Month: January 2009

Categories
CSS & HTML Tips PHP Tips & Tutorials

PHP: Checkbox Array in Form Handling – Multiple Checkbox Values in an Array

Checkboxes is probably one of the most frequently used form controls which come handy in dealing with one to many relationships.

The multiple selective nature of HTML form checkboxes require a convenient way for PHP to process multiple checkbox values, ideally in a single array.

By default, each and every HTML input control including checkboxes posts its value to server-side PHP script by a unique identity that is specified by attribute name=”variable-A”. This approach is generally fine with simple pairs of name and value. However, with multiple checkboxes in the form and probably a lot of them, you will need to assign every single one of them a different name which is quite bitsy and not neat at all.

The solution is for PHP to identify the entire series of checkboxes as a single array accessible via a common index in $_POST. This is achievable by simply inserting the array index operator ‘[]’ to the name attribute of the checkbox control:

<input type="checkbox" name="tags[]" value="1" />
<input type="checkbox" name="tags[]" value="2" />
<input type="checkbox" name="tags[]" value="3" />
<input type="checkbox" name="tags[]" value="4" />

This way, the PHP script processing POST will figure it out automatically and treat $_POST[‘tags’] as an array containing the values 1, 2, 3 and 4:

print_r($_POST['tags']);
// output
Array
(
    [0] => 1
    [1] => 2
    [2] => 3
    [3] => 4
)

Now much more handy, huh!

Categories
.htaccess Tutorials & Tips

.htaccess: Deny From All – Prohibit, Forbid or Restrict Directory Access

Restricting directory access might be one of the most frequently used .htaccess techniques out there. As a site grows, there always are some areas that you don’t want visitors to look at such as merchandise warehouse where you store digital products for sale.

You want a programmed server-side script to serve the download after confirming payment instead of risking the users downloading them directly from the directory without paying you.

To deny all requests for the restricted directory or folder, prepare a .htaccess text file in that directory and put the following directive in it:

deny from all

That’s it.

Allow and enable access from certain IP

Say you have a permanent IP and you want to administer the site via /admin and protect the directory from the rest of the world once ‘n’ for all, then you will want the following .htaccess directives:

order deny, allow
deny from all
allow from 12.34.56.78

Wherein 12.34.56.78 is your IP.

Or if you have an IP range for an entire country, you can allow visits to your site from that particular country only with this technique.

Or if you are operating the site from LAN you can allow only LAN IP to access certain directories such as /admin:

order deny, allow
deny from all
allow from 192.168.0
Disallow and deny access from certain IP

You get the idea. To allow all visits except from a few identified spam bots, just reverse the deny and allow order like this:

order allow, deny
# 98.76.54.32 is a bad bot here
deny from 98.76.54.32
allow from all

Another blocking method via robots.txt.

Categories
.htaccess Tutorials & Tips

.htaccess: Directory Listing – Enable Web Directory Browsing & Indexing

One of the best things I love Apache web server is that it instantly enables you to share files and resources via plain web directory index listing without having to spend time making any fancy web pages to serve them.

However, there are times when you need to hide things out. To disable web directory listing, you need just a simple directive in .htaccess of that directory. Insert this line to disable apache files listing for this directory and all directories or folders underneath it:

Options -Indexes

However, you may need to specifically enable file indexing for some directory under the parent directory. Just override the above .htaccess directive by creating another .htaccess in the child directory and write:

Options +Indexes
Enable fancy indexing

Fancy indexing is a bit more sophisticated than plain indexing in that it explicitly presents file types and image icons (icons are small images that boost user experience by conveying the idea very intuitively, such as these flag icons standing for countries) for easy discrimination. You can enable fancy indexing for a directory listing by adding an additional directive:

Options +Indexes
# adding fancy directory indexing
IndexOptions +FancyIndexing

# is the comment symbol for .htaccess directives.

Exclude certain files from indexing

There might be confidential files you want to exclude from the indexing and stop them from being shown to visitors. The directive below helps you achieve this task:

IndexIgnore *.jpg *.gif readme.txt

Very straightforward and self-explaining, just modify it for your own situations.

Categories
Coupons and Promo Codes Domains

$6.99 .com domain coupon at GoDaddy for both registration and renewal

Update: Here’s the latest coupon code of Godaddy – $1.49 / year .com

A quick short post for my fellow readers.

If you have quite some domains with GoDaddy, you’d know that ever since they raised the price for .com by $0.5, to find a $6.99 .com GoDaddy domain coupon is rather difficult now. Most of the coupons there like OYH3 only offers a discount of $2.50 which works out as $7.49 .com domain names.

However, with this coupon: yhkw105a, you can register a new .com domain name at just $6.99 plus $0.20 ICANN fee per domain per year. It’s also valid for domain renewals. I just renewed some of my domains with it for 2 years.

I don’t know when it expires yet. But I suggest you go with it now and maybe renew a few of your domains. It’s a bargain without a doubt.

Update: The above domain coupon yhkw105a has expired, the best GoDaddy .com registration and renewal coupon I can find now seems to be this one: DNF2 which offers $7.39 + ICANN fee per .com registration or renewal. It also seems to be permanent. Still looking for a $6.99 renewal GoDaddy code that works.

