It’s good practice to always use a version control system in any of your projects. Be it a side-project in which you are the only developer, or a team project where five or more people are working on it together. But the idea of putting your database into version control isn’t really that widespread. Often times we take the database for granted.
But like the source files in our project, the database is constantly changing too. That’s why we also need a way to track the changes that we have made and easily share it to other members of our team.
In this article we will take a look at DBV, a database version control system written in PHP for MySQL databases so you need to have PHP and MySQL installed before you can use it, along with a web server like Apache or Nginx.
An important note about this software is that it is not a stand-alone database version control system, because it needs a version control system such as Git, Mercurial or SVN for syncing changes with your team.
To start working with DBV, first you have to download the installer from their website, extract it into your project directory then rename the resulting folder to
dbv. This will give you the following path:
An alternative approach is just cloning from Github.
You can start configuring the options for DBV by creating a copy of the
config.php.samplefile and renaming it to
The most important things to update here are the first two sections. Just substitute the values for
my_databasefor the values in your current database configuration:
Continue reading %Database Versioning with DBV%
My bookmark manager SemanticScuttle is able to show screenshots for bookmarked websites, but always relied on an external service to generate them. The service shut down now - time to look for an alternative.
There are several dozen screenshot services on the internet; some have free plans that would allow you to re-enable screenshots on your self-hosted SemanticScuttle instance for free. But unfortunately this means registering at yet another service and being again dependent. Time for something new!
Over the last three weeks, I built phancap - a self-hosted website screenshot service. With it, your bookmark manager will never have to depend on an external service again.
It's easy to setup: Simply drop the .phar in your webserver's document root, install xvfb-run, cutycapt and imagemagick, and you're done.
It supports JPG, PNG and PDF output formats. PNG is ideal for screenshots, while full-text PDF is nice for long-time archiving of web pages.
You may configure the browser and thumbnail size, and can choose between a fixed height and full-page screenshots. Authentication may be enabled to prevent others using your server resources.
I’ve just pushed the latest update of the most recent book in the Securing PHP ebook series – The Usual Suspects – and included an entire chapter covering cross-site scripting:
Next we come to something that’s probably a bit more widely known but often misunderstood, especially when it comes to the power that it offers to the attacker. Part of the confusion comes from the name of the attack. When you think about the attack method an XSS vulnerabilities allows, the only thing “cross site” about it is that it can possibly come in as a link from another site. Other than that, a cross-site scripting vulnerability can be more closely associated with injection. In fact, the main reason a site might have a cross-site scripting issue is because of improper output escaping.
This new chapter has loads of information about the different types of XSS issues, the different contexts it can happen in and plenty of code and configuration examples of how to prevent them. If you haven’t picked up a copy of it yet, there’s no time like the present!
Don’t forget about the first book in the Securing PHP series too! Core Concepts is a great introduction to security terminology, methods and principles that can help you lay a good foundation for more secure applications.
If you can make it to the conference, its a good opportunity to get introduced to the CMF and listen to many other interesting talks.
- Beyond Design PatternsPresented ByAnthony Ferrara
July 24, 2014 20:00 CDT
Earlier this week, we put the final touches on the “micro/macro” frameworks for v2 web projects and v2 command line projects. Although these had been delayed a bit while working out the Aura.Di v2 beta release, they both now have their first “Google beta” releases!
… The idea is that [Aura.Web_Project] starts as a very minimal system, with only router, dispatcher, request, and response functionality. But thanks to the Composer-assisted configuration system, it’s very easy to add whatever functionality you want, making the project as large or as small as you need. …
Aura.Cli_Project takes exactly the same approach, but for command-line applications. It consists of a “context” and standard I/O system (the equivalents of a request and response), along with a console and dispatcher. It uses the same configuration system as Web_Project, so you start with a very minimal system that grows only as you need it.
Each project is little more than a skeleton around a core “kernel” package. The Aura.Web_Kernel is what actually provides the glue to connect the underlying library packages together, as does the Aura.Cli_Kernel.
Keeping the kernel separate from the project means we can update the kernel without having to re-install a project.
In this article I’ll take a look at Underscore, what it can do, and provide some examples of where it might be useful.
What is Underscore?
Most notably, Underscore provides a bunch of utilities for working with collections and arrays, some for working with objects, basic templating functionality and a number of other useful functions.
The functions which operate on collections and arrays can be particularly useful when dealing with JSON, which makes it great for handling responses from web services.
Continue reading %Getting Started with PHP Underscore%