Comments Off
Thanks to Ausy/Dataflow I will be present on Belgium’s most important PHP event of the year.
The 2010 event was great, and I was very happy I could be there. The schedule for this year looks very interesting too: tutorial on quality assurance and unit testing, RESTful web services, Doctrine, and ZF2.0. Those are already some of the talks I will attend.
All information can be found at conference.phpbenelux.eu
Already many thanks to the organizing crew! Hope to see you there!
Nov 30
E-volutions
Uncategorized
Comments Off
My colleague Ward Loockx is starting a new business “E-volutions” in webhosting, domain names, and the most important part: free webshop hosting.
Go find out more about his products on www.e-volutions.be
If you are interested in the free webshop hosting, subscribe for more information on www.e-volutions.be/gratis-webshop
Aug 17
Zend Framework certified!
Personal, Zend Framework
Comments Off
Today I passed the Zend Framework certification. From now on I can call myself Zend Framework Certified Engineer.
I followed the Zend Certification training at Ausy/Dataflow. Gauthier Delamarre is an excellent teacher, and he helped me very good to prepare for the examination. Though it is my opinion that with only the training you cannot pass. It requires a lot of experience with the ZF, and you have to study the online reference guide really good.
Some tips for anybody who wants to do the certification:
- know the output of every function,
- know which and how many parameters every function requires, but also know the optional parameters,
- know what happens if something goes wrong (does ZF throw an Exception or do you get a Fatal Error, a warning,…),
- know the configuration settings (for example Frontend and Backend Caching have a lot of settings),
- study the reference guide in depth!
Aug 06
Be faster in Eclipse PDT
PHP
Comments Off
A tip for all PHP developers using Eclipse PDT:
if you want to type a class name, for example “Zend_Controller_Request_Http”, you can just type “ZCRH“, and the Eclipse code assist will suggest “Zend_Controller_Request_Http”.
This works also in Zend Studio for Eclipse.
