10 code snippets for PHP developers
I've compiled a small list of some useful code snippets which might help you when writing your PHP scripts...
Email address check
Checks for a valid email address using the php-email-address-validation class.
Source and docs: http://code.google.com/p/php-email-address-validation/
include('EmailAddressValidator.php'); $validator = new EmailAddressValidator; if ($validator->check_email_address('test@example.org')) { // Email address is technically valid } else { // Email not valid }
Random password generator
PHP password generator is a complete, working random password generation function for PHP. It allows the developer to customize the password: set its length and strength. Just include this function anywhere in your code and then use it.
Source : http://www.webtoolkit.info/php-random-password-generator.html
function generatePassword($length=9, $strength=0) { $vowels = 'aeuy'; $consonants = 'bdghjmnpqrstvz'; if ($strength & 1) { $consonants .= 'BDGHJLMNPQRSTVWXZ'; } if ($strength & 2) { $vowels .= "AEUY"; } if ($strength & 4) { $consonants .= '23456789'; } if ($strength & 8) { $consonants .= '@#$%'; } $password = ''; $alt = time() % 2; for ($i = 0; $i < $length; $i++) { if ($alt == 1) { $password .= $consonants[(rand() % strlen($consonants))]; $alt = 0; } else { $password .= $vowels[(rand() % strlen($vowels))]; $alt = 1; } } return $password; }
Get IP address
Returns the real IP address of a visitor, even when connecting via a proxy.
Source : http://roshanbh.com.np/2007/12/getting-real-ip-address-in-php.html
function getRealIpAddr(){ if (!empty($_SERVER['HTTP_CLIENT_IP'])){ //check ip from share internet $ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){ //to check ip is pass from proxy $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else{ $ip = $_SERVER['REMOTE_ADDR']; } return $ip; }
XSL transformation
PHP5 version
Source : http://www.tonymarston.net/php-mysql/xsl.html
$xp = new XsltProcessor(); // create a DOM document and load the XSL stylesheet $xsl = new DomDocument; $xsl->load('something.xsl'); // import the XSL styelsheet into the XSLT process $xp->importStylesheet($xsl); // create a DOM document and load the XML datat $xml_doc = new DomDocument; $xml_doc->load('something.xml'); // transform the XML into HTML using the XSL file if ($html = $xp->transformToXML($xml_doc)) { echo $html; } else { trigger_error('XSL transformation failed.', E_USER_ERROR); } // if
PHP4 version
function xml2html($xmldata, $xsl){ /* $xmldata -> your XML */ /* $xsl -> XSLT file */ $arguments = array('/_xml' => $xmldata); $xsltproc = xslt_create(); xslt_set_encoding($xsltproc, 'ISO-8859-1'); $html = xslt_process($xsltproc, $xmldata, $xsl, NULL, $arguments); if (empty($html)) { die('XSLT processing error: '. xslt_error($xsltproc)); } xslt_free($xsltproc); return $html; } echo xml2html('myxmml.xml', 'myxsl.xsl');
Force downloading of a file
Forces a user to download a file, for e.g you have an image but you want the user to download it instead of displaying it in his browser.
header("Content-type: application/octet-stream"); // displays progress bar when downloading (credits to Felix ;-)) header("Content-Length: " . filesize('myImage.jpg')); // file name of download file header('Content-Disposition: attachment; filename="myImage.jpg"'); // reads the file on the server readfile('myImage.jpg');
String encoding to prevent harmful code
Web applications face any number of threats; one of them is cross-site scripting and related injection attacks. The Reform library attempts to provide a solid set of functions for encoding output for the most common context targets in web applications (e.g. HTML, XML, JavaScript, etc)
Source : http://phed.org/reform-encoding-library/
include('Reform.php'); Reform::HtmlEncode('a potentially harmful string');
Sending mail
Using PHPMailer
PHPMailer a powerful email transport class with a big features and small footprint that is simple to use and integrate into your own software.
Source : http://phpmailer.codeworxtech.com/
include("class.phpmailer.php"); $mail = new PHPMailer(); $mail->From = 'noreply@htmlblog.net'; $mail->FromName = 'HTML Blog'; $mail->Host = 'smtp.site.com'; $mail->Mailer = 'smtp'; $mail->Subject = 'My Subject'; $mail->IsHTML(true); $body = 'Hello<br/>How are you ?'; $textBody = 'Hello, how are you ?'; $mail->Body = $body; $mail->AltBody = $textBody; $mail->AddAddress('asvin [@] gmail.com'); if(!$mail->Send()) echo 'There has been a mail error !';
Using Swift Mailer
Swift Mailer is an alternative to PHPMailer and is a fully OOP library for sending e-mails from PHP websites and applications.
Source : http://swiftmailer.org/
// include classes require_once "lib/Swift.php"; require_once "lib/Swift/Connection/SMTP.php"; $swift =& new Swift(new Swift_Connection_SMTP("smtp.site.com", 25)); $message =& new Swift_Message("My Subject", "Hello<br/>How are you ?", "text/html"); if ($swift->send($message, "asvin [@] gmail.com", "noreply@htmlblog.net")){ echo "Message sent"; } else{ echo 'There has been a mail error !'; } //It's polite to do this when you're finished $swift->disconnect();
Uploading of files
Using class.upload.php from Colin Verot
Source : http://www.verot.net/php_class_upload.htm
$uploadedImage = new Upload($_FILES['uploadImage']); if ($uploadedImage->uploaded) { $uploadedImage->Process('myuploads'); if ($uploadedImage->processed) { echo 'file has been uploaded'; } }
List files in directory
List all files in a directory and return an array.
