Pádraic Brady’s profile

An Irish PHP developer. Contributor to Zend Framework. Developer of Wibble, Mockery and MutateMe. Author of Zend Framework: Survive The Deep End.

Latest Comments


I think anyone who shares Hasin's views are being too demanding bordering on psychotic. I mean seriously... I consider myself an above average developer and I probably could not, on the spot, recite PHP's history in its totality. Same for Perl, Java, C, C++, Ruby, Erlang, Javascript, Cobol and any other language I've gotten around to learning (even that VB thing).

I am such a bad developer - please don't hire me because I'm not a history buff, and ergo I am obviously not worthy even if my skills are demonstrable and more than sufficient to do the job.

I will never ask who invented PHP of a candidate. I would hire them for demonstrating skill, not historical general knowledge for the annual pub quiz ;).

P.S. My blog was one of those offline recently. Back up now assuming the DNS has fully resolved globally over the weekend.

Posted in Who Created PHP?.

Mon, 19 May 2008 at 08:21:57 GMT


Twitter is kind of weird - it's not blogging, or IRC, or IM and there's little formalism. I do almost get it by now though - once you have a simple highly accessible method of posting short updates that everyone else may follow (or not) you certainly get to know what more people are up to and you interact more frequently than usual. It's quite a bit like overhearing a general conversation and having a new hearing post on the grapevine - something the blogosphere doesn't quite manage since blogs have a higher update cost.

It's also fun at time ;)

Posted in I Almost Get Twitter.

Mon, 15 Oct 2007 at 09:30:18 GMT


Similar experiences here. Well, I suppose most security conscious developers are aware security is an endemic in PHP. Whether its ignorance or not, I think a lot is simply developers unwilling to face the reality that there work is in some way vulnerable.

Have no idea how these were initially reported but maybe follow the carrot with a stick and set a reasonable timeframe for a fix to be implemented before making the fact such an exploit exists public knowledge? A month is too long, but a week?

Even if there's no intention of going public reasonably early with an exploit to a closed source service - the incentive would be that bit more powerful...;)

Posted in Security: Digg Versus Furl.

Wed, 15 Feb 2006 at 18:35:36 GMT


addslashes() is easier to type, but when you get to mysql_real_escape_string() you hit a small bump. What if you're using Postgres, or MSSQL, or SQLite, or...

It then needs some structure to determine, and that traditionally been a framework's job.

As for the other, well defense in depth would suggest filtering can fail, in which case a second layer of protection, even if currently reduntant, has a valid use.

I really don't see PHP developing too far from its current state - be better to have a framework to manage such unwieldy tasks in the style of Ruby on Rails (which did an amazing job for Ruby - probably because of the small user base not creating multiple alternatives).

Posted in PHP Security Architecture.

Sat, 28 Jan 2006 at 14:01:20 GMT


Yep, I was definitely not aware of the recommendation either. Was anyone? ;)

Using GET is so widespread though that its just assumed as acceptable practice - over time those assumptions outweigh a recommendation most developers are not aware of - afterall if everyone else is doing it... Sure it's no doubt technically wrong, but in reality its done. Can anyone foresee a sudden shift in the short to medium term? I doubt it very much. Instead developers will fight back with 403's or 401's left and right as a more immediate (and therefore realistic) workaround.

As for responsibility - it sucks, but its developers fault to a degree but...

Google should deal in reality - not wishful thinking.

Posted in Google Web Accelerator and PHP.

Wed, 25 May 2005 at 07:48:20 GMT


I have to agree that from a purely convenience perspective use of links to trigger an action just makes more sense then creating a form and button. It's simple, easy to do, and users are used to it (I assume).

Sure the world would be simpler if "recommendations" were followed, but in some cases convenience outweighs the scenic route of adding a form.

The point is that Google should have been aware that this recommendation was either a) not implemented in many applications (for whatever reason), or b) pretty obscure for most folk, so probably ignored.

Didn't they test this before going online? I know they had a good idea, but it's effects should have been easily forseen...

Posted in Google Web Accelerator and PHP.

Tue, 24 May 2005 at 17:57:08 GMT


  • Twitter: @padraicb
  • Location: Dublin, Ireland, Europe!
  • Joined: May 2005
  • Comments: 6