Southern writes:  

It doesn't matter if you're a beginner or an advanced PHP programmer, if you're looking for something or just anything. This is a list to bookmark if you're into PHP. Frameworks, AJAX applications that speak using PHP, highlighters, parsers, video tutorials and many more in this month's "Best PHP tools of the month".

ROScripts

Southern writes:  

1. Use an SQL Injection Cheat Sheet

This particular tip is just a link to a useful resource with no discussion on how to use it. Studying various permutations of one specific attack can be useful, but your time is better spent learning how to safeguard against it. Additionally, there is much more to Web app security than SQL injection. XSS (Cross-Site Scripting) and CSRF (Cross-Site Request Forgeries), for example, are at least as common and at least as dangerous.

We can provide some much-needed context, but because we don’t want to focus too much on one attack, we’ll first take a step back. Every developer should be familiar with good security practices, and apps should be designed with these practices in mind. A fundamental rule is to never trust data you receive from somewhere else. Another rule is to escape data before you send it somewhere else. Combined, these rules can be simplified to make up a basic tenet of security: filter input, escape output (FIEO). Read More...

Southern writes:  

Enjoy!

1. echo is faster than print.
2. Wrap your string in single quotes (') instead of double quotes (") is faster because PHP searches for variables inside "" and not in '', use this when you're not using variables you need evaluating in your string.
3. Use sprintf instead of variables contained in double quotes, it's about 10x faster.
4. Use echo's multiple parameters (or stacked) instead of string concatenation.
5. Use pre-calculations, set the maximum value for your for-loops before and not in the loop. ie: for ($x=0; $x 6. Unset or null your variables to free memory, especially large arrays.
7. Avoid magic like __get, __set, __autoload.
8. Use require() instead of require_once() where possible.
9. Use full paths in includes and requires, less time spent on resolving the OS paths.
10. require() and include() are identical in every way except require halts if the file is missing. Performance wise there is very little difference.


more with citations: hm2k Internet Engineering

Southern writes:  

Do you want to debug PHP like never before and learn to avoid PHP scripting pitfalls?

The following in depth information about common PHP Notices, Warnings, Parse and Syntax Errors will automatically display above when you are syntax checking using the form if information about the particular error you receive is on file with us. We are just listing these here also in case you want to see a list of the more common problems people have, and how to fix them.

Develop PhP

Southern writes:  

When scripting in PHP, we often restrict ourselves to a limited number of API functions: the common ones, like print(), header(), define(), isset(), htmlspecialchars(), etc. If some needed functionality doesn’t exist, we often write it making use of these basic components which we have in mind. The PHP API actually offers a lot of functionality, some useless and some useful; often seldom used. I have been looking through the available functions and was interested to find some really cool functions that I should have known about. Here, I share my findings.

more: infinity-infinity

Southern writes:  

What is the Debug Console?

The Debug Console is a tool for debugging and tracing PHP5 applications on productive servers without compromising the live-traffic.

With simple PHP functions you can inspect variables, watch changes in variables over the whole run time, measure partial run times, set checkpoints and write log files. Additionally, the Debug Console replaces the PHP error handling so that notices, warnings and errors are shown in a popup too, instead of displaying them in the application to be debugged.
 Read More...