Comments on: 10 code snippets for PHP developers http://htmlblog.net/10-code-snippets-for-php-developers/ The web sandbox of Asvin Balloo Wed, 25 Nov 2009 02:36:02 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Pico RG http://htmlblog.net/10-code-snippets-for-php-developers/comment-page-2/#comment-33958 Pico RG Tue, 06 Oct 2009 07:58:40 +0000 http://htmlblog.net/?p=38#comment-33958 Really nice functions, thanks for making this Really nice functions, thanks for making this

]]> By: Collection of 10 top 10 lists about web development | vijayjoshi.org http://htmlblog.net/10-code-snippets-for-php-developers/comment-page-2/#comment-33586 Collection of 10 top 10 lists about web development | vijayjoshi.org Wed, 23 Sep 2009 13:02:34 +0000 http://htmlblog.net/?p=38#comment-33586 [...] 1- 10 code snippets for PHP developers [...] [...] 1- 10 code snippets for PHP developers [...]

]]> By: Dave http://htmlblog.net/10-code-snippets-for-php-developers/comment-page-2/#comment-32596 Dave Thu, 20 Aug 2009 21:02:58 +0000 http://htmlblog.net/?p=38#comment-32596 Like most lists of PHP code snippets, there are problems with all of these. The email validator can be replaced with a single regex. There is an official regex in the RFC. While this one is much better than most email validators, it is rather heavy. The password generator is not nearly random enough. Even if you give it the greatest strength setting, it is still depressingly predictable without modifications. Whether the password starts with a "vowel" or a "consonant" is dependent on the time with a 1 second resolution. I can force that variable *by hand*. I also know that every second letter in the password is drawn from an extremely small pool of only 8 characters. The remainder of the password is drawn from a pool of 43 characters which isn't much better. The complexity of the password will be 8^5 * 43^4 = 112,027,271,168 if the password is generated on an even second and 8^4 * 43^5 = 602,146,582,528 if it is generated on an odd second. While these numbers might look big, in cryptographic terms, they are tiny. They are also generated using rand() which is a pseudo random number generator. If the seed of the PRNG is known, the passwords generated are highly predictable. The Reform library was moved from the link you provided to OWASP and then to Google code. http://code.google.com/p/reform/source/browse/trunk/src/php/Reform.inc.php When looking at the code, all it does is return the same string with non-alpha-numeric characters replaced with their numeric html entities. The whole class could be replaced with a single call to the PHP built-in function: htmlentities() The functional difference is that characters such as : and ( that have a special meaning in a javascript context would not be converted by the PHP built-in. Nonetheless, a filter that stripped these characters out (or rather, allowed the safe ones through) would be a better idea for user data that is going to end up as potentially executable javascript.code. Upload is specifically designed for images and includes functions for processing them. You kind of forgot to mention that. As Giovanni said, a single PHP built-in does a better job: glob(). Like most lists of PHP code snippets, there are problems with all of these.

The email validator can be replaced with a single regex. There is an official regex in the RFC. While this one is much better than most email validators, it is rather heavy.

The password generator is not nearly random enough. Even if you give it the greatest strength setting, it is still depressingly predictable without modifications.

Whether the password starts with a “vowel” or a “consonant” is dependent on the time with a 1 second resolution. I can force that variable *by hand*. I also know that every second letter in the password is drawn from an extremely small pool of only 8 characters. The remainder of the password is drawn from a pool of 43 characters which isn’t much better.

The complexity of the password will be 8^5 * 43^4 = 112,027,271,168 if the password is generated on an even second and 8^4 * 43^5 = 602,146,582,528 if it is generated on an odd second. While these numbers might look big, in cryptographic terms, they are tiny.

They are also generated using rand() which is a pseudo random number generator. If the seed of the PRNG is known, the passwords generated are highly predictable.

The Reform library was moved from the link you provided to OWASP and then to Google code. http://code.google.com/p/reform/source/browse/trunk/src/php/Reform.inc.php When looking at the code, all it does is return the same string with non-alpha-numeric characters replaced with their numeric html entities. The whole class could be replaced with a single call to the PHP built-in function: htmlentities()

The functional difference is that characters such as : and ( that have a special meaning in a javascript context would not be converted by the PHP built-in. Nonetheless, a filter that stripped these characters out (or rather, allowed the safe ones through) would be a better idea for user data that is going to end up as potentially executable javascript.code.

Upload is specifically designed for images and includes functions for processing them. You kind of forgot to mention that.

As Giovanni said, a single PHP built-in does a better job: glob().

]]> By: Deacon http://htmlblog.net/10-code-snippets-for-php-developers/comment-page-2/#comment-32542 Deacon Tue, 18 Aug 2009 13:38:25 +0000 http://htmlblog.net/?p=38#comment-32542 I liked these tips.. Keep up the good work! I liked these tips.. Keep up the good work!

]]> By: Emma http://htmlblog.net/10-code-snippets-for-php-developers/comment-page-2/#comment-31889 Emma Thu, 23 Jul 2009 13:46:42 +0000 http://htmlblog.net/?p=38#comment-31889 Hey, this is great! I found it on Stumble also, good job. Hey, this is great! I found it on Stumble also, good job.

