Monday, June 27, 2011

Functions for preventing both SQL and XSS injection attacks

Functions for preventing both SQL and XSS injection attacks

<?php
function mysql_entities_fix_string($string)
{
    return htmlentities(mysql_fix_string($string));
}
function mysql_fix_string($string)
{
    if (get_magic_quotes_gpc()) $string = stripslashes($string);
    return mysql_real_escape_string($string);
}
?>

Using placeholders with PHP

Once you have prepared a statement, until you deallocate it, you can use it as often as you wish. Such statements are commonly used within a loop to quickly insert data into a database by assigning values to the MySQL variables and then executing the state-ment. This approach is more efficient than creating the entire statement from scratch on each pass through the loop.

<?php
require 'login.php';
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) die("Unable to connect to MySQL: " . mysql_error());
mysql_select_db($db_database)
    or die("Unable to select database: " . mysql_error());
$query = 'PREPARE statement FROM "INSERT INTO classics
    VALUES(?,?,?,?,?)"';
mysql_query($query);
$query = 'SET @author = "Emily Brontë",' .
         '@title = "Wuthering Heights",' .
         '@category = "Classic Fiction",' .
         '@year = "1847",' .
         '@isbn = "9780553212587"';
mysql_query($query);
$query = 'EXECUTE statement USING @author,@title,@category,@year,@isbn';
mysql_query($query);
$query = 'DEALLOCATE PREPARE statement';
mysql_query($query);
?>

How to properly sanitize user input for MySQL

 
The get_magic_quotes_gpc function returns TRUE if magic quotes are active. In that case,any slashes that have been added to a string have to be removed or the function mysql_real_eascape_string could end up double-escaping some characters, creating corrupted strings.

<?php
function mysql_fix_string($string)
{
    if (get_magic_quotes_gpc()) $string = stripslashes($string);
    return mysql_real_escape_string($string);
}
?>

Thursday, May 12, 2011

Problem with WAMP Server

I have developed many sites with PHP with WAMP Server.So I thought I had some experience in WAMP.But after installing new WAMP Server I doubt about that.Because it was always offline.WAMP icon shows yellow it means some working but not all.Actually I could use MySQL but not PHP.I tried MySQL by left click Wamp icon->MySQL –>MySQL console it works.I search many blogs and most of says it might be due to Skype or IIS server but I didn’t have installed IIS and I checked by uninstalling Skype,still I got offline color.

Then I tried to stop some other related services in Control Panel\All Control Panel Items\Administrative Tools\Services or you can get that window  by right click MyComputer icon –>manage->Services and Application->Services if you are an administrator of that machine you can start or stop services on that list.But it doesn’t work for me.

I searched it again.Then I found one video with editing some code but it’s boring and so long to edit so I kept that away.after I found a article how to do that simply.just go to WAMP icon & left click->apache->services->test port 80  then I found “your port 80 is actually used by server microsoft-httpapi 2.0” so I found at last it was taken by some other process.So I did change the port no 80 to 81 it works for me.you can edit that one from editing httpd.conf in  WAMP icon & left click->apache->httpd.conf search listen 80 and edit that to 81.

Monday, January 31, 2011

Insert A Web Page to an another Page

Hi all after very a long time.I thought to stop this blog due to lack of motivation . But  I’m back Now .
I got the idea to post this from the one of my friend. He wanted to know how to insert a web page into an another  using PHP.You have to do is simply add an include tag inside the body tag.This method is useful when creating a php templates.In following example include php code are placed inside the div tags.You can also place this inside the table and other tags inside the body tag.
 
<html>
<body>
<div>
<?php include("header.php"); ?>
</div>
<div>
<?php include("body.php"); ?>
</div>
<div>
<?php include("footer.php"); ?>
</div>
</body>
</html>



image 


Hope you got something  if you are not familiar about this.


Until next post cheers

Saturday, August 29, 2009

What Is a Session?

A session is a logical object created by the PHP engine to allow you to preserve data across subsequent HTTP requests.

There is only one session object available to your PHP scripts at any time. Data saved to the session by a script can be retrieved by the same script or another script when requested from the same visitor.

Sessions are commonly used to store temporary data to allow multiple PHP pages to offer a complete functional transaction for the same visitor.

Thursday, July 30, 2009

What is PHP

PHP is a scripting language which originally  was stood for Personal Home Page by Rasmus Lerdorf(1994)

after modifications by Andi Gutmans and Zeev Suraski(1997)

 

it changed to PHP: hypertext  preprocessor.It is free software .


The PHP Hypertext Preprocessor is a programming language that allows web developers to create dynamic content that interacts with databases. PHP is basically used for developing web based software applications.