A lot of companies are using the internet marketing model for their businesses and in this day and age it makes complete sense. With the rapidly evolving internet speeds and the thirst for knowledge building among the youth. They want to use the internet for work as much as they do for pleasure. Continue reading
Businesses are looking at different ways of getting ahead of the competition. Social Media, Google Search Results, Offline Advertising, Online Advertising are just a few ways that companies are trying to get attention. Continue reading
There are several reasons why Web Design is important. Technology has become completely integrated into our lives. We have been seeing a rise in the use of technology in several forms in our own lives. Continue reading
What is a SQL injection?
SQL injection is a technique where malicious users try to “inject” his harmful/malicious SQL code into someone else’s database, and force that database to run his SQL. This could potentially ruin their database tables, and even extract valuable or private information from their database tables.
In simple word – An SQL Injection can destroy your database.
So how do users/hackers do this? Best way to show with an example.
Example of SQL injection
1) Based on 1=1 is always true
Let’s say that the original purpose of the code was to create an SQL statement to select a user with a given user id.
If there is nothing to prevent a user from entering “wrong” input, the user can enter some “smart” input like this:
SELECT * FROM Users WHERE UserId = 105 or 1=1
The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true.
Does the example above seem dangerous? What if the Users’ table contains names and passwords?
A smart hacker might get access to all the user names and passwords in a database by simply inserting 105 or 1=1 into the input box.
2) Based on “”=”” is always true
sql = "SELECT * FROM Users WHERE Name ='" + uName + "' AND Pass ='" + uPass + "'"
A smart hacker might get access to user names and passwords in a database by simply inserting ” or “”=” into the user name or password text box.
SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
The result SQL is valid. It will return all rows from the table Users, since WHERE “”=”” is always true.
3) Based on Batched SQL Statements
Most databases support batched SQL statement, separated by semicolon.
The code at the server would create a valid SQL statement like this:
SELECT * FROM Users WHERE UserId = 110; DROP TABLE Suppliers -- Boom! Table dropped
The SQL above is valid.It will delete table Suppliers.
1) Filter Input- Stop believing your user. The biggest threat to the application is from its users. Users need not be well mannered and obedient as you are expecting. Some users have really bad intentions and some simply try to test their hacking skills. Whatever code you are going to write, write it using the best practices and consider the security aspects of it. Validate every field in the form
2) Use database wrapper classes or PDO –
Database wrappers or PDO (in PHP) can reduce the risk of direct access of the input values to the database.
Prepared statements can be used along with PDO as shown below.
$stmt = $conn->prepare("INSERT INTO tbl_user VALUES(:id, :name)");
$stmt->bindValue(':id', $id);
$stmt->bindValue(':name', $name);
$stmt->execute();
CodePlateau Technology Solutions is a professional website development company in Pune, India. User privacy is of paramount importance in todays environment. Having hackers be able to steal you data is a serious NO-NO! For Safe and Securely developed Website Development get in touch with CodePlateau today.
A session is a way to store information (in variables) to be used across multiple pages.
Generally, when you work with an application, you open it, make some changes, and then you close it. This is much like a Session. The computer knows who you are. It knows when you start the application and when you finish. But on the internet, there is one problem: the web server does not know who you are or what you do, because the HTTP address doesn’t maintain state.
Http is stateless that’s why we need session to know web-server that the request is from the same user or from different.
Let’s see a real time example – You login to Gmail, it displays Emails of your inbox not someone else. So it means, after login, when you send a request, the server identifies you. And you know, thousands of users may be visiting their inbox at the same time. But server never makes a mistake to serve user A the emails of user B. So how server identifies a particular user?
When the user fill login form and submit, the server authenticates the user and store your identification information in the session. It creates a new session (Map of key values), a new session ID is generated which is used to identify the created session. So if there are 10000 active sessions, there must are 10000 session IDs.
What the server does is, it sends the Session ID to the browser in a cookie. When a new request comes, the server checks a particular cookie that contains the Session ID. If it is found, the server use it to retrieve a particular session object already created at server side. And server link this session object with the current request, so that during the request processing, programmers can make updates to the session object.
The session information is stored on the server. Only the session Id is sent browser, which it sent back to the server, so that the session object can be identified.
Cookies are usually small text file, that stored on your computer’s browser directory.
This is a great interview PHP question and asked in almost every interview. So the answer is YES, session can work without cookies.
PHP does two things in order to work without cookies:
1) For every HTML form that PHP is find in your HTML code
PHP will automatically add a hidden input tag with the name PHPSESSID right after the form tag. The value of that hidden input tag would be whatever value PHP assigns your session ID. So, for example, the hidden input could look something like this:
<form>
<input type=”hidden” name=”PHPSESSID” value=”12345678″ >
</form>
</code>
This way, when the form is submitted to the server, PHP will be able to retrieve the session identifier from the form and will know who it is communicating with on the other end, and will also know which session to associate the form parameters with if it is adding the form parameters to the PHP session.
