This function returns the absolute (positive) value of
expr.
| ||
This function returns -1, 0, or 1 depending on whether
expr is negative, zero, or positive, respectively.
| ||
This function returns the remainder of dividing
expr1 by expr2.
| ||
This function rounds down expr. returns the
largest integer value that is less than or equal to
expr.
| ||
This function rounds up expr . returns the
smallest integer value that is greater than or equal to
expr.
| ||
This function returns expr rounded to the nearest
integer. Note that the behaviour when the value is exactly an integer plus 0.5
is system dependant. Thus, you should not rely on any particular outcome when
migrating to a new system.
| ||
This function rounds expr to a number with
num decimal places, leaving trailing zeroes in place. Use
num=2, for example, to format a number as dollars and cents. Note that
the same uncertainty about the rounding of 0.5 applies as discussed for
ROUND above.
| ||
This function returns eexpr, the base of
natural logarithms raised to the power of expr.
| ||
This function returns ln expr, or logarithm of expr.
Remember, a logarithm with an arbitrary base B can be
calculated as LOG(expr)/LOG(B).
| ||
This function returns the base-10 logarithm of
expr.
| ||
This function returns expr1 raised to the power of
expr2.
| ||
This function returns the square root of
expr.
| ||
This function returns the value of πpi.
| ||
This function returns the cosine of expr in radians
| ||
This function returns the sine of expr in radians
(e.g. SIN(PI()) = 0).
| ||
This function returns the tangent of expr in
radians (e.g. TAN(PI()) = 0).
| ||
This function returns the arc cosine (cos-1 or
inverse cosine) of expr (e.g. ACOS(-1) =
3.141593).
| ||
This function returns the arc sine (sin-1 or
inverse sine) of expr (e.g. ASIN(0) =
3.141593).
| ||
This function returns the arc tangent (tan-1 or
inverse tangent) of expr (e.g. ATAN(0) =
3.141593).
| ||
This function returns the angle (in radians) made at the
origin between the positive x axis and the point
(x,y) (e.g. ATAN(1,0) =
1.570796).
| ||
This function returns the cotangent of expr (e.g.
COT(PI()/2) = 0).
| ||
This function returns a random, floating point number
between 0.0 and 1.0. If expr is specified, a random number will be
generated based on that value, which will always be the
same.
| ||
This function returns the smallest of the values
specified.
| ||
This function returns the largest of the values
specified.
| ||
This function returns the value of expr (in
radians) in
degrees.
| ||
This function returns the value of expr (in
degrees) in radians.
| ||
This function returns the value of floating point number
expr truncated to num decimal places
|
PHP-Mathematical Functions
PMA05:26
Database Backups using mysqldump
PMA05:18
The MySQL server, and mysql, the MySQL client, a MySQL installation comes
with many useful utility programs. We have seen mysqladmin, which is
responsible for the control and retrieval of information about an operational
MySQL server, for example.
mysqldump is another such program. When
run, it connects to a MySQL server (in much the same way as the mysql
program or the PHP language does) and downloads the complete contents of the
database you specify. It then outputs these as a series of SQL CREATE
TABLE and INSERT commands that, if run in an empty MySQL database,
would create a MySQL database with exactly the same contents as the
original.
If you redirect the output of mysqldump to a file, you can
store a “snapshot” of the database as a backup. The following command (typed all
on one line) connects to the MySQL server running on myhost as user
root with password mypass, and saves a backup of the database
called dbname into the file dbname_backup.sql:
shell%mysqldump -h myhost -u root -pmypass dbname > dbname_backup.sql
shell%mysqladmin -h myhost -u root -pmypass create dbname shell%mysql -h myhost -u root -pmypass dbname < dbname_backup.sql
The first command uses the mysqladmin program to create the
database; alternatively, you can do this at the MySQL command line. The second
connects to the MySQL server using the usual mysql program, and feeds in
our backup file as the commands to be executed.
Facilities exist in MySQL to keep up-to-date backups that are not
adversely affected by server activity at the time at which the backups are
generated. Unfortunately, they require you to set up a backup scheme
specifically for your MySQL data, completely apart from whatever backup measures
you have established for the rest of your data. As with any good backup system,
however, you'll appreciate it when the time comes to use it.
You can also edit update logs to undo mistakes that may have been made. For
example, if a co-worker comes to you after having accidentally issued a DROP
TABLE command, you can edit your update log to remove that command before
you restore your database using your last backup and the log application. In
this way, you can even keep changes to other tables that were made after the accident. And, as a precaution, you should probably
also revoke your co-worker's DROP privileges.
An update log is a record of all SQL queries that were received by the database,
and which modified the contents of the database in some way. This includes
INSERT, UPDATE, and CREATE TABLE statements among
others, but doesn't include SELECT statements.
PHP file functions
PMA05:13
Opens a file for reading and/or writing. This file can be
stored on the server's hard disk, or PHP can load it from a URL just like a Web
browser would.
| ||
Tells PHP you're finished reading/writing a particular file
and releases it for other programs or scripts to use.
| ||
Reads data from a file into a PHP variable. Allows you to
specify how much information (i.e. how many characters or bytes) to
read.
| ||
Writes data from a PHP variable into a
file.
| ||
Performs a run-of-the-mill file copy
operation.
| ||
Deletes a file from the hard disk.
Through examination of server logs, you'll probably find that this is one of the most requested pages on your site. If you ask yourself some of the questions above, you'll realize that this page doesn't have to be dynamically generated for every request. As long as it's updated every time new content is added to your site, it'll be as dynamic as it needs to be. With a PHP script, you can generate a static snapshot of the dynamic page's output and put this snapshot online, in place of the dynamic version . By converting high-traffic dynamic pages into semi-dynamic equivalents, which are static pages that get dynamically regenerated at regular intervals to freshen their content, you can go a long way towards reducing the toll that the database-driven components of your site take on your Web server's performance. Website, you probably see site traffic as something you'd like to encourage. Unfortunately, high site traffic is just the kind of thing that a Web server administrator dreads—especially when that site is primarily composed of dynamically generated, database-driven pages. Such pages take a great deal more horsepower from the computer that runs the Web server software than plain, old HTML files do, because every page request is like a miniature program that runs on that computer.
|
Govt Job At AIIMS Bhuvaneswar Recruitment 2014
PMA00:05
Govt Job At AIIMS Bhuvaneswar Recruitment 2014
AIIMS BHU Recruitment 2014 – Various Vacancies. All India Institute of Medical SciencesAIIMS, Bhuvaneswar invites Online Applications on the prescribed pro-forma from suitable
candidates for recruitment of Group A and B posts on Direct Recruitment Basis.
Eligible Persons apply on the prescribed format on or before 31st March 2014.
Location: Bhuvaneswar.
Post details: S.No Name of The Post No of Posts Qualification Pay or Salary Age
Limt 1 Lecturer in Nursing 04 Master’s Degree in Nursing from a recognized
Institution/University.Registered Nurse Midwife.
