Arrays do violate normalization; in my experience with internationalization databases I’ve found that having a the phrases normalized is the best design,

I allows you to easily make wholesale copies of rows – for instance ‘es’ to ‘es-mx’ or ‘en’ to ‘en-US’, ‘en-GB’, and my favorite: ‘xx-piglatin’. In an array schema, you would either have to re-write every record or add complex parsing or use something more complex than arrays, like XML.

It is relatively easy to use LEFT JOINs for find untranslated phrases for work and also to use COALESCE to return a default so the program remains usable even if the phrase is not translated.

I’ve tested all exploits I know on HTML Purifier and it did very well. It filters not only HTML, but also CSS and URLs.

Once you narrow elements and attributes to innocent ones, the pitfalls are in attribute content – javascript: pseudo-URLs (IE allows tab characters in protocol name – java script: still works) and CSS properties that trigger JS.

Parsing of URLs may be tricky, e.g. these are valid: http://spoof.com:xxx@evil.com or //evil.com. Internationalized domains (IDN) can be written in two ways – Unicode and punycode.

Go with HTML Purifier – it has most of these worked out. If you just want to fix broken HTML, then use HTML Tidy (it’s available as PHP extension).

I used HTML Purifier with success and haven’t had any xss or other unwanted input filter through. I also run the sanitize HTML through the Tidy extension to make sure it validates as well.

Look at SuperTab for making tab-autocompletion in Vim a bit easier to use than the standard bindings. You may also want to look into ctags, if you’re into code indexing. Google “php vim ctags” and you’ll see plenty of articles describing how to set it up.

The official Vim Wiki has a PHP section with some good tips, like integrating the official PHP documentation.

You don’t necessarily need to use SVN to deploy the files to the server. Keep using FTP for that and just use SVN for revision history.

For quick updates I just run svn update from the server.

Sometimes for really really quick updates I edit the files using vim and commit them from the server.

It’s not very proper, but quick and quite reliable.

A session in PHP has the purpose of preserving some state over several requests, since HTTP in itself is stateless. To get a session from PHP, simply request a php page that starts a session, and keep the cookie you get back for subsequent requests.

Starting a session in php is simple – call the session_start() function. That function will resume an existsing session if the cookie exists in the request. When the session is started, persistent variables can be set using the superglobal array $_SESSION. It’s a good idea to store a ‘is logged in’-token there =) To end the PHP session, set $_SESSION to array(), so that the token is destroyed.

Session management changed some time back (I think it was around 4.4). The old mechanism still works, but is deprecated. It’s rather confusing, so I recommend staying clear of it. Today, you use sessions by accessing the global variable $_SESSION (It’s an array). You can put object instances in there, but you need to load the class definitions for those objects before starting the session on the next page. Using autoload can help you out here.

You must start a session before you can use $_SESSION. Since starting the session sends headers, you can’t have any output before. This can be solved in one of two ways: Either you always begin the session at the start of your script. Or you buffer all output, and send it out at the end of the script.

One good idea is to regenerate the session on each request. this makes hijack much less likely.
That’s (slightly) bad advice, since it can make the site inaccessible. You should regenerate the session-id whenever a users privileges changes though. In general that means, whenever they log in. This is to prevent session-fixation (A form of session-hijacking). See this recent thread @ Sitepoint for more on the subject.

Using cookiebased sessions only is OK, but if you regenerate session id’s on login, it doesn’t add any additional security, and it lowers accessibility a bit.

You can store PHP sessions in database, as described in this book. I have used this method and I find it secure and easy to implement, so I would reccomend it.

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident.

#activate_pack, .topic-pack {
    background-color: #1ABC9C;
    color:#fff;
    padding:10px 20px;
    cursor:pointer;
    display: inline-block;
}
.knowledge .breadcrumbs {
    background-color: #00a4ef;
    color: #ffffff;
    height: 70px;
    width: 100%;
}

Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident.
Thanks

Use eval :

userInput = 'hi'
hList = [2, 5, 3]
iList = [6, 6, 2]
userInputLen = len(userInput)
for i in range (0, userInputLen):
    for objects in eval(userInput[i] + 'List'):
        print(objects)

Without eval,userInput[i] + ‘List’ is a string;with eval,it points to a variable called hList or iList.

see also: https://bdhacker.wordpress.com/2010/02/27/python-tutorial-dictionaries-key-value-pair-maps-basics/

userInput = 'hi'
lists = {}
lists['h'] = [2, 5, 3]
lists['i'] = [6, 6, 2]
for i in userInput:
    for objects in (lists[userInput[i]]):
        print(objects)

You call your friend again for the same reason. But this time you tell him that you are in a hurry and he should call you back on your mobile phone. You hang up, leave the house and do whatever you planned to do. Once your friend calls you back, you are dealing with the information he gave to you.

That’s exactly what’s happening when you do an Ajax request.

findItem(function(item) {
    // Do something with item
});
doSomethingElse();

Instead of waiting for the response, the execution continues immediately and the statement after the Ajax call is executed. To get the response eventually, you provide a function to be called once the response was received, a callback (notice something? call back ?). Any statement coming after that call is executed before the callback is called.

A year or two back, I played around with using BlueTOC (formerly PhpTocAim) to work with AIM. It should support everything from sending / receiving messages to status updates and changing your profile. I’m not sure if its very actively maintained anymore, but it’s worth checking out:

http://www.phpclasses.org/browse/package/1706.html

or google Search for “bluetoc”

You probably want the Web AIM Server API; it looks like you can set the AIM status through authenticated HTTP calls, among many other things. Should be language-independent; in PHP you could use the cURL library, for instance. I’ve never used it personally, though.