Category Archives: PHP

Generating Word documents from PHP

PHPDOCX is a PHP library that allows its client code to generate Microsoft Word documents in the .docx format from PHP scripts. PHP is increasingly being used for disparate goals and has to deal with data that comes from strange sources and has to be produced in stranger formats. An off-the-shelf solution for the creation of Word documents from an arbitrary source — being it a database, Excel or a csv file — is indeed a good tool to keep at hand.

Starting with the 1.5 version, which has been released on July 12th, PHPDOCX is now compatible with PHP 5.3. The adoption of PHP 5.3 from operating systems is growing and it will at last replace the previous versions of PHP also in the servers of hosting providers.


PHPDOCX provides some standard features that you would commonly use when generating a document dynamically: managing text, list, tables, images and graphic elements are all basic operations of document editing.

There are more useful features included in the library, which come handy when dealing with long documents. For instance, insertion of headers, footers, page numbering, and table of contents are all supported.

A final note on the feature list is the possibility of outputting PDF and HTML from a given Word document. The library is intended for generation of reports and being able to switch the output format at will is a great point.


PHPDOCX has no requirements for a functional version of MS Word, except for generating legacy versions of the documents (.doc format for Word 2004 or before).

The library does requires the zip and xsl PHP extension to work, but they are probably already installed on your server of choice, or available at will. Apart from that, a generic installation of PHP and Apache will suffice.


Like many libraries for web development, PHPDOCX comes with more than one license.

The first possibility is to use the library with an LGPL license, which covers the free version. It has somewhat limited features in comparison to the Pro one, but it includes no watermarks in the produced documents nor it has time limits.

The Pro version has greater capabilities, like the insertion of graphs and MathML constructs for scientifical documents. It also provides technical support, which may be the most compelling point for its adoption.

In conclusion, PHPDOCX is a valid tool to manage production of documents in one of the most diffused formats of the world. It also manages PDF and HTML, which guarantee interoperability with any end user’s machine


Never Use $_GET Again

Please don’t need to use $_GET or $_POST anymore. In fact, probably we shouldn’t use $_GET and $_POST anymore. Since PHP 5.2, there is a new and better way to safely retrieve user-submitted data.

The clever developers have constructed a library that analyzes data and escapes it appropriately. But the problem of validating and sanitizing input is still a substantial issue. Many seasoned PHP developers still spend precious development cycles building custom code to filter input.

PHP (from 5.2 onward) has a built-in filtering system that makes the tasks of validating and sanitizing data trivially easy. Rather than accessing the $_GET and $_POST superglobals directly, you can make use of PHP functions like filter_input() and filter_input_array(). Let’s take a quick look at an example:

$my_string = filter_input(INPUT_GET, ‘my_string’, FILTER_SANITIZE_STRING);

The code above is roughly the equivalent of retrieving $_GET[‘my_string’] and then running it through some sort of filter that strips HTML and other undesirable characters. This represents data sanitization, one of the two things that the filtering system can do. These are the two tasks of the filtering system:

* Validation: Making sure the supplied data complies with specific expectations. In this mode, the filtering system will indicate (as a boolean) whether or not the data matches some criterion.
* Sanitizing: Removing unwanted data from the input and performing any necessary type coercion. In this mode the filtering system returns the sanitized data.

By default, the filter system provides a menagerie of filters ranging from validation and sanitization of basic types (booleans, integers, floats, etc.) to more advanced filters which allow regular expressions or even custom callbacks.

The utility of this library should be obvious. Gone are the days of rolling our own input checking tools. We can use a standard (and better performing) built-in system.

If we take things one step further than merely presenting this as an option. We can say that we should no longer directly access superglobals containing user input. There is simply no reason why we should. And the plethora of security issues related to failure to filter input provides more than sufficient justification for my claim. Always use the filtering system. Make it mandatory.

“But,” one might object, “what if I don’t want my data filtered?” The filtering system provides a null filter (FILTER_UNSAFE_RAW). In cases where the data needn’t be filtered (and these cases are rare), one ought to use something like this:

$unfiltered_data = filter_input(FILTER_GET, ‘unfiltered_data’, FILTER_UNSAFE_RAW);

Following this pattern provides a boon: We can very quickly discover all of the unfiltered variables in the code by running a simple find operation looking for the FILTER_UNSAFE_RAW constant. This is much easier than hunting through calls to $_GET to find those that are not correctly validated or sanitized. Risky treatment of input can be managed more efficiently by following this pattern.