Five years’ experience with a minimum of two years teaching experience in Nursing. Rs.15,600-39,100 /- 50 years 2 Blood Transfusion Officer 01 A recognized Medical Qualification included in I
or II schedule or part II of the 3rd schedule other than the licentiate qualifications
to the Indian Medical Council Act 1956. Holders of educational qualifications include
in Part-II of the 3rd Schedule should fulfill the conditions stipulated in sub-section 3
of the section 13 of the Indian Medical Council Act 1956. Rs.15,600-39,100 /- 30years 3
Child Psychologist 01 M.A. with specialized training/Ph.D in psychology/ or any other
equivalent qualification. Rs.15,600-39,100 /- 35 years 4 Clinical Psychologist 01 Master Degree
LDC Junior Stenographer Jobs Vacancies
PMA00:02
LDC & Junior Stenographer Jobs Vacancies
Post details: S.No Name of The Post No of PostsQualification Pay or Salary Age Limt 1 Lower Division Clerk 01 12th Class pass
or its equivalent qualification from a recognized Board or University with
typing speed @ 35 w.p.m. in English or @ 30 w.p.m. in Hindi on Computer
corresponds to 10,500/9,000 KDPH respectively Rs. 5200-20200/- below 33 years
2 Junior Stenographer 01 12th class pass or equivalent from a recognized Board
or University with speed @ 80 w.p.m. in English Shorthand and typing speed @ 40 w.p.m.
in English 40 w.p.m. corresponds to 12,000 KDPH on computer. Stenography
transcription in 50 minutes in English on Computer.
One year experience is desirable. Rs.5200-20200/- below 30 years Selection Procedure:
Skill tests for both LDC and Jr. Stenographer shall be conducted only on Computer.
How to Apply: Applications format available
at the Website www.ncsm.gov.in or www.ncsm.org.in .
Engineering Job At UPSC
PMA23:15
Engineering Services At UPSC
Engineering Services At UPSC
Post:582
Age:21-30 years
Category I - Civil Engineering
Category II - Mechanical Engineering
Category III - Electrical Engineering
Category IV - Electronics & Telecommunication Engineering
Qualification:Candidate must hold a degree in Engineering or equivalent. Provided that a
candidate applying for the posts of Indian Naval Armament Service
Electronics Engineering Posts and Engineer Group A in Wireless Planning &
Coordination Wing/ Monitoring Organisation may possess M.Sc.Degree or its
equivalent with Wireless Communication, Electronics, Radio Physics or Radio
Engineering as a special subject. Candidates who qualify on the results of
the written part of the examination will be summoned for personality test.
Fee: Rs.200
Apply Online: http://upsconline.nic.in/mainmenu2.php
Last Date:21/04/2014
The Motorola Moto X
PMA06:09
The Motorola Moto X- speedy camera
Nice voice command well-crafted design.
Great battery.
Easy customized designs
Amazon phone
Job At Shaheed Bhagat Singh College
PMA05:55
Post For Assistant Professor in Shaheed Bhagat Singh College
Total Post : 48 posts
Pay Scale : Rs. 15600 - 39100 grade pay Rs. 6000/-
Applications Address:
Shaheed Bhagat Singh College, University of Delhi, Sheikh Sarai,
Phase-II, New Delhi – 110017 within 21 days from the date of advertisement,
complete in all respect with self-attested copies of certificates, marksheets, testimonials etc.
with a demand draft of Rs.250/- for General /OBC and Rs.100/-for SC/ST/Pwd
in favour of the Principal, Shaheed Bhagat Singh College, Delhi, Payable at Delhi
Last Date: 25/03/2014
View Details http://www.sbsc.in for application form.
Total Post : 48 posts
Pay Scale : Rs. 15600 - 39100 grade pay Rs. 6000/-
Applications Address:
Shaheed Bhagat Singh College, University of Delhi, Sheikh Sarai,
Phase-II, New Delhi – 110017 within 21 days from the date of advertisement,
complete in all respect with self-attested copies of certificates, marksheets, testimonials etc.
with a demand draft of Rs.250/- for General /OBC and Rs.100/-for SC/ST/Pwd
in favour of the Principal, Shaheed Bhagat Singh College, Delhi, Payable at Delhi
Last Date: 25/03/2014
View Details http://www.sbsc.in for application form.
SBSC Delhi wants Assistant Professor
PMA03:53
Applications are invited on the prescribed application forms for the
posts of Assistant Professor in Shaheed Bhagat Singh College in various
subjects :
Bhagat Singh College, (University of Delhi), Sheikh Sarai, Phase-II,
New Delhi – 110017 within 21 days from the date of advertisement,
complete in all respect with self-attested copies of certificates, marksheets,
testimonials etc., along with a demand draft of Rs.250/- for General /OBC
and Rs.100/- for SC/ST/Pwd in favour of the
Principal, Shaheed Bhagat Singh College, Delhi, Payable at Delhi on
Last Date: 25/03/201.
View details http://www.sbsc.in for details and application form.
- Assistant Professor : 48 posts in various subjects,
- Pay Scale : Rs. 15600 - 39100 grade pay Rs. 6000/-
Bhagat Singh College, (University of Delhi), Sheikh Sarai, Phase-II,
New Delhi – 110017 within 21 days from the date of advertisement,
complete in all respect with self-attested copies of certificates, marksheets,
testimonials etc., along with a demand draft of Rs.250/- for General /OBC
and Rs.100/- for SC/ST/Pwd in favour of the
Principal, Shaheed Bhagat Singh College, Delhi, Payable at Delhi on
Last Date: 25/03/201.
View details http://www.sbsc.in for details and application form.
Job At National Institute of Foundry and Forge Technology
PMA03:49
National Institute of Foundry and Forge Technology
Hatia, Ranchi – 834003, Jharkhand
1. Foundry Technology
2. Forge Technology
3. Manufacturing Engineering
4. Materials and Metallurgical Engineering
5. Applied Science and Humanities :
View Details
http://www.nifft.ernet.in/Faculty%20Recruitment%20Application%20Form_modified.pdf
Hatia, Ranchi – 834003, Jharkhand
1. Foundry Technology
2. Forge Technology
3. Manufacturing Engineering
4. Materials and Metallurgical Engineering
5. Applied Science and Humanities :
- Assistant Professor : 39 posts, Pay Scale : Rs. 15600-39100 Grade Pay Rs 6000/-
- Associate Professor : 11 posts, Pay Scale : Rs. 37400-67000 Grade Pay Rs 9000/-
- Professor : 07 posts, Pay Scale : Rs. 37400-67000 Grade Pay Rs 10000/-
View Details
http://www.nifft.ernet.in/Faculty%20Recruitment%20Application%20Form_modified.pdf
Management Trainee Job At Coal India
PMA03:46
Coal India Limited requires Management Trainee
Posts:339
Environment-72, Sales & Marketing -31,
Personnel-26, Finance -73,
Community Development-120, Materials Management-17
Pay Scale : E2 grade Rs.20600-46500 and on successful completion of training will be posted in the E3 grade Rs.24900-50500,
Age : 30 years. Relaxation in age as per rules.
