I don’t know about you but my fingers get tired of escaping output by typing the long-winded htmlspecialchars($str, ENT_QUOTES, 'UTF-8'); over and over again in small PHP projects that don’t need a full-blown framework with automatic output filtering (e.g. CodeIgniter). No matter how small your project is though filtering your output is extremely important so that you prevent malicious users from executing XSS (Cross-Site Scripting) JavaScript code.

So I decided to give my fingers some relief and finally write a short little helper function and share it. See the code and example in the gist below.

In various projects in the past I’ve had to revisit the topic of data encryption and decryption and the best way to accomplish it. In the interest of developing in the simplest, most efficient, and most secure way I have choosen the MCrypt PHP library (built-in to PHP since v4.0.2), Rijndael-256 (AES) cipher, and the Cipher Block Chaining (CBC) mode.

Previously I have used the Electronic CodeBook (ECB) mode, but have learned that it is far less secure than CBC because it creates the same hash every time for the same source data. CBC on the other hand creates a unique hash every time even for the same source data.

Anyways, here are my revised encrypt/decrypt functions with support for all PHP data types.

Note: If you are not running PHP 5.3+ then you may need to replace MCRYPT_DEV_RANDOM with MCRYPT_RAND.

One of my favorite functions of the WordPress editor is now the automatic embedding of video and other rich media by simply putting the URL on it’s own line. Really, it’s amazing!

Here is my rip of the WordPress code (found in the WP_Embed and WP_oEmbed classes) and assembled into a class named AutoEmbed.

It supports the following services (according to the WordPress Codex):

• blip.tv
• DailyMotion
• Flickr (both videos and images)
• FunnyOrDie.com
• Hulu
• Instagram
• Qik
• Photobucket
• PollDaddy
• Revision3
• Scribd
• SlideShare
• SoundCloud
• SmugMug
• Twitter
• Viddler
• Vimeo
• YouTube (only public and “unlisted” videos and playlists – “private” videos will not embed)
• WordPress.tv (only VideoPress-type videos for the time being)

You can get the “gist” of it by looking below; the example is followed by the class definition.

In today’s quick tip screencast you’ll learn how you can profile a PHP application, such as WordPress, using Xdebug and WinCacheGrind on XAMPP for Windows.

View Screencast

Enabling Xdebug on XAMPP for Windows

To enable Xdebug, modify the following settings in your php.ini configuration file:

• Uncomment the zend_extension = "\xampp\php\ext\php_xdebug.dll" line
• Set xdebug.profiler_enable_trigger = 1
• Set xdebug.profiler_output_name = "cachegrind.out.%u.%H_%R"

Save php.ini and restart Apache.

Resources

XAMPP for Windows
WinCacheGrind