]]> By: 45+ Excellent Code Snippet Resources and Repositories | Desinine http://htmlblog.net/10-code-snippets-for-php-developers/comment-page-2/#comment-31882 45+ Excellent Code Snippet Resources and Repositories | Desinine Thu, 23 Jul 2009 08:19:13 +0000 http://htmlblog.net/?p=38#comment-31882 [...] 10 Code Snippets for PHP DevelopersThis is a blog post covering ten useful code snippets. It includes an email address check, random password generator, get IP address, XSL transformation, force downloading of a file, string encoding to prevent harmful code, sending mail, uploading of files, list files in directory, and querying RDBMS with MDB2. [...] [...] 10 Code Snippets for PHP DevelopersThis is a blog post covering ten useful code snippets. It includes an email address check, random password generator, get IP address, XSL transformation, force downloading of a file, string encoding to prevent harmful code, sending mail, uploading of files, list files in directory, and querying RDBMS with MDB2. [...]

]]> By: 45+ Excellent Code Snippet Resources and Repositories | Developer’s Toolbox | Smashing Magazine | 51Feeling http://htmlblog.net/10-code-snippets-for-php-developers/comment-page-2/#comment-31878 45+ Excellent Code Snippet Resources and Repositories | Developer’s Toolbox | Smashing Magazine | 51Feeling Thu, 23 Jul 2009 06:09:36 +0000 http://htmlblog.net/?p=38#comment-31878 [...] 10 Code Snippets for PHP Developers This is a blog post covering ten useful code snippets. It includes an email address check, random password generator, get IP address, XSL transformation, force downloading of a file, string encoding to prevent harmful code, sending mail, uploading of files, list files in directory, and querying RDBMS with MDB2. [...] [...] 10 Code Snippets for PHP Developers This is a blog post covering ten useful code snippets. It includes an email address check, random password generator, get IP address, XSL transformation, force downloading of a file, string encoding to prevent harmful code, sending mail, uploading of files, list files in directory, and querying RDBMS with MDB2. [...]

]]> By: 45+ Excellent Code Snippet Resources and Repositories | Search Engine Optimisation http://htmlblog.net/10-code-snippets-for-php-developers/comment-page-2/#comment-31858 45+ Excellent Code Snippet Resources and Repositories | Search Engine Optimisation Wed, 22 Jul 2009 09:22:32 +0000 http://htmlblog.net/?p=38#comment-31858 [...] 10 Code Snippets for PHP DevelopersThis is a blog post covering ten useful code snippets. It includes an email address check, random password generator, get IP address, XSL transformation, force downloading of a file, string encoding to prevent harmful code, sending mail, uploading of files, list files in directory, and querying RDBMS with MDB2. [...] [...] 10 Code Snippets for PHP DevelopersThis is a blog post covering ten useful code snippets. It includes an email address check, random password generator, get IP address, XSL transformation, force downloading of a file, string encoding to prevent harmful code, sending mail, uploading of files, list files in directory, and querying RDBMS with MDB2. [...]

]]> By: 45+ Excellent Code Snippet Resources and Repositories - Programming Blog http://htmlblog.net/10-code-snippets-for-php-developers/comment-page-2/#comment-31844 45+ Excellent Code Snippet Resources and Repositories - Programming Blog Tue, 21 Jul 2009 23:14:35 +0000 http://htmlblog.net/?p=38#comment-31844 [...] 10 Code Snippets for PHP DevelopersThis is a blog post covering ten useful code snippets. It includes an email address check, random password generator, get IP address, XSL transformation, force downloading of a file, string encoding to prevent harmful code, sending mail, uploading of files, list files in directory, and querying RDBMS with MDB2. [...] [...] 10 Code Snippets for PHP DevelopersThis is a blog post covering ten useful code snippets. It includes an email address check, random password generator, get IP address, XSL transformation, force downloading of a file, string encoding to prevent harmful code, sending mail, uploading of files, list files in directory, and querying RDBMS with MDB2. [...]

]]> By: 45+ Excellent Code Snippet Resources and Repositories « Tech7.Net http://htmlblog.net/10-code-snippets-for-php-developers/comment-page-2/#comment-31817 45+ Excellent Code Snippet Resources and Repositories « Tech7.Net Tue, 21 Jul 2009 10:01:50 +0000 http://htmlblog.net/?p=38#comment-31817 [...] 10 Code Snippets for PHP DevelopersThis is a blog post covering ten useful code snippets. It includes an email address check, random password generator, get IP address, XSL transformation, force downloading of a file, string encoding to prevent harmful code, sending mail, uploading of files, list files in directory, and querying RDBMS with MDB2. [...] [...] 10 Code Snippets for PHP DevelopersThis is a blog post covering ten useful code snippets. It includes an email address check, random password generator, get IP address, XSL transformation, force downloading of a file, string encoding to prevent harmful code, sending mail, uploading of files, list files in directory, and querying RDBMS with MDB2. [...]

]]>