How To Install NPM on Mac OSX “Mountain Lion”

Installation of the Node Package Manager (NPM) on Mac OSX 10.8 can be tricky. Here’s what you need to do:

1) Open up a terminal
2) Type this and press ENTER:

Notice, it is https and not just http as most examples on the web show.
3) Enter your password for executing the sh command via sudo. Watch it magically install.
4) Enjoy npm and a cold refreshing beverage.

P.S. You will need npm installed in order to install LESS. To do that, there is one more bit of command line foo to execute:

Yii Framework .htaccess Issues Solution

Today I was setting up Yii for a project and had a major issue trying to get “pretty urls” to work. I followed the steps found in several places multiple times and was banging my head trying to figure it out. If the you can answer yes to these questions, this will probably help you too:

1) Do you have an .htaccess file in the same folder as your index.php filled with the default values as suggested by the documentation?

2) Do you have urlManager setup in your config/main.php with urlFormat = ‘path’ and showScriptName = false?

3) Do URL’s containing index.php work fine for you, but soon as you remove that bit, you get a 404 Not Found or 500 Internal Server Error?

After a long time trying to figure out the issue, I figured out that all you have to do is add a RewriteBase to your .htaccess file. Here is a copy of mine which works after struggling for more time than I’d like to admit:

For clarity, I’d like to go ahead and show you what my urlManager setup looks like as well:

Hope that helped you out! If not, feel free to ask questions in the comments below.

Autoloading with Zend Framework 1.11

I recently decided to take one of my Zend Framework applications and implement the autoloading performance gain suggested by the Zend Framework Manual. Turns out it’s pretty easy. Here are the steps to doing it:

1) First you will want strip out unnecessary require_once() calls

Open up a terminal window (in Ubuntu you press Ctrl+Alt+T). Type the following two lines replacing the path with your own custom path.

You will notice it is split into 3 lines using the backslash “”. That is fine, you can copy and paste that straight into your CLI. What it does is look through your files and comment out all require_once() calls. It will avoid replacing them in files that need them such as Autoloader.php and Application.php.

  Remember that depending on your system’s configuration and permissions, you may have to add the sudo command before the above command lines.

2) Require Zend_Application in index.php if necessary

The command above will end up commenting out the require_once() for Zend_Application() in your index.php file. If you bootstrap your application from there (I do) then make sure the file gets required. Here is an example of mine:

That’s it. If you run into any problems, drop a comment below and I’ll see what I can do to help.

You Are Vulnerable For SQL Injection

Do you use the mysql_* series of PHP functions? Then you are most likely vulnerable to SQL injection.

This is not because there is a flaw in those functions, rather they don’t particularly encourage or provide for proper handling of user input and database queries. In fact, according to the documentation: This extension is not recommended for writing new code. Instead, either the mysqli or PDO_MySQL extension should be used.
Have you ever done this?

If you have, then you have written code ripe for SQL Injection.  Suppose I place in the password field of the form: [ abc’ OR ‘1’=’1 ] (without the brackets). Then the password = ” part of the query turns into password = ‘abc’ OR ‘1’=’1′ which makes your application think it found a matching user (in fact it gets ALL users) due to the boolean logic of OR and will most likely allow them to be logged in. Either the username AND password match, OR if 1 is equal to 1 (which is always true).

There is a function to help alleviate this possibility: using mysql_real_escape_string(). But seriously, don’t even bother. You need to start using an extension that supports prepared statements / parameterized queries.

PDO to the Rescue!

PDO ( PHP Data Objects) provides abstracts your database interactions and currently supports (at the time of this post) twelve database drivers. It has the ability, and encourages use of, prepared statements:

The parameters to prepared statements don’t need to be quoted; the driver automatically handles this. If an application exclusively uses prepared statements, the developer can be sure that no SQL injection will occur (however, if other portions of the query are being built up with unescaped input, SQL injection is still possible).

Prepared statements are so useful that they are the only feature that PDO will emulate for drivers that don’t support them. This ensures that an application will be able to use the same data access paradigm regardless of the capabilities of the database.

Here is another example of using PDO:

Prepared statements are also possibly using the mysqli extension, but that locks you in to using MySQL database. The beauty of PDO is if later down the road you choose to migrate to PostgreSQL or SQL Server, for example, it’s a matter of changing your connection settings. The rest of your code stays the same.