Filters won’t solve every security-related problem, but they are a tremendous step in the right direction when it comes to writing safe (and performant) code. It’s also simpler. Sure, the function call is longer, but it relieves developers of the need to write their own filtering systems. These are darn good reasons to never use $_GET (or $_POST and the others) again.

What is NOLOH?

NOLOH is a lightweight, on-demand, distributed, web application development platform with which it is possible to build visually and functionally sophisticated applications that are accessible in a web browser over a network connection.

* Lightweight: NOLOH delivers only the exact code necessary to render each user’s application view state. No extraneous HTML, CSS, or JavaScript code is sent to the browser and the code that is sent is highly obfuscated.
* On-demand: NOLOH generates all client-side code only as it is needed. NOLOH generates client-specific code automatically for each user taking into account the user’s browser, operating system, and other client-side variables. Importantly, NOLOH inherently manages all aspect of a user’s application view state (including client-side garbage collection) freeing the developer from having to manage the communications and protocols between the client and the server.
* Distributed: Users connect to NOLOH applications running on a server using a web browser client via an intranet or the Internet.
* Web application development platform: A platform can be thought of as a set of resources – for example, libraries, classes, structures – that provide both usability and consistency in application development. As might be expected, some platforms provide more resources than others. In particular, NOLOH provides a full suite of resources that enable developers to concentrate on their applications, rather than on the many time-consuming and often annoying aspects of web development. One example of this is the AJAX-like Web 2.0 functionality in the user interface. NOLOH provides this without any additional programming work.

NOLOH consists of:

* A programming language (NOLOH, which extends and enhances PHP)
* A comprehensive complement of classes, methods, and controllers that programmers use to develop NOLOH applications; and
* A lightweight runtime engine (the NOLOH “kernel”) installed on a web server that interprets programs written in NOLOH, manages user state, and generates all of the necessary client-side, and server-side code that the application requires

Summary of NOLOH fundamentals:

* NOLOH: Not One Line Of HTML (or JavaScript).
* NOLOH manages cross-browser compatibility issues so you don’t have to.
* NOLOH provides seamless communication between client and server, thus the distinction between server and client is profoundly blurred
* NOLOH provides an easy and intuitive workflow.
* NOLOH allows flexibility, the developer decides which programming techniques and tools to use.
* NOLOH provides a core of basic classes, functions, procedures, and controllers.
* NOLOH is object-oriented.
* All NOLOH objects (functions, procedures, controllers whether internal or external) are reusable and extendable.
* NOLOH supports inheritance of object properties.
* NOLOH presents the programmer with a single language syntax, PHP, and supports the more verbose Javascript syntax to ease the transition to NOLOH for Javascript programmers who are not versed in PHP.
* Once an object is created on the server it is never thrown away unless explicitly destroyed or the server is restarted.
* NOLOH enables programmers to easily create events in the browser that can post back to the server without the entire page being posted back to the server.
* All events (client and server) are written in NOLOH.
* NOLOH manages all aspects of user view state.
* In NOLOH, the concept of forms does not exist.

Why PHP?

PHP is the fourth most popular programming language and the most popular language for developing web applications. According to Netcraft PHP is installed at over 1.2 million IP addresses hosting over 20 million web sites. There’s also a very large and active community of PHP developers. PHP is an interpreted language so development cycles tend to be faster than with compiled languages like Java. It’s gratifying and efficient to be able to modify and save the code and then just refresh the browser to see the change.

IDE: Why Use One And Which To Choose

Everyone wants to be more productive, make fewer mistakes and write good code. But in most cases IDEs help us to achieve those goals more easily. Unfortunately, choosing the right IDE is very difficult because a lot needs to be considered. And the website of almost every IDE tells us it is the best one.

We’ll take a close look at the most popular PHP IDEs, exploring their functions, comparing them in a table and drawing some conclusions. Hopefully, you’ll get an idea of what each PHP IDE has to offer and which one best fits your needs.

