PHP - Return results of comparison

August 27th, 2008 by Aaron

A useful reminder: you can make use of returning the results of comparisons for is*() functions. Let me explain that further…

PHP allows you to get the result of a comparison in a variable. Any variable you can return from a function. My my amazing transitive skills, I say you can return the comparison of a variable. Enough of this drivel - here’s an example:

1
2
3
4
5
6
7
8

function isGreaterThanFour($testVar)
{
  return $testVar > 4;
}
 
if (isGreaterThanFour(5)) {
  print 'yay!';
}

So - this is a very simple example, obviously - but it illustrates the powerful point of this functionality clearly.

Using Eclipse PDT? Check out this wiki

August 23rd, 2008 by Aaron

Are you a huge fan of Eclipse PDT (as I apparently am)?

You need to check out this Eclipse PDT Wiki. So far, a lot of cool articles. Watch for it to grow in the future!

Don’t forget about Class Constants!

August 23rd, 2008 by Aaron

Constants can be great. They can stand for things like web services keys, integers, flags, etc. Basically, anything that you aren’t going to be changing in your script - and most likely things that don’t change much outside of the script either. However, I’ve seen people use them in the global name space far too many times. A great alternative is the class constant. Lets check out some examples:

Continue reading Don’t forget about Class Constants!

Adobe Air Log File Watcher

August 9th, 2008 by Aaron

One of the biggest pet-peaves I have is when errors are generated on PHP files between redirects using the header() function. Especially if they’re not a fatal error, you never get to see them! Also, missing files that hit the apache logs usually are not found later until you review the logs as well. I thought: wouldn’t it be great if there was a tool that would watch these log files for me? (yes, a while ago, I talked about the perl “tail” script that I used in my eclipse to watch these… but… this is even better). Well there is a solution! My first Adobe Air application: Log File Watcher!

This was my first attempt at using Adobe Air - and I’d have to say I like it. This application is very ugly - I didn’t really use any CSS or anything. I used JS and HTML - no action script (well besides AIR’s built in stuff…).

Basically, I found some examples online and pieced them all together - and it worked! So yay. (Also, a good portion of this was done while working at SuperDev - sooo… shhhh)

Anyway, when you first start out the application, you can choose 1 or more files for it to watch. Then, when you click to start the watching, the application minimizes to the tray. (at least in windows…). Then, it will generate a popup whenever there is a change in any of the files that you’re watching.

Yeh, not great, but it was a start.

I’ve attached the AIR application - and a zip with the source in it. If I find time later, I might come back and rewrite it to be 1) prettier and 2) more useful. hah!

Adobe Air Application: logfilewatcher.air

Adobe Air Source files: logfilewatcher.zip

Programming without E_Notice

July 17th, 2008 by Aaron

Well, my boss at #superdev - who can only be compared to a more energetic version of the squirrel from hoodwinked

#superdev boss

Ok.

How does it happen?

E_NOTICE errors are generally generated when variables that haven’t been declared are read. But Aaron - why is this an error? I thought PHP did not require you to define your variables a head of time? Well, buddy, thanks for asking! PHP does not require you to define your variables ahead of time - when you write to them. However, it does suggest that you define them with some value before you read them. One of the main reasons why this is important is the registered globals feature… “feature”… that PHP had prior to PHP6.

Image this code:

1
2
3
4
5

<?php
if ($admin) {
 print "super secret stuff";
}
?>

Well, every time you run this script, no super secret stuff will be printed. However, if you have registered globals on, and then pass in a get variable, such as:
http://localhost/test.php?admin=TRUE
you’ll find that you just accessed a variable that was set to something you didn’t really expect.

Anyways, that’s the history of why this notice was generated.

Now, lets move on to the real meat:

Uninstantiated Variables

Lets take a common decision tree:

If my variable has been set to something, print something else. If my admin variable has been set, print the admin menu.

I’ve seen code do this like this:

1
2
3
4
5

<?php
if ($isAdmin) {
 print "<div id='menu'>blahb lah blah</div>";
}
?>

Also, other times I’ve seen this:

1
2
3
4
5

<?php
if (!$normalUser) {
 print "<div id='menu'>blah blalhickity blah</div>";
}
?>

Both of these are bound to generate E_NOTICE errors if not used properly. We’ll use the first example. Think about this:
Is there ever a case where $isAdmin won’t be set? You know that an unset variable will evaluate to false - but php will generate that E_NOTICE on you.

How to fix this?