Application Fee :
Rs.500/- by means of a Bank DD in favour of Coal India Limited
payable at Kolkata. No fee for SC/ST/PH
How to Apply : Apply Online at Coal India Website from 17/03/2014 to 14/04/2014.
Take a printout of the system generated application form and send it with application fee, relevant documents and pasting a recent passport size photograph on it in an envelope superscribed as with post applied for on or before 28/04/2014 to : General Manager (Personnel/ Recruitment), Coal India Limited, 10, Netaji Subhas Road, Kolkata - 700001.
http://www.coalindia.in/career/en-us/CurrentOpening.aspx
Posts:339
Environment-72, Sales & Marketing -31,
Personnel-26, Finance -73,
Community Development-120, Materials Management-17
Pay Scale : E2 grade Rs.20600-46500 and on successful completion of training will be posted in the E3 grade Rs.24900-50500,
Age : 30 years. Relaxation in age as per rules.
Application Fee :
Rs.500/- by means of a Bank DD in favour of Coal India Limited
payable at Kolkata. No fee for SC/ST/PH
How to Apply : Apply Online at Coal India Website from 17/03/2014 to 14/04/2014.
Take a printout of the system generated application form and send it with application fee, relevant documents and pasting a recent passport size photograph on it in an envelope superscribed as with post applied for on or before 28/04/2014 to : General Manager (Personnel/ Recruitment), Coal India Limited, 10, Netaji Subhas Road, Kolkata - 700001.
http://www.coalindia.in/career/en-us/CurrentOpening.aspx
PHP registration form-code-demo
PMA06:08
PHP registration form-code-demo
//error_reporting(0);
session_start();
include "include/connection.php";
include "include/functions.php";
$fname='';
$lname='';
$dob='';
$email='';
$phone='';
$capital_city='';
$locality='';
$pwd='';
$repwd='';
$msg='';
if(isset($_POST['registration']))
{
$fname=trim($_POST['f_name']);
$lname=trim($_POST['l_name']);
if($_POST['dob']!=''){
$dob=getRevDate($_POST['dob']);
}
$email=trim($_POST['email']);
$phone=trim($_POST['phone']);
$capital_city=trim($_POST['capital_city']);
$locality=trim($_POST['locality']);
$pwd=trim($_POST['pwd']);
$repwd=trim($_POST['repwd']);
$confirm_code=md5(RandomString());
if($fname=='')
$msg='please enter first name';
else if($lname=='')
$msg='Please enter last name';
else if($dob=='')
$msg='Please enter date of birth';
else if($email=='')
$msg='Please enter email';
else if(!filter_var($email, FILTER_VALIDATE_EMAIL))
$msg='Please enter valid email';
else if(chkEmailExist('users',$email))
$msg='Email allready register';
else if($phone=='')
$msg='Please enter phone no';
else if(!is_numeric($phone))
$msg='Phone no should be numeric';
else if($capital_city=='')
$msg='Please enter capital city';
else if($pwd=='')
$msg='Please enter password';
else if(strlen($pwd)<6)
$msg='Password lenght should be minimum 6 character';
else if($repwd=='')
$msg='Please enter repassword';
else if($pwd!=$repwd)
$msg='Password and repassword should be same';
else{
echo $sql="insert into `users` set `email`='$email',`password`='$pwd',`status`='3',`confirm_code`='$confirm_code'";
$res=mysql_query($sql);
echo $user_id=mysql_insert_id();
if($res){
echo $sql1="insert into `user_profile` set `userId`='$user_id',
`firstName`='$fname',
`lastName`='$lname',
`dob`='$dob',
`email`='$email',
`phoneNo`='$phone',
`capital_city`='$capital_city',
`locality`='$locality',
`status`='2'
";
$res1=mysql_query($sql1);
$_SESSION['userId']=$user_id;
$_SESSION['UserName']=$fname;
if($res1){
$email_content_rg=getEmailContent(1);
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$subject=$email_content_rg['subject'];
$message ="Hi,<br/> ".$fname." ".$lname."<br/><br/><br/>";
$message .=$email_content_rg['content'];
$message .="<br/><br/><a href='http://".$_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF'])."/confirmation.php?act=confregis&a=".urlencode($user_id)."&b=".$confirm_code."' >Please Click the link to activate your registration.. </a>";
mail($email,$subject,$message,$headers);
/*header("Location:index.php?m=rs");*/
header("Location:profile.php");
}
}else{
$msg='Registration unsuccesful';
}
}
}
//echo $msg;
?>
<?php include "include/header.php"; ?>
<div class="container">
<div class="row" align="center" style="margin-top:30px;">
<div class="span12">
<div class="row">
<div class="span6">
<div class="thumbnail">
<h4>Registration</h4>
<p>
<form class="form-horizontal" name="reg" id="reg" action="#" method="post">
<div class="control-group">
<label class="control-label">First Name</label>
<div class="controls">
<input type="text" name="f_name" id="rf_name" value="<?php echo $fname; ?>" placeholder="First Name">
</div>
</div>
<div class="control-group">
<label class="control-label" >Last Name</label>
<div class="controls">
<input type="text" name="l_name" id="rl_name" value="<?php echo $lname; ?>" placeholder="Last Name">
</div>
</div>
<div class="control-group">
<label class="control-label" >Date of birth</label>
<div class="controls">
<input type="text" name="dob" id="r_dob" value="<?php if($dob!=''){ echo getRevDate($dob); } ?>" placeholder="Date of birth">
</div>
</div>
<div class="control-group">
<label class="control-label">Email</label>
<div class="controls">
<input type="text" name="email" id="r_email" value="<?php echo $email; ?>" placeholder="Email">
</div>
</div>
<div class="control-group">
<label class="control-label">Phone</label>
<div class="controls">
<input type="text" name="phone" id="r_phone" value="<?php echo $phone; ?>" placeholder="phone">
</div>
</div>
<div class="control-group">
<label class="control-label">City</label>
<div class="controls">
<!--<input type="text" name="capital_city" id="r_capital_city" value="<?php //echo $phone; ?>" placeholder="phone">-->
<select name="capital_city" id="r_capital_city" onChange="return getLocalityList()">
<option value="">Select capital city</option>
<?php echo getCapitalCityList($capital_city); ?>
</select>
</div>
</div>
<div class="control-group">
<label class="control-label">Locality</label>
<div class="controls">
<!-- <input type="text" name="related_city" id="r_related_city" value="<?php //echo $phone; ?>" placeholder="phone">-->
<select name="locality" id="r_locality">
<option value="">Select locality</option>
<?php if($capital_city!=''){ echo getLocalityList($capital_city,$locality); } ?>
</select>
</div>
</div>
<div class="control-group">
<label class="control-label">Password</label>
<div class="controls">
<input type="password" name="pwd" id="r_pwd" value="<?php echo $pwd; ?>" placeholder="Password"><span id="result"></span>
</div>
</div>
<div class="control-group">
<label class="control-label" >Re-type Password</label>
<div class="controls">
<input type="password" name="repwd" id="r_repwd" value="<?php echo $repwd; ?>" placeholder="Re-type Password"><span id="result"></span>
</div>
</div>
<div class="control-group">
<div class="controls">
