PHP Utilities

PHP is a difficult programming language that looks and feels easy. It is flawed, but it was in the right place at the right time, and it's now fairly popular. With the advent of web frameworks like Pylons and Django, PHP's popularity finally seems to be declining, but if you do any amount of web development, you will probably still end up working with PHP. When that happens, this page may make your life easier.

I have written several small libraries in PHP, and most of the time I just quietly uploaded them to my FTP server and said nothing more unless someone asked. None are particularly well-documented, and they're not really intended to be used by people who can't read the source code, but they are all free software.

In order to make these libraries more accessible to busy web developers, I have created this list of short descriptions for each one.

autoprefix (for MySQL)
Autoprefix lets several applications share a single MySQL database by allocating a specific prefix for each application's database tables.
Provides string encoding/decoding functions for Cascading Style Sheets (CSS).
Safer SQL Query Interface (for MySQL or DBX)
Allows you to separate your SQL statements from user-supplied arguments. This is a great way to avoid SQL injection vulnerabilities.
It's simply PHP's file_put_contents function for older versions of PHP that don't have it built in.
HMAC-SHA1, using PHP's built-in sha1() function.
By default, the data for PHP's $_SESSION variable get stored to the same place on the server (/tmp). In a virtual hosting environment, this can allow a malicious user to coerce other applications on the same server to corrupt your application's $_SESSION variable (for example, if both application have a $_SESSION['is_authenticated'] variable). This module tries to work around that situation by doing HMAC-SHA1 authentication of the data in the $_SESSION variable. Note: This module is quite fragile, and there are probably better ways to solve the same problem.
An implementation of D. J. Bernstein's simple netstrings string encoding specification.
Step 1. Include this in your application.
Step 2. Use $_REQUEST[null] wherever you would normally use $_REQUEST (e.g. $_REQUEST[null]['foo'] instead of $_REQUEST['foo']).
Result: No more worrying about whether or not magic_quotes_gpc is enabled!
This also works for $_GET, $_POST, and $_COOKIE.

When you include nomagicquotes.php, it makes a copy of $_REQUEST inside $_REQUEST[null]. If magic_quotes_gpc is turned on, it calls stripslashes() on each of the values it copies, so that any backslashes added by PHP's "magic_quotes_gpc" feature are removed. If magic_quotes_gpc is turned off, stripslashes() is not called, so backslashes added by real users do not get mangled. The idea is that $_REQUEST[null] always contains the real values entered by the user, no matter what magic_quotes_gpc is set to.

I chose [null], because it is one of the few values that (as far as I can tell) cannot be specified by externally over HTTP, so there's no namespace conflict.

It is safe to include nomagicquotes.php multiple times.

Lets you encode arbitrary strings into JavaScript source code. There's nothing special here. Simply read the source code, understand what it does, and forever be enlightened.
Parse ugly HTML ("tag soup"), or convert it to XML, which you can then process using other XML tools. Great for screen scraping or for sanitizing snippets of user-provided HTML (e.g. blog comments).
This lets you convert an integer into a string of letters, using an alphabet that's easy for humans to read and write ("0", "O", and "o" all represent the same symbol, for example.).
This library provides a rich set of URI/URL manipulation functions.
This library implements PHP's UUID API, but it works even when PHP been built without UUID support.