Skip to content

Undoing Magic Quotes

13 July 2010, 6:48 pm

The often maligned (and rightfully so) magic_quotes_gpc “feature” of PHP can be problematic, especially if you are trying to develop scripts for general consumption on any platform. A brief example of the sort of problem it can cause is that if it is turned on and you do not undo its addition of back-slash escape characters, then if you apply a function such as mysql_real_escape_string() to prepare external data for use in a query, you will end up escaping the magic quotes backslashes and including them in the actual data.

To repair this potential “damage”, my solution is simply to test to see if the feature is turned on, and if it is, to recursively walk through the affected arrays, $_GET, $_POST, $_COOKIE (thus the “gpc”), via the array_walk_recursive() function. My function makes use of an “anonymous function” via the create_function() function. Then all that needs to be done in any script is to run the following function before otherwise using any of those three super-global arrays.

Continue reading ‘Undoing Magic Quotes’ »

Filed under PHP. Tagged , ,
Comment

Book Review: CodeIgniter 1.7 Professional Development

8 June 2010, 12:09 am

I was recently provided a review copy of CodeIgniter 1.7 Professional Development by Adam Griffith (Packt Publishing). It claims that it will help the reader “Become a CodeIgniter expert with professional tools, techniques and extended libraries.” As someone who has used CodeIgniter and found it to be very useful, I was looking forward to learning more and becoming a CI power user. However, I cannot say that my wish was fulfilled.

While some of the second half of the book introduced me to a few CI features I did not know about or at least had not yet used, most of the book was either about things I already knew or things I didn’t really care much about.

Most of the first half of the book essentially reiterated things you can find in the CI documentation, and that documentation is one of the strong points of CI. Also, some of the organization of the material was odd, such as detailing the image manipulation library before discussing a basic functionality such as session data handling. Some of the code samples seemed to be less than optimal as good examples of object-oriented PHP, such as the large switch/case block in the “Rest” class in Chapter 8.

My overall response to this book is therefore that it might be of use to intermediate-level PHP users who are new to CodeIgniter (with the caveat that it is not necessarily a good source for learning good OOP practices), but the experienced CodeIgniter user probably will find little in this book to make it worth purchasing. I’d probably only give it 2-1/2 stars out of 5.

Filed under OOP, PHP. Tagged , ,
Comment

Object Iteration in PHP 5

1 June 2010, 12:30 am

PHP 5 gives us the ability to iterate through objects much as we can with arrays, such as with the foreach() loop construct. I knew this ability existed but had not really looked into it or made use of it. However as a result of a thread at PHPBuilder.com, I thought this might be a good solution.

The key here is that while the default behavior of object iteration is to access each of the object’s public properties, you can override that behavior via the Iterator interface, defining custom methods to iterate what you specifically want from the object.

Continue reading ‘Object Iteration in PHP 5’ »

Filed under OOP, PHP. Tagged , , ,
Comment

Good News / Bad News

21 March 2010, 1:21 am

The good news: PHP has lots and lots of useful built-in functions for all sorts of things.

The bad news: PHP has lots and lots of useful built-in functions I don’t know about.

Sometimes it’s almost an embarrassment of riches. You think you know PHP pretty well and know how to write some pretty slick code. In a thread at PHPBuilder.com I threw together a bit of code to build a CSV file from a database query. I figured I was being fairly clever using the uniqid() function to create a unique file name I could use for temporary storage of the CSV data, fopen()-ing it and then eventually using readfile() to output it to the user, followed by an unlink() of the file once it’s done.

Then fellow moderator “Weedpacket” pointed out to me the tmpfile() function, which I’d never run into before, and which makes it easy to open up a temporary file. It returns a file handle similarly to the fopen() function. The nice part is that you do not have to worry at all about generating a unique name, and the file is automatically deleted upon script completion (or when you fclose() it should you choose to).

It serves as a slightly humbling reminder that when working with PHP, before you write code to do something that someone else has likely had to do in the past, it is probably worth your while to scan through the function lists of applicable sections of the manual to see if there is already a built-in function which does what you need. It is often worth the time to make that search, as the built-in functions are likely to be faster than your own user-defined functions, plus hopefully they should be more robust.

Filed under General, PHP. Tagged ,
Comment

Tourney Time Again

14 March 2010, 11:19 pm

I’ve posted my 2010 NCAA Men’s Basketball Tournament randomized bracket generator. It’s a quick way to pick winners for your bracket pools. It simply weights each game by the teams’ tournament seedings. It ain’t fancy, but if you’re tired of spending hours trying to pick the winners only to find you’re out of the competition by the first Friday, well, this way at least you won’t have wasted as much time.

