Combined Queries-UNION

Mosy SQL queries contain just one SELECT statement that can return data from one table, or several tables using a join. The technique of combining two or more independent queries into a single data set is usually known as a union or a compound query.

You might want to use this technique to retrieve records from two tables that have a similar structure in a single query. For instance, suppose you have archived off some data so that you have a customers table that contains your current customers and another table called old_customers.

These tables would have the same structureor at least would share many common columns if new columns had been added to the customers table since the archive took place. Therefore, you could perform a query on this table that takes into account both current and archived customers. This would look something like the following:

SELECT name, telephone, email
FROM customers
UNION
SELECT name, telephone, email
FROM old_customers;

You can also use UNION to perform two different queries on the same table and combine the two results into a single data set.

mysql> SELECT first_name, last_name
    -> FROM customer_contacts
    -> WHERE customer_code = 'SCICORP'
    -> UNION
    -> SELECT first_name, last_name
    -> FROM customer_contacts
    -> WHERE customer_code = 'PRESINC';
+------------+-----------+
| first_name | last_name |
+------------+-----------+
| Albert     | Einstein  |
| Charles    | Darwin    |
| Marie      | Curie     |
| Benjamin   | Franklin  |
| Abraham    | Lincoln   |
| Richard    | Nixon     |
| Franklin   | Roosevelt |
| Theodore   | Roosevelt |
+------------+-----------+
8 rows in set (0.01 sec)

Read More

What is SQL Injection?

SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database.

it can be prevented by mysql_real_escape_string() function of PHP.

Such features as login pages, support and product request forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers.

Read More

keep your session secure php

1. Use SSL when authenticating users or performing sensitive operations.
2. Regenerate the session id whenever the security level changes (such as logging in). You can even regenerate the session id every request if you wish.
3. Have sessions time out
4. Don't use register globals
5. Store authentication details on the server. That is, don't send details such as username in the cookie.
6. Check the $_SERVER['HTTP_USER_AGENT']. This adds a small barrier to session hijacking. You can also check the IP address. But this causes problems for users that have changing IP address due to load balancing on multiple internet connections etc (which is the case in our environment here).
7. Lock down access to the sessions on the file system or use custom session handling
8. For sensitive operations consider requiring logged in users to provide their authenication details again.

Read More

send images to mail box

<?php 

$message = "<html><head></head><body>";

$message .= "<img src='http://exp.com/images/logo.jpg' alt='' />

</body>

</html>";

$cleanedFrom="admin@abfdgd.com";
$headers = "From: $cleanedFrom";
$headers .= 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

$to="snmurty99@gmail.com"; 
$subject="sample images";

mail($to, $subject, $message, $headers);

?> 

Read More

Checking if a Host Is Alive

Use PEAR's Net_Ping package:

require 'Net/Ping.php';

$ping = new Net_Ping;
if ($ping->checkhost('www.oreilly.com')) {
    print 'Reachable';
} else {
    print 'Unreachable';
}

$data = $ping->ping('www.oreilly.com');

The ping program tries to send a message from your machine to another.

 If everything goes well, you get a series of statistics chronicling the transaction. An error means that ping can't reach the host for some reason.

On error, Net_Ping::checkhost( ) returns false, 

and Net_Ping::ping( ) returns the constant PING_HOST_NOT_FOUND. If there's a problem running the ping program (because Net_Ping is really just a wrapper for the program), PING_FAILED is returned.

Read More

Opening a Remote File

You want to open a file that's accessible to you via HTTP or FTP.

Pass the file's URL to fopen( ): 

$fh = fopen('http://www.example.com/robots.txt','r') or die($php_errormsg);

When fopen( ) is passed a filename that begins with http://, it retrieves the given page with an HTTP/1.0 GET request (although a Host: header is also passed along to deal with virtual hosts). Only the body of the reply can be accessed using the file handle, not the headers. Files can be read, not written, via HTTP.

When fopen( ) is passed a filename that begins with ftp://, it returns a pointer to the specified file, obtained via passive mode FTP. You can open files via FTP for either reading or writing, but not both.

To open URLs that require a username and a password with fopen( ), embed the authentication information in the URL like this: 

$fh = fopen('ftp://username:password@ftp.example.com/pub/Index','r'); 

$fh = fopen('http://username:password@www.example.com/robots.txt','r');

Opening remote files with fopen( ) is implemented via a PHP feature 
called the URL fopen wrapper. It's enabled by 
default but is disabled by setting allow_url_fopen to off in 
your php.ini or web server configuration file. If 
you can't open remote files with fopen( ), check your server 
configuration.  

Read More

Changing File Permissions by php

Use chmod( ) to change the permissions of a file: 

chmod('/home/user/secrets.txt',0400);

Use chown( ) to change a file's owner and chgrp( ) to change a file's group:

<?php 

chown('/tmp/myfile.txt','sklar');           // specify user by name
chgrp('/home/sklar/schedule.txt','soccer'); // specify group by name

chown('/tmp/myfile.txt',5001);              // specify user by uid
chgrp('/home/sklar/schedule.txt',102); 

 // specify group by gid

?> 

The permissions passed to chmod( ) must be specified as an octal number.

The superuser can change the permissions, owner, and group of any file. Other users are restricted. They can change only the permissions and group of files that they own, and can't change the owner at all. Nonsuperusers can also change only the group of a file to a group they belong to.

The functions chmod( ), chgrp( ), and chown( ) don't work on Windows.

Read More

XML file using the DOM API

//Use PHP's DOM XML extension. Here's how to read XML from a file:

$dom = domxml_open_file('books.xml');

//Here's how to read XML from a variable:

$dom = domxml_open_mem($books);

//You can also get just a single node. Here's how to get the root node:

$root = $dom->document_element( );

//Here's how to do a depth-first recursion to process all the nodes in a document:

function process_node($node) {
    if ($node->has_child_nodes( )) {
        foreach($node->child_nodes( ) as $n) {
            process_node($n);
        }
    }

    // process leaves
    if ($node->node_type( ) =  = XML_TEXT_NODE) {
        $content = rtrim($node->node_value( ));
        if (!empty($content)) {
            print "$content\n";
        }
    }

}
process_node($root);

The W3C's DOM provides a platform- and language-neutral method that specifies the structure and content of a document. Using the DOM, you can read an XML document into a tree of nodes and then maneuver through the tree to locate information about a particular element or elements that match your criteria. This is called tree-based parsing . In contrast, the non-DOM XML functions allow you to do event-based parsing.

Read More

convert time in php

<?php

     $thishour = time() + (4*60*60);

     $newTime = date("d m Y H:i:s",$thishour);

     echo $newTime;

   ?>);

Read More

what is ob_start?

ob_start turns on output buffering,

Read More