Your browser does not seem to support CSS. If images appear below, please disregard them.
It appears that you're running an Ad-Blocker. This site is monetized by Advertising and by User Donations; we ask that if you find this site helpful that you whitelist us in your Ad-Blocker, or make a Donation to help aid in operating costs.
Previous Thread
Next Thread
Print Thread
Rate This Thread
#18524 - 09/24/05 05:14 PM Useful PHP Functions & Code  
Joined: Feb 2002
Posts: 7,195
Gremelin Offline
Community Owner
Gremelin  Offline

Community Owner

Joined: Feb 2002
Posts: 7,195
Likes: 3
Portland, OR; USA
Learner's Picks:
You will need the following(assuming you know html, xhtml, xml, or some markup to dissplay data)

date
http://us2.php.net/manual/en/function.date.php

sessions(login auth)
http://us2.php.net/manual/en/function.session-start.php
http://us2.php.net/manual/en/function.session-is-registered.php
http://us2.php.net/manual/en/function.session-unregister.php
http://us2.php.net/manual/en/function.session-unset.php

MySQL db functions(unless of course you want to learn a different db)
http://us2.php.net/manual/en/function.mysql-connect.php
http://us2.php.net/manual/en/function.mysql-close.php
http://us2.php.net/manual/en/function.mysql-query.php
http://us2.php.net/manual/en/function.mysql-fetch-array.php
http://us2.php.net/manual/en/function.mysql-fetch-assoc.php

MySQL links
http://dev.mysql.com/doc/mysql/en/delete.html
http://dev.mysql.com/doc/mysql/en/insert.html
http://dev.mysql.com/doc/mysql/en/update.html

Gizmo's Picks:
arrays:
http://us2.php.net/manual/en/function.array.php
http://us2.php.net/manual/en/ref.array.php

file_exists:
http://us2.php.net/manual/en/function.file-exists.php

file:
http://us2.php.net/manual/en/function.file.php

fopen/fclose:
http://us2.php.net/fopen
http://us2.php.net/manual/en/function.fclose.php

fsockopen:
http://us2.php.net/manual/en/function.fsockopen.php

other disk/file functions:
http://us2.php.net/manual/en/function.disk-free-space.php
http://us2.php.net/manual/en/function.disk-total-space.php
http://us2.php.net/manual/en/function.chmod.php
http://us2.php.net/manual/en/function.copy.php
http://us2.php.net/manual/en/function.delete.php
http://us2.php.net/manual/en/function.filesize.php
http://us2.php.net/manual/en/function.filetype.php
http://us2.php.net/manual/en/function.flock.php
http://us2.php.net/manual/en/function.is-writable.php
http://us2.php.net/manual/en/function.touch.php

BTW, if you're going to go off playing with MySQL you should also look into:

http://us2.php.net/manual/en/function.str-replace.php
http://us2.php.net/manual/en/function.stripslashes.php
http://us2.php.net/manual/en/function.strip-tags.php

so you don't go and get yourself owned...

Coding for Security:
Trust nothing from the user. Code every form as if you know a hacker is coming at it. Also safe guard from URL submissions. Remember the GET method. If someone views source on your form they will see all variables that will be passed. Even if you are using host, they can mess with the URL and try submiting malious code that way.

1.) Code like registered globals is off.
http://us2.php.net/variables.external

2.) Make sure the user came from the page the form is on. See the predefined variables
http://us2.php.net/manual/en/reserved.variables.php#reserved.variables.request

Here is a function snagged from PHP.net to make sure your forms are secure.
PHP:

<?php

   function form_post_check()
   {
       $referring_url = $_SERVER['HTTP_REFERER'];    // get the referring URL
       $host = $_SERVER['HTTP_HOST'];    // get the header from the current request (example: www.yoursite.com)
       $valid_url = 'http://'.$host.'/';    // finish defining a valid referring URL
       $valid_len = strlen( $valid_url );    // get the length of the valid url

       // if the valid url isn't the first part of the referring url
       if ( substr( $referring_url, 0, $valid_len ) != $valid_url )
       {
           die( 'You submitted this form from an invalid URL.' );    // stop everything and display a message
       }
   }

?>

Useful Links:
If you are going into mySQL get very used to reading the manual on thier site.
http://dev.mysql.com/doc/mysql/en/tutorial.html

Also see thier forums
http://forums.mysql.com/

for thier PHP forum
http://forums.mysql.com/list.php?52

Most MySQL you can just see the info on PHP.net and run with it. Some tricky stuff you will need to look at thier manual and play with the PHP code to get it to work.

PHP.net MySQL functions
http://us2.php.net/manual/en/ref.mysql.php


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Liked: JAISP
Sponsored Links
#18525 - 05/18/06 02:23 PM Re: Useful PHP Functions & Code  
Joined: Dec 2002
Posts: 3,255
§intå× Offline
§intå×  Offline


Joined: Dec 2002
Posts: 3,255
Likes: 1
Maryland
As of php 5 no longer use mysql_blah Now use functions mysqli_blah See url

http://us3.php.net/manual/en/ref.mysqli.php

Using these funtions is much more secure than mysql. and they benchmark for more indepth queries. But a major reason to use them is you can do more OOP object oriented programming, and you can release the arrays formed from memory at the end of the function.

