Deprecated: Function split() is deprecated in /mnt/home/cn/cn-web/songshu/lib/pages/DisplayBlogArticleList.php on line 36
Articles matching: php
Ninjas are deadly. Chipmunk Ninjas are just weird.
About this blog
Marc Travels
Marc on Twitter
JustLooking on Twitter

Marc Wandschneider is a professional software developer with well over fifteen years of industry experience (yes, he really is that old). He travels the globe working on interesting projects and gives talks at conferences and trade shows whenever possible.

My Publications:

My book, "Core Web Application Programming with PHP and MySQL" is now available everywhere, including

My "PHP and MySQL LiveLessons" DVD Series has just been published by Prentice-Hall, and can be purchased on Amazon, through Informit, or Safari


Popular Articles:

Top Tags:

Recent Comments:

cncool wrote:

GLint zeroOpacity = 0;
[[self openGLContext] setValues:&zeroOpacity forParameter:NSOpenGLCPS...
Posted to: Things I've learned about CoreImage (and Quartz, and OpenGL) in two weeks
Feb 02, 2009 | 03:37:39
PHP Background Process execution in Web Pages
By marcwan

Executing external programs in PHP isn’t a very big surprise – a decent number of articles have been written about the topic, including one I’ve written. However, getting a process to fire off in the background and carry along on its merry way while the web page continues doing its thing is a bit tricker.

You’ll want to use the system shell’s & operator, which means we’ll use the shell_exec function.

If you tried something like:

shell_exec("/path/to/program &");

you’d probably see that the program fired off okay, but that the web page locks up until the program has finished running.

The trick, it seems, is to make sure there is no output from the program. So, be sure to redirect any output to /dev/null, as follows:

shell_exec("/path/to/program > /dev/null &");

And now you can fire off programs willy-nilly. Just be be aware of the security implications of this:

  • Be outrageously careful if you let user input factor into commands (I never do), as they might inject some malicious shell script.
  • Be prepared for possible denial-of-service attacks using this functionality: Are you prepared to handle the case where the web page is requested hundreds or thousands of times?

Happy Programming!

[Read Rest of Article]
Dec 29, 2008 | 03:00:51
2008: The year that PHP nearly died
By marcwan

PHP started 2008 out on a roaring positive note. With adoption of PHP 4 finally dropping off to barely perceptible levels (apart from the occasional user complaining about how great things were in the good ole’ days and why do we have to change and – hey, get off my lawn you punk kids), PHP 5 had truly joined the big leagues, and the main complaint about the language shifted from it being be a quirky language with horrific (potential) security holes like register globals and klunky HTTP_POST_VAR arrays to it being a quirky language with crappy Unicode support. Talk about PHP 6, already quite vocal in the second half of 2007, was reaching a fever pitch, and some overly zealous people even started publishing books based on only some white-papers and vague ideas of what it would look like.

Along came March, however, and PHP 6 was nowhere to be seen. At conferences, questions from attendees and developers about rough guestimates for a final release dates were met with awkward coughs, sideways glances, and the inevitable “it will ship when it’s ready” response. When asked what they were working on, many people pointed out how focused they were on PHP 5.3 and near-term releases.

In fact, the more you looked, the farther and farther PHP 6 seemed to get, and the community suddenly got very quiet. As summer rolled around, much of the mindshare and energy seemed to be switching to framework development, as companies such as Zend realised they weren’t going to make money selling PHP and related IDEs alone, and other big name developers found themselves having to work to make money. News on the PHP website was hard to come by and limited largely to conference announcements.

While the rest of the web development community started to get excited about developments in new and exciting languages such as Ruby, Erlang, or even Python, PHP was starting to feel decidedly stale and old. The blogosphere went on one of its periodic “PHP sucks” campaigns, and loyalists found themselves on the defensive, trying to explain the whole needle-haystack / haystack-needle thing again and again. Late in the summer, a pretty alert colleague with whom I develop sites even commented that “PHP’s dying. It might be time to look at other options.” Throw in a non-trivial amount of bad press that MySQL seemed to be receiving after its merger with Sun Microsystems along with the latter’s subsequent mismanagement of employees and community, and it was beginning to look like time to worry about people jumping off the PHP/MySQL platform ship.

As the year grew old, however, and PHP 6 looked like a depressing myth, something interesting happened: PHP 5.3 started to gel together and enter alpha-release. Many features that had originally been planned for version 6 had been pushed forward into this release, including namespaces (including the much-derieded \ syntax), some international support, and some better math functionality.

