Charles Reace
PHP Musings

Here's a little something I came up with today for dealing with strings being moved from PHP into JavaScript code. The problem is that if you have some sort of textual content in your PHP script (perhaps the result of a "screen-scraping" operation), if you try to directly use it within some JavaScript being output to your page, you'll run into all sorts of headaches due to newlines, quotes, etc. For instance, the following will not work:

<?php
$html = file_get_contents('http://www.charles-reace.com');
echo <<<END
<script type='text/javascript'>
var htmlText="$html";
document.write(htmlText);
</script>
END;
?> 

But, we can urlencode the text on the PHP side, converting all those problematic characters into the encoded form. Then we can decode it in JavaScript via its unescape() function. On the PHP side we need to use rawurlencode rather than just urlencode(), as the latter replaces spaces with "+" characters, but the JavaScript unescape() does not convert them. Now we can change our test script to:

<?php
$html = file_get_contents('http://www.charles-reace.com');
$encoded = rawurlencode($html);
echo <<<END
<script type='text/javascript'>
var htmlText="$encoded";
document.write(unescape(htmlText));
</script>
END;
?> 

Now the page generates no JavaScript errors and outputs the text as expected.

Just a few days ago I recommended using filter_var() with the FILTER_VALIDATE_EMAIL argument as a convenient means of validating email address formats. However, Phill Pafford (ReliableSource.org) pointed out at WebDeveloper.com that there was a security bulletin suggesting a potential danger due to this validation allowing linefeeds in certain situations. I did a little testing, and sure enough, I found that if the email ends in a linefeed character, it still passes validation.

<?php
header('Content-Type: text/plain');
$email = 'foo@bar.com';
$len = strlen($email);
for($i = 0; $i <= $len; $i++)
{
   $test = substr_replace($email, "\n", $i, 0);
   $result = filter_var($test, FILTER_VALIDATE_EMAIL);
   var_dump($result);
}?>

Which outputs:

Read the rest...

I just realized today that Wordpress was converting my "straight" quotes into directional or so-called "smart" quotes. While this may be nice for nontechnical blogs, it's a pain in a programming-related blog. It can make a block of sample code useless when you copy and paste it until you go through it and convert those directional quotes back into the straight quotes normally used in most programming languages.

Fortunately, a little Googling quickly found this forum entry with a suggested fix. I used Otto42's suggestion:

Read the rest...

A new PHP feature you might have missed (I know I did until I stumbled onto it recently) is the Data Filtering extension, which made its debut in PHP 5.2.0. This extension provides a set of functions for both validating and filtering of external data, such as users' form inputs.

These functions are each controlled as to what sort of filtering/validating they do by a set of pre-defined constants. See the Data Filtering Introduction page of the manual for a list of the currently available filters. As an example of its potential utility in the simplification of your code, consider the validation of email address formats. Probably the most commonly used technique for this is to use a regular expression comparison. The most thorough implementation of such a function I've encountered is this one I found at iamcal.com:

Read the rest...

I've dived into the theme I was using for this blog to change to a new color scheme and appearance (featurning my best friend Noggin reminding me how unimportant he thinks all this computer stuff is). Looks like I got the main parts working OK, but there is still some tweaking to do. Hopefully I'll have it cleaned up within the next day or two.

2008/07/12: I've finished fixing things (to the best of my knowledge). Let me know if you run into any problems with the display of any pages.

This is the first "Beginners' Corner" article, designed to help new PHP programmers in their quest to become veteran PHP programmers. In this initial installment we'll look at a few things which are best avoided, but for various reasons often become habits of new PHP users who do not yet know better. Many of these may become habits simply because there are so many bad examples out there to learn from, often because they are dated and PHP has moved on in a manner which obsoletes them.

<?php Tags

The first bad habit to avoid is using <? instead of <?php or <?= instead of <?php echo. While saving those few keystrokes is a temptation to all of us lazy programmers, it is a potential problem should you need to run the script on a site where the short_open_tag option is disabled. One likely reason to have it disabled is in order to avoid confusion with <?xml tags in XML documents, and as XML is much more prevalent now than it was when PHP was created, you are more likely to find such configurations in use; so just get in the habit of typing those three extra characters and saving yourself a lot of aggravation in the future.

Read the rest...

I just completed the upgrade to Wordpress version 2.5.1. (Wordpress is the application which runs this blog.) It was a relatively painless process, and as it includes an important security fix, I recommend anyone else out there using Wordpress perform the upgrade as soon as possible.

Get the latest version here.

So far everything appears to be working fine, and hopefully it will have no effect on my readers (if there are any).