Month: February 2010

Categories
Business and Marketing Make Money Online

Email Marketing Statistics and Optimization of Open / Click Rates

Email Marketing Metrics Report A quick post to share with my readers some interesting findings regarding email marketing. Outlined by the ninth bi-annual Email Marketing Metrics Report by MailerMailer, these data is based on 300,000 email messages dispatched over a period of 6 months that ended on December 31, 2008. Here are some key statistic discoveries from the report that can be used to optimize your email marketing campaigns and improve the results.

Open rate – the overall unique open rate of the email messages was 12.52%, a slight decline from the previous 6 months.

Click rate – 2.8% which held steady throughout the year of 2008.

Best day to send – Monday had the highest open rate and click rate; weekends and the beginning of the week outperforms other days.

Subject line length – emails with a subject line shorter than 35 characters were opened more than those with a longer subject line.

Personalization – while personalizing the message body gets more opens and clicks, personalizing only the subject line decreases them.

Number of recipients – messages delivered to small and medium lists have far greater open / click rates than ones delivered to lists with more than 1,000 subscribers.

I personally haven’t tapped into email marketing yet and the 12.52% average open rate was way below what I thought it would be, which may be because of the trends in email clients disabling automatic image download by default. It’s both interesting and useful to know that we should send out important email newsletters on weekends or Monday and try to make the subject lines not so cumbersome to garner more opens and clicks.

Categories
PHP Tips & Tutorials

Use PHP to handle all incoming URL requests in a SEO friendly manner

While you can always use .htaccess and the mod_rewrite module to map SEO friendly URLs to actual PHP parameterized URLs with question marks and ampersands, you can simply put these lines in .htaccess and then rely on PHP entirely to recognize and handle all incoming URL requests of any kind / form:

<IfModule mod_rewrite.c>

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

</IfModule>

The index.php file in the document root of your domain is now effectively in charge of all incoming URL requests. You can recognize / distinguish the requests and perform accordingly in your PHP script, the key is the PHP environmental variable $_SERVER["REQUEST_URI"] which contains the complete URL request string. Consider a index.php like this:

<?php // index.php

$req = explode('/', $_SERVER['REQUEST_URI']);
print_r($req);

?>

Type in your browser address bar:

http://www.example.com/user/110/edit

And the site will render the output page like this:

Array
(
    [0] =>
    [1] => user
    [2] => 110
    [3] => edit
)

So you can process the request according to the array. It probably means opening the editor page to edit the user whose ID is 110. Just sub-include the responsible PHP script to get the job done from index.php. To parse more complicated request URLs, e.g. with question marks and parameters, you may want to use the parse_url() or preg_split().

Categories
PHP Tips & Tutorials

PHP: Get the File Uploading Limit – Max File Size Allowed to Upload

PHP file upload max size is determined by 3 configuration values in php.ini, namely upload_max_filesize, post_max_size and memory_limit. You can get the maximum file size allowed in uploading by this snippet:

$max_upload = (int)(ini_get('upload_max_filesize'));
$max_post = (int)(ini_get('post_max_size'));
$memory_limit = (int)(ini_get('memory_limit'));
$upload_mb = min($max_upload, $max_post, $memory_limit);

Wherein $upload_mb is the maximum file size allowed for upload in MB. It’s the smallest of the 3 values. Just display this value beside the file upload control so the user knows the limit before choosing the file.

Categories
PHP Tips & Tutorials

PHP: Display Current Year to Automatically Update Copyright Years

I guess most of the websites out there are using plain strings for the years of footer copyright because many of them are still showing 2009 right now. If you have quite a few websites as I do, it’d be kind of intimidating to manually update the copyright years for all of them. So why not use PHP to output the current year automatically? The code is dead simple:

&copy; Copyright 2006 - <?php echo date('Y'); ?>

The PHP date() function does the job, the format string ‘Y’ tells it to return the current year in 4 digits. Now your website would automatically update the copyright footer year to 2006 – 2011 when comes next year.

