It’s not easy to become a great PHP developer which may very well take years of training and practice, but this doesn’t mean you shouldn’t do your best to not be a bad one that undermines every project he’s involved in. Based on the project experiences of my team and some recent researches done on …
Security may not make you but it sure can break you. As modern web applications become more and more complexed puzzles and filled with thousands of features catering to a spectrum of user preferences and tastes, the developers are burdened with ever-going responsibilities to keep them sound and safe. There are people (crackers) out there …
Web Application Security Books (PHP, MySQL, Apache), the Best at Amazon Read More »
Here’s a really interesting bit about how you can omit the protocol part of a web address in your web pages. The predominant belief is that an HTTP:// or an HTTPS:// has got to be prefixed to a URL or it won’t work, truth is, it will. Try the following link: Click Me! View the …
It’s not well known but this feature was invented by Microsoft and has been implemented across all major modern browsers ever since IE 5.5. Adding an attribute of contenteditable and assign a value of “true” to it makes the content value / inner text of that element editable by a single click: <blockquote contenteditable="true">Click to …
HTML: Make Content Editable in Element / Tags without JavaScript Read More »
It may considerably reduce XSS attack possibilities if not completely eradicate it. XSS, or Cross Site Scripting, is probably the most common security problems in web applications that engage in heavy user input. If you’ve ever tried to build a web application that users can input data in a lot of different venues, chances are …
It goes without saying that sensitive information such as passwords or pass phrases should never be stored in plain text in the database in the first place. The common practice is to hash the user password and store the resulted hash string. When the user tries to log in and supplies his password, it is …
To send parameters to a PHP script, you can either fabricate a form and post a few variables by the POST method or simply send a request of a URL full of GET value pairs. This way, in the server side PHP script code, you can retrieve these parameters sent from the client in $_POST …
To check if a URL or an email address is valid, the common solution is regular expressions. For instance, to validate an email address in PHP, I would use: if (preg_match(‘|^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$|i’, $email)) { // $email is valid } A simpler and more forgiving one would be: |^\S+@\S+\.\S+$| Which is usually quite enough for signup forms …
It may seem simple at first because most of us should be relying on the server side environmental variable REMOTE_ADDR solely for client IP addresses: echo $_SERVER[‘REMOTE_ADDR’]; Yet it’s barely enough to get the real IP for a variety of circumstances such as when the user is visiting your website from a proxy server. To …
PHP: How to detect / get the real client IP address of website visitors? Read More »
The simplest way to define a CSS rule in jQuery might be: $(".sth").css("color", "#f00"); To define more than one CSS rule in a single jQuery line: $(".sth").css("color", "#f00").css("font-style", "italic").css("text-decoration", "underline"); Which simply doesn’t look that good, especially if you intend to add more. A better way to specify multiple CSS rules or properties with jQuery …
How to define multiple CSS rules / properties in jQuery? Read More »
With a Quantcast world traffic rank of less than 1000, Stack Overflow has become the most visited website for developers and software engineers. It doesn’t require a genius to figure out that the site is raking in tremendous advertisement revenues while the full potential of its monetizing capacity hasn’t been unleashed yet because the creators …
If you were like me who accidentally closed the browser window of his PayPal account AND immediately tried to reopen it by typing in www.paypal.com in the browser address bar, chances are your PayPal account is instantly limited. It was really weird at first but soon it makes sense. This is to prevent session hijacking …
PayPal Account Access Limitation after Closing Browser Window and Opening It Again Read More »