The following are some of the features that I found needed to be considered.

IDE Features

1. Syntax highlighting

Good syntax highlighting improves code readability a lot. Really! Just look at this:

Syntax Highligting

2. Code completion

Automatic code suggestions can help the developer avoid having to type so much. If it supports custom classes and phpDoc, it can even save you from having to read project documentation.

Good code completion can also prevent typos. For example, if typing $cotroller-> does not show you any suggestions, you’ll know something is wrong. Uh oh… it should be $controller!

Poor code completion can slow you down if too many variants are shown or your class methods are not picked up.

code completion

It is also good to have file name completion in HTML src=” and PHP include and require.

3. Navigation

One of the most boring things is trying to find where a certain variable has been defined or used. Some good IDEs can help with “GoTo” actions, like go to definition.

Another important feature is search. Searching should not take a long time, even with large projects. Even better is if the IDE lets you move quickly to the next occurrence of a search phrase, like Firefox does with its Quick Find feature.


4. Errors and warnings highlighting

On-the-fly syntax checking can prevent various typos and common programming mistakes. In the example below, the IDE indicates that you may have used = instead of ==:


The more the IDE detects, the better — except false positives, of course.

5. Refactoring and code generation

Refactoring is basically a set of techniques for turning weak code into solid code. Its implementation in PHP IDEs is very weak compared to that of compiled-language IDEs, such as Java and C, but it’s still very useful.

Very basic PHP refactoring includes:

* “Move,” which updates all includes and requires when moving a file to another directory.
* “Rename,” which renames something and ensures it is renamed throughout the project.
* “Safe delete,” which ensures deletion of a file does not harm other parts of the project.


In addition to basic refactoring, some IDEs can generate code for class constructors, getters/setters and even stub methods for a parent class.


6. Debugging

Debugging is not so critical in PHP because you can add echos or use something like FirePHP without even having to recompile your code. But for complex applications in which you need to add echo after each line to see what’s going on, debugging can save you hours.


If the IDE is good enough, it provides you with step-by-step debugging and lets you see the current values of variables in scope.

7. Versioning system

Versioning is extremely useful for both team and one-person development. It shows what changes have been made to a file, when they were made and by whom. A good IDE allows you to visually compare revisions, copy changes from one version to another, revert to previous states and merge changes made by different team members.


When performing common checks and commits, integrating a versioning system such as CVS, SVN, git or Mercurial in your IDE is usually much better than running a separate application.

8. Client-side features

Using PHP alone is very rare. CSS and JavaScript are almost always somewhere in your application. So, good code completion, highlighting, navigation and perhaps some refactoring would be just as beneficial for the other languages and technologies you use in conjunction with PHP.

code completion

Every IDE provides a lot of features. Some of those features are very useful, some are not. Here are some guidelines to follow to narrow down the one for you:

* Try free ones first. Their feature set may be enough for you, and you wouldn’t need to pay for a license.
* First, make sure the features you want are ones you really need. If they are, check that they work properly in your IDE of choice.
* If you find one IDE that fits well but is missing one or two features, try specialized tools.
* Once you choose an IDE, play with it for a week before implementing it in a big project. You may find your current working habits are too strong to allow you to feel comfortable with it.


Both PDT and NetBeans are good. If you need a lot of plug-ins, Eclipse is the better choice. If editing tools and code completion are more important to you, then pick NetBeans. NetBeans is a bit more responsive, too.

If you are mostly editing HTML and CSS, try Notepad++, vim, TextMate or Emacs. They all have very good HTML editing capabilities and can be configured for simple code completion. And they are faster and lighter than fully featured IDEs.

If you are editing complex JavaScript, try Aptana, which is amazing for JavaScript, or the Spket plug-in for Eclipse, which has nearly the same features.

And remember, IDEs are not meant to change the way you think. They simply speed up the development process.

Drupal – Content-Management software

Drupal is free content-management software designed to let an individual or user group publish, manage and organize Web sites that feature a wide variety of content. Drupal is currently being used to power community Web portals, discussion sites, corporate Web sites, intranet applications, personal Web sites and blogs, fan sites, e-commerce applications, resource directories and social networking sites. Recently, the Obama administration adopted Drupal as the foundation for the Web site.

