Matt Geri » Development

Get a query column value by index in Coldfusion

Matt — Mon, 07 May 2012 19:38:56 +0000

Just a neat little Coldfusion query tip that I found out today. If are are looking for a single column value in a Coldfusion query result set and you know what the number of the row (index) that the value resides in, then you can use the following code snippet it to fetch that column value.

Just change columnValue to the variable you want to set. queryName is name of your cfquery and columnName is obviously the name of the database column.

Find the last element of a PHP array within a loop

Matt — Sun, 06 May 2012 20:15:05 +0000

I see a lot of developers using a count to find out if they are at the last element of an array. Let’s look at a quick example:

I used to use this method extensively but recently started looking at alternative ways to solve this problem which uses less code. So far I have come up with the following:

 $a ) {
	if ( end( array_keys( $array ) ) == $key ) {
		echo "Last element";
	} else {
		echo "Just another element";
	}
}
?>

It’s much less code and functions beautifully. We can obviously assign the last array key outside the loop and store it in it’s own variable if we don’t want to do an end() lookup on the array_keys array on each loop through.

Location based content in PHP using IP addresses

Matt — Mon, 30 Apr 2012 18:40:48 +0000

With the internet being a globally accessible resource, there may come a time when you want to display different content to your website visitors based on their location. For instance, if you are a consultant you may want to display a US dollar hourly rate to people viewing your site from the United States and a euro hourly rate to those who are viewing your site from Europe. Doing this in PHP is rather easy, let’s look at how.

We’re going to base our script on IP addresses. It’ll involve looking up the visitors IP address and then matching it against a set of IP addresses specific to a country. Based on that we can easily show our visitor content that is locally relevant to them.

For the sake of simpleness, let’s build our application to detect if a visitor is from South Africa and then display a relevant message to them, otherwise we’ll display a generic message.

To start off, we need to build an array of IP ranges to match against. This method isn’t 100% fool-proof and in a real life application, if you are dealing with multiple countries or even provinces, I’d recommend that you use a location matching library like DeviceAtlas. But for a small application like ours, an array is perfect.

Here is the array with the IP address ranges for South Africa:

Before we go any further, we need to write a function to check if the IP address we have got from the visitors user agent is valid.

As you can see, we accept an IP address in our checkValidIP function. We then setup an array of invalid IP address (which are mostly local IP address ranges), run through them and if we find a match we return false i.e. it is not a valid IP address.

You will have noticed one important PHP function that was used in the code snippet. That is the ip2long function. It takes an IP address and converts it to the type of a long integer. We can then easily check if the IP address falls within the invalid range. We're going to use this function again below.

The next step is to fetch the IP address of the visitor and match it against our ranges array. Here is a small function that does exactly that.

 0 ) {
			foreach ( $ips as $i ) {
				if ( checkValidIp( trim( $i ) ) ) {
					$ip = $i;
					break;
				}
			}
		}
	}

	if ( ! isset( $ip ) ) {
		if ( checkValidIp( $_SERVER['HTTP_X_FORWARDED'] ) ) {
			$ip = $_SERVER['HTTP_X_FORWARDED'];
		} else if ( checkValidIp( $_SERVER['HTTP_FORWARDED_FOR'] ) ) {
			$ip = $_SERVER['HTTP_FORWARDED_FOR'];
		} else if ( checkValidIp( $_SERVER['HTTP_FORWARDED'] ) ) {
			$ip = $_SERVER['HTTP_FORWARDED'];
		} else if ( checkValidIp( $_SERVER['HTTP_X_FORWARDED'] ) ) {
			$ip = $_SERVER['HTTP_X_FORWARDED'];
		} else {
			$ip = $_SERVER['REMOTE_ADDR'];
		}
	}

	$ip = ip2long( $ip );

	foreach ( $ranges as $range ) {
		if ( ip2long( $range[0] ) <= $ip && $ip <= ip2long( $range[1] ) )
			return true;
	}

	return false;
}
?php>

In this snippet we check numerous user agent variables for the IP address to try and bypass proxies and weird browser behavior. Finally we run through our IP ranges and see if we get a match. If so, we naturally return true. Include this code in your project and then simply call the isSouthAfrican function and voila!

To test this code out, you'll need to use a proxy. Just do a Google search and you'll find thousands of international proxies that you can use. Change the IP ranges based on the country you want to check against.

You can download a full working version of the code here.

Blog design tip: add a link back to your websites homepage

Matt — Thu, 23 Feb 2012 18:55:49 +0000

This is more of a short rant with a tip at the end of it

There is nothing more annoying than visiting a blog, be it via Google, a twitter link or however you end up on the blog and browsing the blog and then deciding to view the company/product home page, only to find that you have to physically retype the URL bar and/or remove the ‘blog.’ or ‘/blog/’ piece to get to the home page.

I’ve noticed quite a number of popular blogs that don’t have a clear link back to the homepage. Some will have a small disguised link (usually on the sidebar of the blog) that is very difficult to find. Why make it so difficult for a visitor and/or potential customer to go to your home page.

