PHP Programming

A common method for determining user authentication is to use sessions and cookies via PHP Programming. It is straight forward to implement, easy to secure, and fun! Authentication can be used for many purposes in your PHP Programs, from membership login to Online data repository access. Whatever your purpose, PHP Programmers can use authentication to discern between valid web site access and access that should be denied. (more…)

At the root of a successful eCommerce web site design is a searchable MySQL Database powered by PHP. Unless you only sell a few items that never change, you can expect your inventory to grow, require regular changes and additions, and keep you on your toes. It’s a whole different story from a point of Sale POS approach, although they can communicate together and operate as a single system using a single resource, if needed. If your eCommerce Database is hosted on your web server somewhere, it’s ging to require administration via the Internet, and that presents some issues for development as well as ongoing maintenance. (more…)

SQL Injection is a technique used by hackers to attack websites that accept GET or POST data. This is typically submitted to the server from web forms, but can be submitted directly to the web server using other methods besides a browser. The results of successful SQL Injection (and Code Injection) include accessing/modifying the MySQL Database, accessing/modifying the file system, viewing and stealing scripts, passwords, and other private information, and some others. Whatever the case may be, you do not want an attacker to successfully submit an SQL Injection against your website and there are steps you can take to prevent this security vulnerability from being exploited. (more…)

The following list is taken from W3 and posted here for easy reference. These are to be used for various situations when you want to override the default status sent by the server. Situations include when your content is deleted, but you do not want the search engine to see a broken link or missing page. If your content moves to a new location, you can inform browsers and engines to permanently look to the new location, not the old one. Keep the original page and return a header with the example below. Make sure your headers are sent BEFORE any content is sent, else you will likely get an error, or the header may be ignored. Explanations of each Status Code is included below. Please refer to W3 for latest updates and additions.

Example: header(’HTTP/1.1 301 Moved Permanently’); (more…)

This article will deal the how to of sending form data from Adobe Flash to your PHP/ASP file so it can be inserted into a database (or manipulated for whatever other reason). The trick is making sure a new window doesn’t popup and the page doesn’t refresh to run through the ASP/PHP code. That’s the one issue I’ve noticed with some downloadable example of contact or email form examples. A new window pops up and often says, Thanks for the email! I’ll give a really bare-bones example where no new windows popup and the window containing your Flash isn’t refresh. This articles example will show an example done in ASP, but this will work with any other programming language.

NOTE: This is not for beginners.

Components

• Flash File
• HTML with Flash File
• ASP/PHP/etc Page That Will Process Form Data
• HTML page with Frames.

Concept

What we’re going to do is set up a Flash File that will simply send form data to an ASP file. Our HTML page with frames will have two frames. One frame will contain the HTML with our Flash, the second will contain a sandbox that will allow the ASP file to refresh without ever affecting the main page we’re browsing. We’re going to hide the second frame so that we don’t ever see the refreshes happening.

I know what you’re thinking, frames are lame. In our example though, you won’t even notice it being there.

Flash File

Create a new Flash file, select the first blank frame you’re given, bring up the ActionScript window and copy and paste the following code:

stop();
varsToSend = new LoadVars();
varsToSend.firstVar=”Pat-Burt”;
varsToSend.send(”intoDatabase.asp”,”process”,”POST”);

Explanation
stop - makes sure that your Flash movie doesn’t loop and constantly send “Pat-Burt” to your ASP file.
varsToSend - our LoadVars() object that contains all the variables we’ll be sending to our ASP file.
firstVar - a variable, you can have any number of these.
send - sends the vars in varsToSend to intoDatabase.asp
process - the frame name (we’ll use this later)
post - how we’re sending the data to the database

HTML Frame Page

Create a new HTML page, strip the body tags and throw this in:

<FRAMESET rows=”100%, 1″ >
<FRAME src=”flash.html” name=”flash” noresize frameborder=”0″>
<FRAME src=”intoDatabase.asp” name=”process” noresize scrolling=”no” frameborder=”0″>
</FRAMESET>

Explanation
Frameset - creates the frames, defines the first to have 100% height, and the second to have a height of 1 pixel.
flash.html - Our HTML file with our Flash file inserted. It is named “flash”.
process.html - Our HTML file where our ASP file will be reloaded to insert data into the database. It’s located in the frame sized as 1 pixel.

ASP File

This is the simplest version I could present. Keep in mind you will need to define db which should reference your connection string to your database.

db.execute(”INSERT INTO database (message) VALUES (’”&request.form(”firstVar”)&”‘)” )

Explanation
request.form(”firstVar”) - the name of the variable in our Flash file
database - our database name
message - the column name in our database

HTML with Flash File

Insert your Flash file in whatever form you prefer. I recommend SWFObject.

Put Them All Together And Make Sure You…

• Name the HTML file with your Flash: flash.html
• Name your ASP file (in this example) to intoDatabase.asp
• Provide a <noframes /> alternative where the page is loaded in a new window in the off chance someone has frames turned off
• Don’t get to complicated. Get everything working in its simplest form before you add extra features

Good luck, hope that helps. By Patrick Burt

These days everyone wants to upload their images to a web application. Whether it’s a free public site like Photobucket, or an eCommerce Web Site like Shutterstock or Flickr, the concepts are the same. The intent is to provide a system for web users with no web programming skills, which lets them upload a single file, and do nothing else. The result is the automated manipulation of image uploads into thumbnails, various intermediate sizes, perhaps retaining the original image upload, and tracking all components with a MySQL Database. (more…)

Software developers using Asynchronous Javascript and XML (AJAX) techniques to jazz up corporate Web sites are failing to pay attention to some very fundamental security issues, security researchers warned at the Black Hat USA conference in Las Vegas on Wednesday. As a result, many companies that have rushed to AJAX-enable their sites may be dangerously vulnerable to a variety of Web-based threats of which they’re not even aware. (more…)