Developing Mods locally on your own local PHP/MySQL/Apache server

by mdshare in April 26th, 2008 
No Comment

Developing Mods locally on your own local PHP/MySQL/Apache server

Its easier than you might think!

I setup a dedicated local server once to let me do this but it turns out there is an even faster easier way to do it .

http://www.wampserver.com

wampserver is a complete software package allowing to use all the power and the flexibility that offers the dynamic language PHP and the effecient use of databases under Windows. Package includes an Apache server, a MySQL database, a fully PHP execution, as well as easy development tools for your web site or your applications.

Best part - its a one click install on your local system no need anymore to upload your scripts to a server, you can test them on your own PC.

And don’t be afraid to experiment with php it’s a very easy language to learn

As php/htm/whatever language editor I use Crimson Editor which is also free available at http://www.crimsoneditor.com/

Topics: FAQ

Digg it     Delicious it     Stumble it     Favourite it    

Securing Input Variables

by mdshare in April 25th, 2008 
No Comment

Handling data in PHP applications is sometimes seen as a complex subject, but a little thinking can make life very simple:

Stage #1 is removing any slashes from the input variables $_GET, and $_POST.

<?php
function array_stripslashes( $value )
{
 if (is_array($value))
  foreach ($value as $key => &$element)
   $element = array_stripslashes($element);
 else if (is_string($value))
  $value = stripslashes($value);
   
 return $value;
}

if (get_magic_quotes_gpc())
{
 $_GET    = array_stripslashes($_GET);
 $_POST   = array_stripslashes($_POST);
}
?>

Stage #2 is a simple set of functions to retrieve data from the two main arrays.

<?php
/**
 **
 **  <string> getStr( <string> $key, <string> $default = “” );
 **
 **/
function getStr( $key, $default = “” )
{
 return isset($_GET[$key]) && is_string($_GET[$key]) ? trim($_GET[$key]) : $default;
}

/**
 **
 **  <integer> getInt( <string> $key, <integer> $default = 0 );
 **
 **/
function getInt( $key, $default = 0 )
{
 return !is_null($tmp = getStr($key, null)) && preg_match(”`^\d+$`ims”, $tmp) ? @intval($tmp) : $default;
}

/**
 **
 **  <string> postStr( <string> $key, <string> $default = “” );
 **
 **/
function postStr( $key, $default = “” )
{
 return isset($_POST[$key]) && is_string($_POST[$key]) ? trim($_POST[$key]) : $default;
}

/**
 **
 **  <integer> postInt( <string> $key, <integer> $default = 0 );
 **
 **/
function postInt( $key, $default = 0 )
{
 return !is_null($tmp = postStr($key, null)) && preg_match(”`^\d+$`ims”, $tmp) ? @intval($tmp) : $default;
}
?>

Now, we are safe in the knowledge that all integers and strings coming from the two arrays are perfectly secure.

Two things of note here, if you are displaing any strings, you whould clean them through htmlentities():

[code]Handling data in PHP applications is sometimes seen as a complex subject, but a little thinking can make life very simple:

Stage #1 is removing any slashes from the input variables $_GET, and $_POST.

[code]<?php
function array_stripslashes( $value )
{
 if (is_array($value))
  foreach ($value as $key => &$element)
   $element = array_stripslashes($element);
 else if (is_string($value))
  $value = stripslashes($value);
   
 return $value;
}

if (get_magic_quotes_gpc())
{
 $_GET    = array_stripslashes($_GET);
 $_POST   = array_stripslashes($_POST);
}
?>[/code]

Stage #2 is a simple set of functions to retrieve data from the two main arrays.

[code]<?php
/**
 **
 **  <string> getStr( <string> $key, <string> $default = “” );
 **
 **/
function getStr( $key, $default = “” )
{
 return isset($_GET[$key]) && is_string($_GET[$key]) ? trim($_GET[$key]) : $default;
}

/**
 **
 **  <integer> getInt( <string> $key, <integer> $default = 0 );
 **
 **/
function getInt( $key, $default = 0 )
{
 return !is_null($tmp = getStr($key, null)) && preg_match(”`^\d+$`ims”, $tmp) ? @intval($tmp) : $default;
}

/**
 **
 **  <string> postStr( <string> $key, <string> $default = “” );
 **
 **/
function postStr( $key, $default = “” )
{
 return isset($_POST[$key]) && is_string($_POST[$key]) ? trim($_POST[$key]) : $default;
}

/**
 **
 **  <integer> postInt( <string> $key, <integer> $default = 0 );
 **
 **/
function postInt( $key, $default = 0 )
{
 return !is_null($tmp = postStr($key, null)) && preg_match(”`^\d+$`ims”, $tmp) ? @intval($tmp) : $default;
}
?>

Now, we are safe in the knowledge that all integers and strings coming from the two arrays are perfectly secure.

Two things of note here, if you are displaing any strings, you whould clean them through htmlentities():

<?php
echo htmlentities(postStr($username));
?>

and of course correctly escape your data if being sent to the database using mysql_real_escape_string():

<?php
$name = postStr(”name”);
if (strlen($name))
{
 $sql = sprintf(”UPDATE `users` SET `username` = ‘%s’ WHERE (`id` = %u)”, mysql_real_escape_string($name));
 mysql_query($sql);
}
?>

If you are wondering how to use it … well just slap it into a common include file and you will always have these lightweight functions to hand.

References:

http://www.php.net/manual/en/function.htmlentities.php
http://www.php.net/manual/en/function.mysql-real-escape-string.php
http://www.php.net/manual/en/function.stripslashes.php
http://www.php.net/manual/en/function.get-magic-quotes-gpc.php
http://www.php.net/manual/en/function.isset.php
http://www.php.net/manual/en/function.is-string.php
http://www.php.net/manual/en/function.preg-match.php
http://www.php.net/manual/en/function.intval.php
http://www.php.net/manual/en/function.trim.php
http://www.php.net/manual/en/function.is-null.php

Topics: FAQ
Tags: , ,
Digg it     Delicious it     Stumble it     Favourite it