Brown PHP

I hope not! I think we can safely assume that so many other web developers out there are thinking the same thing. Let’s be honest. A free database solution does not fit into Oracle’s business model very well. So would Oracle have the wear-with-all to shut down MySQL if they did buy Sun?

I’ve been hearing speculation about this happening and I had to post about it. My educated prediction? No. Why would they? Sure they could shut down one of their main competitors, but could they handle the negative press and community backlash of such a power play? Bill Gate’s and Steve Job’s together couldn’t. I’m not sure of the statistics, but I would say over 80% (There is a 67% chance that the previously mentioned percentage is incorrect, and the latter for that matter.) of all the websites you see on the net today have a MySQL backend.

So why would Oracle want to alienate all of those users? To make them upgrade to Oracle? Hah! They would only protest against the overlord that burned down their MySQL home. Oracle would only push them to competitors. What do I think is going to happen?

Simple. Use MySQL to enhance their own business model. Brand MySQL as the personal site / small business owner’s database. Slowly evolve MySQL over time so that it would be very low overhead for someone to upgrade to Oracle. By overhead, I’m talking about the learning curve/resource upgrading. Think about it.

Let’s say you own your own online business. Your business takes off and you find out that you need a more robust database to handle tracking, etc. You could look at M$ SQL or since you knew MySQL so well, upgrading to Oracle is a no brainer because there is no difference to you as the developer.

I just see that as being a much more viable alternative than shutting it down. Using MySQL as a gateway to Oracle would online enrich their business model while making the MySQL community happy and dare I say, much more willing to upgrade to MySQL’s “Big Brother”.

On a side note, I just wanted to say thank you to all my readers who helped make my Twitter Cloud Service (Twitter Tag Cloud Service) so popular. I have notice how so many of you have added it to your blogs or have used the code to do your own Cloud. I just wanted to say thanks.

The XMPP-Protocol (which is the official name of the “Jabber”-Protocol) is released under open source, Jabber itself has many advantages in comparison to other instant messaging protocols:

• It’s open source
• It’s based on plain-text, xml-style data
• Everyone can set up a own Jabber-Server
• It’s decentralized: There are now “central” servers

There are some implementation of this protocol for PHP:

• XMPPHP (successor to class.jabber.php/CJB)
• PHP Jabber Client

All these classes are using different approaches – so have a short look. In this article I want to talk about XMPPHP, the PHP Jabber Client will be discussed in the next one.

XMPPHP

Projectpage/Download: Google Code

This class uses CJB as base, it’s easier to use than CJB itself. Similar to CJB it uses the send-wait-read-model; your script will send a message to the connected Jabber-server, wait for a reply and read the reply from the server. This model is easy to use, you can use linear programming, no event-handling is required – but this model can be slow down your script if you will use Jabber extensive.

XMPPHP supports joining chat-rooms and TLS encryption – without much effort. (The sample on the project page is wrong – the parameters are not in a valid order!)

First a simple code example:

<?php
include("xmpp.php");

//username = user without domain, "user" and not "user@server" - home is the resource
$conn = new XMPPHP_XMPP('my.server', 5222, 'username', 'password', 'home');
// Enables TLS - enabled by default, call before connect()!
$conn->useEncryption(true);
$conn->connect();
$conn->processUntil('session_start');
$conn->message('someguy@someserver.net', 'This is a test message!');
$conn->disconnect();
?>

This script will do:

1. Connect to the talk.google.com-Jabber-Server
2. Wait until the connection is successful established
3. Send a message to someguy@someserver.net
4. Close the connection to the Jabber-Server

Sending a message to a single account is easy – but this call won’t work with a chatroom. For this you have to do this:

...
$conn->connect();
$conn->processUntil('session_start');
// Enter the chatroom
$conn->presence(NULL, "available", "chatroom@server/NickName");
// Send message to chatroom - "groupchat" is required!
$conn->message("chatroom@server", "Test!, "groupchat");
// Leave the chatroom
$conn->presence(NULL, "unavailable", "chatroom@server/NickName");
$conn->disconnect();
...

Finally: How to read messages sent from other users to the used account or within a group-chat? This is event-based, you have to wait for the message-event:

...
$events = $conn->processUntil('message');
foreach($events as $current)
{
  $data = $current[1]; // [0] contains the event type, here "message"
  echo "Message - From: ".$data["from"].", Text: ".$data["body"];
}
...