Indeed, many of the non-vague or extremely optimistic features of PHP 6 will be showing up in this release, and I wouldn’t be surprised at all to see PHP 6 completely rebooted as a new branch and new project based on the current 5.3 line. Looking more closely, you’ll see that there were many of the same people this year quietly working behind the scenes on the project, developing and adding new features, and advocating in favour of the platform. People are still developing for PHP in huge numbers, and the language’s sheer productivity and ease of use make a compelling argument even in the face of sexier or more innovative-seeming languages.

With the arrival of 2009, and the pending release of PHP 5.3, one can feel the excitement in the air. With namespaces, closures, and continually improving i18n support (which is already workable, if not optimal), there is no reason to doubt that PHP will continue to be a dominant platform for years to come. Rest assured the language isn’t dead or dying. It just took a breather for a few months.

Happy 2009 to everybody, whatever platform you use!

[Read Rest of Article]
Aug 25, 2008 | 04:53:48
PHP Programming in Mumbai
By marcwan

And so it came to pass that I was wandering around downtown Mumbai the other day, purchasing a new Canon snapshot camera, since mine had mysteriously gone missing upon my arrival in Mumbai (mysteriously = I left it on the seat of the taxi from the airport to the hostel). In this neighbourhood, near Victoria Terminus (or VT), I just so happened to run into a number of computer book stores. I made a point of popping in and seeing what sort of PHP books they had.

The answer was: not many. This country is mostly a Microsoft shop, with a few Java people here and there.

But in one store, I did manage to find they had a “low price edition” of my book, which I knew had been published. 30-50$ USD for a book in India is outragageously expensive, so publishers print copies of the exact same book on cheap newsprint paper, and sell them for 10-12$ USD (500 Rs or so) instead.

So, I asked the kind guy who runs the store to take a photo of me with my book, and he was more than happy to oblige, in return for an autograph. I’m famous, hahah!

Marc with his book in downtown Mumbai

[Read Rest of Article]
May 29, 2008 | 04:26:16
Why PHP Sucks (Hint: It doesn't)
By marcwan

There seem to be these periodic flare-ups in the blogosphere and community site circuit where some poor programming language ends up being skewered thoroughly by roving gangs of self-righteous programmers. One or two articles will suddenly receive wide circulation listing arguments why language X is clearly a horrible choice for any “real programmer”, and then examples to prove this will inevitably be given: "false" equals true, (++*p1)++[--x] is actually a valid expression, or Begin and End are used instead of { and }. The couple of articles defending the language that inevitably appear will receive long streams of comments vilifying the author for being an idiot, or even worse, a hack. The sad realty of all the hullabaloo, however, is that all of this is ultimately pointless, and typically based on some silly assumptions.

[Read Rest of Article]
Apr 28, 2008 | 19:06:28
PHP SimpleDB 0.9.1 - A Parallelizing Client Library for Amazon's SimpleDB Service in PHP5
By marcwan

I am please to announce the release of SimpleDB 0.9.1, yet another SimpleDB client for PHP. It was designed with the following in mind:

  • bulk query and attribute fetching operations
  • bulk upload operations (PutAttributes)
  • fast execution of as many queries as possible
  • proper understandable return values
  • proper and clean exception generation
  • providing command line utilities to view and manipulate SimpleDB Domains, Items, and Attributes.
  • the ability to set domain prefixes for site testing / development

This SimpleDB client requires the following:

  • PHP 5.1.4 or greater (hmac_hash() must be defined)
  • The Curl extension compiled in.

Please consult the README for installation instructions.

You must, of course, be a member of the SimpleDB Beta program to actually be able to use this.

[I’ve rolled out 0.9.2 with a bug fix in it. I’ve actually got a newer version on my hard disk with QueryWithAttributes and sorting support, i just have to finish testing it before uploading]

[Read Rest of Article]
Mar 28, 2008 | 01:38:42
PHP 6 and other fun things that don't exist
By marcwan

It is with some amusement that I have recently seen a number of PHP 6 books popping up for sale at Amazon and Barnes and Noble. A while back, I spent some time trying to figure out just how far behind the curve I was on PHP 6 since I hadn’t really been paying too much attention. As I started to investigate how things were coming along and when I should expect it to hit the street, I was honestly a bit surprised at how hard news was to come by.

In short, like most major software projects, it’s “a work in progress”. As a project developed by volunteers and people with other full time jobs, there are periods where it sees serious spurts of development, and other periods when there are lulls. It will be released basically when it’s done and properly tested by the community. Who knows when that will be, but I will wager money that it won’t occur at in 2008 at all.

