PHP quick tip: shorthand isset()

Did you know you can use multiple parameters with isset() in PHP? The function will only return true if all elements are set: if(isset($var, $var2, $var3)){…}

PHP preg_match failing for no reason? Blame UTF-16.

Recently, I’ve been trying to replace tabs in a document, and I was surprised when my very simple regex, ‘/\t+/’, couldn’t match two tabs while Sublime Text could easily run the same find/replace without a hitch. It turns out that the document was encoded in UTF-16, which PHP’s preg_* functions doesn’t support. UTF-16 adds a […]

What is XSS injection?

XSS injection (XSS stands for Cross-Site Scripting) works a bit like SQL injection: improperly sanitized user-submitted data is used to alter the application’s functionality. Instead of altering SQL queries, XSS injection alters HTML and JavaScript. For example, a hacker could leave the following comment on a vulnerable site: <script>alert(‘Your site was hacked!’);</script> When the site […]

The connection string to use with PHP, dblib and SQL Server

If you are trying to connect to an SQL Server database with the dblib drivers for PDO, this is the correct connection string to use: new PDO(‘dblib:host=’.$host.’;dbname=’.$database, $this->user, $this->password); You can also specify the encoding with charset=UTF-8 or charset=ISO-8859-1 if necessary. Be aware that dblib is incredibly buggy and that it does not support unicode […]

How to really validate an integer in PHP (with tests)

Consider this simple task: you receive a variable from an unknown source (form, database, etc) that must absolutely be a valid integer. It can be a positive or negative integer and be stored in a string or an int, but it must be a real integer number made of digits. This is our checklist: Validates […]

Fixing ‘Can’t use function return value in write context’ in PHP

You might have encountered this error in one of your PHP scripts. Although the reason for this problem is a testament to how completely messed PHP is, it is quite simple. Let’s take a look at this function for example: if(empty(trim($var))){ //Can’t use function return value in write context … The reason is that empty() […]

How to force Apache to serve UTF-8 by default in .htaccess

If you want to serve all text files as unicode by default, add the following line to your .htaccess: AddDefaultCharset utf-8 You can also set the encoding on individual file types using AddCharset: AddCharset utf-8 .html .css .js .php

Cast an array to an object in PHP

If, for a reason or another, you want to convert an array into an object, PHP will let you cast it. $myObject = (object)myArray; It’s a dirty, dirty thing to do, but it works.

Where to find php.ini in Ubuntu

If you are trying to locate PHP.ini on Ubuntu, Linux Mint and other derivatives, you can find it at the following location: /etc/php5/apache2/php.ini

How to validate email addresses in PHP

How to validate email addresses in PHP This regex will match email adresses. However, it’s not bulletproof. Emails such as n@n.n or ____@–… would still pass validation. /^([a-z0-9_\.\+-]+)@([\da-z\.-]+)\.([a-z\.]{2,6})$/ If you are using PHP, you can also use filter_var() and save yourself some headaches. As illustrated here, it correctly validates most addresses. filter_var(‘test@test.com’, FILTER_VALIDATE_EMAIL); //Returns true […]