Friday, July 24, 2009

Regex Coach

The Regex Coach is a graphical application for Windows which can be used to experiment with (Perl-compatible) regular expressions interactively. It has the following features:

It shows whether a regular expression matches a particular target string.
It can also show which parts of the target string correspond to captured register groups or to arbitrary parts of the regular expression.
It can "walk" through the target string one match at a time.
It can simulate Perl's split and s/// (substitution) operators.
It tries to describe the regular expression in plain English.
It can show a graphical representation of the regular expression's parse tree.
It can single-step through the matching process as performed by the regex engine.
Everything happens in "real time", i.e. as soon as you make a change somewhere in the application all other parts are instantly updated.
Posted by at No comments:
Labels: , ,

Thursday, July 16, 2009

PHP performance tips

1. Profile your code to pinpoint bottlenecks
2. Upgrade your version of PHP
3. Use caching
4. Use output buffering
5. Don't copy variables for no reason
6. Avoid doing SQL queries within a loop
7. Use single-quotes for long strings
8. Use switch/case instead of if/else
Posted by at No comments:
Labels: , ,

Wednesday, July 01, 2009

10 Useful PHP Tips

1. Use an SQL Injection Cheat Sheet
2. Know the Difference Between Comparison Operators
3. Shortcut the else
4. Drop Those Brackets
5. Favor str_replace() Over ereg_replace() and preg_replace()
6. Use Ternary Operators
7. Memcached
8. Use a Framework
9. Use the Suppression Operator Correctly
10. Use isset() Instead of strlen()
Posted by at No comments:
Labels: , ,

PHP File Upload Security Ideas

When you allow users to upload files to your website, you are putting yourself at a security risk. While nobody is ever completely safe, here are some precautions you can incorporate to make your site safer.

1.Check the referrer: Check to make sure that the information being sent to your script is from your website and not an outside source. While this information can be faked, it's still a good idea to check.

2.Restrict file types: You can check the mime-type and file extension and only allow certain types to be uploaded.

3.Rename files: You can rename the files that are uploaded. In doing so, check for double-barreld extensions like yourfile.php.gif and eliminate extensions you don't allow, or remove the file completely.

4.Change permissions: Change the permissions on the upload folder so that files within it are not executable. Your FTP program probably allows you to chmod right from it.

5.Login and Moderate: Making your users login might deter some deviant behavior. You can also take the time to moderate all file uploads before allowing them to become live on the web.
Posted by at No comments:
Labels: , ,

How can I execute PHP code on my existing myfile.html page?

The way to execute PHP on a .html page is to modify your .htaccess file. This file may be hidden, so depending upon your FTP program you may have to modify some settings to see it. Then you just need to add this line for .html:

AddType application/x-httpd-php .html

Or for .htm

AddType application/x-httpd-php .htm

If you only plan on including the PHP on one page, it is better to setup this way:
AddType application/x-httpd-php .html
This code will only make the PHP executable on the yourpage.html file, and not on all of your html pages.
Posted by at No comments:
Subscribe to: Posts (Atom)