This practice usually occurs a lot on 3rd party hosted blogs like WordPress.com, Blogger, Posterous, etc. I understand that it can sometimes be tricky to edit the blog theme and add that link, but it is vitally important. Pay someone to do it for you.

I’ve actually started to close the browser tab on a blog who does not link back to the homepage, even if I am interested in the product or service!

So take 5 minutes to quickly add a link back to your homepage.

How to add the TinyMCE editor to a WordPress meta box or plugin form

Matt — Tue, 07 Feb 2012 17:14:34 +0000

I’ve worked on a number of WordPress sites and custom plugins recently where I have needed to add the TinyMCE editor to a meta box that was added to a post type and/or a custom textarea fields in a plugin. Pre-WordPress 3.0 this was quite difficult and required a bit of hacking, but luckily since WordPress version 3.0 they have made it extremely easy.

In WordPress 3.0 a new function was introduced called ‘wp_editor()‘. This function allows us to easily add a the TinyMCE editor to our meta box or plugin.

The wp_editor() function gives us quite a bit of flexibility through its parameters. Let’s take a quick look at an example of adding an editor to a meta box. I’m going to skip out the part where we define the meta box and skip directly to the function which outputs our meta box content.

Content';
	wp_editor( '', 'content-id', array( 'textarea_name' => 'content', 'media_buttons' => false ) );
}
?>

Simple as that. You can also use this in your plugin. Just insert the wp_editor() function where you want a textarea to display on your admin page.

Check out the wp_editor() page in the WordPress codex for extra parameters you can pass the function. You can also set TinyMCE settings using the ‘tinymce’ parameter. For instance, let’s look at a quick example where we define what formatting options we want displayed and add a spellchecker to the TinyMCE editor.

 'content', 'media_buttons' => false, 'tinymce' => array( 'theme_advanced_buttons1' => 'formatselect,forecolor,|,bold,italic,underline,|,bullist,numlist,blockquote,|,justifyleft,justifycenter,justifyright,justifyfull,|,link,unlink,|,spellchecker,wp_fullscreen,wp_adv' ) ) );
?>

Just one small thing!

Unfortunately, the editor cannot be moved around the DOM which means the editor will not work if you move the meta box. There is discussion around this on trac where a few proposed solutions are put forward, such as static meta boxes that cannot be dragged, but as it currently stands, there is no work around for this.

This only effects meta boxes though and not plugins.

Quick tip for WordPress developers: Use the WP_DEBUG constant

Matt — Fri, 03 Feb 2012 12:24:06 +0000

Over the past few years I have worked with many different WordPress plugins and themes, both on my own websites and on my clients websites. During this time, I have noticed something that a lot of developers are doing that they shouldn’t be doing. I’m talking about developers not using the WP_DEBUG constant when building their plugins and themes.

I was guilty of this before as well. I never used it mostly due to ignorance and not knowing what it does. I discovered it when I was working on a client website who had it set to true in their live environment (not a good idea) and their website was throwing tons of PHP errors.

What does the WP_DEBUG constant do?

WP_DEBUG is a simple flag that tells WordPress you want to debug your code and that PHP errors should be displayed. If it is set to false, WordPress will suppress many of those PHP errors (such as undefined index’s) and you will never know that they exist – That is until you look at your web server logs and see all the errors showing up.

The WP_DEBUG constant can also be very useful. Let’s use analytics as an example. In your development environment you do not want to track analytics. Debug should always be set to true in development environments so lets assume that it is. To stop the analytics script from collecting data (running the analytics script), you can use this code:


// Display analytics code in your theme

If you constantly turn the WP_DEBUG flag on and off in your development environment, then I recommend creating a new constant called WP_DEV in your wp-config.php file to get the above code to work.

You’d be very surprised to see how many of the popular plugins actually have basic PHP errors in them such as undefined indexes. Install a couple plugins, turn the WP_DEBUG flag on and see for yourself.

As mentioned above, you should set WP_DEBUG to false in any live environment.

Symbolic links on a Mac (OS X)

Matt — Mon, 23 Jan 2012 15:11:31 +0000

If you are a developer and have not come across symbolic links before, then you need to read this blog post. Symbolic links are extremely useful if you hate copying and pasting duplicate files and folders in different places/projects.

So what exactly are they? Simply speaking, they are a virtual link or shortcut between a file or folder from a different file/folder location.

So for instance, I have a project that I am working on in a directory called ‘Example-Project’ that lives in a ‘Projects’ directory. Let’s say that this is a WordPress site. Now, I also have a plugin that I have written called ‘Display-Latest-Posts’ and this plugin also sits in the main ‘Projects’ directory. Now, I want to use this plugin on the Example-Project site.

There are two ways in which we can do this

Copy/Paste the plugin files from ‘Display-Latest-Posts’ into ‘Projects/Example-Project/wp-content/plugins/’
Create a symbolic link

The problem with method number 1 above, is that if I change some code in the ‘Display-Latest-Posts’ plugin, I have to go and copy/paste the files I changed back into the ‘Example-Project’ folder. Now imagine that you have the plugin running on a number of sites in your development environment. That could take a while.