Filed under General. Tagged ,
Comment

Beginners’ Corner: Variable Function Parameters

25 January 2010, 12:19 am

Sometimes when defining a function in PHP, you find that there may be cases where you do not want to specify all the possible parameters when calling it. This could be because you want it to use a default value, or that in certain cases it does not logically apply. If you find yourself in such a situation, probably the first thing you should do is ask yourself if two (or more) separate functions should be defined, instead. (Perhaps one function would call the other internally?)

Assuming you want to stick with one function, the most commonly used approach is to define a default value for one or more parameters in the parameter list. A parameter is assigned such a default value via the = operator, just as you would use it to assign a value in the function body.

function foo($bar='World') {
   echo "Hello, " . $bar;
}

When the function is called at run-time, if that parameter is not included in the call, then the default value will be used; otherwise the supplied value is used.

foo(); // Hello, World
foo('Joe'); // Hello, Joe

If you want your function definition to include both required and optional (default) parameters, the required parameters must come first in the list.

function foo($req1, $req2, $opt1='something', $opt2=null) { }

In the preceding example, the use of null can be convenient in that PHP treats a null variable as “not set” by the isset() function, allowing you to do something like:

function foo($bar=null) {
   if(isset($bar)) {
      echo $bar;
   } else {
      echo "Nobody home";
   }
}

Another approach which can be quite powerful in some ways, but for which I’ve really not run into much use myself, is the use of variable length argument lists. Essentially, the function prototype would have no parameters specified, then you use the func_num_args(), func_get_arg(), and/or func_get_args() functions to determine how many arguments were supplied and then decide what to do with them.

function test()
{
   $numArgs = func_num_args();
   switch($numArgs) {
      case 0:
         return false;
         break;
      case 1:
         echo "Hello, " . func_get_arg(0); // args start numbering at zero
         break;
      case 2:
         echo func_get_arg(0) . ", " . func_get_arg(1);
         break;
      default:
         echo "Here are the args:<br /><pre>";
         print_r(func_get_args());
         echo "</pre>";
   }
}

Lastly, another approach is to pass an associative array as the function parameter. You can then test for specific array keys to decide what to do.

function test($args)
{
   if (!is_array($args)) {
      user_error('Oops!');
      return false;
   }
   if (isset($args['name'])) {
      if (isset($args['verb'])) {
         echo $args['verb'] . ", " . $args['name'];
      } else {
         echo "Hello, " . $args['name'];
      }
   }
   return true;
}

A downside of this last method is that the function definition’s parameter list gives no clue by itself as to what array keys are expected/allowed. This can make it tricky to use and maintain, as the coder is at the mercy of the comments and documentation, or else is forced to read the entire function definition to figure out the possibilities.

Filed under Beginners' Corner, PHP. Tagged , , ,
Comment

Book List App: One Query to Rule Them All

10 December 2009, 4:58 am

I got side-tracked from working on this project for awhile, but I am trying to get back to it now.

One thing I needed to address was that for many of the database tables I would have situations where a user supplies some data, and if it already exists in the table then I just need the primary key for it, or else I need to insert it and then get the key. Typically I’ve seen people do something along the lines of a select query to see if it’s in there, and if not perform a second query to do the insert.

While thinking tonight about how ugly that is, it came to me that maybe I could do an INSERT…ON DUPLICATE KEY UPDATE query. What I wasn’t sure about was if you could get the insert ID if it already existed and therefore does an update. Upon reading the MySQL manual entry on it, it looked like it should work, but I still wasn’t positive the PHP mysql_insert_id() function would work with it, and even less sure the related CodeIgniter database functions would. After a bit of testing, the good news is, it works. This should save me doing extra queries in a number of places, plus eliminate any need for table locking (I think).

So the basic process is:

public function replace($lastName, $firstName)
{
   $lastName = $this->db->escape($lastName);
   $firstName = $this->db->escape($firstName);
   $sql = "
INSERT INTO `author` (`last_name`, `first_name`)
VALUES ($lastName, $firstName)
ON DUPLICATE KEY UPDATE `last_name` = $lastName
";
   $this->db->query($sql);
   if($this->db->affected_rows())
   {
      return $this->db->insert_id();
   }
   return false;
}

Hopefully this will save me — and maybe you — a bit of processing time and coding time.

Filed under PHP, SQL. Tagged , , ,
1 Comment
« Older Entries