 |
 |
|
|
| |
| |
| |
|
Statistics |
| Unique Visitors: 0 |
| Total Unique Visitors: 113056 |
| Visitors Out: 1690 |
| Total Visitors Out: 10185 |
|
|
|
| |
|
|
| |
|
| What Goes in Your Code |
| 2007-03-24 17:06:00 |
Many of the code snippets we have shown for accessing databases have included the database name, username, and user password in plain text, as follows:$conn = @new mysqli("localhost", "bob", "secret", "somedb");While this is convenient, it is slightly insecure because somebody could have immediate access to our database with the full permissions that the user "bob" has if he got his hands on our .php file. It would be better to put the username and password in a file that is not in the document root of the web application and include it in our script, as follows:We should think about doing the same thing for other sensitive data....
|
| |
|
| Code Organization |
| 2007-03-24 17:05:00 |
Some would argue that any file not directly accessible to the user from the Internet should not find a place in the document root of the web site. For example, if the document root for our message board web site is /home/httpd/messageboard/www, we should place all of our .inc files and other files in a place such as /home/httpd/messageboard/code. When we want to include those files, we can simply write in our code:require_once('../code/user_object.inc');The reasons for this degree of caution come down to what happens when a malicious user makes a request for a file that is not a .php or .html file. Many web servers default to dumping the contents of that file to the output stream. Thus, if we were to keep user_object.inc in the public document root and the user requested it, he mi...
|
| |
|
| Filtering Even Basic Values |
| 2007-03-24 11:52:00 |
HTML form elements have no types associated with them, and most pass strings (which may represent things such as dates, times, or numbers) to the server. Thus, if you have a numeric field, you cannot assume that it was entered as such. Even in environments where powerful client side code can try to make sure that the value entered is of a particular type, there is no guarantee that the values will not be sent to the server directly, as in the "Double Checking Expected Values" section. An easy way to make sure that a value is of the expected type is to cast or convert it to that type and use it, as follows:$number_of_nights = (int)$_POST['num_nights'];if ($number_of_nights == 0){ echo "ERROR: Invalid number of nights for the room!"; exit;}If we have the user input a date in a localiz...
|
| |
|
| How to get a site online and have it making money |
| 2007-03-24 11:49:00 |
When building and getting a site online you have to think of a number of things. Some of these include the following: 1.What is your site going to be about If you want to get a site online to make money then you need to do some good research before you choose what your site is going to be about. This is because there is no point in you choosing a topic for your site where other people have no interest in. If no one has any interest in the topic of your site then you will find it very had to get a good amount of visitors to your site. So the best thing to do is to choose a topic that is likely to interest a large number of people and is also likely to make you some good revenue online. 2.What web hosting provider are you going to choose to host your site with Choosing the right Web hosting ...
|
| |
|
| 7 things to look for in a URL snipping Service |
| 2007-03-24 11:41:00 |
7 things to look for in a URL snipping Service By Charles H Smith URL snipping services are becoming commonplace today. Surfers use them to mask affiliate URLs, shorten very long URL's, even to hide email addresses from spammers and automatic email harvesters. Ther are several URL snipping services that are no longer active. These inculde: shortlink.us, quickones.org, smlnk.com, and smurl.it. Hopefully, you didn't lose any carefully crafted and well planned email link campaigns as these services closed. As you look to snip your URL's using a free service, there are several items to investgate. First, do the links expire? If they expire, you may want to look to another service. Second, is there a direct redirect? If, upon selecting the short URL, you are sent to a transition or intersit...
|
| |
|
| The Advantages of Dynamic Website Content |
| 2007-03-24 11:40:00 |
Think about your own surfing behavior. What types of websites do you visit the most often; which ones keep drawing you back? If you are like most internet surfers, you will spend much of your time hanging around websites with dynamic website content, or content that is updated constantly or personalized to your preferences. The age of static, archival websites is long gone, in in its place is a dynamic and powerful internet driven by PHP, ASP, CGI, and Java. But setting up a website with full SQL support and advanced features is not an easy task, especially for someone who is still waist deep in HTML coding. So...what to do? If you don't have the time or the will to commit to an advanced website with cutting-edge features and complicated scripts, there are still a good number of options ...
|
| |
|
| Starting a Succesful Forum |
| 2007-03-24 11:32:00 |
How To Create A Successful Forum Hello I have decided to take a few hours of my time to write up a how to on creating a successful forum, these days there are hundreds if not thousands of forums launched each day and I bet more the 80% of them over the next month will shut down. This is because making a forum is just as hard as making a web site if not harder as there is no real content to get visitors attracted what you need is a great design and active members to be on your way to having a forum in which you can receive an income and maybe even live off selling advertising and getting members to pay to signup. Choosing A Theme: When choosing a theme make sure you are knowledgeable in that area as most users will be looking for someone to answer there questions and if the admin cant it ki...
|
| |
|
| Serious Internet Security Concerns! |
| 2007-03-24 11:17:00 |
These are some of the most dangerous things you can do online to hurt your Internet Security. They are the most common methods people use to place themselves in danger on the Internet. Download attachements which are included in email messages that are not from people you personally know. Even if you only download them or open them cause you are interested to see what's insde can lead to adware,spyware and related problems. Downloading of cracks from illegal websites, forums or groups. Cracks install adware or spyware when they are downloaded. Registering on websites to be able to download cracks is even worse. Downloading of music from unknown sources. First get advice by visiting yahoo answers. Find out where people download music and trust big companies such as Google and Yahoo. They...
|
| |
|
| Cross-Site Scripting |
| 2007-01-18 00:44:00 |
Cross-site scripting (XSS) is deservedly one of the best known types of attacks. It plagues web applications on all platforms, and PHP applications are certainly no exception. Any application that displays input is at riskweb-based email applications, forums, guestbooks, and even blog aggregators. In fact, most web applications display input of some typethis is what makes them interesting, but it is also what places them at risk. If this input is not properly filtered and escaped, a cross-site scripting vulnerability exists. Consider a web application that allows users to enter comments on each page. The following form can be used to facilitate this: <form action="comment.php" method="POST" /> <p>Name: <input type="text" name="name" /><br /> Comment: <textarea n...
|
| |
|
| File Upload Attacks |
| 2007-01-18 00:32:00 |
Sometimes you want to give users the ability to upload files in addition to standard form data. Because files are not sent in the same way as other form data, you must specify a particular type of encodingmultipart/form-data: <form action="upload.php" method="POST" enctype="multipart/form-data"> An HTTP request that includes both regular form data and files has a special format, and this enctype attribute is necessary for the browser's compliance. The form element you use to allow the user to select a file for upload is very simple: <input type="file" name="attachment" /> The rendering of this form element varies from browser to browser. Traditionally, the interface includes a standard text field as well as a browse button, so that the user can either enter the path to the...
|
| |
|
| |
 |
|
| |
| |
|
 |
