php[architect]

by Ron Korving

Remote procedure calls using PHP have become increasingly popular in the past few years. Since the introduction of PHP 5, a SOAP extension has been bundled with the core PHP distribution. SOAP does not, in itself, provide a security mechanism, nor is the PHP-extension very suitable for command line applications. In this article, author Ron Korving explains how you can achieve security for your SOAP transactions, and create your own SOAP-driven daemons on your servers.

by Lukas Smith

There is this myth that database abstraction is only useful when you need to be able to switch your code from one RDBMS to another. Obviously, this alone can be a key advantage in many situations. For example, when developing a product, do you really want to lose a potential client that has a different technology preference, or even a corporate-wide standard RDBMS? As Lukas Smith, one of our guest speakers at this year's php|tropics conference, points out in this month's cover article, database abstraction layers just might hold the answer.

by Ed Lecky-Thompson

Native session support has been present in PHP since version 4, but its lack of sophistication means it is often found wanting in enterprise-level development environments. In this article, author Ed Lecky-Thompson tackles sessions from the ground up; from recapping PHP’s built-in support right through to the development of a sophisticated brace of classes, especially optimized for session handling and authentication in PHP 5.

by Tom Whitbread

Database abstraction is not just useful to promote database agnosticism--it can be used to improve database interaction all around! In this article, Tom Whitbread shows you how to tame the MySQL API by creating a class which will handle errors, allow query execution, transport results, and strip or add slashes to your input data.

by Marcus Baker

Code rots. A strange thing to say about a pattern of electrons, but it’s true. You might think that all you have to do is leave the program alone in a corner untouched to keep it squeaky clean. The trouble is that a program that is useful talks to the outside world, and well, the outside world changes all of the time. That means patches, fixes, workarounds and a steady build up of confusion. Soon the original elegant design has been consumed and the code is rotten to the core. It works, but it’s still become a mess. The question is... does it have to?

by José Pablo Ezequiel Fernández Silva

In last month’s article, author José Pablo Ezequiel Fernández Silva examined the basics of PHPTAL and used it to build some simple pages. This month, he moves on to the rest of the templating system, including some advanced techniques to build complex web sites and provide semi-automated localization for their contents.

by Chris Shiflett

In this month's edition of Security Corner, security expert Chris Shiflett examines the ins and outs of BBCode, a format used in many PHP applications in order to allow users to format content. While BBCode can potentially offer a more simplistic markup vocabulary than HTML, it does nothing to help prevent cross-site scripting (XSS). Because this is such a common misconception, Chris explains its potential pitfalls in more detail.