Archive | June, 2009

PHP: Taking care of security

28 Jun

Today highly confidential data such as credit card number, social security number etc are stored and handle through web. So it must be your primary goal to make your web application secure enough, so that users/visitor feels confident enough while using your application.

Here in this article I am going to give you some tips that are worthy to be remembered and taken care of in application development process.

  1. You may have heard about register_globals. They make PHP variables usage easy. However they have certain disadvantages such as users can easily sneak into your application by easily passing data through $_POST, $_GET or $_COOKIE etc. So you shouldn’t rely on register_global. Disable them would be nice decision.
  2. Most of the time we use variable directly, without first initializing them. For example

if (condition) {

$flag = TRUE;

}

If you don’t initialize $flag to false, user can easily set it to true using, $_POST, $_GET or $_COOKIE.

  1. Verify all incoming data before processing. Verification highly depends on the type of data. If you need to insert integer data in the database, make sure that proper data is submitted through form.
  2. Be very much careful when using function that run commands on the server. These function include exec(), passthru() and backticks (“) etc.
  3. You must change the directory where session data is stored by default. Another good approach would be to use database to store session information.
  4. When uploading file to the server, it would be good practice to rename the file(s) before storing them. Name must be safe and not guessable.
  5. Don’t reveal error on live site. Errors reveal very important information, so they must be taken care of.
  6. Take care of SQL injection. If user provides malicious information, your SQL query shouldn’t break.
Advertisements

Zend Framework and Dojo: a simple but complete Zend_Dojo_Form tutorial

28 Jun

sorry this blog is deprecated. visit full article here.

http://zendgeek.blogspot.com/2009/07/creating-nice-dojo-form-in-zend.html

Well, after writing few separate article about Zend Framework and dojo, I feel that I’d need to write a complete Zend_Dojo_Form. So here I am with complete example.

I am going to explain everything step by step.

1. Download Zend Framework latest version

Download least stable version from http://www.zend.com. Copy external/dojo to js/.

Hopefully you will create your directory structure as

html_root

/application

/controllers

DojoController.php

/models

/forms

CustomDojoForm.php

/views

/scripts

/dojo

index.phtml

/libaray

/Zend

/public

/js

/dojo

/css

/images

/bootstrap.php

/index.phtm

It’s not compulsory to create the similar directory structure I have created, this can vary. For best practice read Zend Quick start from Zend Framework documentation.

2. Enable dojo in the bootstrap file

I am not going to discuss everything you will need to have in your bootstrap file. I am explaining only the line of code needed to enable dojo.

Zend Framework Form: A simple but complete Zend_Form sample/tutorial

27 Jun

A sample application can be found here“.

Sorry this blog is deprecated.

“Please read complete tutorial here.” http://zendgeek.blogspot.com/2009/07/zend-framework-formzendform-tutorial.html

I got “The Zahir”, a novel by Paula Coelho about a month back, very sweat one and highly intrigued. It was highly entertaining and most importantly author shared his experiences in a nice way. I learned plenty of new ideas.

Eh, you may think that I am insane, supposed to write about Zend Framework, but discussing a novel.

Well, novel can not only be a good companion of yours, but it also put shade of light on simple things from many angles. This make you think dynamically.

If you are solving a puzzle or implementing your logic, do not think straight forward, give multiple tries and chose a more appropriate solution. Solving a problem will not be hard. You should chose a solution that require less code, small maintenance overhead and most importantly one that will be less resource intensive.

Now lets stick to the topic and discuss how you can use Zend_Form component for creating html form easily, handling filters and errors messages and how to see how easily you can fetch data from the data source and present that in html form and let the visitors change/modify the existing data and save changes to the data source.

I am gona break this topic in three steps.

1. Creating Zend_Form

Although I’ve already discussed creation of Zend_Form in some of my articles but it will be better to discuss it here again.

Creating Zend form is simple is this.

<?php

class CustomForm extend Zend_Form

{

public function init()

{

}

}

defined a class by extending it from Zend_Form. This allow access to many of methods already defined in Zend_Form.

The only thing you need to do is to override init() method and create your own element such as input box, select statement, checkboxes, radio buttons and so on.

Sorry this blog is deprecated.

“Please read complete tutorial here.” http://zendgeek.blogspot.com/2009/07/zend-framework-formzendform-tutorial.html

Zend Framework: Zend_Loader::Zend_Loader::registerAutoload is deprecated as of 1.8.0 and will be removed with 2.0.0; use Zend_Loader_Autoloader instead.

17 Jun

Sorry this blog is deprecated. you can read this article here.

http://zendgeek.blogspot.com/2009/06/zend-framework-zendloaderzendloaderregi.html

Seven things you may not know about me

3 Jun

Well, on few places I saw seven things. In the beginning I didn’t understand what it’s all about, however after searching for some time I found what the secret behind the scene was. The idea behind was to write seven things that people don’t know about you and then write about seven people in your address book, mention their names and leave links to their blogs. After doing this, leave comments on their blog or twitter telling them that they have been tagged.

Here goes my seven things.

  1. I belong to Tribal Area of Pakistan. Yes, Its been in media since many year or I’d say after 9/11, when usama bin ladin flee to Tora bora. Keep in mind that Tora bora is an area/border between Pakistan and Afghanistan.

My family is still living in tribal area, however we have a bit peaceful place, free from al-Qaida and Taliban.

  1. Pink is good and I like strawberry.
  2. I was very good soccer player. I was center forward of our college soccer team.
  3. After completing my master I tried hard to get job in Dot Net technologies, but fortunately or unfortunately got PHP job instead.
  4. I started writing my first blog in june 2008. That was in google’s blogspot.
  5. I am Capricorn; always work hard to get to the top of the mountain.
  6. I love reading novels. I am reading “The Zahir” by Paulo Coelho these days. Paulo Coelho is an author of award winning, bestseller “The Alchemist”.

And here goes seven people I know

  1. Gul Hassan

My uncle and mentor who give me strength to be where I am. An intelligent and cool person. Working as an Admin manager in government organization.

  1. James Leong:

A person who inspire me writing my own blog. A Singaporean, who came to Pakistan to establish his own business, cannot say much about him.

  1. Masood Anwar:

My team lead, who has given my lot of favors since my joining. I’ve been working with him since eight months. Full of patience and courage, think dynamically.

  1. Asim Zeeshan:

He is highly motivated, enthusiastic person. We both work in the same organization. He never hesitate in giving helping hand.

  1. Furqan Khan:

My colleague, my teammate. He is nice person and a brilliant developer. We always discuss TV program, best coming movies and other entertainment related stuff.

  1. Syed Zufliqar Hussain

He inspired me to play table tennis. He is working in Dot Net technologies, sober and courageous person. Always give his hand whenever help needed.

  1. Ahsan Shahzad:

A person writing his own blog on Zend Framework and other tool and technologies. Working in the same organization, where I am. Nice person, an intelligent engineer.