October 27th, 2008 Denham Coote
As some may recall, Stormhoek were kind enough to let us spend the day on the farm when we were down in Cape Town for WordCamp 2008. Good food, good company and good wine! A perfect Sunday. As if this wasn’t enough to convince me just how awesome these guys are, they are now running a promotion where they will send wine and photos to just about anywhere in the World, to users who engage with them online.
I’m sure not gonna miss out on the opportunity to get myself some of their awesome wine! (I opened my last bottle of Stormhoek last week)
Hope you’re all well!
Posted in General | 1 Comment »
October 22nd, 2008 Denham Coote
Today marks the release of a little project we’ve been working on for the WordPress community.
Basically, what MobilePress does is take your current WordPress blog and re-renders it when being viewed from a mobile device in more mobile-friendly way. So, instead of hoping that your (user’s) phone’s browser is smart enough to display a site that was meant for a 1024×768 display on a 320×240 mobile display, you can now make sure it renders the way you want it to.
This is done as follows:
- Detect if the site is being accessed from a mobile device
- If so, the plugin kicks in and determines which device is being used
- We then ‘hijack’ WordPress’s rendering, and switch to an alternate theme (one designed just for a mobile device)
- Control is returned to WordPress, so that the rest of your site/plugins get to run, as per normal.
There are a few other cool things happening here. If you design WordPress themes, you can now design a mobile theme that matches, and not have to worry about mobile domains and custom routing. Just activate the plugin and it takes care of the rest.
In addition to ‘generic’ mobile devices, we’ve provided the ability to specify custom themes for the iPhone, Opera Mini & Windows CE. This allows for a tiered approach, allowing the designer to take advantage of a device’s capabilities, and still have a failsafe for simpler devices.
Some have pointed out that there are already plugins to render your site for mobile. This is true. Why did we choose to write our own? Well, for one, the existing plugins just didn’t cut it.
The ‘WordPress Mobile’ plugin does not pass control back to WordPress, and uses a custom, hardcoded theme. In other words, you need to hack php to customise it. In addition to that, the author has a bunch of sneaky ads and backlinks all over the place which will render on your blog. Want to get rid of the ads? You’ll have to pay for that privilege.
WPTouch gets closer, but is geared only to the iPhone, and has a lot of hard coded elements in the code. Also not quite up to the standards WordPress advocates.
MobilePress aims to provide standards-based flexibility to the designer, with no financial implications for the user.
Hope you guys find this useful. Go check out the official MobilePress site or grab your copy directly from the WordPress repository, here.
PS: Any feedback and comment are appreciated - we will use them to improve the next release!
Posted in WordPress, mobile | 9 Comments »
September 10th, 2008 Denham Coote
There are certain benefits to being your own boss. Right now, I am sitting outside by the pool, under the lapa, sipping on a cold beer. Don’t you love life?
My office
Posted in General | 6 Comments »
August 21st, 2008 Denham Coote
On Saturday I’ll be attending WordCamp SA 2008. For those who don’t know, WordCamp is a gathering (or is it gaggle?) of geeks who all have one thing in common - A passion for WordPress.
What is WordPress? For my even less-informed friends, WordPress is primarily a blogging platform, which is very extensible. My site is built on top of WordPress.
The event has been organised by Younique, and takes place at The Wild Fig. With a diverse array of guest speakers, including WordPress founder Matt Mullenweg, it’s sure to be an informative and enlightening day!
Posted in General | No Comments »
July 24th, 2008 Denham Coote
When accepting data from a user, any data at all, it should be sanitized before making its way to your database.
What does this mean? Well, for one, you’re going to inspect the data and make sure that it doesn’t contain any malicious code such as ill-intentioned javascript. Another is to prepare the data so that when it gets added to your insert/update SQL it doesn’t break the SQL (or do other nasty actions). Otherwise know as a SQL injection attack.
The technical details of the types of attacks we’re protecting against are a bit out of the scope of this post, but there are numerous resources available which will explain far better than I am able to.
After a form has been submitted (via get or post) it gets stored in the global array $_GET or $_POST. Once we have this data, we can and should do a bunch of things to it, such as:
Stripping out malicious code
We’ll scan through the input, searching for anything that shouldn’t be there, like html code, <script> tags, etc.
