About the Author

Chris Shiflett

Chris Shiflett is an author and speaker who leads the web application security practice at OmniTI.

PHP Magazine December Issue

PHP Magazine just published their December issue. The cover article is an introduction to design patterns by Robert Peake. My column, Guru Speak, discusses the interesting things you can do with output buffering.

My favorite output buffering trick isn't really a trick at all - it's a relatively new (PHP 4.3+) function called output_add_rewrite_var(). This function makes the otherwise tedious chore of rewriting URLs very easy. For example, if you decide you want to propagate an auth token to strengthen your session mechanism, it's very easy:

<?php 
 
output_add_rewrite_var('auth''412e11'); 
 
?>

Here's a larger example that demonstrates what this does:

<?php 
 
output_add_rewrite_var('auth''412e11'); 
 
?> 
<a href="link.php">Click Here</a> 
<form action="form.php" method="POST"> 
<input type="submit" /> 
</form>

PHP propagates the auth token in both the link and the form:

<a href="link.php?auth=412e11">Click Here</a> 
<form action="form.php" method="POST"> 
<input type="hidden" name="auth" value="412e11" /> 
<input type="submit" /> 
</form>

About This Post

PHP Magazine December Issue was posted on Fri, 02 Dec 2005 at 16:46:00 GMT.

3 Comments

1. Matthew Weier O'Phinney's GravatarMatthew Weier O'Phinney said:

I wish I'd seen that one earlier... I had to do something like that for a client last year, as they had some specific session handling stuff they were handing off to us that we needed to retain. I figured out a solution, but it wasn't optimal.

Nice pointer.

Fri, 02 Dec 2005 at 19:11:17 GMT Link

2. Kick The Donkey's GravatarKick The Donkey said:

Do you have be using output buffering to use that function? The documentation is unclear...

Sun, 04 Dec 2005 at 01:53:33 GMT Link

3. funkatron's Gravatarfunkatron said:

Donkey, it looks like there's an implicit ob_start when you call this function. Also note that this function only modifies URLs that don't contains a protocol://domain, so if you use "full" URLs within your app, this won't work.

Sun, 04 Dec 2005 at 05:13:55 GMT Link

Post A Comment

Personal Details and Comment

Style Guide

Line breaks are converted to paragraphs. Also use:

  • <a href="" title="">text</a>1
  • <em>text</em>
  • <blockquote><p>text</p></blockquote>
  • <code>2  <?php  if ($foo) {      $foo = TRUE;  }  ?></code>
  1. Note: <code> can be used inline (e.g. in paragraphs) or in a block as shown. Include whitespace and newlines in blocks.

Please enter Chris (my first name) below. This is a primitive spam prevention technique, and I apologize for the inconvenience.

Preview and Submit

Upcoming Talks

O'Reilly Open Source Convention

21 - 25 Jul 2008

At Oregon Convention Center, Portland, Oregon.

ZendCon

15 - 18 Sep 2008

In Santa Clara, California.

PHP Appalachia

11 - 14 Oct 2008

At Big Bear Lodge, Gatlinburg, Tennessee.

New Comments

Amir wrote:

Hi chris! Please check this and guide me: http://forums.devnetwork.net/viewtopic.php?f=34&t=8...

Posted in
Nathan Bentley wrote:

Hi Chris, A great tutorial, which should help a lot of people! We implemented something simil...

Posted in
Daniel S wrote:

Just recently I sold my 1.gen Macbook(core duo version). And to be honest, I don't miss it for on...

Posted in Top X List of Mac OS X Annoyances
Buke Beyond wrote:

I agree it is ridiculous that php is doing this. I am using php for generating commands for othe...

Posted in PHP Stripping Newlines
Davis Ford wrote:

I agree, although I have a list of many more annoyances. However, rather than complain about the...

Posted in Top X List of Mac OS X Annoyances

Browse Comments