You can also listen for more than one event (just use an array of strings, so you can wait for “message” and “presence” for example). When joining a chat-room you have to mention you will get also some “older” messages, not only new ones. Additional processUntil() accepts a timeout in seconds as second parameter.

Tobias is a guest writer – visit his blog http://www.mashempires.com, he will launch his start up KnowYourEfforts (a time tracking web application) within few months. Follow Elchie on http://www.twitter.com

I am sad to say that I have taken the Informative Post down so that I can change my hosting plan to a more affordable package. I would like to extend an enormous amount of gratitude to all the authors that have devoted their time and effort to make the Informative Post a success, but due to my very busy schedule in trying to balance my new job with the site I was very overwhelmed and I had to let this go.

If anyone would be interested in taking over this project I would be happy to auction off ALL of Informative Post’s source code, so that someone else could take over the project. I would love to give it all away, but as many of you know, I have devoted a lot of my own resources into the Informative Post.

So every article that was being offered on the Informative Post, will now be directing to this page on BrownPHP. If you are new to Brown PHP, this is my own personal blog. I write articles covering all sorts of topics, not just PHP articles.

If you would want to follow me, you can find me on Twitter. I’m constantly Twittering all day!

Hi everyone, I need to change the way the Informative Post pays for content. Starting now, we will no longer pay an upfront fee for content. This is due to having little sponsorship to help pay our authors. Recently I have been using my own money to help pay the authors.

So again, from this date forward we will no longer be paying for articles upfront. We will still be paying for the performance of each article that we have published and will publish. This value of the CPM payments is likely to rise and will be based upon profits from the site.

This new payment policy also takes into affect all the articles that you have in your queue to be published. If you would like remove these articles from your queue, you are able to do that.

I will still be reviewing articles on a regular basis, but in the mean time I will be looking for a buyer for the Informative Post as I no longer have the time to devote to the site. If you are interested in acquiring the InformativePost.com, please send all offers to dlbrown06 at gmail dot com.

If you have any questions please comment them below.

Topics Updated On: 7/3/09

The following topics and products are what is buzzing in the industry currently. All of these topics will be updated everyday, so come back opten to see what is buzzing on the internet! Writing about the following topics and products will get your articles reviewed quickly no matter what your Author Priority rating is on the Informative Post. You can also feel free to use these lists as a reference for your own blogs.

When it comes to the popular products on Amazon and Ebay, write reviews and how-to’s about the products.

Popular News Topics

Popular Product Topics

 Loading ...

Show the Twitter Love!

I recently got an email from a reader asking me if I could help them with a small script to post updates to a Twitter account using PHP. I figured this might be something that a few others might be interested in, so I decided to post about it.

As most of you know, there are a multitude of options when deciding how to to Tweet to Twitter. If you would like to add this functionality to your site so that you don’t have to download an application to your computer, or visit another site, this might be something you would like.

Using the simple script below you, you can post updates to twitter. Please BE ADVISED: this script needs altered to run. As well as some extra code to add your desired functionality.


$username = 'myUserName';
$password = 'myPassword';
$status = urlencode(stripslashes(urldecode('This is a new Tweet!')));

if ($status) {
$tweetUrl = 'http://www.twitter.com/statuses/update.xml';

$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, "$tweetUrl");
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 2);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, "status=$status");
curl_setopt($curl, CURLOPT_USERPWD, "$username:$password");

$result = curl_exec($curl);
$resultArray = curl_getinfo($curl);

if ($resultArray['http_code'] == 200)
echo 'Tweet Posted';
else
echo 'Could not post Tweet to Twitter right now. Try again later.';

curl_close($curl);
}


Needed Alterations:

• Change $username to YOUR username
• Change $password to YOUR password
• Edit $status to the Tweet that you want posted.

Code to Add:

• Some HTML to Tweet dynamically. For example: Use a form like below and have $_POST['new_tweet'] update the $status variable.
• More Filtering: It would probably be a good idea to add some more filtering to the status so that you can’t just post a blanks status etc. (I could add that easily, but then where would be your opportunity to learn!)
• Use OOP Practices: Creating a Twitter Class out of the below procedural code would make it much more modular for you in the future. (Again, better for you to do this yourself. Feel free to contact me with any questions.)
• Add Some Javascript: Adding some Javascript that counts the amount of characters in the Tweet field would be handy to have for your visitors.

