Secure SOAP Transactions in Command Line Applications

Remote procedure calls using PHP have become increasinglypopular in the past few years. Since the introduction of PHP 5, aSOAP extension has been bundled with the core PHP distribution.SOAP does not, in itself, provide a security mechanism, nor is thePHP-extension very suitable for command line applications. In thisarticle, author Ron Korving explains how you can achieve securityfor your SOAP transactions, and create your own SOAP-driven daemonson your servers.—by Ron Korving

Database Abstraction in PHP

There is this myth that database abstraction is only usefulwhen you need to be able to switch your code from one RDBMS toanother. Obviously, this alone can be a key advantage in manysituations. For example, when developing a product, do you reallywant to lose a potential client that has a different technologypreference, or even a corporate-wide standard RDBMS? As LukasSmith, one of our guest speakers at this year’s php|tropicsconference, points out in this month’s cover article, databaseabstraction layers just might hold the answer.—by Lukas Smith

Advanced Sessions and Authentication in PHP 5

Native session support has been present in PHP since version4, but its lack of sophistication means it is often found wantingin enterprise-level development environments. In this article,author Ed Lecky-Thompson tackles sessions from the ground up; fromrecapping PHP’s built-in support right through to thedevelopment of a sophisticated brace of classes, especiallyoptimized for session handling and authentication in PHP 5.—by Ed Lecky-Thompson

Building a MySQL Database Abstraction Class

Database abstraction is not just useful to promote databaseagnosticism–it can be used to improve database interaction allaround! In this article, Tom Whitbread shows you how to tame theMySQL API by creating a class which will handle errors, allow queryexecution, transport results, and strip or add slashes to yourinput data.—by Tom Whitbread

Test Pattern: Spring Cleaning

Code rots. A strange thing to say about a pattern ofelectrons, but it’s true. You might think that all you haveto do is leave the program alone in a corner untouched to keep itsqueaky clean. The trouble is that a program that is useful talksto the outside world, and well, the outside world changes all ofthe time. That means patches, fixes, workarounds and a steady buildup of confusion. Soon the original elegant design has been consumedand the code is rotten to the core. It works, but it’s stillbecome a mess. The question is… does it have to?—by Marcus Baker

An XML approach to Templating using PHPTAL – PART 2

In last month’s article, author José PabloEzequiel Fernández Silva examined the basics of PHPTAL andused it to build some simple pages. This month, he moves on to therest of the templating system, including some advanced techniquesto build complex web sites and provide semi-automated localizationfor their contents.—by

Security Corner: BBCode

In this month’s edition of Security Corner, security expertChris Shiflett examines the ins and outs of BBCode, a format usedin many PHP applications in order to allow users to format content.While BBCode can potentially offer a more simplistic markupvocabulary than HTML, it does nothing to help prevent cross-sitescripting (XSS). Because this is such a common misconception, Chrisexplains its potential pitfalls in more detail.—by Chris Shiflett