Category Archives: Programming

PHP: Replacing short open tags with proper ones recursively in a big code base

We recently took on a horrible code base at work, with lots of open tags in the code like this:

<? calculateVat(123..

As far as I know this way of opening PHP code is deprecated and soon won’t be supported at all so I thought I’d just use sed to fix this but it wasn’t quite that simple.

Sed has no way of doing look-aheads with regular expressions meaning we can’t tell it to not turn <?php into <?<?php .. ! So we have to use perl (or something else that has ‘proper’ regexp):

# Convert <? (without a trailing space) to <?php (with a trailing space):

find . -name "*.php" -print0 | 
xargs -0 perl -pi -e 's/<\?(?!php|=|xml|mso| )/<\?php /g'

# Convert <? (with a trailing space) to <?php (retaining the trailing space):

find . -name "*.php" -print0 | xargs -0 perl -pi -e 's/<\? /<\?php /g'

Note, this could probably be improved by not using xargs (xargs has issues with spaces and funny characters in the path) – you’d probably want to use find’s exec command with the curly braces {}…

Anyway, this should fix up your entire codebase, but please CHECK the results afterwards, I only realised it was turning <?xml into <?php xml after checking..

Comments welcome 🙂

Stopping bots spamming your forms

No doubt many others have thought of this already, but today I had a brainwave..

You have forms that use the dreaded captcha, which just sucks. Better forms use a honey pot trap but it’s still a bit weird. What if we checked to see how long a user had spent filling out a form – a bot will take (not much time) to complete the form where as a human being will take slightly longer, say anything over 5s.

Surely if we just check to make sure the form hasn’t been completed at in-human speeds we know if it’s a bot? If the form is somehow completed very quickly we can fall back to captcha, but for Pete’s sake – let’s stop using captcha by default.

PHP frameworks… a serious issue

Several years ago a new framework called CakePHP was released and I was quick to jump on the band wagon. The promise of having base code that does 90% of the work for you was too tempting and we quickly got burned trying to perform more complex SQL queries – hitting the boundaries of what was possible and having to hack our way around it. Ugh.

Still, when you go back to writing an MVC style web app from the ground up you quickly realise that life would be much easier with a framework. A year or so after CakePHP I had a go with CodeIgniter and found it’s less strict Model paradigm easier to work with as you could just pass straight SQL to your database. Sure it lacked some features but it was easy to work with and easy to pick up.

Then I became freelance and did a bunch of work with WordPress, which I really like but it’s not a framework (though I do think it’s under-used and underrated).

So, as of August last year I started a new job where we use Zend Framework. My first impression was ‘wow, this is cool – very professional!’ 6 months in, and though I’ve not used it lots I think I can safely say it’s nothing like Cake or CI – it’s far more complicated, there are no walk through guides – you must invest good time learning it (something which there wasn’t time for me to do..)

I now know enough about ZF1 to get by, but last night I had a look at zend framework 2.. it appears as though a whole new level of complexity has been added. I spent a couple of hours trying to figure out what the hell was going on and (for the time being) gave up!

I concluded a few things:

  1. Zend Framework is a ‘nuts and bolts’ framework.. it feels much more like a bunch of helper classes to help you make your own framework. This is flexible, but complicated and time consuming.
  2. Things that are complicated are more easy to break.
  3. Zend Framework is nothing like the other frameworks out there. It takes a long time to develop good things.
  4. The learning curve is steep. Steep enough to make you wonder if it makes any sense for a business to pursue it..imagine if all your future employees need to spend 2 months learning something before they can begin work?
  5. Following on from 4 – if other companies/startups etc. aren’t using zend framework because it’s too time consuming for creating websites compared to other frameworks then does it make me valuable as someone who knows ZF? I guess you could look at this one in two lights really. In some ways it could make me more valuable!
  6. One worrying thing about working with ZF1 was that different people on the team approached similar work in very different ways because of the flexibility ZF offers.. one person used Zend_Db_Table where another might use something else.. one person may have written a wrapper for something, put something in a library, a service or a base controller – things can quickly get out of hand.

Food for thought, but it’s becoming apparent that investing your time in one framework is a very serious thing to do.. everyone knows PHP, but when the frameworks become almost as complex as the language itself it becomes a serious investment of time for a web programmer.

I’d very much appreciate people’s comments on this 🙂

Please note: I’ll be revisiting this post on and off as I gain more experience with both ZF1 and ZF2 and I’ll be looking into other frameworks such as Yii and Symfony over the coming months.

Copying mysql tables with keys / extras

A lot of sites will tell you to do this:

CREATE TABLE t2 SELECT * FROM t1;

Problem is that you’ll lost your auto_increment, primary key and any other indexes you have (and any other extra meta data like that.)

This might not be the best solution, but hey it worked for me:

CREATE TABLE t2 LIKE t1;

INSERT INTO t2 SELECT * FROM t1;

Hope that helps somebody.. I only noticed I’d lost all my primary keys after copying a load of tables using the old method.

Accessing get vars with ActionScript 3

I’ve just started to learn a bit of ActionScript for a new project I’m working on. The first thing I needed to do was integrate a message from the source html (and eventually a php file.) Turns out there’s pretty much no clear documentation out there on the web, so I decided to write this.

First thing’s first, create a text object in your flash file and set the instance name to something you can easily remember, in this example I set it to message. Once you’ve done that, on the keyframe for the layer in which that peice of text is, right click it and click on actions, then add the following:

this.message.text = LoaderInfo(this.root.loaderInfo).parameters.mymessage;

Easy enough, now you can publish your html. Once published, remove all the javascript stuff and the <noscript> tags surrounding the embed code [note, there’s probably a better way of doing all this and I’ll update this post once I figure it out.]

<param name="movie" value="test.swf" />
<param name="quality" value="high" />
<param name="bgcolor" value="#ffffff" />
<embed src="test.swf?mymessage=workingok" quality="high" bgcolor="#ffffff"
  width="600" height="450" name="test" align="middle" allowScriptAccess="sameDomain"
  allowFullScreen="false" type="application/x-shockwave-flash" 
  pluginspage="http://www.adobe.com/go/getflashplayer" />

That’s basically where you set the variables you want to pass to flash. You have to urlencode each parameter. If you don’t know what that means, google it.

MySQL 5 and old clients (like php4)

Warning: mysql_connect(): Client does not support authentication protocol requested by server; consider upgrading MySQL client in /blah/somepage.php on line 123

The reason for this warning is because PHP4 can’t communicate with a MySQL5 server unless it’s using old passwords (set by using the OLD_PASSWORD() function below.)

There are two simple ways to fix this. The first would be to upgrade your version of php. Unless you *really* need php4 (or below?!) upgrade! I’m not sure php4 is supported any more and should be considered a security risk. If you can’t upgrade, just do this in your database:

update mysql.user set password=OLD_PASSWORD('thepassword') where user = 'theusername';
and:
flush privileges;

This should do the trick. Be warned, if you issue any GRANT statements after this you will have to update mysql.user again.

Auto_increment fun!

Discovered some fun things in MySQL today..

Set the variable @id to 0:
SET @id = 0;

Update the column id to be id + 1 – this will re-index your id column in one fell swoop. Very nice:
UPDATE tblname SET id = (@id := @id + 1);

Set the first value for an auto_increment column:
ALTER TABLE tblname AUTO_INCREMENT = 196;
(this won’t work if there are rows with a higher value already in the table)

All in all, a few nice bits and pieces for cleaning up your tables.