Try it out for yourself (Your Twitter Username and Password are NOT being recorded):

Tweet from BrownPHP if you like to test it out for yourself. You can also just copy this code, and make the necessary changes. I just wanted to give a small example to give you an idea of what you can do. Let me know what you think about it and if you have any ideas for some code scripts that you would like to see.

If you enjoy using Twitter, you may want to take a look at our Twitter Tag Cloud Service that we provide. You can also download the scripts to run the script from your own site.

ASP is defined as Active Server Pages. ASP runs inside Internet Information Services (IIS). This IIS is a component of Windows. ASP allows us to edit, change or add any content of a web page. It responds to user queries or data given from HTML forms. Any data or databases are accessed easily and the results are returned to the browser. It is helpful in customizing a web page; this feature makes the page more useful for individual users.

PHP is defined as Pre Hypertext Processor. PHP is a server-side, cross platform, HTML scripting language. The syntax of PHP is almost similar to C and Java. The goal of PHP is to allow web developers to write dynamically generated pages quickly.

PHP eliminates the need for numerous small CGI programs by allowing us to place simple scripts directly in HTML files. It also makes easier to manage large web sites by placing all components of a web page in a single HTML file. PHP has a perfect blend of compilation and interpretation. It is a used as general purpose scripting language which is suited for Web development and can be embedded into HTML.

The difference between PHP and ASP is that ASP is a Microsoft product based on visual basic syntax whereas PHP has C and Java based syntax. ASP works better on Microsoft servers.

ASP has the possibility to run on Linux and BSD (Berkeley Software Distribution) which is referred to the particular version of the UNIX operating system. ASP is mostly not recommended for BSD because it relies a lot on external components that often come in the form of Dynamic Linked Library ((DLL) which lists the other pages on the web where one can find additional information) that needs to be physically registered on the server.

PHP works fine on both environments. Linux/BSD server will run the PHP scripts faster than a Windows. Both ASP and PHP languages are popular but PHP is more popular because of its Open License solutions, which can be implemented, free of cost or can be downloaded easily.

The installation of tools such as image manipulation, upload, email, etc. can be easily uploaded in PHP with a very large number of tools whereas ASP requires the registration of components to do that, most of these components are not free.

The speed of ASP is very slow which is not suitable for traffics whereas PHP is faster when compared to ASP. ASP works better with SQL Server and Access. PHP works very well with SQL. If PHP is used with database systems, the connectivity is slow compared to ASP. If there is Microsoft server, then ASP/SQL Server is used. If there is Linux or BSD Server, then PHP is used.

From the above differences between PHP and ASP, it can be concluded that PHP is better in use, especially in syntax, connectivity, and in toolbox, which can be easily installed. As far as the web boards are concerned, there are many awesome products, like PHPBB (Open License), Bulletins (OL), etc.

Happy 2009 everyone! I hope this year is better than the last. Here is January’s Hot Topics that we will be looking for on the Informative Post. Write a good article on one of the below topics and we won’t care what your AP rating is.

– The death of Jett Travolta, John Travolta and Kelly Preston’s son
– Obama’s Inauguration
– NFL Playoffs
– An Economic Stimulus Package
– The December 21, 2012 Prophecy
– People’s Choice Awards
– Lisa Bonet’s New Baby
– Palm Pre
– Critic’s Choice Awards
– Casey Anthony in Court
– BCS Bowl
– Salmonella Outbreak

As always, keep an eye on this thread, because I’ll be updating it will new topics continuously.

There are several methods to solve errors in PHP code. Sometimes when the user waits to see an output a blank page will be shown if there is an error. To show the errors E_ALL^E_STRICT is used for the PHP 5 version. Contrarily, remaining versions just use E_ALL.

Even though error_reporting set to E_ALL, PHP sometimes still shows a ’blank’ page without showing the errors. Therefore, to indicate errors it should run in different directory, because the directory may be full and by erasing the file, the errors will be displayed as usually. It may even help in turning the ’error logging’ off.

If the reporting of an error is set in http.conf contained by a script then the ’integer’ value must be used and not the string in some versions. Or else the error message would not be displayed during the output of a program.

