11 Websites Where You Can Find Code Snippets

Time saving practices are very useful for developers. When you're writing thousands of lines of code, cutting a few corners is nothing to be ashamed about. This is where code snippets come in. In fact, often you can use code snippets to add that one element to your program which was otherwise missing. They usually come from users and other developers themselves, which makes them tried and tested practices. Here are the top 11 places where you can find this resources.

1. CSS Deck

This is one of the best websites for getting code snippets. You can find snippets on HTML and CSS on this website and can also submit your own creations to them.

2. CSS-Tricks

This is a popular source for finding code snippets on JavaScript, CSS, jQuery, HTML, PHP, CSS, HTAccess and WordPress. As with the website above, you can submit your own snippets to this website too.

3. Snipplr

This website allows you to view code snippets with or without registration. You can find snippets on JavaScript, Ruby, HTML, PHP, CSS, Ruby and other languages.

4. DZone Snippets

This is a community website meant for developers, which has a separate section for code snippets. It allows you to add your own snippets and add tags to them if you have an account.

5. Joyent Code Snippets

Add snippets, tag them, view snippets submitted by others and browse through snippets based on tags or users.

6. WpRecipes

This is a website where WordPress developers can find useful code snippets for their projects. You can find snippets for various purposes.

7. Smipple

This is a website for users to share their code snippets with each other. You are allowed to tag snippets for future use and submit your own snippets using just your Google account. You can also browse through popular snippets with or without an account.

8. PHP Snips

As the name suggest, this website focuses on code snippets for PHP developers. You have to create an account if you want to share your own snippets on the website.

9. Codes PHP

This is another website for finding useful code snippets in PHP. In addition, it also contains snippets for MySQL, PHP frameworks and WordPress.

10. Snipt

You can submit your own snippets and add tags to them on this website. In addition, you can also browser through snippets through tags and easily embed them when needed.

11. DevSnippets

You can use this website for finding links to tutorials and other resources that are useful to developers.

Top 8 PHP And OWASP Security Vulnerabilities!

Despite the programmer's best effort, vulnerabilities almost always exist in applications. If not, attackers find a new one all the time. So, it is only right for a programmer to ensure that they avoid vulnerabilities as much as possible. There are flaws that the Open World Application Security Project thought were amongst the top vulnerabilities in applications.

1. Unvalidated Parameters: When you’re using values from superglobal arrays, you should ensure that you have validated them against unexpected input. If you expect a certain kind of value then ensure that you have put in the require conforms in place to ensure that value. So, for a Zip Code, you can put in conforms that ensure that the value entered will be a 5 digit value, a 5-digit value with a hyphen and four more digits or something that fits the format followed for Zip Codes in a particular country.


if (preg_match('/^\d{5}(-\d{4})?$/',$_GET['zip'])) {
$zip = $_GET['zip'];
} else {
die('Invalid ZIP Code format.');
}

For data that has been sent to a client before and will be received in a cookie, ensure that there has been no tampering. You can do this by sending a hash of the data that you expect along with a secret word. So, you rehash the data when you get it and ensure that the new hash and old hash match each other.

// sending cookie
$secret_word = 'gargamel';
$id = 123745323;
$hash = md5($secret_word.$id);
setcookie('id',$id.'-'.$hash);

// receiving and verifying cookie
list($cookie_id,$cookie_hash) = explode('-',$_COOKIE['id']);
if (md5($secret_word.$cookie_id) == $cookie_hash) {
$id = $cookie_id;
} else {
die('Invalid cookie.');
}

2. Access Control Broken: Many people trying to come up with their own access control solution. It is better to use the PEAR modules. You can use Auth and Auth_HTTP, which perform cookie-based and browser-based authentication respectively.

3. Session Management and Broken Account: In order to ensure secure standardised session management, you should use the functions that are built-in to PHP already. In doing so, you have to ensure that the session contents aren’t stored in a vulnerable location on your server.

