PHPNews

For your consideration

Written by CSI: PHP - Published on CSI: PHP
Aggregated on Friday February 3, 2012 - Permalink

This was sent along anonymously, along with the question: “Does this count as horror code or pure evil genius code?” What say you, dear reader? I cut and paste, you decide. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 <?php function cli_parsestr($string, $config, $mainconf, $options, $custom = array()) { if (empty($string)) { return ''; } …

Continue reading »


The Interview

Written by CSI: PHP - Published on CSI: PHP
Aggregated on Thursday February 9, 2012 - Permalink

Yes, this really happened. Q: How long have you been working with PHP? A: About 8 years. Q: On a scale of 1 – 10, how would you rate your proficiency with PHP? A: I’d say I’m an expert. Q: Can you tell me the difference between an abstract class and an interface , and when you might use either? A: Is that a Java question?

Continue reading »


Encrypt passwords for highest level of security

Written by CSI: PHP - Published on CSI: PHP
Aggregated on Thursday February 16, 2012 - Permalink

Thanks to Justin Carmony for this awesome slice of fail. 1 2 3 4 5 6 7 8 9 10 11 12 <?php class SecurityFail { // Encrypt Passwords for Highest Level of Security. static public function encrypt($pword) { return md5($pword); } } There are right ways and wrong ways to encrypt and store passwords, and a simple md5() hash is one of the wrong ways. …

Continue reading »


Concatenation is not a parser error

Written by CSI: PHP - Published on CSI: PHP
Aggregated on Thursday February 23, 2012 - Permalink

CSI: PHP isn’t big on the perp walk , but if your crime is (1) public and (2) licensed with an Attribution-NonCommercial-ShareAlike Creative Commons license, then you kinda perp walked yourself . 1 2 3 4 5 6 7 8 9 <?php // What will this print out in php5? $earth = 'World'; $string1 = "Hello " . $string2 = $earth . '!'; $string = $string1 . $string2; echo $string; …

Continue reading »


I do not think DRY means what you think it means

Written by CSI: PHP - Published on CSI: PHP
Aggregated on Friday August 31, 2012 - Permalink

Perhaps this developer decided it would be better to create convenience methods than to litter their codebase with date format strings. Nothing wrong with trying to DRY up your code, but creating 13 inscrutably named date formatting functions ain’t the way to do it. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44…

Continue reading »


We don't need no stinkin' POST variables

Written by CSI: PHP - Published on CSI: PHP
Aggregated on Friday September 7, 2012 - Permalink

CSI: PHP investigator Duane Gran sent in this horrifying snippet. He explains: I wondered why dumping the $_POST variables before this section didn’t help in debugging. This occurs in a second step of a 3-step form on a GET request. It applies a set of session fields to the $_POST variable for later use. 1 2 3 4 5 6 7 8 9 10 11 12 13 <?php foreach($_SESSION["purcha…

Continue reading »