This is a function to protect email addresses on your website from bots or spiders that harvest email addresses for spam purposes; it uses a substitution cipher generating a unique key for every page load.
PHP encrypts your email address and generates javascript to decrypt it because most bots and spiders can’t execute javascript. A visitor of your web page will not notice this as long as they have javascript enabled, otherwise they will see “[javascript protected email address]”

As the script contains quite a lot of special characters, a downloadable version is available here

Usage
echo hide_email(‘test@test.com’);

Further reading
Ross Killen’s implementation here
Methods to hide email addresses in page source here

A great source of information on the PHP language is Practical PHP Programming. This great reference is available free of charge under an open source type license here.

Over the next few posts I’ll try to list similar resources for other relevant programming languages, methodologies and reference material.

Sometimes PHP novices attempt to make cleaner or more legible code by copying predefined variables to variables with shortened names prior to working with them. This actually results in doubled memory consumption (when the variable is altered) and therefore slower scripts. In the following example, if a user had inserted 512KB worth of characters into a textarea field this would result in nearly 1MB of memory being used.

$title = strip_tags($_POST['title']);


echo $title;

This operation can be performed inline, – avoiding the memory overhead.

echo strip_tags($_POST['title']);

Twitter is a service for friends, family, and co-workers to communicate and stay connected through the exchange of quick, frequent answers to one simple question: What are you doing?

PHP Twitter is a (wrapper)class to communicate with the Twitter API written by Tijs Verkoyen. Download page is available here

A quote from the author (and he’s not wrong) The class is well documented inline. If you use a decent IDE you’ll see that each method is documented with PHPDoc. There is also a tutorial available here

So, to sum up, these links should kickstart your twittering ability from PHP (and your website).

Happy tweeting!

A few changes in PHP 6:

This post is mainly about what is removed (and will no doubt break countless scripts out there)

• magic quotes
• register_globals
• register_long_arrays
• safe_mode

magic_quotes

// Assuming magic_quotes is on
$sql = “INSERT INTO USERS (USERNAME) VALUES $_GET['username'];

// Using proper parameterised query method (MySQL)
$statement = $dbh->prepare(“INSERT INTO USERS (USERNAME) VALUES ?”;
$statement->execute(array($_GET['username']));

Obviously the get_magic_quotes_gpc() function will no longer be available.

register_globals

// a security hole because if register_globals is on the value for user_authorised can be set by a user sending
// them in the query string
// i.e www.example.com/index.php?user_authorised=true
if ($user_authorised){
// show all the data
}

// Being specifc
function is_authorised{
if (isset($_SESSION['user'])){
return true;
}else{
return false;
}
}
$user_authorised = is_authorised();

register_long_arrays

Using deprecated registered arrays:

// Echo the name of the user value given on the query string
// http://www.example.com/index.php?username=notgood
echo “Welcome, $HTTP_GET_VARS['username']“;

Using $_GET

// Using the supported $_GET array instead
echo “Welcom, $_GET['username']@;

safe_mode
This was originally to ensure that the owner of a file being operated on matches the owner of the script that is executing. It was originally a way to attempt to handle security when operating on a shared server environment (like many ISPs would have) It is outside the scope of this blog to document the numerous functions affected by this change, so consult your documentation.

Sometimes a browser may be hiding behind a proxy, – this little function will hopefully get to the root of things:

I had an issue with CSS today and it was difficult to figure out what exactly what was going wrong. A great way to avoid this is to reset everything before you start.

A good way to do this is to use a preset reset such as the Yahoo UI reset or the Eric Meyer reset.

While these resets are very comprehensive often it feels like you reset everything, only to then redefine a lot of properties on the elements. Eric Meyer recommends that you should not just take his reset stylesheet and drop it in your projects if there is a more effective way of using it. Tweak it. Build upon it. Customise, and make it your own.

Perhaps it could be something as simple as removing padding from the elements:

When you treat strings as an array, each character contained in the string is actually an element in that array. By determining whether an element exists you can determine whether the string is at least that many characters long. (Obviously the first character is element 0, so $username[7] is actually the eighth character in $username.)

This is slightly faster than strlen() however the reason is somewhat more complicated. Essentially whilst strlen() is a function, isset() is actually a language construct. Calling a function is generally more expensive than using a construct.