Supermind Search Consulting Blog 
Solr - ElasticSearch - Big Data

Posts about PHP

A kick-ass PHP mysql escaping function

Posted by Kelvin on 31 Jul 2010 | Tagged as: PHP, programming

Hate calling mysql_real_escape_string repeatedly in your code? Use these functions cobbled together from

* USAGE: mysql_safe( string $query [, array $params ] )
* $query – SQL query WITHOUT any user-entered parameters. Replace parameters with "?"
*     e.g. $query = "SELECT date from history WHERE login = ?"
* $params – array of parameters
* Example:
*    mysql_safe( "SELECT secret FROM db WHERE login = ?", array($login) );    # one parameter
*    mysql_safe( "SELECT secret FROM db WHERE login = ? AND password = ?", array($login, $password) );    # multiple parameters
* That will result safe query to MySQL with escaped $login and $password.

function mysql_safe($query,$params=false) {
    if ($params) {
        foreach ($params as &$v) { $v = db_escape($v); }    # Escaping parameters
        # str_replace – replacing ? -> %s. %s is ugly in raw sql query
        # vsprintf – replacing all %s to parameters
        $sql_query = vsprintf( str_replace("?","%s",$query), $params );
        $sql_query = mysql_query($sql_query);    # Perfoming escaped query
    } else {
        $sql_query = mysql_query($query);    # If no params…

    return ($sql_query);

 * Automatically adds quotes (unless $quotes is false), but only for strings. Null values are converted to mysql keyword "null", booleans are converted to 1 or 0, and numbers are left alone.
 * Also can escape a single variable or recursively escape an array of unlimited depth.

function db_escape($values, $quotes = true) {
    if (is_array($values)) {
        foreach ($values as $key => $value) {
            $values[$key] = db_escape($value, $quotes);
    else if ($values === null) {
        $values = 'NULL';
    else if (is_bool($values)) {
        $values = $values ? 1 : 0;
    else if (!is_numeric($values)) {
        $values = mysql_real_escape_string($values);
        if ($quotes) {
            $values = '"' . $values . '"';
    return $values;


As a drop-in replacement for mysql_query when no placeholders (?) are used.

$result = mysql_safe("select 1 from table");

Use placeholders like so.

$result = mysql_safe("select ? from table where foo=?", array(1, "bar"));

The original mysql_safe function didn't escape numerics properly. The db_escape function does that nicely.

TokyoCabinet PHP Extension

Posted by Kelvin on 29 Jun 2010 | Tagged as: PHP, programming

I guess no one really interfaces directly with TokyoCabinet from PHP. For most cases, TokyoTyrant is probably more appropriate.

If you do need to though, check out

Works great, and was surprisingly hard to find.

See my other post for help compiling the PHP extension.

How to compile a PHP extension

Posted by Kelvin on 29 Jun 2010 | Tagged as: PHP, programming

Short answer

sudo apt-get install php5-dev
cd /path/to/extension

The extension directory must have a minimum of

1. config.m4
2. php_sample.h
3. sample.c

sudo make install

Now add the dynamic extension to your php.ini files in /etc/php5.

; Dynamic Extensions ;
; If you wish to have an extension loaded automatically, use the following
; syntax:
;   extension=modulename.extension
; For example, on Windows:
;   extension=msql.dll
; … or under UNIX:
; Note that it should be the name of the module only; no directory information
; needs to go here.  Specify the location of the extension with the
; extension_dir directive above.
; Example lines:

Long answer

Using expressions to assign PHP static variables

Posted by Kelvin on 14 Jan 2010 | Tagged as: PHP, programming

OK. The PHP manual explicitly states you CANNOT use an expression when assigning to a static variable.

You can, however, do this:

class MyClass {
  public static $a = 1;
  public static $b;

  public static function init() {
    self::$b = self::$a + 1;

Nifty eh?

LightVC – a simple and elegant PHP framework

Posted by Kelvin on 28 Sep 2009 | Tagged as: PHP, programming

Whilst working on a recent project involving clinical trials, I stumbled on LightVC, a php framework. Yes.. yet ANOTHER php framework.

Its emphasis on simplicity and minimalism caught my eye and I decided to give it a whirl.

3 months later, I have to admin I'm a total fan. It makes the simple stuff easy, and the tough stuff.. well.. possible. It is a pure view-controller framework w/o ORM. Perfect because my backend is usually handled by Solr anyway.

Highly recommended if you're not already invested in Zend or one of the biggies (cakephp, symfony, etc)

Robert Capra Notes on Solr Update with PHP

Posted by Kelvin on 27 Jun 2008 | Tagged as: blogmark, PHP

« Previous Page