PHP provides a strong toolset with immense power. Used carefully and with attention to detail, it allows the creation of complex, flexible and robust applications. A drawback of this powerful functionality is, that without this attention, malicious users can use open doors to attack your site in various ways. In order to prevent this atttacks, there are some basic rules a serious programmer should follow. These guidelines neither make your application totally immune nor is it a complete list – but they aggravate the work of hackers and contribute to a more secure coding style. more »

Part 1 and Part 2 about the proper use of PHP forms dealt with form validation methods and error handling. The last section will cover how to process the submited data and how to protect your forms against misuse. more »

Part 1 about PHP form validation and processing showed how good forms are structured and how to validate input fields. Part two handles drop-down menus, checkboxes and radio buttons, inline error messages. more »

PHP allows a seamingless integration of form vairables into your programs. It’s flexibility and smoothness make it easy to build applications that interact with user input like drop-down lists, input fields or selections. With this convenience, however, you have to make sure that the user provided data is valid and flows easily into your code. more »

Python is a very powerful language and its features and syntax allow some tasks to be done in a more ellegant manner then with PHP (think about shell programms for example). So it might be a good thing to get a kind of integration or direct exchange with PHP (which also has its benefits, now doubt). The use of web services might be a good idea, but they would be an overkill in (smaller) applications. more »

PHP5 new OOP features now allow programmers to create a real object and class based application. But there is one limitation that complicates this development: web based applications rely on a request-response cycle and unlike JSP, PHP does not keep object states between different requests (not talking about hack solutions including sessions or special server extensions). The result is, that objects must be initialized and restored everytime they are needed (maybe based on data stored via GET or POST). So, PHP does not really seem appropriate for developing real OOP applications, beside the use in code libraries. more »