Unifying Server-Side and Client-Side Input Validation

Security basics dictate that all user input must be validatedon the server-side, and usability logic says that client-sidevalidation provides a better user experience. This article, writtenby Eric David, will equip you with the tools needed to create acentral validation library to simultaneously handle both front andback-end validation.—by Eric David

Scary SQL: A practical guide to preventing SQL injection attacks

If you ever thought that security issues don’t really applyto your site, you should read this article. Follow the thoughtprocesses of Joe Hacker as he tries to grab data from a MySQLdatabase through a variety of different vulnerabilities in PHP andSQL code.—by Simon Morris

Symfony

Symfony is much more than just another MVC framework. Ittakes the best of the current crop of PHP-based development toolsand brings them all together to form a cohesive approach to Webapplication development. In this article, the second of a two-partseries, Dustin Whittle continues to give an overview of itscapabilities and show you how to get your own project started insymfony.—by Dustin Whittle

Unicode and PHP: A gentle introduction

In our shrinking world, demand is rising for applicationsthat will work with a variety of languages, and with users in allparts of the world. The Unicode standard is a great tool formeeting this challenge. How does it relate to PHP, and what does aPHP developer need to know about Unicode? While we wait for thedeep Unicode support planned for PHP 6, how can we take advantageof Unicode in our existing PHP applications? In this article,you’ll find out.—by Jim DeLaHunt

Test Pattern: Model View Controller

Reflection is part of what makes a dynamic language dynamic,and MVC is what makes reflection worth having. Find out how MVCimplementations can make a difference in your applications.
—by Jeff Moore

Security Corner: When Dictionaries Attack

For those of you with vivid imaginations: no, this article isnot about angry librarians throwing volumes of Webster at innocentpatrons. Ilia simply intends to focus on a good old-fashionedbrute-force attack, which tries to compromiseauthentication-protected systems by guessing the user’spassword via a trial and error process. This technique isfrequently referred as a dictionary attack, because it involvesusing a database of common words, phrases and dates to try to guessa weak password. Dictionary attacks are therefore particularlyeffective against passwords that are based on words, names ordates.—by Ilia Alshanetsky