The handling of errors is very important because they are useful in removing harmful user information about the system, allowing the developer to access the information. PHP provides certain methods for handling the errors.

For example, the browser can be installed in such way that errors are not displayed; instead we can log and see the errors using log_errors and display_errors directives in the php.ini file. Depending on the change needed in the development, the error display can be turned on and off.

Error_reporting() may give the results which are not expected if the @ error repression command is used. Depending on the configuration settings, this will throw an error level E_WARNING in relation to the missing file. If the command is removed, the code works as expected. On the other hand, by using ini_set in config.php, the same result is accomplished. From this, we can know that the above said instructions are same.

The fatal errors can be caught by making use of another dynamic way. The fundamental is easy and can be tested with the system. In work sites, it fails to catch these fatal errors when the display errors are turned on, but sometimes the system can be tested to see all the fatal errors quickly in an unproblematic way by turning off the display errors. The syntax for the function used to catch all the fatal errors is;

function catchFatalErrors($p_OnOff=’On’)

If there is a warning like “Warning: mysql_query()” then the query requires a full table scan. It is not looked in error_reporting settings it will be set in php.ini. It can be turned off by writing syntax; within_set(”mysql.trace_mode”,”Off”), in the script.

The quick methods as said above, when used in codes helps in the avoidance of errors. Like when a blank page appears instead of an output, it can be avoided by using the methods and when the errors appear, they can be rectified by using the above methods.

The phenomenal growth of PHP applications has also led to a mushrooming of increased quantum of malicious activity. It thus becomes imperative that you write secure PHP code to protect your website. Here are some tips for the same.

The three most vulnerable aspects of PHP that can become easily accessible to anyone are XSS (Cross Site Scripting), Global Variables and SQL code.

XSS

The growth of XSS has followed a steady growth in the use of AJAX. Cross Site Scripting, for instance is used when you create a Comment section in your website. If the commentator has to log in to comment, his login information gets stored in a cookie. As the JavaScript code is generally run whenever a person writes the comment, there is a pretty good chance of the contents of the cookie being accessible to a remote server handled by a malicious user.

To counter this, make a habit of including filters whenever you request for random information. Use the die() function to exit from the task whenever the filters detect an unqualified input. The details that are typed are first filtered and then sent to the website’s database. Again the information is filtered before it is output.

<?php

//A good filter program that validates data, prevents XSS attack and
//preempts white lists would look like this

echo 'this is what you input';

echo htmlentities($_POST['myInfo']);

?>

Global Variables

The PHP feature “Register Globals” leads to a palpable lacuna in programming safety. Once this feature is activated in PHP configuration file, even a single variable that is to uninitialized, can lead to a great security flaw. For instance

<?php

if (is_admin()) ( $authorized=true; )

if ($authorized) ( include "/very/sensitive/data.php"; )

?>

When you run the file, because of non-initialization the user may not be verified, resulting in anyone accessing the administrative control! To counter this, you should disable Register Globals, initialize variables use localized variables and as far as possible within the programs.

SQL Code

The SQL code is vulnerable to malicious users just like XSS feature. To write a secure SQL code you need to remember a couple of things. First avoid using dynamic code and second, if dynamic code in inevitable then do not have direct input into the tables.

For instance, a code like this will take care of the sql security

if ($_POST['submit'] == 'Save') {

   if (isset($_POST['acct_num']) &&
       isValidAccountNumber($_POST['acc_num'])) {

        $link = mysql_connect ('hostname', 'user', 'password')
              or die('Could not connect to DB');
        ...
   }
}

Preferably have a database to select user name so that any other entry (like “bingo” or ‘blah blah’) can be swiftly detected. A simple way of preventing SQL security lapse is by typecasting the data so that input is effectively monitored. You can also make use of the versatile “mysql_real_escape_string”. This function can successfully filter symbols and contain SQL security flaws.

These three are the most significant to create a secure PHP code. Apart from this, you should also ensure that

• The system is well protected
• Files and database are protected.
• Posts are verified
• Input is always validated

Input validation is the key to secure programming. Make a habit of allowing only the right input into your system. A systematic approach to PHP, keeping in mind the pitfalls, can guard the program against most flaws and malicious attacks.