2) PHP will find all the links in your HTML code, and will modify those links so that they have a GET parameter appended to the link itself. That GET parameter will also have the name of PHPSESSID, and the value will of course be the unique session identifier – so the PHP session ID will basically be a part of the URL query string.
So, for example, if your code has a link that originally looks like this:
<a href=”http://www.example.com”>Go to this link><a/>
When modified by PHP to include the session ID, it could look something like this:
<a href=”http://www.example.com?PHPSESSID=72aa95axyz6cd67d82ba0f809277326dd”>Go to this link</a>
A disadvantage is that using PHP sessions without cookies is the fact that if you share a URL that has the PHP session ID appended to it with someone else, then they could potentially use the same exact session that you were using. It also opens you up to session hijacking – where a user’s session is deliberately stolen so that a hacker can impersonate you and do some damage.
A session is started with the session_start() function and Session variables are set with the PHP global variable: $_SESSION.
Let’s see the Example for storing values in session
<?php
// Start the session
session_start();
?>
<!DOCTYPE html>
<html>
<body>
<?php
// Set session variables
$_SESSION[“id”] = “1”;
$_SESSION[“name”] = “sandeep”;
echo “Session variables are set.”;
?>
</body>
</html>
Example for getting PHP Session Variable Values
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<body>
<?php
print_r($_SESSION);
?>
</body>
</html>
Example to destroy session
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<body>
<?php
// remove all session variables
session_unset();
// destroy the session
session_destroy();
?>
</body>
</html>
CodePlateau Pune’s ultimate solution in affordable and professional Web Development Service uses the blog and all its other resources to answer all the questions you might have. If you have any queries regarding web development, web design or mobile app development, get in touch with us today!
Closure is introduced in php 5.3 version. In this post we see what is closure, how to use and how it is useful for web application.
Before going to into definition and examples. Let’s see some other related terms.
Anonymous Function: A function without name is called anonymous Function. If you are from JavaScript programming backgrounds, then you must be familiar with this. This is useful to useful to define in-line function.See the below code.
// A regular function
function temp()
{
echo “Hello anonymous function”;
}
echo temp();
// Anonymous function -A function without name
function(){
echo “Hello anonymous function”;
}
// Closure & Lambda example
$temp = function(){
echo “Hello anonymous function”;
}
echo $temp();
//output – Hello anonymous function
In above example, anonymous function is assigned to $temp variable and then this $temp is called as function.
– Closure is nothing but an object representation of the anonymous function
– The above anonymous function example, we just saw, actually returns a reference to Closure object, not only a function reference.
– Closure and Lambda are same apart from it can access variables outside the scope that it was created.
//set user name
$user = “John”;
// Create a Closure
$greeting = function() use ($user) {
echo “Hello $user”;
};
$greeting();
// Returns – “Hello John”
In the above example you have seen we closure access $user inside the function.
You can also change the $user variable within the Closure, it would not affect the original variable. To update the original variable, we can append an ampersand. An ampersand before a variable means this is a reference and so the original variable are also updated.
$i = 0;
$closure = function () use (&$i)
{
$i++;
};
$closure();
// The global count has increased
echo $i; // Returns 1
Closures are also useful when using PHP functions that accept a callback function like array_map, array_filter, array_reduce or array_walk.
The array_walk function takes an array and runs it through the callback function.
$users = array(“jay”, “amol”, “santosh”, “girish”);
// Pass the array to array_walk
array_walk($users, function ($name) {
echo “Hello $name<br>”;
});
// Returns
// -> Hello jay
// -> Hello amol
// -> ..
PHP Web Development is one of the highly sought after skills from the CodePlateau Portfolio. CodePlateau has a tonne of experience with website development using PHP and it would serve you well to pay heed to what they have to say.
Resource:
PHP Manual, Anonymous Functions
PHP Manual, The Closure Class
PHP Wiki/RFC, RFC: Closures Object Extension
– Big data is a marketing term, not a technicality. Everything is big data these days.
– Big data consist of three Vs-
a) Volume – Now days data is collected in large amount
b) Velocity – The speed which we access data
c) Variety – All types of data formats. Structured, semi-structured, unstructured, log files, pictures, audio files, communications records, email.
Hadoop is divided into two components-
a) Open source data storage – [HDFS]
b) Processing – Map-Reduce API
Definition – Hadoop is an open-source software framework for storing and processing big data in a distributed fashion on large clusters of commodity hardware. Essentially, it accomplishes two tasks: massive data storage and faster processing.