<input type="hidden" name="registration" id="registration" value="registration" >
<button type="button" class="btn btn-primary" onClick="subRegistraiton()">Sign in</button>
</div>
</div>
</form>
</p>
</div>
</div>
<div class="span6">
<div class="thumbnail">
<h4>Already Registered</h4>
<p>
<form class="form-horizontal" name="loginForm" action="index.php" method="post">
<div class="control-group">
<label class="control-label">User Id</label>
<div class="controls">
<input type="text" name="userName" id="l_userName" placeholder="Userid">
</div>
</div>
<div class="control-group">
<label class="control-label" >Password</label>
<div class="controls">
<input type="password" name="password" id="l_password" placeholder="Password">
</div>
</div>
<div class="control-group">
<div class="controls">
<input type="hidden" name="login" value="login" >
<button type="button" class="btn btn-primary" id="LoginButton" onClick="return subLogin()">Login</button>
</div>
</div>
</form>
</p>
</div>
</div>
</div>
</div>
</div>
<?php include "include/footer.php";?>
<script src="http://code.jquery.com/jquery-latest.js"></script>
<script src="js/bootstrap.js"></script>
<!-------------------------------------------------For Date Picker----------------------------------------------------------->
<link href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/base/jquery-ui.css" rel="stylesheet" type="text/css"/>
<script src="http://code.jquery.com/ui/1.10.3/jquery-ui.js"></script>
<!------------------------------------------------------------------------------------------------------------>
<script type="text/javascript">
$(function() {
var $j = jQuery.noConflict();
$j("#r_dob").datepicker({ dateFormat: "dd-mm-yy",changeMonth: true,changeYear: true,yearRange:'-90:+0'}).val();
});
</script>
<script>
$.noConflict();
function subRegistraiton()
{
var fname=$('#rf_name').val();
var lname=$('#rl_name').val();
var dob=$('#r_dob').val();
var email=$('#r_email').val();
var phone=$('#r_phone').val();
var capital_city=$('#r_capital_city').val();
var locality=$('#r_locality').val();
var pwd=$('#r_pwd').val();
var repwd=$('#r_repwd').val();
var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;
if(fname=='')
{
alert('Please enter first name');
$('#rf_name').focus();
return false;
}
else if(lname=='')
{
alert('Please enter last name');
$('#rl_name').focus();
return false;
}
else if(dob=='')
{
alert('Please enter date of birth');
$('#r_dob').focus();
return false;
}
else if(email=='')
{
alert('Please enter email');
$('#r_email').focus();
return false;
}
else if(!filter.test(email))
{
alert('Please provide a valid email address');
// $('#r_email').val('');
$('#r_email').focus();
return false;
}
else if(phone=='')
{
alert('Please enter phone no');
$('#r_phone').focus();
return false;
}
else if(phone.length!=10)
{
alert('Phone number should be 10 digits');
$('#r_phone').focus();
return false;
}
else if(capital_city=='')
{
alert('Please select capital city');
$('#r_capital_city').focus();
return false;
}
else if(pwd=='')
{
alert('Please enter password');
$('#r_pwd').focus();
return false;
}
else if(pwd.length < 8)
{
alert("Please enter at least 8 characters");
$('#r_pwd').val('');
$('#r_pwd').focus();
return false;
}
else if(repwd=='')
{
alert('Please enter re-password');
$('#r_repwd').focus();
return false;
}
else if(pwd!=repwd)
{
alert('Password and repassword does not match');
$('#r_repwd').val('');
$('#r_repwd').focus();
return false;
}else{
document.reg.submit();
$.loader();
// setTimeout( "$.loader('close');",20000 );
}
}
function subLogin()
{
var userName=$("#l_userName").val();
var password=$("#l_password").val();
if(userName==''){
alert('Please enter username');
$("#l_userName").focus();
return false
}
else if(password=='')
{
alert('Please enter password');
$("#l_password").focus();
return false;
}else{
document.loginForm.submit();
$.loader();
// setTimeout( "$.loader('close');",10000 );
}
}
function getLocalityList()
{
var capitalCity=$("#r_capital_city").val();
$.ajax({
type: 'POST',
url: 'ajax/ajax_cityList.php',
data: {'capital_city' : capitalCity ,'action' : 'locality'},
success: function(data){
$("#r_locality").html(data);
}
});
}
</script>
<script>
<?php
if($msg!=''){
?>
alert('<?php echo $msg; ?>');
<?php
}
?>
</script>
<script>
$(function(){
$(window).keypress(function(ev){
if(ev.charCode == 99)
{
$.loader('close');
}
});
$('#test1button1').click(function(){
$.loader();
setTimeout( "$.loader('close');",3000 );
});
});
</script>
File uploaded code-with-validation-PHP
PMA05:55
PHP File uploaded code-with-IMAGE EXTENSION Validation
<?php
session_start();
include "include/connection.php";
include "include/functions.php";
$userId=$_SESSION['userId'];
if(!isset($_SESSION['userId'])){
header("Location:index.php");
}
$prof_type=@$_REQUEST['tp'];
$msg='';
if(isset($_POST['subProfileImage']))
{
$extArray=array("jpg","jpeg","png","gif");
$profImageName=$_FILES['profImage']['name'];
$fileSize=$_FILES['profImage']['size'];
$ext =strtolower(pathinfo($profImageName, PATHINFO_EXTENSION));
if($profImageName=='')
{
$msg='Please select an image';
}
else if(!in_array($ext,$extArray))
{
$msg="Please select 'jpg','jpeg','png','gif' type image extension";
}
else if($fileSize > 13072400)
{
//$msg='Please select image size lessthan 300kb';
}
else{
$imageName=time().$_FILES['profImage']['name'];
if(move_uploaded_file($_FILES['profImage']['tmp_name'],"upload/prof_photo/".$imageName))
{
$oldImgLink=getProfImageLink($userId);
$sql="update `user_profile` set `imageLink`='$imageName' where `userId`='$userId'";
mysql_query($sql);
@unlink("upload/prof_photo/".$oldImgLink);
}
}
}
$sql_prof="select * from `user_profile` where `userId`='$userId' ";
$res_prof=mysql_query($sql_prof);
$r_prof=mysql_fetch_array($res_prof);
?>
HTML form
<form name="profImageForm" id="profImageForm" action="" method="post" enctype="multipart/form-data">
<h3 id="myModalLabel">Change Profile Pictute</h3>
</div>
<div class="modal-body">
<p>
<input class="btn btn-primary" type="file" name="profImage" placeholder="Browse for File">
</p>
</div>
<div class="modal-footer">
<input type="hidden" name="tab" id="tabProfileType" value="<?php echo $prof_type; ?>" />
<input type="hidden" name="subProfileImage" id="subProfileImage" value="subProfile" />
<button class="btn btn-primary" onClick="return profImageSubmit()">Save changes</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</form>
</div>
</div>
<div class="span7">
<div id="personalDetails" style="display:<?php echo $t = ($prof_type=="") ? "none" : "none" ; ?>;" >
<form class="form-horizontal" name="profileForm" id="profileForm" action="#" method="post">
<!-- <input type="hidden" name="persionalStatus" id="persionalStatus" value="<?php //echo $r_prof['status']; ?>" >-->
<legend>Your Contact Information</legend>
<div class="control-group">
<label class="control-label" for="inputEmail">First Name</label>
<div class="controls">