Update: At present, the best .org new registration discount code of GoDaddy I can find is EMFB7. You can register a new .org multiple years for just $7.49 per with it.

Update: The lowest possible price for .com renewal at GoDaddy is $6.99. Just use the code DNF5 when you renew no less than 5 domains at a time.

Categories
Information Security PHP Tips & Tutorials SQL / MySQL Tips and Tutorials

PHP: Escape String Literals for SQL, mysqli::real_escape_string and PDO to Prevent SQL Injection Attacks

To successfully run a query with text data containing single quotes ‘ as well as other SQL reserved punctuations, AND to prevent SQL injections, you will always want to escape the text values before using them in a SQL query.

In PHP 4.0, we are stuck with mysql_real_escape_string. With PHP 5.0, mysqli:prepare and mysqli::real_escape_string are better choices:

$city_name = "Xi'an"; // one of the top travel destinations of China
$mysqli -> query("SELECT * FROM `cities` WHERE `name` = '" . $mysqli -> real_escape_string($city_name) . "'");

If the string value $city_name is not escaped, the SQL query would look like "SELECT * FROM `cities` WHERE `name` = 'Xi'an'" which is grammatically erroneous and will be rejected by the SQL engine because of the unpaired single quotes at the end. Without escaping of the value, malicious users can make up their own WHERE clauses to append to yours to do much more to your database than you want.

Other than these, some would prefer the PDO class to prepare a SQL query, inject literal string values and then execute it. It takes a real OOP approach to the problem and is much more intuitive in accomplishing the job, yet slightly inferior in efficiency to the mysqli real_escape_string function.

Categories
Information Security PHP Tips & Tutorials SQL / MySQL Tips and Tutorials

PHP: Prevent SQL Injection Attacks

SQL injection is a typical code injection attack that exploits weaknesses of application in the database layer. SQL injection vulnerability is created when one scripting or programming language is embedded in or used as input in another with failure to verify the legality or filter for potential dangerous codes.

SQL injections are possible when input from user is either incorrectly filtered for string literals embedded in SQL query statements or it’s not strongly typed thereby incurring unexpected execution.

The solution to this is to never trust user input data by default, especially those that will be used in a SQL statement. Check for data type and escape string literals before committing them into a query.

Categories
Information Security JavaScript Tips & Tutorials PHP Tips & Tutorials Programming Tips & Insights SQL / MySQL Tips and Tutorials

Top 25 Most Dangerous Web Programming Errors, Loopholes and Bad Habits

As Web becomes one of the most fundamental means of communication and information delivery nowadays, and as its usage reaches population level in regards to that when the televisions prevailed, the protection of it has never been so critical.

SANS institute in association with US government and various other weighty contributors, most of whom IT leaders, have finally compiled the list of Top 25 Most Dangerous Programming Errors which is mainly for the Web programming though bearing unparalleled value in information security to developers in other areas too.

To sum up, avoiding writing dangerous code is much as being stingy (of things you can give) and trusting no one (including yourself) at all.

Go ahead and give it a microscopic look, it will be one of the best read you’ll find on the Web.

Categories
Coupons and Promo Codes Hosting Tips & Deals

Rackspace Cloud $50 Promo Code (Coupon Code for Cloud Servers Discount)

mosso, now rackspace cloud promotion codeBad News: Partners program manager of Rackspace Cloud, Kenard Horsley informed me via email that they have made the decision to end the $25 discount for Cloud Sites on 18th, March (2010) and instead focus on Cloud Servers promotion. The promo code (Promo Code ID=134) will be effectively invalidated by then. The Promo or Referral Code box in the sign-up form will also be gone. So act now and save $25 by entering the promo code (Promo Code ID=134) when you still can!

Claim Promo Code (ID=134) at RackspaceCloud.com »

Important Note: We have confirmed it with Rackspace Cloud referral manager that any of the previously released hosting coupons claiming to offer more than $25 rebate such as $50 or $75 are outdated and have been invalidated. The highest discount you can get right now by signing up with their Cloud Sites plan is $25, which you can get by the promo code: (Promo Code ID=134).

As a Rackspace company, Rackspace Cloud (previously Mosso) is known for their devoted support and cutting edge cloud hosting (cloud computing) technology. Backed by vast managed dedicated hosting practice, their infrastructure and network are simply best of the best. Though the managed Cloud Sites hosting plan that begins at $149 / month is far from cheap and not meant for start-up webmasters and companies, it’s definitely worth a try to have your online business ensured with the Cloud.

Premium Rackspace Cloud Promo Codes

To get $25 off the first month bill ($25 rebate / refund to credit card at the end of the month), use this permanent Rackspace Cloud promo code (Mosso promotion code):

(Promo ID=134) click to activate

As a discount code or referral code when signing up. Just supply it in the text box of Promo or Referral Code when you are entering the ordering details.

What’s best with Rackspace Cloud?

Other than the cloud infrastructure, the best part of Rackspace Cloud, which makes them rather unique across the industry, is that you get to choose Windows or Linux hosting for each of your domains from the control panel. You can literally have one site hosted on Windows system and another on Linux servers. Or one on .NET platforms and another powered by PHP + MySQL.