So, with that and all those PHP 6 books in mind, I, as an author myself, have come up with the following list of other books I’d to see published or that I’ll consider starting to write:

[Read Rest of Article]
Mar 08, 2008 | 10:20:21
PHP Québec talks
By marcwan

This year, as part of my annual trip to Canada and the USA, I’ve been asked to give two talks at the annual PHP Québec conference in Montréal. I haven’t been back to that city since 1993 when I graduated from University, and it will be interesting to see how it goes. (Although I suspect that while Beijing basks in nearly 20C (nearly 70F) weather every day and even Seattle and New York were closer to 10C (50F), Montréal is still hanging below freezing most days and has over a metre of snow on the ground).

I will be giving talks on internationalisation (commonly just called i18n) and giving your database servers a break with memcached. If you’re anywhere in the neighbourhood, come on by for some good fun. I’ll be getting back to regular programming content this weekend.

[Read Rest of Article]
Apr 20, 2007 | 22:58:33
When MySQL Attacks!!!
By marcwan

The Setup

Imagine, if you will, the following scenario:

  • You design a whole new database schema for your cool new scalable web-application. You’re using MySQL and the InnoDB datbase engine for everything, because your schema is so cool it uses all sorts of foreign keys and transactions and the like.
  • You quickly set up MySQL and get your application going with your new schema on your development staging machine.
  • You get MySQL up and running on your live server, play around with it for a bit to make sure it’s working, and then set up a my.cnf file with all sorts of caching and security goodies in it.
  • You do a backup from your dev machine, restore it to the live server, and ta-daa!!! Your web application is up and running on your live server.

What you might not have noticed, especially if you – like me – have a few thousands rows of data, is that MySQL might have screwed you along the way and not really told you all that clearly.

[Read Rest of Article]
Jan 23, 2007 | 02:35:22
PHP Tricks and Traps II: Variable Expansion and Regular Expressions
By marcwan

Thanks to Keith from the UK for pointing out something odd in my book that doesn’t seem to work as it did in earlier versions of PHP:

If you have a regular expression (I use the POSIX ones almost exclusively since they’re UTF-8 aware whereas the Perl ones were not when last I inquired), and you want to set a range for the number of matches on a particular expression you can use the syntax:

$expr = '[a-zA-Z]{5,50}';        // matches between 5 (incl) and 50 (incl) letters

Now, the problem is: what if you want to have the number of characters in the range be PHP variables that you can set in a configuration file or some such thing? Your first attempt, and what I used in my book, might be:

$expr = "[a-zA-Z]\{$min,$max}";        // double quotes for var expansion

And you would get a wonderfully annoying error message from the PHP engine:

Parse error: syntax error, unexpected ',', expecting '}' in Filename on line 5

No amount of backslashes will fix this problem. It turns out that the PHP parser consumes { and } characters when performing complex variable expansion, so …. all you have to do is add an extra set around each of the variables you wish to expand. PHP leaves the other two alone:

$expr = "[a-zA-Z]{{$min},{$max}}";        // extra { }s are consumed.

And what you are left with is a wonderfully working regular expression.

[Read Rest of Article]
Aug 24, 2006 | 02:11:10
Announcing Payjacks, an Object-Oriented PHP Ajax Web Application Framework
By marcwan

I am happy to announce the immediate availability of Payjacks, currently at version 0.2.0. Payjacks is a PHP/Ajax web application framework I’ve written using the object-oriented features in PHP5+.

Payjacks can be downloaded here:

What is Payjacks?

Payjacks is an object oriented PHP-Ajax web application framework I’ve written to help write robust and organised web applications. It was designed to require a minimal amount of effort to get your own web application up and running, while helping with such tasks as accessing a (MySQL, currently) database or providing a framework for sending asynchronous Ajax requests back to the server.

Payjacks uses many of the new object-oriented features in PHP 5 to do its work, and handles most of the details required to run a robust web application.

[Read Rest of Article]
Jul 16, 2006 | 05:34:57
Program Execution in PHP: exec, system, passthru, and shell_exec, oh my!
By marcwan

PHP is a sufficiently rich programming environment that it is not common that I truly need to execute external programs on the server on which it executes. However, every once in a while, this situation does come along, and for these, it is important to understand the options that PHP provides, what their differences are, and their relative strengths and weaknesses.

There are four primary choices for executing external programs in PHP:

  • The system function.
  • The exec function.
  • The shell_exec function or its syntactic analogue, the backtick operator, ( ` ).
  • the passthru function.
[Read Rest of Article]
Jul 08, 2006 | 21:22:51
StripTags 1.0 Released
By marcwan

Download version 1.0 of StripTags for PHP5

After some further development over the last couple of weeks, I have released version 1.0 of the StripTags class for PHP.

