PHP

12 Things Mango Wishes He'd Known When He Was a PHP N00b.

Posted in MySQL, PHP on June 29, 2009

2

Never use Register Globals. Ever. And if you ever even THINK of using Register Globals, and we find out, Mango is going to send someone over to your house to kick your ass. Are we clear?
As much as we love working with PHP, Register Globals is something that should be filed under "Monumentally Bad Ideas". And unfortunately, it's something that, at first glance, appears convenient. If a user submits a form to a PHP script with Register Globals enabled, the script will create a variable for each form element. However, keep in mind that this allows your end users to set any variable in your script that they like. Here is a common mistake that we see:
```
if ($logged_in) { secret_functions_allow(); }
```
In a situation like this, the author has first run some code to see if the user is logged in or not. If so, the script will have defined the $logged_in variable. When the above line of code fires, it will provide the user with some functions only availble to authenticated users. Innocent enough, yes? However, to "hack" this, all that a malicious user would need to do is form a URL like http://www.example.com/?logged_in=1. To turn off Register Globals, add php_flag register_globals off to .htaccess or register_globals = Off to php.ini. Many administrators ban use of Register Globals entirely, so by developing without it, your script will be more portable. This is a good thing.

Read more...

Mango's PHP PostScript Functions

Posted in PHP on June 17, 2009

0

The latest techniques we've been playing with involve using a PHP script on our server in Michigan to print to a remote printer at our office in Vancouver. In the past we've done this by generating an XHTML document with high-resolution images and simply prompting the user to print it. This worked, but if any sort of precision was required, the user had to configure their browser's page setup just so, and to make things even more difficult, different browsers required different settings.

Enter PostScript, a language understood by many laser printers. With PostScript, we can go directly from our script to the printer, (pipe the finished PostScript document to the printer on port 9100) eliminating the stop off at the browser. And, we can position things on our page with as much precision as necessary.

Read more...

Replacing smart quotes, em-dashes, and ellipses with MySQL or PHP

Posted in Joomla, MySQL, PHP on March 5, 2009

13

Alternate title: "Help! My Quotes Appear as Question Marks or Other Strange Characters!"

The "Smart quotes" feature in Microsoft Office transforms straight quotes into curly quotes. It also transforms hyphens into em-dashes and three periods into ellipses. While one might think, "How lovely! My document looks almost as if I'm educated!" readers of said document may not. Microsoft, in its infinite wisdom, decided to assign special characters such as the ones I just mentioned to a range of codes above 128. Problem: these codes were already assigned to other characters, resulting in frustrating incompatibility with non-Microsoft systems.

Keep reading for some PHP and MySQL code to help out with this issue, as well as a Joomla! plugin.

Read more...

Some nifty PHP date/time functions

Posted in PHP on March 8, 2008

0

I wrote two date/time functions in PHP that I was really pleased with so thought I'd post them.

string friendlydate ( numeric or string $input )
Return value is a day in relation to today in the format "Today", "Yesterday", "Wednesday", "March 2", or "November 7, 2007".
string howlong ( numeric or string $a, numeric or string $b ) Return value is the approximate length of time between two dates, $a and $b. Examples are "4 seconds ago", "1 minute from now", "1 hour ago", "yesterday", "2 months ago", "1 year ago".