It’s easy to target firefox, just write as expected by the standards, at least most of the time. It’s also easy to target IE and any specific versions of them by a few of the famous hacks or the IE conditional comments to selectively include style sheets by version numbers. But how does one write …
CSS: How to write CSS rules to detect or target Chrome, Safari or Opera browsers only? Read More »
It’s not easy to become a great PHP developer which may very well take years of training and practice, but this doesn’t mean you shouldn’t do your best to not be a bad one that undermines every project he’s involved in. Based on the project experiences of my team and some recent researches done on …
It may considerably reduce XSS attack possibilities if not completely eradicate it. XSS, or Cross Site Scripting, is probably the most common security problems in web applications that engage in heavy user input. If you’ve ever tried to build a web application that users can input data in a lot of different venues, chances are …
It goes without saying that sensitive information such as passwords or pass phrases should never be stored in plain text in the database in the first place. The common practice is to hash the user password and store the resulted hash string. When the user tries to log in and supplies his password, it is …
To send parameters to a PHP script, you can either fabricate a form and post a few variables by the POST method or simply send a request of a URL full of GET value pairs. This way, in the server side PHP script code, you can retrieve these parameters sent from the client in $_POST …
To check if a URL or an email address is valid, the common solution is regular expressions. For instance, to validate an email address in PHP, I would use: if (preg_match(‘|^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$|i’, $email)) { // $email is valid } A simpler and more forgiving one would be: |^\S+@\S+\.\S+$| Which is usually quite enough for signup forms …
It may seem simple at first because most of us should be relying on the server side environmental variable REMOTE_ADDR solely for client IP addresses: echo $_SERVER[‘REMOTE_ADDR’]; Yet it’s barely enough to get the real IP for a variety of circumstances such as when the user is visiting your website from a proxy server. To …
PHP: How to detect / get the real client IP address of website visitors? Read More »
The simplest way to define a CSS rule in jQuery might be: $(".sth").css("color", "#f00"); To define more than one CSS rule in a single jQuery line: $(".sth").css("color", "#f00").css("font-style", "italic").css("text-decoration", "underline"); Which simply doesn’t look that good, especially if you intend to add more. A better way to specify multiple CSS rules or properties with jQuery …
How to define multiple CSS rules / properties in jQuery? Read More »
While you can always use .htaccess and the mod_rewrite module to map SEO friendly URLs to actual PHP parameterized URLs with question marks and ampersands, you can simply put these lines in .htaccess and then rely on PHP entirely to recognize and handle all incoming URL requests of any kind / form: <IfModule mod_rewrite.c> RewriteEngine …
Use PHP to handle all incoming URL requests in a SEO friendly manner Read More »
PHP file upload max size is determined by 3 configuration values in php.ini, namely upload_max_filesize, post_max_size and memory_limit. You can get the maximum file size allowed in uploading by this snippet: $max_upload = (int)(ini_get(‘upload_max_filesize’)); $max_post = (int)(ini_get(‘post_max_size’)); $memory_limit = (int)(ini_get(‘memory_limit’)); $upload_mb = min($max_upload, $max_post, $memory_limit); Wherein $upload_mb is the maximum file size allowed for upload …
PHP: Get the File Uploading Limit – Max File Size Allowed to Upload Read More »
I guess most of the websites out there are using plain strings for the years of footer copyright because many of them are still showing 2009 right now. If you have quite a few websites as I do, it’d be kind of intimidating to manually update the copyright years for all of them. So why …
PHP: Display Current Year to Automatically Update Copyright Years Read More »
Textarea and text input are common html form controls that accept text input. They can be a security challenge as they allow the user to enter anything they want. If you just go about using whatever data the user has entered, your application is anything but secure. Some sort of filtering / white-listing must be …
I’d like to share with you some tips about hardening the database part of your application. Here are a few things you can do in protecting the databases from being compromised in security: Create separate users with ONLY necessary privileges (as few as possible) to connect to the database for common daily tasks. Never use …
A few database security tips – things to do to effectively protect MySQL databases Read More »
When you need to include or require a php file that is in the same directory as the currently running one, most people come up with this simple line in the current script: include(‘include.php’); While this approach doesn’t present obvious breaches, it is slightly inefficient than the following way: include(dirname(__FILE__).’/include.php’); You will type a little …
PHP: Why you should use dirname(__FILE__).‘/include.php’ instead of just ‘include.php’ Read More »
Assuming you’ve logged in as root in Debian 5.0, to install the Go programming language by Google, Add these environmental variables for Go in .bash_profile: export GOROOT=$HOME/go export GOARCH=386 # for 32 bit architectures. Use GOARCH=amd64 for 64 bit architectures export GOOS=linux export GOBIN=$HOME/bin PATH=$PATH:$GOBIN Install the Mercurial ‘hg’ command: aptitude install mercurial Fetch the …
How to install the Go programming language on your server or VPS? Read More »
Here’s a quick tip for those who have encountered this very same problem that all regular expression functions of PHP such as preg_match() and preg_replace() stop working when the input string (subject string to be searched or matched) is too long or large. If you believe your regular expressions should work but didn’t and the …
PHP: Subject String Length Limit of Regular Expression Matching Functions Read More »
Update: Other than using the code outlined on this page, you may also want to download the Kavoir Contact Form script to be readily usable on your website. It’s also a free one and a rather easy one too. You should be able to do it yourself. To create a working contact form, you need …
One may first think of using JavaScript to do this by dynamically changing the windows status bar URL, but unfortunately this trick doesn’t work across Firefox browsers. The truth is the visitor or clicker will eventually find out that they’ve been referred to the affiliate merchant by you from the ultimate landing URL — sometimes …
Best way to hide and cloak your affiliate links? Read More »
When you have a VPS or dedicated server to manage, typically you’d have a bunch of different mysql users granted the privileges of every particular database for the sake of security. While this works well in segregating the privileges and preventing hackers from gaining access to all databases upon the compromise of only one mysql …
MySQL: How to backup ALL databases as root with mysqldump at once? Read More »
To show all MySQL databases, you can simply type SHOW DATABASES; or SHOW TABLES; to show all tables of the current database. However, if you want to list and display all the MySQL users, SHOW USERS; won’t work. So how to display a list of the MySQL users? As all user information such as user …
