PHP is a difficult programming language that looks and feels easy. It is
flawed, but it was in
the right place at the right time, and it's now fairly popular. With the
advent of web frameworks like Pylons and
Django, PHP's popularity finally seems to
be declining, but if you do any amount of web development, you will probably
still end up working with PHP. When that happens, this page may make your
I have written several small libraries in PHP, and most of the time I
just quietly uploaded them to my FTP server and said nothing
more unless someone asked. None are particularly well-documented, and
they're not really intended to be used by people who can't read the source
code, but they are all free software.
In order to make these libraries more accessible to busy web developers,
I have created this list of short descriptions for each one.
- autoprefix (for MySQL)
- Autoprefix lets several applications share a single MySQL database by
allocating a specific prefix for each application's database tables.
- Provides string encoding/decoding functions for Cascading Style Sheets (CSS).
- Safer SQL Query Interface (for MySQL or DBX)
- Allows you to separate your SQL statements from user-supplied arguments. This is a great way to avoid SQL injection vulnerabilities.
- It's simply PHP's file_put_contents function for older versions of PHP that don't have it built in.
- HMAC-SHA1, using PHP's built-in sha1() function.
- By default, the data for PHP's $_SESSION variable get stored to the
same place on the server (/tmp). In a virtual hosting environment, this
can allow a malicious user to coerce other applications on the same server
to corrupt your application's $_SESSION variable (for example, if both
application have a $_SESSION['is_authenticated'] variable). This module
tries to work around that situation by doing HMAC-SHA1 authentication of
the data in the $_SESSION variable. Note: This module is quite
fragile, and there are probably better ways to solve the same problem.
- An implementation of D. J. Bernstein's simple netstrings string encoding
Step 1. Include this in your application.
Step 2. Use $_REQUEST[null] wherever you would normally use $_REQUEST (e.g. $_REQUEST[null]['foo'] instead of $_REQUEST['foo']).
Result: No more worrying about whether or not magic_quotes_gpc is enabled!
This also works for $_GET, $_POST, and $_COOKIE.
When you include nomagicquotes.php, it makes a copy of $_REQUEST inside $_REQUEST[null]. If magic_quotes_gpc is turned on, it calls stripslashes() on each of the values it copies, so that any backslashes added by PHP's "magic_quotes_gpc" feature are removed. If magic_quotes_gpc is turned off, stripslashes() is not called, so backslashes added by real users do not get mangled. The idea is that $_REQUEST[null] always contains the real values entered by the user, no matter what magic_quotes_gpc is set to.
I chose [null], because it is one of the few values that (as far as I
can tell) cannot be specified by externally over HTTP, so there's no namespace
It is safe to include nomagicquotes.php multiple times.
There's nothing special here. Simply read the source code, understand what
it does, and forever be enlightened.
- Parse ugly HTML ("tag
soup"), or convert it to XML, which you can then process using other
XML tools. Great for screen scraping or for sanitizing snippets of
user-provided HTML (e.g. blog comments).
- This lets you convert an integer into a string of letters, using an
alphabet that's easy for humans to read and write ("0", "O", and "o" all
represent the same symbol, for example.).
- This library provides a rich set of URI/URL manipulation functions.
- This library implements PHP's UUID
API, but it works even when PHP been built without UUID support.