A kick-ass PHP mysql escaping function
Posted by Kelvin on 31 Jul 2010 | Tagged as: programming, PHP
Hate calling mysql_real_escape_string repeatedly in your code? Use these functions cobbled together from http://www.php.net/manual/en/function.mysql-real-escape-string.php
/** * USAGE: mysql_safe( string $query [, array $params ] ) * $query - SQL query WITHOUT any user-entered parameters. Replace parameters with "?" * e.g. $query = "SELECT date from history WHERE login = ?" * $params - array of parameters * * Example: * mysql_safe( "SELECT secret FROM db WHERE login = ?", array($login) ); # one parameter * mysql_safe( "SELECT secret FROM db WHERE login = ? AND password = ?", array($login, $password) ); # multiple parameters * That will result safe query to MySQL with escaped $login and $password. **/ function mysql_safe($query,$params=false) { if ($params) { foreach ($params as &$v) { $v = db_escape($v); } # Escaping parameters # str_replace - replacing ? -> %s. %s is ugly in raw sql query # vsprintf - replacing all %s to parameters $sql_query = vsprintf( str_replace("?","%s",$query), $params ); $sql_query = mysql_query($sql_query); # Perfoming escaped query } else { $sql_query = mysql_query($query); # If no params... } return ($sql_query); } /** * Automatically adds quotes (unless $quotes is false), but only for strings. Null values are converted to mysql keyword "null", booleans are converted to 1 or 0, and numbers are left alone. * Also can escape a single variable or recursively escape an array of unlimited depth. */ function db_escape($values, $quotes = true) { if (is_array($values)) { foreach ($values as $key => $value) { $values[$key] = db_escape($value, $quotes); } } else if ($values === null) { $values = 'NULL'; } else if (is_bool($values)) { $values = $values ? 1 : 0; } else if (!is_numeric($values)) { $values = mysql_real_escape_string($values); if ($quotes) { $values = '"' . $values . '"'; } } return $values; }
Usage
As a drop-in replacement for mysql_query when no placeholders (?) are used.
$result = mysql_safe("select 1 from table");
Use placeholders like so.
$result = mysql_safe("select ? from table where foo=?", array(1, "bar"));
The original mysql_safe function didn't escape numerics properly. The db_escape function does that nicely.
TokyoCabinet PHP Extension
Posted by Kelvin on 29 Jun 2010 | Tagged as: programming, PHP
I guess no one really interfaces directly with TokyoCabinet from PHP. For most cases, TokyoTyrant is probably more appropriate.
If you do need to though, check out http://code.google.com/p/1bacode/source/browse/trunk/front-end/extension/?r=12#extension/tokyocabinet.
Works great, and was surprisingly hard to find.
How to compile a PHP extension
Posted by Kelvin on 29 Jun 2010 | Tagged as: programming, PHP
Short answer
sudo apt-get install php5-dev
cd /path/to/extension
The extension directory must have a minimum of
1. config.m4
2. php_sample.h
3. sample.c
phpize
./configure make sudo make install
Now add the dynamic extension to your php.ini files in /etc/php5.
;;;;;;;;;;;;;;;;;;;;;; ; Dynamic Extensions ; ;;;;;;;;;;;;;;;;;;;;;; ; ; If you wish to have an extension loaded automatically, use the following ; syntax: ; ; extension=modulename.extension ; ; For example, on Windows: ; ; extension=msql.dll ; ; … or under UNIX: ; ; extension=msql.so ; ; Note that it should be the name of the module only; no directory information ; needs to go here. Specify the location of the extension with the ; extension_dir directive above. ; Example lines: extension=sample.so
Long answer
http://mattiasgeniar.be/2008/09/14/how-to-compile-and-install-php-extensions-from-source/
Using expressions to assign PHP static variables
Posted by Kelvin on 14 Jan 2010 | Tagged as: programming, PHP
OK. The PHP manual explicitly states you CANNOT use an expression when assigning to a static variable.
You can, however, do this:
class MyClass {
public static $a = 1;
public static $b;
public static function init() {
self::$b = self::$a + 1;
}
}
MyClass::init();
Nifty eh?
LightVC – a simple and elegant PHP framework
Posted by Kelvin on 28 Sep 2009 | Tagged as: programming, PHP
Whilst working on a recent project involving clinical trials, I stumbled on LightVC, a php framework. Yes.. yet ANOTHER php framework.
Its emphasis on simplicity and minimalism caught my eye and I decided to give it a whirl.
3 months later, I have to admin I'm a total fan. It makes the simple stuff easy, and the tough stuff.. well.. possible. It is a pure view-controller framework w/o ORM. Perfect because my backend is usually handled by Solr anyway.
Highly recommended if you're not already invested in Zend or one of the biggies (cakephp, symfony, etc)
Robert Capra Notes on Solr Update with PHP
Posted by Kelvin on 27 Jun 2008 | Tagged as: blogmark, PHP
http://www.ils.unc.edu/~rcapra/solr-update-php.php
Comments Off on Robert Capra Notes on Solr Update with PHP