<input type="text" name="fname" id="p_fname" value="<?php echo $r_prof['firstName']; ?>" placeholder="Full Name">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputEmail">Last Name</label>
<div class="controls">
<input type="text" name="lname" id="p_lname" value="<?php echo $r_prof['lastName']; ?>" placeholder="Last Name">
</div>
</div>
<!--<div class="control-group">
<label class="control-label" for="inputEmail">Nickname</label>
<div class="controls">
<input type="text" name="nickname" id="p_nname" value="<?php //echo $r_prof['nickName']; ?>" placeholder="Nickname">
</div>
</div>-->
<div class="controls">
<div class="radio">
<label>
<input type="radio" name="gender" id="p_gender" value="m" <?php if($r_prof['gender']=='m'){ echo 'checked'; }?> >
Male</label>
</div>
<div class="radio">
<label>
<input type="radio" name="gender" id="p_gender" value="f" <?php if($r_prof['gender']=='f'){ echo 'checked'; }?>>
Female</label>
</div>
</div>
<p></p>
<div class="control-group">
<label class="control-label" for="inputEmail">Date of Birth</label>
<div class="controls">
<input type="text" name="dob" id="p_dob" value="<?php echo getRevDate($r_prof['dob']); ?>" placeholder="DOB">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputEmail">Mobile No</label>
<div class="controls">
<input type="text" name="phoneNo" id="p_phoneNo" value="<?php echo $r_prof['phoneNo']; ?>" placeholder="Mobile No">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Capital City</label>
<div class="controls">
<select name="capital_city" id="p_capital_city" onChange="return getLocalityList()">
<option value="">Select capital city</option>
<?php echo getCapitalCityList($r_prof['capital_city']); ?>
</select>
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Locality</label>
<div class="controls">
<select name="locality" id="p_locality">
<option value="">Select locality</option>
<?php echo getLocalityList($r_prof['capital_city'],$r_prof['locality']); ?>
</select>
</div>
</div>
<div class="btn-group" >
<input type="hidden" name="updateProf" id="updateProf" value="updateProf" />
<button type="submit" class="btn btn-primary" id="" onClick="return submitProfile()">Submit</button>
<button type="reset" class="btn">Reset</button>
<!--<button type="reset" class="btn">Cancel</button>-->
</div>
</form>
php include file-dem-code
PMA05:26
PHP include file-dem-code
<?php
include "include/connection.php";
include "include/functions.php";
?>
----------------------------->
<?php
session_start();
/* if(@$_REQUEST['userId']!='')
{
$_SESSION['showUserId'] = $_REQUEST['userId'];
header("Location:showUserProfile.php");
}*/
if(@$_SESSION['userId']=='')
{
header("Location:index.php");
}
include "include/connection.php";
include "include/functions.php";
$msg='';
// $userId=$_SESSION['showUserId'];
$userId=$_SESSION['userId'];
$sql_prof="select * from `user_profile` where `userId`='$userId' ";
$res_prof=mysql_query($sql_prof);
$count=mysql_num_rows($res_prof);
$r_prof=mysql_fetch_array($res_prof);
if($count < 1){
header("Location:index.php");
}
?>
simple contactus page-php-code-demo
PMA05:23
Simple contactus page-php-code-demo
with javascript validation
<?php
session_start();
include "include/connection.php";
include "include/functions.php";
include "include/header.php";
//$r=getCMSPageContent(8);
$current_date=date('Y-m-d');
$msg='';
if(isset($_POST['submit_contact']))
{
$fname=trim($_POST['fname']);
$lname=trim($_POST['lname']);
$email=trim($_POST['email']);
$contact_no=trim($_POST['contact_no']);
$address=addslashes(trim($_POST['address']));
$ip_add=$_SERVER["REMOTE_ADDR"];
$sql="insert into `sp_contactus` set `fname`='$fname',
`lname`='$lname',
`email`='$email',
`contact_no`='$contact_no',
`address`='$address',
`ip_add`='$ip_add',
`creation_date`='$current_date'
";
$res=mysql_query($sql);
if($res)
{
$msg="Your contact details are recive ..";
}
}
?>
<div class="container">
<div class="row" style="margin-top:30px;">
<div class="span6">
<div class="thumbnail" style="padding:30px;">
<h4>We are Located at :-</h4>
<p style="text-align:justify;">
<address>
<strong>TestTeam</strong><br>
PO Box 654, Westmead,<br>
NSW, 26545<br>
Australia<br>
</address>
<address>
<strong>Email us at</strong><br>
<a href="mailto:#">info@test.com</a>
</address>
</p>
</div>
</div>
<div class="span6">
<p>
<form class="form-horizontal" name="contact" id="contact" action="" method="post">
<legend>Contact Us</legend>
<div class="control-group">
<label class="control-label" for="inputEmail">First Name</label>
<div class="controls">
<input type="text" name="fname" id="fname" placeholder="First Name">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputEmail">Last Name</label>
<div class="controls">
<input type="text" name="lname" id="lname" placeholder="Last Name">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Email Id</label>
<div class="controls">
<input type="email" name="email" id="email" placeholder="Email Id">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Contact No</label>
<div class="controls">
<input type="text" name="contact_no" id="contact_no" placeholder="Contact No">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Address</label>
<div class="controls">
<textarea name="address" id="address" rows="5"></textarea>
</div>
</div>
<div class="control-group">
<div class="controls">
<input type="hidden" name="submit_contact" value="submit_contact" >
<button type="button" class="btn btn-primary" onClick="return submit_contact_us()">Send</button>
</div>
</div>
</form>
</p>
</div>
</div>
<?php include("include/footer.php");?>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>
<script language="javascript">
function submit_contact_us()
{
var fname=$("#fname").val();
var lname=$("#lname").val();
var email=$("#email").val();
var contact_no=$("#contact_no").val();
var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;
if(fname=='')
{
alert('Please enter first name');
$("#fname").focus();
return false;
}
else if(lname=='')
{
alert('Please enter last name');
$("#lname").focus();
return false;
}
else if(email=='')
{
alert('Please enter your email');
$("#email").focus();
return false;
}
else if(!filter.test(email))
{
alert('Please provide a valid email address');
$("#email").focus();
return false;
}
else if(contact_no=='')
{
alert('Please enter your contact no');
$("#contact_no").focus();
return false;
}
else if(isNaN(contact_no))
{
alert('Contact no should be numeric');
$("#contact_no").focus();
return false;
}else {
document.contact.submit();
}
}
<?php if($msg!=''){ ?>
alert("<?php echo $msg; ?>");
<?php } ?>
</script>
mysql_fetch_array-code-demo
PMA05:19
Example-1
mysql_fetch_array code demo<?php
//error_reporting(0);
session_start();
include "include/connection.php";
include "include/functions.php";
if(@$_REQUEST['act']=='confregis')
{
$user_id=urldecode($_REQUEST['a']);
$confirm_code=$_REQUEST['b'];
$sql="select * from `users` where `id`='$user_id' and `confirm_code`='$confirm_code'";