There are two ways that you can fix this type of error:

First, predefine every variable to a blank or null before you could even use it. This is especially good for those who still have registered globals on.

1
2
3
4
5
6
7
8
9
10

<?php
/** top of script **/
$isAdmin = FALSE;
 
/** some function that may or may not actually define $isAdmin to true or false **/
areTheyAdmin();
 
if ($isAdmin) {
/** continues **/
?>

Other suitable predefined values include: ”, NULL, 0, array().

One Caveat: Be careful with predefining your values, however, so that you don’t use a legitimate value when not expecting it. For example, if you assigned $locationOfString = 0 and then did a stristr(), you could legitimately get a 0 returned. This might cause issues with your code that might be difficult to track down-such as false positives.

If you’re really lazy and don’t like spending all those extra lines, here’s a tip:

1
2
3
4
5

<?php
$a = '';
$b = '';
$c = '';
?>

OR

The second style: using isset().

Isset will return whether the variable is set to any value or not. If it is not, it returns false, and then your if statement exits right away. No calculation is done on an unset variable. Example:

1
2
3
4
5
6
7

<?php
 
areTheyAdmin();
 
if (isset($isAdmin) && $isAdmin) {
 /** continue some stuff here for admin dude **/
?>

What else does this affect?

This also affects array keys that are unset. You can view array keys the exact same as variables - you shouldn’t read from an unset one - but you can write to one that doesn’t exist yet.

1
2
3
4
5
6
7
8
9
10
11
12
13

<?php
 
$myArray = array('something'=>"another");
 
/** bad boy **/
if ($myArray['kakaw']) {
 print "word";
}
 
/** good to go boy **/
$myArray['chunky'] = 'soup';
 
?>

As with variables, you should use isset(). I would caution against using array_key_exists(). Isset is a language construct whereas array_key_exists() is not - so isset is immensely faster. The only time you might want to use array_key_exists is when you have an array of keys. Otherwise, isset() supports everything you need.

Bonus! In that previous example, to write to the chunky key, you don’t even have to define $myArray. In this example, $arrayKaBob is defined into an array automatically, and then the key is set:

1
2
3

<?php
$arrayKaBob['key master'] = 'gate keeper';
?>

Well what if I just use the @?

Don’t. Seriously. Look here.

Wrapping it Up

Ok - so that about wraps it up - any comments are welcome.

JEMGames Launched

June 6th, 2008 by Aaron

JEMGames has finally joined the 102 Degrees network. JEMGames is an experiment comparing the successfulness of a custom programed websites versus off the shelf open source PHP scripts.

No More “The Triangle”

June 6th, 2008 by Aaron

Well, I’ve officially resigned from “The Triangle.” Don’t worry, I’ve got a new place to keep bring experience to this blog. I look forward to my new opportunities.

Prototype JS - form elements need names, not just IDs

June 6th, 2008 by Aaron

So, I got stuck on this bug for an hour - so I thought I’d write it down.

I was using prototype js’s serialize command on a form. I was also using a strict xhtml doctype. My form elements had IDs only - and did not have names. Well, serialize kept coming back empty. Turns out that prototype requires there to be names on each of the elements.

UPDATE: Der - according to W3C, the ‘name’ attribute of the ‘form’ tag is deprecated, not the name attribute of the form elements…
*hits head with hand*

Finally - PHP has NoIndex on phpinfo output

June 4th, 2008 by Aaron

Security Issue?

A big issue with PHP security had been the developers creating a php info page and not removing it from a production site. As you may know, phpinfo() will dump a ton of useful information (for the developer - as well as the cracker) to the screen:

1

phpinfo();

I can’t imagine how many versions of that are out on various servers…

Actually, let’s take a look with this google query…

More than a million returns (granted they’re not all phpinfo() calls… but it gives you a good idea…)

There is Hope

With the release of 5.2.1 of PHP, phpinfo() now outputs the following meta tag:

1

<meta name="ROBOTS" content="NOINDEX,NOFOLLOW,NOARCHIVE" />

This will slowly but surely stop compliant robots (see: google, yahoo… not crackerMcCrackenstein.com) from archiving these… yes!

PHP Script Configuration Class with Logic built in

June 2nd, 2008 by Aaron

Sometimes we have static configuration options, such as the name of the company or the location of a particular partner’s website. Other times, there are more dynamic configuration options - such as the current location’s URL or database connection credentials.

For this article, I wanted to build on my previous article here, and make a config class that could still get all of this information from a static method, while making decisions to create accurate config options.

Continue reading PHP Script Configuration Class with Logic built in