Introducing symbolic links

Symbolic links solve the problem that I just mentioned. When you create a symbolic link in a folder, any changes to the files in the original folder will be reflected in the linked folder, since the linked folder is actually just a reference/shortcut of the original folder. It is not two separate folders.

To create a symbolic link, open terminal and type the following:

ln -s /Path/to/original/folder New-folder-name

So in our example above, we would have created the following symbolic link:

ln -s /Projects/Display-Latest-Posts /Projects/Example-Project/wp-content/plugins/Display-Latest-Posts

The symbolic link is now created between those two folders and our plugin will now be working in our Example-Project site.

Symbolic links are really easy to use and can save you tons of time. Give them a try.

How to ignore WordPress pagination and display all posts on a page

Matt — Thu, 19 Jan 2012 14:20:53 +0000

There are times when you want to display a list of WordPress posts (or even custom post types) on a page and not have them paginated into multiple different WordPress pages. For example, you may be creating an archive page and instead of showing just the latest 10 posts in your category, you want to show the whole list of posts in that category.

I recently come across this challenge when building the theme for this site and it is actually very easily overcome. You just need to add a little bit of PHP code to your theme file.

Let’s assume we are working on an archive page (archive.php in WordPress). In that file you have your standard WordPress loop which will display the latest 10 posts (or however many you have set to display per page in your WordPress settings). So we have something like this…

Now, to avoid showing just the latest 10 posts, we need to do this

Simple enough. All we added was 3 extra lines of code.

Firstly, we reference the $query_string global so that we can use it in the code. Then we use the existing query string that was set to fetch the posts and add an extra parameter to the end of the query string called “posts_per_page” to display a custom number of posts, in this case we use -1 to display all posts. And lastly, we reset the query after we are done.

Escaping input to the PHP mail() function

Matt — Sun, 15 Jan 2012 20:31:50 +0000

I recently built my email contact form on this website and thought I would share with you the method which I used to escape input to the PHP mail() function in order to avoid security vulnerabilities on your own contact form. You may think that the mail() function is a relatively safe function and data does not need to be cleaned, but quite the opposite is true. Lets quickly take a look as to why this is.

I am going to assume that your contact form on your website accepts a name, a persons email address and a message that they want to send to you. Lets also assume the contact form does a HTTP POST request to your page and we fetch the data that was sent with the following variables: $_POST['name'], $_POST['email'] and $_POST['message'].

Now our code looks something like this:

\r\n";
	mail( "you@yourdomain.com", "Message from our contact form", $_POST['message'], $headers );
}
?>

This is obviously a very simplified version of a script you would actually use. It doesn’t take into account validation etc. So, it looks pretty harmless doesn’t it? Well it’s not. And the reason for this is what if a user (read: spammer) entered the following in to the ‘email’ form field on your website

>\r\nBcc: spam@anotherdomain.com, spam2@anotherdomain.com, etc...

As you can see, a spammer could easily use your contact form and server to send out spam emails to anyone he/she pleases by manipulating your email form field.

How do you combat this behavior and secure your form? It’s actually pretty easy. You need to escape any data going into your email header variable. In our case it is the name and email field. Lets look at two functions (from Zend) that will do the escaping for us.

// Filter Name
function filter_name( $input ) {
	$rules = array( "\r" => '', "\n" => '', "\t" => '', '"'  => "'", '<'  => '[', '>'  => ']' );
	$name = trim( strtr( $input, $rules ) );
	return $name;
}

// Filter Email
function filter_email( $input ) {
	$rules = array( "\r" => '', "\n" => '', "\t" => '', '"'  => '', ','  => '', '<'  => '', '>'  => '' );
	$email = strtr( $input, $rules );
	return $email;
}

// Your $header line now becomes
$header = "From: " . filter_name( $_POST['name'] ) . "<" . filter_email( $_POST['email'] ) . ">\r\n";

Those are 2 very straight forward functions that will escape your form input and remove the risk of someone using your contact form for spamming. There are a few other functions that have been written that basically do the same thing, but I like the two above.

That’s about all there is to it. Simple but effective functions for escaping input to the PHP mail() function.

WordCamp Cape Town 2011 slides

Matt — Fri, 16 Sep 2011 14:32:03 +0000

I just got back yesterday evening from WordCamp Cape Town 2011. This years WordCamp was organized by Ashley Shaw and his team at LightSpeed. It was definitely one of the better run conferences that I have been to and I learned a ton.

I gave a talk on using WordPress as a mobile publishing platform. Below are my slides from the talk. Unfortunately, I didn’t use many bullet point lists in my preso but if you want to read my notes from each slide, do so on the actual slideshare page for this presentation.

Hopefully we will be getting the videos from the sessions shortly and as soon as I do, I will post up the video from my talk.

WordPress as a mobile publishing platform