Just a few days ago, at the eZ publish conference 2006, we had the very first eZ awards night.

The eZ awards is a prize awarded by eZ systems during its annual conference to give special recognition to key people within the eZ ecosystem.
It was a great show, the winners were overwhelmed and the audience had a lot of fun celebrating.

Check out the eZ awards pages and you can tell from the pictures how great an event this was.

On the Zend Developer Zone, there's this new interview with Drew McLellan talking about the newly released version of his hkit toolkit for microformats. Cal Evans got a chance to catch up with him and ask a few questions.

Among the questions he asked were:

• Start us off by giving us a short primer on exactly what Microformats are.
• So is there really any difference between a microformat and just a bunch of semantic class names?
• So does the W3C officially support microformats?
• Being a developer I'm always curious as to motive. Why did you build hKit?
• What resources do you recommend to someone just learning about microformats?

Of course, to get the answers to these and many more of the questions Cal asked, you'll have to check out the interview yourself!

On PHPBuilder.com today, there's a new tutorial that looks at a method to protect your PHP applications with the filters the Open Web Application Security Project provides.

OWASP (Open Web Application Security Project ) released a top ten list for web application security vulnerabilities in 2003 and 2004; you can find the latest information about their Top Ten Project here.

Most of the top ten vulnerabilities including (A1) Unvalidated Input, (A2) Broken Access Control, (A4) Cross Site Scripting (XSS) Flaws, and (A6) Injection Flaws, can be avoided by using these filters.

They walk through the installation before talking about the types of filters at your disposal - paranoid, SQL, system, HTML, int/float, UTF-8, and LDAP. The check() function looks at the inputted value to see if it passes the test (the other option the function takes).

They also give an example of combining filters as well, making more secure validation even easier.

Aaron Wormus has posted some great historical notes from back in 2002 looking at the state of PHP content management systems, most of which forked off of PHPNuke.

I was just browsing through my OLD advogato profile and thought I would link to these two posts (from mid 2002) which talk about one of the many CMSs which forked off the original PHPNuke code base.

Part one talks about the split between Postnuke and PHPNuke as well as what some of the differences are. Zope is also mentioned.

In part two, he notes a bit of a change in his thoughts on Postnuke (related to a change in the code for a templaing engine).

It's interesting to look back and see how far some projects have come...

Okay, show of hands out there - who else is tired of the boring old car analogies when it comes to talking about object-oriented programming in PHP? I have to admit; even I got a little sick of reading them after a bit. It seemed like there wasn't much originality behind them, and several of them just assumed that you understood what "$this->car_name" was.

So, here we go with something a little bit different - hopefully it'll turn out to be something useful for all of you developers out there trying to wade through the wide world of object-oriented programming with PHP.

Read on for the rest of the tutorial!

Markus Wolff takes a look at a part of the setup surrounding the Zend Framework in this blog post today - the Framework's CLA.

Contributors to the Zend Framework must first sign a Contributor License Agreement (CLA) before they're allowed to commit anything. This is claimed to make the Zend Framework "IP clean", so big corporations have no problem adopting it.

I've never believed in this proclaimed need of being "IP clean". Maybe that's because stealing someone's proprietary code never came to mind - am I just to good a person? However, in a world where in certain strange countries (I won't drop any names here) you can actually patent software - or worse, ideas - it is increasingly difficult to write a single line of code that you can be sure of not violating anyone else's so-called intellectual property.

He quotes from the CLA's FAQ on the Framework site about the protection this CLA offers to both the Framework and to the developers that contribute to it.

His rebuttal is one of "how can this be enforced?", which, of course, he realizes is just not possible. He casts a "marketing first" light on the CLA, suggesting that it's just a way to help sell it to corporations.

Every web developer I know wants to find ways to speed up their application. In fact, some go so far as to worry if double-quotes are slower that single quotes overall - more often than not, it just doesn't matter. Instead, they should be looking to other things, things like the applications are are running things behind the scenes. Jo Brunner knows this, which is why this new post has been made on the ThinkPHP blog today - a look at caching content to help de-stress your server.

The method I would like to describe is based on the webserver lighttpd. Lighttpd is a single process webserver written for high traffic sites. It supports fast-cgi out of the box which makes it ideal for hosting PHP applications.

n the scripting world, a common way to optimize the response time of an application is often as follows: the application by itself saves every page result (or fragments) into a cache file before delivering. The next time a routine has to check whether it could output cached content or not. The cache has to be rebuild periodicaly or when the application updates some data entries - it deletes cache files - and generates them again.

But there is a bottleneck: every time the webserver gets a request it has to start the application - even there are no changes made on the data in the background. t would be nice if cached files could delivered as static content. But the question is: how can a webserver decide if a cache file is outdated without involving the application!

So Jo proposes an alternate solution - using a combination of lighttpd, MySQL, and PHP as fast-cgi to lighten the load. Code/configuration examples are included, and all of the complimentary modules needed are linked to as well. There's even a sample PHP application to help illustrate the point.

On the Zend Developer Zone today, Cal Evans has posted his own review of the O'Reilly book "Learning PHP & MySQL" (by Michele E. Davis and Jon A. Phillips).

Learning PHP & MySQL by Michele E. Davis and Jon A. Phillips is targeting graphic designers, Flash developers and others who build web sites but want to know more about the programming side of things. It assumes a basic knowledge of HTML and the web in general. There's really nothing in this book that anyone with an interest in programming and access to a computer couldn't use to expand their skills a bit.

He goes on to talk about what the book contains (and what it doesn't) and some of his inital impressions about the level of content ("There's really no need to show us a graphic of the Apache EULA screen. Just tell us to 'Install Apache by following the on-screen instructions.'").

He reiterates how basic the level of the book is by mentioning the introductory chapters on PHP, MySQL, and using them together. Of course, from there, the topics do get a bit harder - security, PEAR, regular expressions, etc. The book rounds itself out with a sample app - a blog.

Obviously, this is just a basic summary of what Cal has said, so be sure to check out the rest of the review.

In this new tutorial from PHPit.net today, Dennis Pallett talks about using globals in PHP, desscribing what they are and how to use them.

Whenever you're developing a new large-scale PHP script, you're bound to use global variables, since some data needs to be used by multiple parts of your script. Good examples of global data are script settings, database connections, user credentials and more. There are many ways of making this data global, but the most commonly used way is to use the global keyword, which we will explore later on in this article.

It's good that he mentions right from the start that most global data is a bad idea, and can really start to clutter up an application. He does help the reader prevent this, though, through the use of a few handy techniques (and design patterns).

He looks first at the "global" keyword and its use, followed by three reasons that it's not all that favorable to use. He gives other options for the "just make it global" thinking, including passing the values in function calls, passing by reference, and using the Singleton and Registry patterns to contain things a bit more. He even includes a wrapper for the registry to handle the only other globals left - the superglobals - with the same registry functionality.