This class is designed to replace the strip_tags function in PHP, which does not work particuarly well. It serves to help website authors avoid cross-site-scripting (XSS) attacks in user-created content, for sites such as blogs or forums where users can enter entries, articles, or comments.

[Read Rest of Article]
May 30, 2006 | 06:38:00
New RSS Feeds
By marcwan

The RSS feeds on the Chipmunk Ninja site have been changed slightly. For compatibility, the old rss/tech.rss and rss/personal.rss feeds will continue to work, but there are now three new feeds:

[Read Rest of Article]
May 30, 2006 | 06:33:54
New Chipmunk Ninja Blogging Engine Online!
By marcwan

Sorry for the long pause in updating. I have spent the last couple of months writing a new blogging engine to power the Chipmunk Ninja web site. The problem with comments and extremely annoying process via which I would post new articles was getting to be a real problem.

The new system, while superficially quite similar to the old one, has a number of major new features:

[Read Rest of Article]
Feb 21, 2006 | 12:11:37
Troubles with Asynchronous Ajax Requests and PHP Sessions
By marcwan

As I sit here watching “The Muppets Take Manhattan” in Spanish in the middle of a Costa Rican thunderstorm, I find my mind drifting back to a recent project where I spent a day debugging a frustratingly annoying problem: A user would visit the web application I was working on, and after a given page was loaded, all of the session data associated with their visit would be suddenly gone. The user would no longer be logged into the site, and any changes they made (which were logged in session data) were lost.

[Read Rest of Article]
Feb 04, 2006 | 10:59:23
PHP5 and Database Sessions: Busted
By marcwan

One of my favourite things about PHP 5 is how nifty the object-oriented features are. I have been able to put together surprisingly robust web applications using simple class hierarchies and abstract classes, features that only took off in PHP with the version 5.0 release. One of the other things I have loved is using the the various built-in object-oriented classes provided by the runtime, most notably the mysqli and related functionality.

One extremely common task I complete is to use database storage for session data. When you are running multiple web servers and individual HTTP requests might go to different machines, trying to come up with a scheme to synchronise session data files between the individual servers becomes prohibitive. Far better a solution is to simply put these data in the database server along with everything else (see Figure 1) – your application servers hold only the code needed to generate the pages from the database.

[Read Rest of Article]
Feb 04, 2006 | 10:57:01
PHP Book Addenda I
By marcwan

As I sat down to edit “Core Web Application Programming with PHP and MySQL”, I would sometimes find errors in the text so blindingly obvious and stupid that I would question whether or not I was truly qualified to write such a book. And yet, after talking with some other people who write books (and recalling days when I wrote huge amounts of code), it seems that this is all common and with much proof-reading and the hard work of some friendly reviewers, I was able to write a book of extremely high quality.

Of course, that just meant I would be even more devastated when the first technical errors WERE found in the book.

There have been a couple, but they’re not that killer serious.

[Read Rest of Article]
Sep 19, 2005 | 21:42:21
PHP Tricks and Traps I: Break vs Continue
By marcwan

For those programmers coming to PHP from other languages, the distinction between the keywords break and continue is quite clear. The former is used to abort loop execution or a switch statement while the latter is used to skip to the top (or bottom) of a loop.

So, despite knowing better, I still found myself spending more time than I’d like debugging the following code:

[Read Rest of Article]
Jun 17, 2005 | 17:33:17
Installing PHP, MySQL, and Apache on Mac OS X
By marcwan

Many Mac OS X users seem to be having problems getting AMP (Apache, MySQL, and PHP) working properly on various versions of the operating system. In this article, I will describe the process by which I did this on my Powerbook which started out running Panther (10.3) and then Tiger (10.4) (the instructions are the same for both OSes).

[Read Rest of Article]
Jun 16, 2005 | 14:46:59
Helping Prevent XSS Attacks in PHP5
By marcwan

Download version 0.9 of StripTags for PHP5

One of the greater dangers facing web application authors today are Cross Site Scripting attacks (given the initialism XSS, so as not to be confused with cascading style sheets). In this, people filling in forms on your web site (such as a comment on a blog entry, etc.) include malicious input that, when others go to view it, can cause effects that range from the annoying (popping up advertisements) to the dangerous (redirecting you to a site that “spoofs” the current site and spies on your input).

[Read Rest of Article]
Next Page >>
Copyright © 2005-2008 Marc Wandschneider All Rights Reserved.