– Hadoop is not a database. It is alternative file system.
– Hadoop was created by Doug Cutting. He was working on Nutch project- an open-source web search engine. Their main goal to invent to a way to return a web search result faster by distrusting data and calculations across different computers so multiple tasks could be accomplished simultaneously. During the same time another search engine project called Google was in progress on the same concept.
– In 2006, Cutting joined Yahoo and took with him the Nutch project as well as ideas based on Google’s early work with automating distributed data storage and processing. In 2008, Yahoo released Hadoop as an open-source project.
Fun Fact- Hadoop was the name of a yellow toy elephant owned by the son of Doug Cutting.
a) When there is huge data
b) Unstructured data
c) Non-transnational data -write once and read more
d) Behaviour data – refers to observational information collected about the actions and activities. Best example is flipkart product recommendation.
a) You require random, interactive access to data
b) Small dataset(large number of small files)
c) If you want to store sensitive data
d) Real time data
There are numerous ways to get data into Hadoop. Here are just a few:
a) Using Java program you can load data in HDFS
b) Using Shell script/ command
c) Using Sqoop to import structured data from a relational database to HDFS, Hive and HBase
d) Using Flume to continuously load data from logs into Hadoop.
a) Pig – a platform for manipulating data stored in HDFS. It consists of a compiler for MapReduce programs and a high-level language called Pig Latin. It provides a way to perform data extractions, transformations and loading, and basic analysis without having to write MapReduce programs.
b) Hive – a data warehousing and SQL-like query language that presents data in the form of tables. Hive programming is similar to database programming.
c) HBase – a non-relational, distributed database that runs on top of Hadoop. HBase tables can serve as input and output for MapReduce jobs.
d) Zookeeper – an application that coordinates distributed processes.
e) Ambari – a web interface for managing, configuring and testing Hadoop services and components.
f) Flume – software that collects, aggregates and moves large amounts of streaming data into HDFS.
g) Sqoop – a connection and transfer mechanism that moves data between Hadoop and relational databases.
h) Oozie – a Hadoop job scheduler.
You can see a full list of Apache Hadoop project on their official website.
Are you as shocked with the release of php 7 after the 5.x(5.6) version?
Here is story – Andrei Zimievski has initiated a project to implement the native Unicode support throughout the PHP. It was planned to release with PHP6 along with other new features. However this development is Abandoned. so there was an intense debate about the name of the next major version.
Finally they decided to vote and came with name PHP 7. You can see arguments and voting in document are available – Name of Next Release of PHP
The whole feature set of PHP 7 is not defined. We can see top major changes.
phpng (PHP next generation) – Main goal to improve performance that could at least match what Facebook HHVM provides.
Zeev Suraski written article on which he clearly take HHVM as competitor.
I believe it would be good enough to beat the speed of HHVM.
According to Dmitry Stogov of Zend, the development of PHPNG was started with the motivation to research the implementation of a JIT engine for the Zend Engine based PHP.
A JIT engine can dynamically compile Zend opcodes into native machine code that eventually would make the code run faster next time it is run.
Another change that boost up the performance . AST is intermediary step for the PHP compilation process.
An AST would provide several advantages that he described in his proposals, including the potential for more optimizations that would make PHP run even faster.
Facebook hack already implemented asynchronous programming which push PHP core development team to integrate asynchronous Programming feature in PHP 7.
An event loop is part of the code that takes care of handling events related with I/O operations and other asynchronous tasks that may be going on in parallel, like accesses to files, network, databases, timers, etc..
In simpler terms, this would allow future PHP versions to easily implement support to the execution of parallel tasks within the same request, thus pushing PHP performance improvement potential to a totally different level.
This is what PHP make more scalable. PHP can already be run from multi-threaded Web servers like ngynx, lighttpd or even Apache in worker mode, however that is not the same as having PHP run on its own multi-threading Web server.
A multi-threading Web server can handle many simultaneous requests using a single memory pool, thus avoiding the memory waste that happens when you run PHP as FastCGI or in Apache pre-fork mode.
Despite running PHP as a standalone multi-threading Web server is not yet in the plans for PHP 7, it is certainly something good to have, at least for PHP 8.
Different people estimate it will take between 1 to 3 years. A reasonable guess is to expect a final PHP 7 release some time in 2016, although it is not impossible to see early alpha versions still in mid October 2015.
We should thank Facebook to make the PHP core developers wake up and move faster to integrate these great features from HHVM and the Hack Language. PHP 7 version will be certainly exciting. Keep up with all the CodePlateau social accounts to stay in touch with the latest news about Web Development.
Resource: PHPClasses