I just got through reading the latest issue of php|architect - always a good read.
Sean starts by announcing the departure of Marcus Baker as a columnist. I've always enjoyed Marcus's perspective on things, primarily because it's different. Luckily, Sean follows this announcement with very good news - Jeff Moore is going to take over the column. I've been reading Jeff's blog for the past year or two, and I'm really looking forward to reading more from him in future issues.
Marco has an interesting article on applying the poka-yoke concept to input filtering and output escaping. (A poka-yoke is a behavior-shaping constraint.) A few of the principles he describes mirror design principles in one of the Zend Framework components, but more on that soon. :-)
In this month's Security Corner, I pull together a few topics I've been discussing in my blog, all related to character encoding:
- Google's XSS Vulnerability
- Google XSS Example
- The addslashes() Versus mysql_real_escape_string() Debate
I'm also announcing a short break from the column:
I want to give my sincere thanks to Ilia Alshanetsky, who has agreed to take over Security Corner for a few months. It has been my pleasure to be the author of this column for the past few years, and I hope a short break can give me renewed enthusiasm and a fresh perspective. I also think it's valuable to hear from different sources of security expertise. Ilia is a well-known PHP expert and educator, and I'm confident that you'll learn a lot from what he has to say.