$res=mysql_query($sql);
$count=mysql_num_rows($res);
$r=mysql_fetch_array($res);
if($count > 0)
{
$sql1="update `users` set `status`='1' where `id`='$user_id'";
mysql_query($sql1);
$sql2="select * from `users` where `id`='$user_id' and `status`='1'";
$res2=mysql_query($sql2);
$row2=mysql_fetch_array($res2);
$_SESSION['userId']=$row2['id'];
$_SESSION['UserName']=getUserNameByuserId($r['id']);
//$_SESSION['adviser_email']=$row['email'];
header('Location: Location:profile.php');
}
}
header('Location: index.php');
?>
Example-2
<?php
echo $sql="select * from `user_profile` up,`user_freelance` uf,list_industry ind,list_functional_area fa
where up.userId=uf.userId
and uf.industryName=ind.id
and uf.functionalArea=fa.id
and (ind.`industryName` like '%$attrName%' or fa.functionalArea = '%$attrName%')
and up.`status`='1'
and uf.`status`='1' ";
$sql="select * from `user_profile` up,`user_freelance` uf,list_industry ind,list_functional_area fa
where up.userId=uf.userId
and uf.industryName=ind.id
and uf.functionalArea=fa.id
and (ind.`industryName` like '%$attrName%' or fa.`functionalArea` like '%$attrName%')
and up.`status`='1'
and uf.`status`='1' ";
$res= mysql_query($sql);
$count=mysql_num_rows($res);
while($r=mysql_fetch_array($res)){
?>
Advanced SQL
PMA03:33
Many of the features shown in this chapter are specific to MySQL's
version of SQL. For example, MySQL's functions are useful tools for
working with strings, dates and times, and math. Also, we'll show some
ways to tune MySQL in order to improve application performance.
It's important to know how to choose and design indexes for fast querying,
and how to use MySQL's query cache for fast results.
Exploring your database, tables, indexes, and performance with SHOW
More on SELECT queries, including advanced join types, aliases, nested queries,
user variables, and the limitations of MySQL.
More on manipulating data and databases, including finding out about tables
and databases, creating tables with queries, altering tables, more on the
UPDATE and DELETE statements, and bulk loading and exporting data.
Functions and operators in SQL and MySQL
Automatically running queries
MyISAM, InnoDB, and Heap table types
Backup and recovery, and transferring data between database servers
Managing database server users and privileges, and creating users for web
database applications.
Basic tuning of MySQL, including index design, using the query cache,
and, miscellaneous tips for speed.
The SHOW command is useful for exploring the details of databases, tables,
indexes, and MySQL. It's a handy tool when you're writing new queries,
modifying database structure, creating reports, or understanding how your
MySQL server is performing. The SHOW command isn't part of the SQL
standard and is MySQL-specific. It can be used in several ways:
SHOW DATABASES
Lists the databases that are accessible by the MySQL server. You will only
see those databases that you have access to, unless you have the
SHOW DATABASES privilege;
privileges and user rights are discussed later in this chapter.
SHOW TABLES
Shows the tables in the database, after a database has been
selected with the use command.
SHOW TABLE STATUS
Provides information about all tables in the current database,
including the table type, number of rows, how the rows are stored,
average row length, size of the datafile, next auto_increment value if applicable,
creation time, last modification time, and any extra options
used with CREATE TABLE.
SHOW CREATE TABLE tablename
Shows the CREATE TABLE statement that was used to create the table tablename.
The output always includes any additional information automatically added or
changed by MySQL during the creation process, such as the table type and
character set used.
SHOW OPEN TABLES
Shows which tables the server currently has open and which tables are locked.
SHOW COLUMNS FROM tablename
Shows the attributes, types of attributes, key information, whether NULL
is permitted, defaults, and other information for a table tablename.
The alias DESCRIBE table produces the same output.
SHOW INDEX FROM tablename
Presents the details of all indexes on the table tablename, including the
PRIMARY KEY. It shows amongst other information what the attributes are
that form each index, whether values in the index uniquely identify rows,
how many different values there are in the index the cardinality,
and the index data structure used usually a B-tree.
SHOW PRIVILEGES
Lists the access privileges that can be given or denied to users of the
version of MySQL server that you've installed.
SHOW PROCESSLIST
Lists the current MySQL processes or threads that are running,
and what query they're carrying out on which database.
SHOW STATUS
Reports details of the MySQL server performance and statistics.
Selected statistics .
SHOW TABLE TYPES
Lists the possible table types that are available in the version
of the MySQL server that you have installed, and notes alongside
each whether you have compiled-in support for that table type.
SHOW VARIABLES
Reports the values of most MySQL system variables.
SHOW WARNING and SHOW ERRORS
Reports warnings or errors from the last command or statement
that was run on a table
version of SQL. For example, MySQL's functions are useful tools for
working with strings, dates and times, and math. Also, we'll show some
ways to tune MySQL in order to improve application performance.
It's important to know how to choose and design indexes for fast querying,
and how to use MySQL's query cache for fast results.
Exploring your database, tables, indexes, and performance with SHOW
More on SELECT queries, including advanced join types, aliases, nested queries,
user variables, and the limitations of MySQL.
More on manipulating data and databases, including finding out about tables
and databases, creating tables with queries, altering tables, more on the
UPDATE and DELETE statements, and bulk loading and exporting data.
Functions and operators in SQL and MySQL
Automatically running queries
MyISAM, InnoDB, and Heap table types
Backup and recovery, and transferring data between database servers
Managing database server users and privileges, and creating users for web
database applications.
Basic tuning of MySQL, including index design, using the query cache,
and, miscellaneous tips for speed.
The SHOW command is useful for exploring the details of databases, tables,
indexes, and MySQL. It's a handy tool when you're writing new queries,
modifying database structure, creating reports, or understanding how your
MySQL server is performing. The SHOW command isn't part of the SQL
standard and is MySQL-specific. It can be used in several ways:
SHOW DATABASES
Lists the databases that are accessible by the MySQL server. You will only
see those databases that you have access to, unless you have the
SHOW DATABASES privilege;
privileges and user rights are discussed later in this chapter.
