So, I took time out from decorating to trawl the Internet, as is my wont. I came across a nice site with Apache Mod_Rewrite cheat sheets which is nerdy, but useful. The same site also has a nice article about Writing Secure PHP which is pretty good – although I have some comments… Continue reading “Secure PHP”
Just read an article on Sitepoint about PHP’s Eval function, and basically, how it is evil.
Eval let’s you ‘run’ a string, as if it were code. Sounds useful, but I can’t say that I’ve ever found a situation where it is a good idea. Quite apart from the security risk highlighted – which is really more a question of user input validation – it seems to me that if you’re writing a programme, you should know what it is supposed to do up front.
If you already know what it is supposed to do, why would you need an eval function at all? Why not just programme it that way. Sure, I can see how eval might be a useful ‘shortcut’, but it just isn’t elegant
Didn’t know you could do this, but PHP supports functions for finding the ‘Levenshtein’ algorithm. Given an array of strings, and a target, you can easily find the string in the array most like (though not necessarily the same as) the target.
A friend I work with was asking me today how to match HTML comments using regular expressions. It was an interesting example of some of the pitfalls and design that needs to go into regular expression code.
HTML comments are marked out by <!– and –>, for those who don’t know. For our examples we’ll use the code below, and change the patterns and subjects defined by $pattern and $subject respectively. This is written in PHP, but the same patterns are true for any Perl Compatible regular expression. Continue reading “Capturing Comments in HTML”