Source : http://www.laughing-buddha.net/jon/php/dirlist/
function dirList ($directory) { // create an array to hold directory list $results = array(); // create a handler for the directory $handler = opendir($directory); // keep going until all files in directory have been read while ($file = readdir($handler)) { // if $file isn't this directory or its parent, // add it to the results array if ($file != '.' && $file != '..') $results[] = $file; } // tidy up: close the handler closedir($handler); // done! return $results; }
Querying RDBMS with MDB2 (for e.g MySQL)
PEAR MDB2 provides a common API for all supported RDBMS.
Source : http://pear.php.net/package/MDB2
// include MDB2 class include('MDB2.php'); // connection info $db =& MDB2::factory('mysql://username:password@host/database'); // set fetch mode $db->setFetchMode(MDB2_FETCHMODE_ASSOC); // querying data $query = 'SELECT id,label FROM myTable'; $result = $db->queryAll($query); // inserting data // prepare statement $statement = $db->prepare('INSERT INTO mytable(id,label) VALUES(?,?)'); // our data $sqlData = array($id, $label); // execute $statement->execute($sqlData); $statement->free(); // disconnect from db $db->disconnect();
72 Comments to “10 code snippets for PHP developers”
Leave a Reply
Came across this on a stumble, great tips. Keep up the good work.
These snippets are really really useful and save a lot of development time. Great effort.
For mailer one
I dont like PHP mailer, since it requires a SMTP server, which doesnt apply the case if I simply wnat to send mail with the mail() function of the server/host.
Good work!
For list files in directory I use glob()
http://php.net/manual/en/function.glob.php
I liked the real IP function,
+1 for PHPMailer
You should add an example of ADOdb here,
it’s a great abstraction db layer library.
Love Stumble Upon. Thanks for the great info!
[...] 10 kodsnuttar för PHP-kodare [...]
@KZ
You can use PHP’s mail function with PHPMailer. Instead of $mail->IsSMTP() use $mail->IsMail();
So cool. If you come up with any more, please make a post about them. I also thought you’d like to know there is a great domain name at Godaddy.com that you may be interested in. It’s call PHPDEVELOPING.COM and I think its a good fit for you because your a great PHP programmer. You can contact me at my email address and I’ll help you get to it if you want. Again, just thought you’d like to know.
no responds
As for random password generation, i use the following code:
Returns 8 character string composed of mixed case letters, numbers, “+” and “/”. Secure enough for most cases.
Also, for reading list of files in a directory, glob(‘*’) can be used.
Overally, this article seem to overcomplicate everything. There are really simpler, and as effective methods.
[...] 10 Code Snippets for PHP DevelopersThis is a blog post covering ten useful code snippets. It includes an email address check, random password generator, get IP address, XSL transformation, force downloading of a file, string encoding to prevent harmful code, sending mail, uploading of files, list files in directory, and querying RDBMS with MDB2. [...]
[...] 10 Code Snippets for PHP DevelopersThis is a blog post covering ten useful code snippets. It includes an email address check, random password generator, get IP address, XSL transformation, force downloading of a file, string encoding to prevent harmful code, sending mail, uploading of files, list files in directory, and querying RDBMS with MDB2. [...]
[...] 10 Code Snippets for PHP DevelopersThis is a blog post covering ten useful code snippets. It includes an email address check, random password generator, get IP address, XSL transformation, force downloading of a file, string encoding to prevent harmful code, sending mail, uploading of files, list files in directory, and querying RDBMS with MDB2. [...]
[...] 10 Code Snippets for PHP Developers This is a blog post covering ten useful code snippets. It includes an email address check, random password generator, get IP address, XSL transformation, force downloading of a file, string encoding to prevent harmful code, sending mail, uploading of files, list files in directory, and querying RDBMS with MDB2. [...]
[...] 10 Code Snippets for PHP DevelopersThis is a blog post covering ten useful code snippets. It includes an email address check, random password generator, get IP address, XSL transformation, force downloading of a file, string encoding to prevent harmful code, sending mail, uploading of files, list files in directory, and querying RDBMS with MDB2. [...]
Hey, this is great! I found it on Stumble also, good job.
I liked these tips.. Keep up the good work!
Like most lists of PHP code snippets, there are problems with all of these.
The email validator can be replaced with a single regex. There is an official regex in the RFC. While this one is much better than most email validators, it is rather heavy.
The password generator is not nearly random enough. Even if you give it the greatest strength setting, it is still depressingly predictable without modifications.
Whether the password starts with a “vowel” or a “consonant” is dependent on the time with a 1 second resolution. I can force that variable *by hand*. I also know that every second letter in the password is drawn from an extremely small pool of only 8 characters. The remainder of the password is drawn from a pool of 43 characters which isn’t much better.
The complexity of the password will be 8^5 * 43^4 = 112,027,271,168 if the password is generated on an even second and 8^4 * 43^5 = 602,146,582,528 if it is generated on an odd second. While these numbers might look big, in cryptographic terms, they are tiny.
They are also generated using rand() which is a pseudo random number generator. If the seed of the PRNG is known, the passwords generated are highly predictable.
The Reform library was moved from the link you provided to OWASP and then to Google code. http://code.google.com/p/reform/source/browse/trunk/src/php/Reform.inc.php When looking at the code, all it does is return the same string with non-alpha-numeric characters replaced with their numeric html entities. The whole class could be replaced with a single call to the PHP built-in function: htmlentities()
The functional difference is that characters such as : and ( that have a special meaning in a javascript context would not be converted by the PHP built-in. Nonetheless, a filter that stripped these characters out (or rather, allowed the safe ones through) would be a better idea for user data that is going to end up as potentially executable javascript.code.
Upload is specifically designed for images and includes functions for processing them. You kind of forgot to mention that.
As Giovanni said, a single PHP built-in does a better job: glob().
[...] 1- 10 code snippets for PHP developers [...]
Really nice functions, thanks for making this