While it may seem a good idea without tradeoffs, when you think about it, it does consume a little bit more computing resources to process the pages because it’s a function rather than a plain text string. Without a content cache, the date() function would use up extra 0.000045 seconds upon every page view (tested on my personal computer with WAMP installed on Windows XP SP2, could be larger on virtual host where computing power is restrained). With a site receiving 100,000 page views per month, the users would lost a total of 54 seconds across the year. There are also server computing resources that could otherwise be saved, thus electricity, and thus your website’s carbon footprint.

Up to you, though, especially if your time is valuable enough.

Categories
Hosting Tips & Deals Linux Server Administration Tips

Use stat command to display file system meta information of any file or directory under Linux

PHP has a stat() function that returns an array containing the meta information of a file such as owner, size, time of last access, last modification or last change. It’s basically the stat command under Linux that returns and shows the file system meta information of any file or directory:

stat myfile.txt

Which returns:

  File: `myfile.txt'
  Size: 1707            Blocks: 8          IO Block: 4096   regular file
Device: 811h/2065d      Inode: 96909802    Links: 1
Access: (0644/-rw-r--r--)  Uid: (1354144/    voir)   Gid: (255747/pg940032)
Access: 2010-02-16 08:00:00.000000000 -0800
Modify: 2010-02-18 04:16:51.000000000 -0800
Change: 2010-02-18 04:16:51.000000000 -0800

To get the meta information of the current working directory:

stat .

Which returns:

  File: `.'
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 811h/2065d      Inode: 96904945    Links: 4
Access: (0755/drwxr-xr-x)  Uid: (1354144/    voir)   Gid: (255747/pg940032)
Access: 2009-08-31 17:07:16.000000000 -0700
Modify: 2009-12-20 05:18:57.000000000 -0800
Change: 2009-12-20 05:18:57.000000000 -0800
Categories
Google Hacks, Cheats & Tips Hosting Tips & Deals

How to slow down the frequency Googlebot (search engine crawler) visits your site?

Googlebot is the indexing program of Google that visits your site to fetch the content to determine your search engine rankings. With a popular website, tens of thousands of pages can be a problem in that Googlebot may visit more than you want because it’s expending your precious bandwidth and even crashing your server. Every crawler bot visit is no different than a user one and your site has to perform all necessary actions and logics to render the web page to the search engine crawler bot such as Googlebot including searching through a database with potentially millions of records which could take a while. Imagine, the Googlebot pays 300,000 visits a month to your site. That’d be a substantial expenditure in bandwidth and server computing resources.

For example, one of my sites have experienced 338,768 hits from just one IP of Googlebot last month. I have no idea why Googlebot is so fanatic about this site because it rarely have any backlinks and Google is neither sending any significant traffic. But one thing is for sure, that this site is creating some serious trouble on my hosting bills because of Gooblebot. While we cannot totally deny Googlebot from visiting our websites, we can do something to slow it down a little bit.

There are 2 things you can do:

  1. Visit Google Webmaster Central: http://www.google.com/webmaster, sign in to webmaster tools, (add if you haven’t, and) select the site in question, select Site configuration, select Settings, select Set custom crawl rate of Crawl rate and adjust the scroll bar to slow the crawl rate down.
  2. Create robots.txt and place it at the root of your website, put these 2 lines inside: 
    User-agent: *
Crawl-delay: 20

    Wherein the value of Crawl-delay is the time in seconds that the search engine bot should wait between requests. 20 is a very slow option. Most search engines such as Google wait less than 1 second to fetch a moderately popular website.

Some argue that Google never respects the Crawl-delay option of robots.txt and the only way to decrease the visiting frequency of Googlebot is to adjust the scroll bar in Google Webmaster Central.

Categories
Information Security PHP Tips & Tutorials

PHP: Allow Specific HTML Tags in Text Input Controls of HTML Forms, <textarea>, <input type=”text” />

Textarea and text input are common html form controls that accept text input. They can be a security challenge as they allow the user to enter anything they want. If you just go about using whatever data the user has entered, your application is anything but secure. Some sort of filtering / white-listing must be in place to protect the integrity of the application and you need to permit or allow only a few special HTML tags in the textarea control of the HTML forms.