Check this out on ZEND.
http://www.zend.com/php5/articles/php5-mysqli.php

You will notice there is no more mysql_db_select&#0028; The db is in the mysqli_connect&lsaquo;&rsaquo;; function. This it seems was a security hole. If you did not specify a db it would open a connection to a default. BAD times.


Now I also learned a nifty little trick. We all know not to accept data from a user as being clean. We have to check it. So you probably use

$my_var = $_POST[my_var]; // for post methods
$my_var = $_GET[my_var]; // for get methods

But just because we know where it came from does that make it safe? We could use strip_tags&lsaquo;&rsaquo;; or htmlentities&lsaquo;&rsaquo;;

But check this out. At the top of your code verify all veriables you know are coming in and try to make as many as possible integers.

$my_var = &lsaquo;int&rsaquo;$_GET[my_var];// 100% safe variable

Now even if the user take the URL and changes it my script will convert anything it gets to an integer. So if the attacker took

http://bougus_site.com?myfunction=process&my_var=2134

and changed it to

http://bougus_site.com?my...=phpinfo&lsaquo;&rsaquo;;

My script would convert this to an integer making $my_var = 0;

so if you build your scripts so they all used integers and set it up so no integer should ever be "0" then you could detect when and who is messing with the URLs easily using sessions and some predefind variables.

#18526 - 05/19/06 02:12 AM Re: Useful PHP Functions & Code  
Joined: Jun 2003
Posts: 807
Ghost Offline
UGN Super Poster
Ghost  Offline
UGN Super Poster

Joined: Jun 2003
Posts: 807
Likes: 1
Wisconsin
Speaking of MySQL, here is a segment of code that I find extremely useful and efficient for what it does (forgive the PHP 4)

PHP:
$Query = 'SELECT * FROM table WHERE 1=1'; $mysql_Query = mysql_query($Query); $i = 0; while($Query_data = mysql_fetch_assoc($mysql_Query)) { $mysql_array[$i] = $Query_data; $i++; }


Gets all the rows for a query as opposed to just one, as is done with mysql_fetch_assoc. I find it extremely awesome.

Last edited by Gizmo; 01/04/07 01:14 AM.
Liked: JAISP
#18527 - 05/20/06 05:52 AM Re: Useful PHP Functions & Code  
Joined: Dec 2002
Posts: 3,255
§intå× Offline
§intå×  Offline


Joined: Dec 2002
Posts: 3,255
Likes: 1
Maryland
Quote:
Originally posted by Ghost:
Speaking of MySQL, here is a segment of code that I find extremely useful and efficient for what it does (forgive the PHP 4)

Php Code:

$Query = 'SELECT * FROM table WHERE 1=1';
$mysql_Query = mysql_query($Query);

$i = 0;
while($Query_data = mysql_fetch_assoc($mysql_Query)) {
$mysql_array[$i] = $Query_data;
$i++;
}
 


Gets all the rows for a query as opposed to just one, as is done with mysql_fetch_assoc. I find it extremely awesome.
There isn't major differences... Here, here is an example of 5 and 4 to see some differences. Basicaly you can save a few lines of code in 5. It is a bit more secure in 5.


Lets say you are processing a login from a web form.

Php Code:
 
//////////////////////////////
//		PHP 5 OOP way
//////////////////////////////

$mysqli = new mysqli("localhost", "username", "password", "database"); // php 5 connect makes you specify the db in the connect statement
//this makes for better security

$dg = "SELECT * FROM members WHERE"
	   ."member = "$login'"
	   ."and psswd = '$cpass'";// the ."and can go on and on and on
if($result = $mysqli->query($dg)){ // only do the following if the query worked

	 WHILE($result2 = $result->fetch_array(MYSQLI_ASSOC)){ //OOP way of mysql_fetch_array
		  $my_array[] = $result2; //[] will fill with the num values

	 }$result->close();//release memory used in query and while loop
$mysqli->close();//close db connection
	$my_array_count = count($my_array); // get a count of all in the array

	 // count($value, COUNT_RECURSIVE); counts the values in a multi demensional array

}else{
	 echo "I am sorry we can not process your request at this time"; //graceful failure
	  // set mail(); function here to notify admin of errors
}
for($i = 0; $i <= $my_array_count; $i++){ // why we counted the array

//do stuff with data

}
  
Now we look at php 4

Php Code:
 
//////////////////////////////
// PHP 4 Procedural style
//////////////////////////////

$dbc = mysql_connect("localhost", "username", "password"); // php 4 connect can open a connection to a default db, this is bad
$dbs = mysql_select_db('mt_database', $dbc);// use the mysql_connect values and a database name to auth a database
//this makes for better security

