This website uses cookies and similar technologies to understand visitors' experiences. By continuing to use this website, you accept our use of cookies and similar technologies,Terms of Use, and Privacy Policy.

Jing Luo
Jan 28 2012 - 12:02 PM
Share
Several useful techniques in web development
I learned some interesting techniques while working on the Survey Sidekick project, and I would love to share with you guys. I hope these will be useful and helpful to you: In PHP development, I found several techniques: 1. Calling magic: If a class implements __call(), then if an object of that class is called with a method that doesn't exist __call() is called instead. Example: (found in Survey SideKick\Models\AppModel.php.__call) /* function __call($method_name, $method_args) { return call_user_func_array( Array($this->dbms, $method_name), $method_args ); } */ 2. Managing magic quotes(a big hole in PHP) In PHP, the magic_quotes state could be turned on. When magic_quotes are on, all ' (single-quote), " (double quote), \ (backslash) and NUL's are escaped with a backslash automatically. The fact that the Magic Quotes settings can be turned on and off is a major problem. If it were either always on or always off, the problem would not be as severe.So it is crucial for application developers to know whether magic_quotes_gpc or magic_quotes_runtime are turned on when coding. In Survey Sidekick\lib\Controller.main, it lists a good way to check magic_quotes state: # if the system admin has turned on magic quotes, disable them /* if( get_magic_quotes_gpc() ) { $_REQUEST = stripslashes_deep($_REQUEST); $_POST = stripslashes_deep($_POST); $_GET = stripslashes_deep($_GET); $_COOKIE = stripslashes_deep($_COOKIE); } */ 3. Yet Another Framework(Yaf) The Yet Another Framework(Yaf) extension is a PHP framework, used for developing web application, It provides OO interfaces to PHPer for developing web application. #################################### One interesting technique I found in django part: ##################################### Cross Site Request Forgery protection (CSRF): The CSRF middleware and template tag provides easy-to-use protection against "Cross Site Request Forgeries". This type of attack occurs when a malicious Web site contains a link, a form button or some javascript that is intended to perform some action on your Web site, using the credentials of a logged-in user who visits the malicious site in their browser. A related type of attack, ‘login CSRF', where an attacking site tricks a user's browser into logging into a site with someone else's credentials, is also covered. In django you can you csrf token to implement that technique: In any template that uses a POST form, use the csrf_token tag inside the
element if the form is for an internal URL, e.g.: {% csrf_token %} For the details, you can take a look at the django website:https://docs.djangoproject.com/en/dev/ref/contrib/csrf/ Hope those will be helpful during your development!
Posted in: Work ProgressResearch Digest|By: Jing Luo|1645 Reads
Search