The simplest way is to denounce any attempts to add HTML tags in the text box control is the PHP function strip_tags():

$all_tags_filtered = strip_tags($_POST['message']);

Wherein $_POST['message'] is the text just submitted by a user, containing all sorts of HTML tags. Thanks to the function strip_tags(), all the tags are now gone in $all_tags_filtered. The data in $all_tags_filtered is safe to use as it’s plain text.

However, there are times when you want to keep a few simple tags for the user’s convenience, such as <p>, <strong> and <em>. To do this, just feed a second parameter to the function strip_tags():

$some_tags_filtered = strip_tags($_POST['message'], '<p><strong><em>');

So <p> elements, <strong> elements and <em> elements are kept intact while all the other tags are gotten rid of in $some_tags_filtered.

One important thing to note is that strip_tags() does not check the attributes of the allowed HTML tags. The attributes of the allowed HTML elements such as style="" and onmouseover="" are kept as they are in the filtered results which may lead to other security problems. You have to use regular expressions to erase them out and block attached malicious attempts.

Categories
Coupons and Promo Codes Domains

$7.49 GoDaddy .com renewal coupon code

Update: Here’s the latest coupon code of Godaddy – $1.49 / year .com

A quick deal for my readers. Found this coupon code of GoDaddy that enables you to renew .com domains at just $7.49:

Zine10

Just used it to renew tens of my .com names at $7.49 (plus ICANN fee $0.18) each. If you ever tried to look for one, you’d know it’s not easy to get a $7.49 .com renewal at GoDaddy now. Previously, the best code for .com renewal is this one for $7.39 each.

Otherwise, you can always find one or two working coupons of GoDaddy with which you can register new .com at $6.99.

Categories
Information Security SQL / MySQL Tips and Tutorials

A few database security tips – things to do to effectively protect MySQL databases

I’d like to share with you some tips about hardening the database part of your application. Here are a few things you can do in protecting the databases from being compromised in security:

  1. Create separate users with ONLY necessary privileges (as few as possible) to connect to the database for common daily tasks. Never use the database owner / creator or even MySQL root user in your PHP scripts to perform routine tasks.
  2. Protect against SQL injection attacks by escaping ALL incoming input after ensuring data types with a variety of PHP variable type and character type validation functions.
  3. The sprintf() function is both useful and secure in constructing SQL queries because of the built-in type checking. Better yet, use PDO.
  4. Turn off error messages MySQL or PHP outputs when things go wrong so crackers know nothing about the technical details of your build such as database schema. As a matter of fact, a good rule of thumb in web application security is that the less people know about your application’s internal structure, the better.
  5. For advanced SQL developers, extra abstraction layer in SQL in the form of stored procedures can benefit security because you implement yet another depth of defense and hide the schema of the database from the outside world.
  6. For mission critical applications, it goes without saying that custom logging of database accesses can help a lot in identifying security risks.
  7. If the database contains very sensitive data such as credit card information, you are strongly recommended to encrypt these tables or fields. Just use PHP cryptography extensions such as Mcrypt to encrypt any data that are to be stored and decrypt them when they are being retrieved.
Categories
PHP Tips & Tutorials

PHP: Why you should use dirname(__FILE__).‘/include.php’ instead of just ‘include.php’

When you need to include or require a php file that is in the same directory as the currently running one, most people come up with this simple line in the current script:

include('include.php');

While this approach doesn’t present obvious breaches, it is slightly inefficient than the following way:

include(dirname(__FILE__).'/include.php');

You will type a little more but the extra code frees PHP from iterating through the include_path in the attempt to locate ‘include.php’ because dirname(__FILE__) has explicitly returned the absolute path to the file. The constant __FILE__ in PHP always returns the absolute path to the script file that’s currently active – the PHP file in which the code line is being run right now. Function dirname() returns the directory part of the given path.

A better approach would be:

include('./include.php');

Which explicitly commands PHP to look for the file ‘include.php’ in the current directory, yet comes without the overhead of the function dirname(). With large applications, you would prefer storing the path of the primary working directory of the application in some centralized configuration files:

define('APP_DIR', '/home/appuser/appdomain.com/app');

And when you need to include a file in the sub directory ‘class’: 

include(APP_DIR.'/class/tobeincluded.php');

Thanks to Gumbo, alexef and Justin at Stack Overflow.