For example, if you store them in c world-readable format in /tmp, they will be accessible to anyone logging into the server. You need to ensure that the files are stored in a secure location, where only trusted users can enter. Moreover, to protect from network sniffers, you should ensure that all your session IDs and session specific traffic should be sent over SSL.

4. Cross-Site Scripting (XSS) Flaws: Information that is coming from outside your program should never be displayed. Untrusted data should be filtered and you can use any of PHP’s many tools on this. A few examples are htmlspecialchars(), strtr() and strip_tags().

In order to protect against attackers trying to hide in Unicode encoding, use utf8_decode(). This converts the ISO-8859-1 characters given in a string encoded with Unicode UTF-8 into the ASCII single-bye characters.

5. Buffer Overflows: Allocating memory at runtime is not possible in PHP like it is in C Programming. So, you won’t have buffer overflows because of the same. That said, you do have to worry about buffer overflows within PHP itself and within its extensions. You should take a subscription to the php-announce mailing list in order to keep yourself up to date with all the newst releases and patches that will help you with this.

6. Error Handling: Raw error messages, if visible, can give advanced users an idea of how your system works and what software is being used. These include error message from your databased, PHP and external programs. It gives an attacked a better chance at penetrating your security protocols. So, your error messages shouldn’t contain system information. For this you need to direct PHP to put your error messages into the server’s error log and not to display them to users.

log_errors = On
display_errors = Off

7. Insecure Use of Cryptography: Instead of trying to device your own encryption scheme, use the mcrypt extension. This extension has a lot of popular extension scheme, which you can use. Moreover, if you’re storing your encryption keys, then be careful about where you store them. Not storing the keys would be the best idea, but if you are, store them in as secure a location as you can.

8. Remote Administration Flaws: Remote administration tools should be run over SSL connections whenever possible. This is done to avoid passwords and content from being sniffed. When you’re using such software, make sure that the default administrative username, password and if possible then even the URL has been changed. You could also run the tool from a different web server different from the public web server that it administrates.

Tools For PHP programmer

List of tools that every PHP programmer should know about.

Phing – a project build system

Phing is a project build system based on Apache ANT. The name is a recursive acronym, of sorts, that stands for PHing IsNot GNU make. Phing can do anything a traditional build system like GNU make can do, but without the steep learning curve.

The idea behind phing (and other build tools) is to evaluate a set of dependencies, then execute a set of PHP classes to properly install and configure an application. The build process is controlled by a simple XML configuration file. Out of the box, phing can perform token replacement (e.g., to change include paths on your development and production systems), execute SQL, move and copy files, run shell scripts, and more. You can also create your own custom tasks by extending the “task” class included with the package.

Phing is an invaluable tool for anyone who needs to deploy large scale PHP applications on more than a single server. But I’ve found it useful for simple scripts, too.

Xdebug – debugger and profiler tool

Xdebug is a PHP extension that helps you debug and profile scripts. Among the most useful features of Xdebug are the new notice, warning, and error messages that are displayed after activation. If a script fails to execute properly, Xdebug will print a full stack trace in the error message, along with function names, parameter values, source files, and line numbers. A welcome feature for developers who are tired of the skimpy error reports from a default PHP install.

The extension has a number of more advanced features that allow developers to perform code coverage analysis, collect profiling information, and debug scripts interactively. The profiling functionality is particularly useful. The profiler uses a common output file format, allowing you to use tools like KCacheGrind to quickly find bottlenecks in your code. A good profiler is an essential tool for any serious developer, as it allows you to properly optimize your code while avoiding the hazards of premature optimization.

PHPUnit – unit testing framework

PHPUnit is a lightweight testing framework for PHP. It’s a complete port of JUnit 3.8.1 for PHP5, and is a member of the xUnit family of testing frameworks (which are based on a design by software patterns pioneer Kent Beck).

Unit tests form the foundation of several modern agile development methodologies, making PHPUnit a vital tool for many large scale PHP projects. The tool can also be used to generate code coverage reports using the Xdebug extension discussed earlier, and integrates with phing to automate testing.

Propel – object-relational mapping framework