My proposal for the php|tek 2006 conference have been approved, which means that I'll be flying to sunny Florida this spring. Given the gloomy weather here in Toronto, it certainly sounds like a lot of fun. On the conference's agenda I have just two items this time; I will be giving an introductory talk on PDO that should be of interest to anyone writing new PHP applications that utilize databases. The other item is a seminar on PHP Security, which will cover web security topics from the ground up, with the focus on web applications designed in PHP. Aside from my own talks, Marco has collected an impressive array of speakers with notables such as Rasmus, Marcus, Derick, John, Sara (who I've never met in real life ;-)) and many others. So if you need to get away from the day to day drudgery and learn something about PHP in the process, this a conference you don't want to miss!

Chris has written a compelling piece about how the use of addslashes() for string escaping in MySQL queries can lead to SQL injection through the abuse of multibyte character sets. In his example he relies on addslashes() to convert an invalid multibyte sequence into a valid one, which also has an embedded ' that is not escaped. And in an ironic twist, the function intended to protect against SQL injection is used to actually trigger it. The problem demonstrated, actually goes a bit further, which even makes the prescribed escaping mechanism, mysql_real_escape_string() prone to the same kind of issues affecting addslashes(). The main advantage of the mysql_real_escape_string() over addslashes() lies in the fact that it takes character set into account and thus is able to determine how to properly escape the data. For example, if GBK character set is being used, it will not convert an invalid multibyte sequence 0xbf27 (¿’) into 0xbf5c27 (¿\’ or in GBK a single valid multibyte character followed by a single...

This morning I've released PHP 5.1.2 , which is a culmination of about 3 months work by PHP developer community. Big thanks to all the developers who have spent the time to make this release possible. This release combines some new features, a fair number of bug fixes and even addresses a few security bugs. If you are using PHP 5, this release is definitely worth upgrading to. The major changes can be found in the release announcement, while if you want to read the entire changelog, you can find it here. Surprisingly enough unlike most PHP release this one was actually right one time and followed the release plan I've made to the letter, hopefully this is something we can keep up. A little bit of trivia, PHP 5.1.2 is my 12th PHP release, which coincidentally was released on January the 12th ;-)

The second and final RC of 5.1.2 was packaged today and is now available for download. This has been a purely bug fix RC that addresses a number of crash bugs and does a bit of further tweaking on the date functionality. Please test it as much as you can, since pending any major problems this becomes the final release on January 12th. The sources can be downloaded from: http://downloads.php.net/ilia/php-5.1.2RC2.tar.bz2 0a24a22552ae966afa3e0f3da2f1c47d http://downloads.php.net/ilia/php-5.1.2RC2.tar.gz 7aee42982a8a16a0d600e1ef46dadec6 Win32 binaries should be available shortly from http://downloads.php.net/ilia/ as well. If you know of any regressions introduced by this release, please let me know.

Just finished packaging Fileinfo 1.0.3 that finally builds on both PHP 5.1 and 5.0 properly. You can download the new version by running "pecl install fileinfo" or download the tgz file from here. I've also made the release of GDChart 0.2 that is nearly a complete rewrite of the extension, originally written by Rasmus that allows it to work with PHP 5.1. This extension wraps around the bundled gdchart library and allows you with just a few lines of code draw 20 different graphs types. Like all pecl extensions it can be installed by running "pecl install gdchart" or you can download the tar ball from here. Since at the moment there is no documentation for the extension, here are a few examples of its usage: Line Graph: [php] $g = new GDChart(GDChart::LINE); $g->addValues(array(2.5, 5.1, 8.6, 12.0, 15, 9, 8, 7)); $g->addValues(array(5.0, 8.0, 9.2, 10.2, 7, 8, 10, 9)); $g->addValues(array(8.0, 10.0, 14.0, 18.2, 16, 14, 12, 10)); $g->setLabels(array("Jan","Feb","Mar","Apr","May","Jun","Jul", "Aug")); $...