PHP File Downloads
PHP can be used to securely control access to file downloads. This tutorial will show how you can send file through a PHP script and limit the download rate. The function we will write accepts the path to the file to send and optionally a rate in kB/s to limit the transfer speed. The function should also be able to handle range headers from clients that allow stopping and resuming downloads.
Basic Overview of Loops in PHP
PHP comes with several control structures for creating loops. A loop is basically code that executes repeatedly for as long as it needs to. The control structures I'll discuss here are: while, do-while, for, foreach, break & continue. Each of these are similar, and some can pretty much be interchangeable, but some are better suited for certain tasks than others.
5 Basic PHP Security Tips
Security should be a top concern throughout the development of any PHP web application. There are some very simple measures you can take to protect your application from potential abuse. This post will cover some of the basics of PHP security. For more detailed explanations of good security practices, check out the PHP Security Guide.
I do not consider myself a PHP security expert, but these are things that every developer should know. Also keep in mind that security is a process and not a result.
Snippet: Maintain a Single Database Object in PHP 5 Using the Singleton Pattern
When creating a PHP application, it is usually necessary to connect to a database to perform certain tasks. In some cases you only want to open a connection when necessary, but limit it to a single connection. This way you don't waste resources on unnecessary database connections. For these situations I use the Singleton Pattern, which is perfect for this.
In this example, we are creating a MySQLi object and forcing it to a single instance. We just need to call DB::get() to create and/or access the object.
Using MySQL Prepared Statements in PHP
Prepared statements in MySQL are an alternative to writing raw SQL code to execute. Instead, you write a statement with placeholders (?) where you want variable to go, then attach variables to those placeholders.
A prepared statement is basically a template that can be reused with different variables. There are some benefits and drawbacks to prepared statements that should be considered:
Pros:
- Prevents SQL injection without needing to escape data
- Allows you to repeat the same statement without the overhead of parsing the SQL
- Allows you to send raw binary data in packets
- Creates code that is easier to read by separating SQL logic from data
Cons:
- Slower for one time queries since it requires two requests from the MySQL server
- Does not work for ALL queries (only data manipulation queries)
- Placeholders can only be used for values and not table/column names
Conclusion: I'd say prepared statements win due to security benefits alone
PHP supports MySQL prepared statements using the Mysqli (MySQL Improved) extension in PHP 5 via the MySQLi_STMT class. They are fairly easy to use once you get used to the differences from writing raw SQL statements. This tutorial will explain how to use prepared statements.
Modifying Templates Using DOMDocument In PHP
In the previous post, Generating (X)HTML Documents Using DOMDocument In PHP, we explored the PHP DOMDocument class by generating an (X)HTML page completely within PHP. Now, we'll look at a more practical application that involves modifying an existing template. The template gives us a good starting point so we can focus on generating only the dynamic parts of the page.
Categories
- General (6)
- News (4)
- Projects (12)
- Lock My Stuff (2)
- Noty (2)
- TempServers (8)
- Software (8)
- Tips & Tutorials (46)
Archives
Links
Meta