SHOW TABLES
Shows the tables in the database, after a database has been
selected with the use command.
SHOW TABLE STATUS
Provides information about all tables in the current database,
including the table type, number of rows, how the rows are stored,
average row length, size of the datafile, next auto_increment value if applicable,
creation time, last modification time, and any extra options
used with CREATE TABLE.
SHOW CREATE TABLE tablename
Shows the CREATE TABLE statement that was used to create the table tablename.
The output always includes any additional information automatically added or
changed by MySQL during the creation process, such as the table type and
character set used.
SHOW OPEN TABLES
Shows which tables the server currently has open and which tables are locked.
SHOW COLUMNS FROM tablename
Shows the attributes, types of attributes, key information, whether NULL
is permitted, defaults, and other information for a table tablename.
The alias DESCRIBE table produces the same output.
SHOW INDEX FROM tablename
Presents the details of all indexes on the table tablename, including the
PRIMARY KEY. It shows amongst other information what the attributes are
that form each index, whether values in the index uniquely identify rows,
how many different values there are in the index the cardinality,
and the index data structure used usually a B-tree.
SHOW PRIVILEGES
Lists the access privileges that can be given or denied to users of the
version of MySQL server that you've installed.
SHOW PROCESSLIST
Lists the current MySQL processes or threads that are running,
and what query they're carrying out on which database.
SHOW STATUS
Reports details of the MySQL server performance and statistics.
Selected statistics .
SHOW TABLE TYPES
Lists the possible table types that are available in the version
of the MySQL server that you have installed, and notes alongside
each whether you have compiled-in support for that table type.
SHOW VARIABLES
Reports the values of most MySQL system variables.
SHOW WARNING and SHOW ERRORS
Reports warnings or errors from the last command or statement
that was run on a table
How to promote my website
PMA00:57
Create RSS feeds. Try registering with Feedburner
Publish free newsletters.Recruit site visitors to your
free benefit-packed newsletter and you are building an
emailing list. Use your newsletter to promote your
content.Post on your site/blog.You’re doing that anyway,
of course. But it’s amazing what people forget if it’s
not on a checklist.
Submit content to generic social siteseg,
Twitter, LinkedIn, Facebook, StumbleUpon, Digg and now
Google +,social-bookmarking.
Submit to your specialist social networking sites
Use your specialist contactsby email, direct tweets
and even telephone.
If your content is good and your network strong then
you will get links from your immediate contacts.
Then their readers and others will find your site,
visit and perhaps link to it.
Check visits, Google ranks for target keywords, response
rates and numbers for different metrics including goals
like email recruitment, sales numbers and revenue.
Check whatever measures you’ve got. If you don’t have
Goals or Ecommerce configured then use bounce rate,
average time on site and pages per visit.
Check seasonal demand and trends in your target niches
with Google Insights.
Long tail content absolutely must still be high quality
but its job for SEO is to target many thousands of your
target keyword niches long tail keywords.
SEO never stops because your competition never stops.
Continue on the SEO Circle of Response.
Look for the latest most-responsive short term target
keyword niches. Chase short term target keyword niches
for fast results, maximum response rates, and quick profits.
Invest in your long term target keyword niches with quality
content, link building, promotion and brand building.
To build quality links:
• Good content
• An understanding of your online community
• To know how to get external sites to link to yours
You can do this, no matter what level of experience you have.
You’ll soon be getting quality inbound links if you approach
the job systematically and give it sufficient time.
Add Antivirus software: A computer program that scans a computer’s memory and mass storage to identify, isolate, and eliminate viruses, and that examines incoming files for viruses as the computer receives them.
keep antivirus on pc
Publish free newsletters.Recruit site visitors to your
free benefit-packed newsletter and you are building an
emailing list. Use your newsletter to promote your
content.Post on your site/blog.You’re doing that anyway,
of course. But it’s amazing what people forget if it’s
not on a checklist.
Submit content to generic social siteseg,
Twitter, LinkedIn, Facebook, StumbleUpon, Digg and now
Google +,social-bookmarking.
Submit to your specialist social networking sites
Use your specialist contactsby email, direct tweets
and even telephone.
If your content is good and your network strong then
you will get links from your immediate contacts.
Then their readers and others will find your site,
visit and perhaps link to it.
Check visits, Google ranks for target keywords, response
rates and numbers for different metrics including goals
like email recruitment, sales numbers and revenue.
Check whatever measures you’ve got. If you don’t have
Goals or Ecommerce configured then use bounce rate,
average time on site and pages per visit.
Check seasonal demand and trends in your target niches
with Google Insights.
Long tail content absolutely must still be high quality
but its job for SEO is to target many thousands of your
target keyword niches long tail keywords.
SEO never stops because your competition never stops.
Continue on the SEO Circle of Response.
Look for the latest most-responsive short term target
keyword niches. Chase short term target keyword niches
for fast results, maximum response rates, and quick profits.
Invest in your long term target keyword niches with quality
content, link building, promotion and brand building.
To build quality links:
• Good content
• An understanding of your online community
• To know how to get external sites to link to yours
You can do this, no matter what level of experience you have.
You’ll soon be getting quality inbound links if you approach
the job systematically and give it sufficient time.
Add Antivirus software: A computer program that scans a computer’s memory and mass storage to identify, isolate, and eliminate viruses, and that examines incoming files for viruses as the computer receives them.
keep antivirus on pc
SEO-Blocking Spiders
PMA00:43
SEO-Blocking Spiders
google let webmasters block unwanted links in you canliterally block any visitor including search engines
and secure the data or information you have on your
website by the help of htaccess deny from all.
Block spiders from part of a page - webproworld if
for no other reason than this, it is worth setting up
a robots.txt file to control search engine spiders
blocking specific robots seo articles rss feed.
Let the spiders in to increase your seo visibility -
youtube trending news about spiders bots search engine
watch is the authoritative guide to search engine marketing -sem
and search engine optimization.
Blocking robots txt from being indexed using robots txt
to block spiders from dynamic pages.
Black hat search engine optimization is customarily defined
as the practice of using unethical techniques to make your
search rankings go up find out how to spot it.
web analytics black hat search engine optimization is
customarily defined as the practice of using unethical
techniques to make your search rankings go up find
how to spot it.
a search engine spider practical the great thing about
using the screaming frog seo spider is that within a
couple of collect information for use in blocking
specific urls and folders from.
How to block bad bots - how to protect web page content
series search results. Seo ranking factors - search engine
ranking factors robots.txt and search engine spiders -
seo a spider can be defined as which crawls over the web
and fetches the webpages for search engines it can
virtually start.
robots.txt-Blocking spiders block and stop bots, crawlers and search
engine spiders from using your visitor statistics logs any
online content is a subject for being indexed by search engines.