<?
function cleanInput($input) {
$search = array(
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
'@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
'@<style[^>]*?>.*?</style>@siU', // Strip style tags properly
'@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments
);
$output = preg_replace($search, '', $input);
return $output;
}
?>’slashing
This part can sometimes get tricky, but not to worry, the code’s not too bad. Basically we’re adding a backslash before any of the following: ‘ (single-quote), “ (double quote), \ (backslash) and NULL characters. Depending on your server configuration, there are a bunch of ways of getting this done. PHP has something called magic_quotes, which does this automatically. Note, however, that as of PHP 6 this feature has been deprecated and removed. Another PHP function, addslashes(), is the manual version of magic_quotes. addslashes(”Where’s Wally”); will return “Where\’s Wally”. A better option, if your server supports it, is mysql_real_escape_string(). It performs pretty much the same function, but is apparently better.
<?
function sanitize($input) {
if (is_array($input)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
}
else {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
$input = cleanInput($input);
$output = mysql_real_escape_string($input);
}
return $output;
}
?>To use, we simply pass any input to the function. The function works on single strings, as well as deep arrays.
<?
$bad_string = "Hi! <script src='http://www.evilsite.com/bad_script.js'></script> It's a good day!";
$_POST = sanitize($_POST);
$_GET = sanitize($_GET);
$good_string = sanitize($bad_string);
// $good_string returns "Hi! It\'s a good day!"
?>
Typecasting
Making sure that the data we’re inserting matches the expected type; i.e, someone’s age should be received as an integer value, and not a string.
<?
$age = (int) $_GET['age'];
?>
This is a very gentle introduction to sanitizing your database input, and I would certainly recommend that you do a lot more research on these methods in order to use them correctly in your given environment.
That’s it for today. If you found this useful, of would like to improve it, comments are always appreciated!
Posted in php | 34 Comments »
July 10th, 2008 Denham Coote
Following my earlier post, titled ANASLEX, I did some monitoring. My site traffic has spiked considerably. This, based on a simple (intentional) misspelling. Sure seems to be a lot of dyslexic folks out there looking for something other that Ana’s Lexus.
Posted in General | 2 Comments »
June 26th, 2008 Denham Coote
OK, so it’s not quite the nuclear bomb I promised, but it’s just as much fun 
Database paging, for those of you who are interested, is when you split the number of results returned by a query into smaller chunks, and then show those one page at a time. Think of how Google will display 10 results out of 4 236 735. Same thing.
The basic idea is to:
- Run your query, limited to the number of desired results
- Get the number of results that there would have been, without the limit
- Display the first set of results
- Build and display <prev> and <next> links, which, when clicked…
- Display the prev/next set of results, moved down/up by the desired amount
- Repeat 4 & 5
The following code sample is a very basic implementation of this idea. I have not checked the code, so apologies in advance if there are any bugs.
<?php
$no_results = TRUE; // No results found yet
$howmany = 10; // Return 10 results per query
// Set default starting point of query to 0, or, if set, to $_GET['rs']
$row_start = (isset($_GET['rs'])) ? $_GET['rs'] : 0;
// Do our SQL query, with something like LIMIT 0, 10
$sql = "SELECT SQL_CALC_FOUND_ROWS id, name, surname FROM person LIMIT ". $row_start .", ". $howmany ."";
$result = mysql_query($sql);
// Get the number of rows that would have been returned WITHOUT a limit clause, to be used later for paging.
$count_sql = "SELECT FOUND_ROWS() AS total";
$count_sql_result = mysql_query($count_sql);
$count_row = mysql_fetch_array($count_sql_result);
$count_result = $count_row['total'];
// Start looping through our result set
while($row = mysql_fetch_array($result)) {
$no_results = FALSE;
// Save results of query to $line_output
$line_output .= "
<div class=\"someclassname\">
<div>". $row['id'] ."</div>
<div>". $row['name'] ."</div>
<div>". $row['surname'] ."</div>
</div>";
}
// Don't bother building paging if we don't have records
if ($no_results) {
$line_output = "No records found...";
$page_output = "";
}
else {
// Build <prev> and <next> links and save to $page_output
$rs_prev = $row_start - $howmany; // where would prev page start, given current start less no. of records
$rs_next = $row_start + $howmany; // where would next page start, given current start plus no. of records
// If for some reason the next <prev> starting point is negative, do not display <prev>
// This happens when our current starting point is already 0
// This may happen if some smartass manually changes the rs= bit in the url
$page_output_prev = ($rs_prev < 0) ? "" : "<a href='?rs=".$rs_prev."'>Previous</a>";
// Will the next page jump start point exceed the number of records returned?
