Avoiding SQL injection attacks with Magic Quotes or addslashes()

2008-09-02T04:48:00.000-07:00

Avoiding SQL injection attacks with Magic Quotes or addslashes() Another php.ini configuration is magic_quotes_gpc. Off by default, many encourage turning this on for security reasons. While it does have benefits, I personally dislike the setting, and am loathe to use it. It's main benefit is that it prevents some types of command injection attacks. For example:

Secure programming with PHP

2008-09-02T04:46:00.000-07:00

Secure programming with PHP:While working on this article, I received a Security bulletin highlighting a critical flaw in phpBB. This is a fairly mature open source forum written in PHP, and one that's had its fair share of critical flaws. The fact that there are still more being found, and more likely to be found, shows you how difficult it is to write completely secure software, even for an

Microsoft reveals IE8 Beta 2

2008-08-28T01:47:00.000-07:00

Internet Explorer 8 Beta 2 offers some nifty new features Microsoft's IE8 now includes better tab management, services such as Web Slices and Accelerators, and the new 'porn mode.' Adds smart bar and boosts search detail; final ship date not yet set With several days to spare before its self-imposed deadline, Microsoft Corp. today launched the second beta version of its upcoming

Web-Security-Web-Security-Web-Security-Web-Security

2008-08-26T00:06:00.000-07:00

Security Computer Security Ethics and PrivacyToday, many people rely on computers to do homework, work, create, etc., so it's important to take special care with your data storage. This week you'll learn about how to protect your data and prevent intrusions. Mitigating the WASC Web Security Threat Classification with Apache: Part 3The Client-Side Attacks section focuses

Using Apache can I get php to parse files not ending in .php?

2008-08-21T05:14:00.000-07:00

Answer :Yes it is possible, to make it work on all sites on your webserver change the following in your httpd.conf:AddType application/x-httpd-php .phpto the following:AddType application/x-httpd-php .php .htmIt is also possible to put this directive in the VirtualHost sections to do it per virtualhost basis. If that proves to be too much you can use .htaccess files to solve the task.

Public web sites are hacked on an almost daily basis

2008-08-13T04:38:00.000-07:00

BEST PRACTICES IN MANAGING WORLD WIDE WEB SERVER SECURITY:1. Place your web server(s) in a DMZ. Set your firewall to drop connections to your web server on all ports but http (port 80) or https (port 443).2. Remove all unneeded services from your web server, keeping FTP (but only if you need it) and a secure login capability such as secure shell. An unneeded service can become an avenue

How can I redirect all http (non-secure port 80) requests to https (Secure port 443)

2008-08-07T05:23:00.000-07:00

Answer :You can use the .htaccess method using mod_rewrite as followsRewriteEngine onRewriteCond %{SERVER_PORT} =80RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI}Any good webhost will have mod_rewrite installed and allow .htaccess files.

How can we save an image from a remote web server to my web server using PHP?

2008-08-01T03:56:00.000-07:00

How to set a time expire page in PHP?

2008-08-01T03:55:00.000-07:00

Using header("Expires: Mon, 26 Jul 2007 05:00:00 GMT");

I have an array of values and want to show them all reccursivly how?

2008-08-01T03:52:00.000-07:00

Answer :Let say you have a two dimentional array:$array = array(array(11,22,33), 2, 3, array(111, 222, 333));and want to show all values, use the following snippet:function show_array($array) { foreach ($array as $value) { if (is_array($value)) { show_array($value); } else { echo $value . ""; } }}show_array($array);

How can I set the time zone for MySQL to UK time?

2008-07-27T22:13:00.000-07:00

Answer :If you set the environment variable TZ=GB, then start MySQL the time zone will be set to UK time.I.E. (Linux only)bash:#TZ=GBbash:#export TZbash:#mysqld &You can also set environment variables in my.cnf; In the data (normally var) directory.

How to count number of parameters given in URL by POST?

2008-07-25T00:07:00.001-07:00

Answer :

How do I check whether a string contains HTML?

2008-07-25T00:06:00.001-07:00

Answer :There are two ways you can do it, one is using a regular expression the other is comparing strings.First the regular expression approach:if (preg_match("/([\<])([^\>]{1,})*([\>])/i", $string)) { echo "string contains html";} And here is the other approach:if(strlen($string) != strlen(strip_tags($string)){ echo "string contains HTML";}

What's the difference between the connect and pconnect database functions?