PHP-Session Security
PMA12:16
Because a session may contain sensitive information,
you need to treat the session as a possible security
hole. Session security is necessary to create and
implement a session. If someone is listening in or
snooping on a network, it's possible that he can
intercept a session ID and use it to look like he
is someone else. It's also possible to access session
data from the local filesystem on multiuser systems
such as ISP hosting machines.
Session hijacking is when someone accesses either
a client's cookie or session ID, and then attempts
to use this data. Session fixation is attempting to set
your own session ID. Session fixation and hijacking
are easy to combat. We'll make use of the super global
variables for the client's IP address and browser
type to keep things secure.
<?php
session_start();
$user_check = md5($_SERVER['HTTP_USER_AGENT'] .
$_SERVER['REMOTE_ADDR']);
if (empty($_SESSION['user_data'])) {
session_regenerate_id();
echo ("New session, saving user_check.");
$_SESSION['user_data'] = $user_check;
}
if (strcmp($_SESSION['user_data'], $user_check) !== 0) {
session_regenerate_id();
echo ("Warning, you must reenter your session.");
$_SESSION = array();
$_SESSION['user_data'] = $user_check;
}
else {
echo ("Connection verified!");
}
?>
When a browser first requests the page,a session is
started. In that session, we stored the encoded
combination of the IP address and browser type.
That way, when the user returns to this page, we
can compare the value stored in the session versus
a fresh computation of the IP address and browser
type. If the two don't match, we potentially
have a hijacker, so we pick a new ID and clear
any saved data for that session. That way, the
hijacker cannot retrieve any of the private
information stored in the session. This doesn't
cause a problem for legitimate users, because
they aren't going to change browser or IP
addresses in the middle of a session with
your web site.
You know that trusting data from a user isn't a
great idea. But what exactly do you consider
to be user data versus system data that you trust?
GET
Data from GET operations is inherently user
data since it usually comes from form submissions.
POST
Data from POST operations is inherently
data since it usually comes from form submissions.
Cookies
Cookies may seem like they could be trusted
since they are automatically sent, but in reality,
since they are stored on the client's computer,
they could be intentionally altered. Therefore,
they're considered user data.
Session data
Session data can be trusted as long as the session
value is set based on validated data. If it's set
to a user-supplied value without validation,
it's not trustworthy.
User input should be checked and escaped properly.
Data that's bound for the database must have all
special characters such as single and double
quotes escaped.
you need to treat the session as a possible security
hole. Session security is necessary to create and
implement a session. If someone is listening in or
snooping on a network, it's possible that he can
intercept a session ID and use it to look like he
is someone else. It's also possible to access session
data from the local filesystem on multiuser systems
such as ISP hosting machines.
Session hijacking is when someone accesses either
a client's cookie or session ID, and then attempts
to use this data. Session fixation is attempting to set
your own session ID. Session fixation and hijacking
are easy to combat. We'll make use of the super global
variables for the client's IP address and browser
type to keep things secure.
<?php
session_start();
$user_check = md5($_SERVER['HTTP_USER_AGENT'] .
$_SERVER['REMOTE_ADDR']);
if (empty($_SESSION['user_data'])) {
session_regenerate_id();
echo ("New session, saving user_check.");
$_SESSION['user_data'] = $user_check;
}
if (strcmp($_SESSION['user_data'], $user_check) !== 0) {
session_regenerate_id();
echo ("Warning, you must reenter your session.");
$_SESSION = array();
$_SESSION['user_data'] = $user_check;
}
else {
echo ("Connection verified!");
}
?>
When a browser first requests the page,a session is
started. In that session, we stored the encoded
combination of the IP address and browser type.
That way, when the user returns to this page, we
can compare the value stored in the session versus
a fresh computation of the IP address and browser
type. If the two don't match, we potentially
have a hijacker, so we pick a new ID and clear
any saved data for that session. That way, the
hijacker cannot retrieve any of the private
information stored in the session. This doesn't
cause a problem for legitimate users, because
they aren't going to change browser or IP
addresses in the middle of a session with
your web site.
You know that trusting data from a user isn't a
great idea. But what exactly do you consider
to be user data versus system data that you trust?
GET
Data from GET operations is inherently user
data since it usually comes from form submissions.
POST
Data from POST operations is inherently
data since it usually comes from form submissions.
Cookies
Cookies may seem like they could be trusted
since they are automatically sent, but in reality,
since they are stored on the client's computer,
they could be intentionally altered. Therefore,
they're considered user data.
Session data
Session data can be trusted as long as the session
value is set based on validated data. If it's set
to a user-supplied value without validation,
it's not trustworthy.
User input should be checked and escaped properly.
Data that's bound for the database must have all
special characters such as single and double
quotes escaped.
PHP-simple Form
PMA12:09
Since you'll need a place for the user to enter
a search query, let's begin by building a form
to handle the user's input. Every form must
have these basic components:
The submission type defined with the method keyword
One or more input elements defined with the input tag
The destination to go to when submitted defined with
the action keyword
<html>
<head>
<title>Building a Form</title>
</head>
<body>
<form action="<?php echo($_SERVER['PHP_SELF']); ?>"
method="get">
<label>
Search: <input type="text" name="search" />
</label>
<input type="submit" value="Go!" />
</form>
</body>
</html>
A file called simple.php in a web-accessible directory
on your web server, such as the document root. Strictly
speaking, forms are defined purely by HTML, but we're
using some PHP code on line 6 to reference the super
global PHP_SELF. This provides a shortcut to the name of
the current PHP file that handles the submission of
the form data.
The form allows you to capture the search sting from
the user for a search. Notice how we wrapped a label
tag around the input where the text was; this makes
the form easier to use. Since clicking on the Search:
text automatically sends the cursor to the search field.
we set the form submission method to GET. This is done
to insure that users can bookmark their searches and
not have to come back to the page and reenter their
data.
a search query, let's begin by building a form
to handle the user's input. Every form must
have these basic components:
The submission type defined with the method keyword
One or more input elements defined with the input tag
The destination to go to when submitted defined with
the action keyword
<html>
<head>
<title>Building a Form</title>
</head>
<body>
<form action="<?php echo($_SERVER['PHP_SELF']); ?>"
method="get">
<label>
Search: <input type="text" name="search" />
</label>
<input type="submit" value="Go!" />
</form>
</body>
</html>
A file called simple.php in a web-accessible directory
on your web server, such as the document root. Strictly
speaking, forms are defined purely by HTML, but we're
using some PHP code on line 6 to reference the super
global PHP_SELF. This provides a shortcut to the name of
the current PHP file that handles the submission of
the form data.
The form allows you to capture the search sting from
the user for a search. Notice how we wrapped a label
tag around the input where the text was; this makes
the form easier to use. Since clicking on the Search:
text automatically sends the cursor to the search field.
we set the form submission method to GET. This is done
to insure that users can bookmark their searches and
not have to come back to the page and reenter their
data.