The standard release, known as Drupal core, lets users do the following:

• Register and maintain individual user accounts within a role-based permission and privilege system.
• Create and manage menus.
• Create, manage and aggregate RSS feeds.
• Customize page layouts.
• Perform logging.
• Index and search all content in the system.

The basic Drupal installation allows the creation of classic static Web sites, single- or multiuser blogs, Internet forums or online communities that can handle user-generated content. New features can be added via plug-in code known as contrib modules, which have been used for collaborative authoring environments, peer-to-peer networking and podcasting, for example. Drupal can run on any server platform that also supports PHP and a database for storing content and settings. The software is distributed under the GNU General Public License.

Drupal was originally written by Dutch student Dries Buytaert to produce a small site that allowed friends to leave notes about network status and share personal news. Buytaert wanted to name the site dorp (Dutch for village) because of its community aspects, but he mistyped the domain name as drop and decided the erroneous version sounded better. turned into a place for personal experimentation with new Web technologies, and in January 2001 Buytaert released the software as open source. Drupal comes from the English pronunciation of the Dutch word druppel, meaning drop.

Drupal: Yes or No?

Drupal might be a very good choice when you need a Web site that…

* Is flexible enough to evolve in any direction and add features.
* Can be easily configured to interact with other sites and technologies.
* Can handle complex forms and workflows.
* Allows you to create your own content types, such as custom fields.
* Can quickly organize and display lists of information.
* Meets your needs with one or more existing Drupal modules.
* May require you to quickly develop custom functionality.

Drupal might not be the best choice if…

* Your needs are limited in scope, such as just writing a personal blog, creating a wiki or hosting a discussion forum.
* You aren’t prepared to spend time learning how Drupal works — its learning curve can be steep.
* You absolutely need backward compatibility. Drupal’s designers have chosen to forgo this with each new major revision.
* Performance is critical to you; in some tests, Drupal’s high query rate has adversely impacted scalability and performance relative to other systems, such as Joomla.

Integrate YouTube with your phpBB Forum

With Youtube gaining popularity, more and more phpBB boards want to allow their members to post YouTube videos in their posts. I am sure most of you reading this watch Youtube videos and share them. Here we guide you on how to add YouTube videos to your phpBB forums.While phpBB has some of the most popular BBCodes included by default, you can also add your own . This article will explain how to add your own custom BBCodes. PhpBB3 has a powerful new feature that lets you add your own BBCodes directly from an easy to use admin panel interface –no MODS or code changes needed.

To do this, login to Administrative Control Panel (ACP) and click on the ‘Posting’ tab at the top. Click on the ‘Add a New BBCode’ button in the bottom right of the page. This will open up three text input areas, BBCode usage, HTML replacement, and Help line text box -where you can enter a tip on how to use your new BBCode.

Enter the following in the ‘BBCode usage’ box:


Enter the following in the ‘HTML replacement’ box:

And finally enter the following in the ‘Help line text’ box:

[YouTube] [/YouTube]

Now, to use the new [YouTube][/YouTube] BBcode tags you just created on posting page, you need to insert the YouTube Video ID of the YouTube video you want to add in between the tags. You will now be able to embed YouTube videos on your forum.

PHP 5.3.1 Release Announcement

The PHP development team has announced the immediate release of PHP 5.3.1. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.

Security Enhancements and Fixes in PHP 5.3.1:

* Added “max_file_uploads” INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
* Added missing sanity checks around exif processing.
* Fixed a safe_mode bypass in tempnam().
* Fixed a open_basedir bypass in posix_mkfifo().
* Fixed bug #50063 (safe_mode_include_dir fails).
* Fixed bug #44683 (popen crashes when an invalid mode is passed).

Key Bug Fixes in PHP 5.3.1 include:

* Fixed crash in com_print_typeinfo when an invalid typelib is given.
* Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection.
* Fixed crash when instantiating PDORow and PDOStatement through Reflection.
* Fixed bug #49910 (no support for ././@LongLink for long filenames in phar tar support).
* Fixed bug #49908 (throwing exception in __autoload crashes when interface is not defined).
* Around 100 other bug fixes