In the examples below the client is the browser and the server is the webserver hosting the website. Before you can understand these technologies, you have to understand classic HTTP web traffic first. Regular HTTP: A client requests a webpage from a server. The server calculates the response The server sends the response to the … Read more
DISCLAIMER: This answer was written in 2008. Since then, PHP has given us password_hash and password_verify and, since their introduction, they are the recommended password hashing & checking method. The theory of the answer is still a good read though. TL;DR Don’ts Don’t limit what characters users can enter for passwords. Only idiots do this. … Read more
It’s a common misconception that user input can be filtered. PHP even has a (now deprecated) “feature”, called magic-quotes, that builds on this idea. It’s nonsense. Forget about filtering (or cleaning, or whatever people call it). What you should do, to avoid problems, is quite simple: whenever you embed a a piece of data within … Read more
Warning: Cannot modify header information – headers already sent Happens when your script tries to send an HTTP header to the client but there already was output before, which resulted in headers to be already sent to the client. This is an E_WARNING and it will not stop the script. A typical example would be … Read more
Original answer, but costly (O(n)): array_shift(array_values($array)); In O(1): array_pop(array_reverse($array)); Other use cases, etc… If modifying (in the sense of resetting array pointers) of $array is not a problem, you might use: reset($array); This should be theoretically more efficient, if a array “copy” is needed: array_shift(array_slice($array, 0, 1)); With PHP 5.4+ (but might cause an index … Read more
Depending upon use case, I would normally use something simple like the following: abstract class DaysOfWeek { const Sunday = 0; const Monday = 1; // etc. } $today = DaysOfWeek::Sunday; However, other use cases may require more validation of constants and values. Based on the comments below about reflection, and a few other notes, … Read more
Data Storage: Specify the utf8mb4 character set on all tables and text columns in your database. This makes MySQL physically store and retrieve values encoded natively in UTF-8. Note that MySQL will implicitly use utf8mb4 encoding if a utf8mb4_* collation is specified (without any explicit character set). In older versions of MySQL (< 5.5.3), you’ll … Read more
bcrypt is a hashing algorithm which is scalable with hardware (via a configurable number of rounds). Its slowness and multiple rounds ensures that an attacker must deploy massive funds and hardware to be able to crack your passwords. Add to that per-password salts (bcrypt REQUIRES salts) and you can be sure that an attack is … Read more
Notice / Warning: Undefined variable From the vast wisdom of the PHP Manual: Relying on the default value of an uninitialized variable is problematic in the case of including one file into another which uses the same variable name. It is also a major security risk with register_globals turned on. E_NOTICE level error is issued … Read more
Try a usort. If you are still on PHP 5.2 or earlier, you’ll have to define a sorting function first: function sortByOrder($a, $b) { return $a[‘order’] – $b[‘order’]; } usort($myArray, ‘sortByOrder’); Starting in PHP 5.3, you can use an anonymous function: usort($myArray, function($a, $b) { return $a[‘order’] – $b[‘order’]; }); And finally with PHP 7 … Read more