2008-07-20T22:24:00.000-07:00

Answer :mysql_pconnect() acts very much like mysql_connect() with two major differences.First, when connecting, the function would first try to find a (persistent) link that's already open with the same host, username and password. If one is found, an identifier for it will be returned instead of opening a new connection.Second, the connection to the SQL server will not be closed when the

How can I protect pages using MySQL and PHP?

2008-07-20T22:23:00.001-07:00

Answer :If PHP is installed as a module you can include code at the top of pages to protect them.The link previously listed here was broken, we will be updating this section in the next few days with example code.groogle

Microsoft Announces Three Tools to help prevent SQL Injection

2008-07-16T21:27:00.000-07:00

"On Tuesday, Microsoft issued new tools to assist Microsoft ASP and ASP.NET technologies against recent Web-based attacks.In April attackers went after Microsoft SQL sites by injecting malicious JavaScript onto legitimate sites. The JavaScript would direct a browser to a server hosting malicious software infecting the desktop with a variety of exploits. At the time Microsoft insisted it was not

How can I create thumbnails using PHP?

2008-07-16T04:35:00.000-07:00

function thumbnail($image_path,$thumb_path,$image_name,$thumb_width){ $src_img = imagecreatefromjpeg("$image_path/$image_name"); $origw=imagesx($src_img); $origh=imagesy($src_img); $new_w = $thumb_width; $diff=$origw/$new_w; $new_h=$new_w; $dst_img = imagecreate($new_w,$new_h); imagecopyresized($dst_img,$src_img,0,0,0,0,$new_w,$new_h,imagesx($src_img),imagesy($src_img));

Some usefull tips for Web Programmer (Worth for reading)

2008-07-16T00:25:00.000-07:00

Visit the below site to get more info. http://php-answers.blogspot.com

How do I run a php script from the command line?

2008-07-15T06:20:00.001-07:00

Answer :No matter what OS you have installed you need to compile / install php as a CGI because when you have php as a CGI you have a binary you can execute from anywhere like a command prompt.If you use a unix like OS you should do:/path/to/php -f /path/to/script.phpFor windows OS's do:c:\path\to\php.exe -f c:\path\to\script.phpThe parameter -f is put on because we want to parse a file, the -f

How google is your friend

2008-07-15T04:24:00.000-07:00

Google is not only a great search enging but with the release of "adsense" it can also pay for your hosting/domain and if you work hard even your holidays :)Google says :-"Google Adsense is the programme that can generate advertising revenue from each page on your website—with a minimal investment in time and no additional resources.Adsense delivers relevant ads that are precisely targeted on a

Reading site content using CURL

2008-07-15T04:22:00.000-07:00

For reading content of a website in PHP, there are lot of different ways & functions available like:$site_content=file($url); #OR$site_content=file_get_contents($url) ;But these functions does not work in some server environments where "allow_url_fopen" is off in php.ini & you don't have permission to change this.You can use the following alternative (using CURL) in that case.$url="http://

The World Wide Web Server Security FAQ

2008-07-10T21:31:00.002-07:00

Q1: What's to worry about?Unfortunately, there's a lot to worry about. There are security risks that affect Web servers, the local area networks that host Web sites, and even innocent users of Web browsers.The risks are most severe from the Webmaster's perspective. The moment you install a Web server at your site, you've opened a window into your local network that the entire Internet can peer

Web Security Breaking News

2008-07-10T21:31:00.001-07:00

Webroot woos SMBs with online security Google adds Web security, remote worker protection to Google AppsMcAfee, Yahoo team on Web securityHow one site dealt with SQL injection attackScan ScanSafe's annual report for heuristic experience >Cisco business unit targets botsWebroot, Email Systems team for new e-mail security serviceVisit the below site to get more info. http://

How to Protect our Server You Should Know this

2008-07-08T04:40:00.000-07:00

You are offering your IP address to the entire world at this very moment.Make sure you are not offering access to your private data at the same time.YOUR IP ADDRESS IS PUBLICAccessing the Internet is a security risk.When you are connected to the Internet, an IP address is used to identify your PC. If you don't protect yourself, this IP address can be used to access your computer from the outside

About Cookies

2008-07-08T03:31:00.000-07:00

Hi my dear friends. Everybody knows what is cookie and session. But let me tell a truth, most of the beginners don’t know properly what is happening in cookies and sessions and what is the real use .I have taken so many Interviews but none of them given a good answer. I am very much sure you are going to get a good idea about Sessions and Cookies. Let us start our battle.:)I am explaining only

Web Server Security, PHP and MySQL Question and Answers