// If so, don't display <next>'
$page_output_next = ($rs_next >= $count_result) ? "" : "<a href='?rs=".$rs_next."'>Next</a>";
// Just something to put between <prev> & <next>, IF they are both active
if (($page_output_prev == "") || ($page_output_next == "")) {$page_output_breaker = "";}
else { $page_output_breaker = " || ";}
// Build final paging output
$page_output = $page_output_prev . $page_output_breaker . $page_output_next;
}
// Write the outputs
echo $line_output;
echo $page_output;
?>A few points worth taking note of:
Row counting
To get the total number of results, I have used
SELECT SQL_CALC_FOUND_ROWS
followed by a second query
SELECT FOUND_ROWS() AS total
As stated in the comments, this will return the number of results that there would have been without a limit clause. There are other ways to achieve this, namely using count() in a second query, but this way is apparently quicker, and also slightly cleaner code.
Building the paging links
In the code I have used
$_GET['rs']
What this does is get the value from the part of the URL that looks something like http://www.yoursite.com/index.php?rs=10
That value then becomes our next starting point, and is injected into the SQL query.
I’ve seen some tutorials where page numbers are used instead of starting records. This is fairly easy to achieve, and involves dividing the number of records returned by the size of the desired result set to get the number of pages, and then multiply again when determining the next starting point for the limit. I’ve not done that in this tutorial for the sake of simplicity. Besides, Google uses the records, and not pages, method. Can’t be that terrible
Extending the functionality
In this example I’m echoing the result to screen. You could instead wrap this up in a function and return the results. Another easy modification would be to alternate the background colours, as shown in my previous howto.
And that’s it for today. If you found this useful, of would like to improve it, comments are always appreciated!
Posted in php | 3 Comments »
June 25th, 2008 Denham Coote
Browsing around the other day I came across Komodo Media. Wow. What a stunning site and awesome source of inspiration. Rogie King, maintainer, showcases his talents in a remarkably eye-catching way.
Rogie goes the extra mile by nicely commenting his source code, so aspiring web geeks like me can learn from those who evidently know what they’re doing.
Be sure to play with the foliage-o-meter.
Posted in General | No Comments »
June 23rd, 2008 Denham Coote
Often when writing something for the web, you’ll need to output data in a table (or, for CSS zealots, nicely formatted <div>’s). In order to improve readability, you might want to colour every second row differently. This is really easy:
$counter = 1;
while($counter < 10) {
//set bgcolor
$bgcol = ($counter % 2 == 1) ? "#ececec" : "#ffffff";
//write the output html
echo "<tr><td bgcolor=\"".$bgcol."\">Your content goes here...</td></tr>";
//increment the counter
$counter++;
}The above code is merely to illustrate the idea behind alternating rows. I’ve used a very short conditional that checks if the current row is even or odd. Based on that result, it sets the background colour variable to either #ffffff or #ececec. Once the loop has run, the counter is incremented, and we start over.
By the way, the line:
$bgcol = ($counter % 2 == 1) ? "#ececec" : "#ffffff";
is equivalent to using:
if ($counter % 2 == 1) {
$bgcol ="#ececec";
}
else {
$bgcol = "#ffffff";
}Some extensions to make this code better are things like inserting real data (from a call to a database), replacing the table code with <div>’s, replacing the bgcolour values with a particular style class, and writing to a string/file/etc instead of echoing the results. Another cool thing (if in a user-based environment) is to add a subsequent if statement that checks to see if the row being processed matched the currently logged on user - this way you can show a user that the row in question belongs to them by defining a third bg colour and highlighting it differently to the rest.
A slightly more real-world example of how the code may look is:
$sql = "SELECT id, name, surname FROM person";
$result = mysql_query($sql);
$counter = 1;
while($row = mysql_fetch_array($result)) {
//set class
$classname = ($counter % 2 == 1) ? "dark-div" : "light-div";
//write the output html
echo "
<div class=\"".$classname."\">
<div>". $row['id'] ."</div>
<div>". $row['name'] ."</div>
<div>". $row['surname'] ."</div>
</div>";
//increment the counter
$counter++;
}And in next week’s issue, how to assemble a nuclear bomb from ordinary household items! 
Posted in General | 5 Comments »