$dg = "SELECT * FROM members WHERE"
	   ."member = "$login'"
	   ."and psswd = '$cpass'";// nothing changes here
$result = $mysql_query($dg); // Now we have to do a second function to check
if($result){
	 WHILE($result2 = mysql_fetch_array($result)){ //Procedural style of mysql_fetch_array
		  $my_array[] = $result2; //[] will fill with the num values
	 }
	$my_array_count = count($my_array); // get a count of all in the array
	 // count($value, COUNT_RECURSIVE); counts the values in a multi demensional array
}else{
	 echo "I am sorry we can not process your request at this time";//graceful failure
	 // set mail(); function here to notify admin of errors
}
for($i = 0; $i <= $my_array_count; $i++){ // why we counted the array
//do stuff with data
}
  

Last edited by §intå×; 06/02/08 10:03 AM.
#41294 - 01/03/07 05:45 PM Re: Useful PHP Functions & Code [Re: §intå×]  
Joined: Dec 2002
Posts: 3,255
§intå× Offline
§intå×  Offline


Joined: Dec 2002
Posts: 3,255
Likes: 1
Maryland
When working with classes I have found the __autoload() function very nice. It saves you from haveing a tone of require once() statements.

if you name your classes using the naming convention of the PEAR project you could do this.

PHP:
function __autoload($classname){ $path = str_replace('_', DIRECTORY_SEPARATOR, $classname); $path = $_SERVER[DOCUMENT_ROOT]."/$path.php"; require_once($path); }


The naming convention is one '_' for every '/' in the directory path to get to your file.

So /home/docs/public_html/project/classes/myclass.php could be
PHP:
class classes_myclass{ /* class code here */ }


$_SERVER[DOCUMENT_ROOT] should fill in /home/docs/public_html/project. What __autoload does is if a attempt to call the class fails it will hit the function I gave and try one last time to open and used the file needed. This allows you to only call files as needed. You can then add a bit more abtration to your classes.

I have yet to get this to work within a class though or work with a class method that creates a new object.

Last edited by Gizmo; 01/04/07 01:12 AM.
Sponsored Links
#41297 - 01/04/07 01:11 AM Re: Useful PHP Functions & Code [Re: §intå×]  
Joined: Feb 2002
Posts: 7,195
Gremelin Offline
Community Owner
Gremelin  Offline

Community Owner

Joined: Feb 2002
Posts: 7,195
Likes: 3
Portland, OR; USA
BTW, if you're going to post PHP code, use the [php] tags vs the [code] tags, it'll use the php syntax highlighter


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#42164 - 02/09/07 03:29 AM Re: Useful PHP Functions & Code [Re: Gremelin]  
Joined: Jan 2007
Posts: 1
geneta Offline
UGN Newbie
geneta  Offline
UGN Newbie

Joined: Jan 2007
Posts: 1
That's so good!!!!he he ```

#47032 - 11/08/08 04:21 AM Re: Useful PHP Functions & Code [Re: geneta]  
Joined: Sep 2005
Posts: 102
Testing Offline
UGN Member
Testing  Offline
UGN Member

Joined: Sep 2005
Posts: 102
Sacramento, CA
I still use the listed resources from this post! Thanks again!


Flipping houses in Sacramento market has been fantastic. Curious about what it takes to flip houses? Follow me at http://sacramentoflips.com.
#47062 - 11/14/08 12:09 AM Re: Useful PHP Functions & Code [Re: Testing]  
Joined: Dec 2002
Posts: 3,255
§intå× Offline
§intå×  Offline


Joined: Dec 2002
Posts: 3,255
Likes: 1
Maryland
Originally Posted By: Testing
I still use the listed resources from this post! Thanks again!


Keep coming back too. I learned most of what I know on this site. Gizmo is the man.

#47064 - 11/14/08 02:25 AM Re: Useful PHP Functions & Code [Re: §intå×]  
Joined: Feb 2002
Posts: 7,195
Gremelin Offline
Community Owner
Gremelin  Offline

Community Owner

Joined: Feb 2002
Posts: 7,195
Likes: 3
Portland, OR; USA
Originally Posted By: §intå×
Keep coming back too. I learned most of what I know on this site. Gizmo is the man.
An anal retentive man who made you cry and reanalyze every bit of code you've ever made... lol


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Sponsored Links

Member Spotlight
Gremelin
Gremelin
Portland, OR; USA
Posts: 7,195
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums45
Topics47,469
Posts82,639
Average Daily Posts8
Members2,159
Most Online1,567
Apr 25th, 2010
Latest Postings
Top Posters(All Time)
UGN Security 40,633
Gremelin 7,195
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Liked Users (All Time)
§intå× Likes: 1
Cold Sunn Likes: 1
Crime Likes: 1
Cyrez Likes: 1
Ghost Likes: 1
Gremelin Likes: 4
Ice Likes: 1
unreal Likes: 1
Top Liked Users (30 Days)
No Data Found
Powered by UBB.threads™ PHP Forum Software 7.6.0
(Snapshot build 20160902)