There you go, 1 account, 2 types of distinguished platforms!

Fanatical Support ™

All products and services by Rackspace Cloud comes automatically with the industry renowned Fanatical Support of Rackspace. Seriously, what better support can you expect?

The only monthly subscription based hosting provider

In addition, they have only monthly plans in instead of yearly contracts commonly seen from other hosting providers who try the best to lock and keep you with them. Rackspace Cloud, on the other hand, doesn’t have yearly or even quarterly billing in the first place.

Why does Rackspace Cloud give you such unprecedented latitude in choosing freely? Because they are confident that their supreme support and outstanding proficiency in hosting will keep you going with them month after month, voluntarily. They keep you by extraordinary service.

Because of such short-term contract and no long-term commitment discount, you have the ability to leave them whenever you want. Only a really good host has the guts to offer that.

The New Rackspace Cloud Control Panel

Rackspace Cloud’s got one of the finest proprietary control panels in the entire industry. Their commitment to the details of user experience makes their hosting products plain sexy:

rackspace cloud control panel

Login: while you can still log into the CP via this legacy Mosso URL, the new one is this: http://manage.rackspacecloud.com which I hate.

A few Rackspace Cloud reviews by customers

From what I’ve read thus far, Rackspace Cloud is a very good web hosting company offering solid deals. Although a few minor things do go wrong sometimes, with 24 / 7 fantastic support, they are generally business worthy. Below are some reviews I found. They were written some time ago so things may have changed since then:

  1. This is a pretty new one recently launched: Rackspace Cloud Review
  2. http://www.webhostingtalk.com/showthread.php?t=582020
  3. http://www.jhuskisson.com/hosting/10-things-i-love-about-mosso-web-hosting, also read the comments.

One more tip, that don’t trust independent web hosting review sites. Go with WHT and do a search there for any hosting provider you want to know more about. You will find lots of good things as well as bad things about any particular host.

Claim Promo Code (ID=134) at RackspaceCloud.com »

Also don’t forget the discounts you can get by using this premium Rackspace Cloud coupon code (Mosso coupon promocode):

(Promo ID=134) click to activate

To qualify for an instant promotional discount of $25 (rebate to credit card after payment within 2 weeks) and get a real hosting bargain when signing up at Rackspace Cloud. Referral codes should be entered in the Promo or Referral Code box.

About Cloud Hosting (or Clustered Hosting): Not sure what cloud hosting is and its unparalleled benefits for businesses big or small?

Categories
CSS & HTML Tips

HTML CSS Drop Down Menu Made Easy – SuckerFish Enhanced

There’s a pure css drop down menu named SuckerFish published at ALA. Really straightforwardly clean code and simple drop menu script, however it might be friendlier for developers if it’s combined with the li:hover hack for IE6.

The HTML:
<ul id="nav">
	<li><a href="#">bodycare</a>
		<ul>
			<li><a href="#">lotions</a></li>
			<li><a href="#">creams</a></li>
			<li><a href="#">balms</a></li>
			<li><a href="#">butters</a></li>
		</ul>
	</li>
	<li><a href="#">complexion care</a></li>
	<li><a href="#">therapeutics</a></li>
	<li><a href="#">home essential</a></li>
</ul>
The CSS:
#nav, #nav ul {
	padding:0;
	margin:0;
	list-style:none;
}
#nav a, #nav li, #nav li ul {
	width:200px; /* integrated width for all of them */
}
#nav a {
	display: block;
}
#nav li {
	float: left;
}
#nav li ul {
	position: absolute;
	left: -999em;
}
#nav li:hover ul {
	left: auto;
}

There are essentially 2 changes I have made to the original suckerfish code that made the drop menu script even more valuable.

It’s undoubtedly the simplest pure HTML CSS drop down menu script that works across all major modern browsers – IE6, IE7, FF2, FF3, Opera 9 and Safari. You don’t need to add a single dime of javascript for it.

  1. By the help of li:hover hack for IE6, it doesn’t need the small chunk of javascript now which makes it a really pure css dropdown menu.
  2. By merging the width css property for #nav a, #nav li and #nav li ul, it’s now much easier for further tweak and less-bug-prone. However, if you are going to add paddings to any of them which is quite possibly, remember to modify the width value accordingly – that’s why I have put selector “#nav a, #nav li, #nav li ul” ahead of each one of them, so that you can override the old values more easily.

Need a free drop down menu script? This is by far the best one!

Categories
CSS & HTML Tips

CSS selector:hover Hack for IE6

IE 6 and lower versions of IE only implemented :hover for tag a. As per CSS 2.1 specification, all HTML tags / elements have :hover state so that when mouse pointer hovers over, different styles can be applied to them.

li:hover is one of the frequent reasons why you need this hack. First, you have to download the .htc file.

and implement it in your CSS file like this:

body {
	behavior:url("/styles/csshover3.htc");
}

supposing you have put it in styles directory which is under the document root of your site.

Now you can freely select li:hover and other elements’ hover state and style ‘em!