Regular Expression Basic Syntax Reference

Posted on Agustus 7, 2008. Filed under: Tutorial Programming | Tag:, , , , , |

Characters
Character Description Example
Any character except [\^$.|?*+() All characters except the listed special characters match a single instance of themselves. { and } are literal characters, unless they’re part of a valid regular expression token (e.g. the {n} quantifier). a matches a
\ (backslash) followed by any of [\^$.|?*+(){} A backslash escapes special characters to suppress their special meaning. \+ matches +
\Q...\E Matches the characters between \Q and \E literally, suppressing the meaning of special characters. \Q+-*/\E matches +-*/
\xFF where FF are 2 hexadecimal digits Matches the character with the specified ASCII/ANSI value, which depends on the code page used. Can be used in character classes. \xA9 matches © when using the Latin-1 code page.
\n, \r and \t Match an LF character, CR character and a tab character respectively. Can be used in character classes. \r\n matches a DOS/Windows CRLF line break.
\a, \e, \f and \v Match a bell character (\x07), escape character (\x1B), form feed (\x0C) and vertical tab (\x0B) respectively. Can be used in character classes.
\cA through \cZ Match an ASCII character Control+A through Control+Z, equivalent to \x01 through \x1A. Can be used in character classes. \cM\cJ matches a DOS/Windows CRLF line break.
(lebih…)
Iklan
Baca Pos Lengkap | Make a Comment ( None so far )

Seeing the number of problems and mistakes PHP coders encounter repeatedly I set out to make this list of the 10 most common problems and mistakes done by PHP coders.

Posted on Agustus 7, 2008. Filed under: Tutorial Programming | Tag:, , , |

Seeing the number of problems and mistakes PHP coders encounter repeatedly I set out to make this list of the 10 most common problems and mistakes done by PHP coders.

1. Not escaping entities

It’s basic knowledge; ALL untrusted input (especially user input from forms) has to be sanitized before it is being output.

echo $_GET[‘username’];

Can for instance output:
<script>/*snooping cookie or changing admin password script*/</script>

It is an apparent security risk not to sanitize untrusted data before output. Besides you might end up with pages looking very messy if you do not thread user input the right way.


How to fix it:

Basically you need to convert < , >, ‘ and ” to their proper entities (&lt; , &gt;
, and &quot;) . The functions htmlspecialchars and htmlentities() do the work.

So here is the right way:

echo htmlspecialchars($_GET[‘username’], ENT_QUOTES);

Uncountable scripts carries this problem.

2. Not Escaping SQL input

When querying your database all ways make sure untrusted data gets escaped else your application will be vulnerable to SQL-injections and unreliable, some coders think that they have covered their asses by having magic_quotes on in their php.ini. The problem is that untrusted input can come from other sources than $_GET, $_POST and $_COOKIE (crawling other websites or using input from the database). And what happens if magic_quotes suddenly is set to OFF?

How to fix it:
I recommend setting magic_quotes to off in php.ini or by using .htaccess and then using mysql_real_escape_string() on all variables used in SQL-expressions.

<?php
$sql = “UPDATE users SET
name=’.mysql_real_escape_string($name).’
WHERE id=’.mysql_real_escape_string ($id).'”;
mysql_query($sql);
?>

In PHP5 combined with mysql5 you can also use bindings.

If you leave magic_quotes On you will just have to trust your instinct.

3. Wrong use of HTTP-header related functions: header(), session_start(), setcookie()

Have you ever encountered this warning? “warning: Cannot add header information – headers already sent [….]

Most likely you have either during development or when deploying PHP applications. When your browser downloads a web page the data response from the server is structured in two different parts: The header part and the content part.

The header consist of not visible data such as cookies to be set or if the browser should redirect to another location. The header always comes first.

The content part consists of the visible content HTML, image data and so on.

If output_buffering is set to Off in php.ini your. When the script outputs during execution all header related functions (setcookie(), header(), session_start()) must be called before any output. The problem is when somebody develops on one platform configuration and deploys to another platform configuration, then redirects stops working, cookies and sessions are not being stored…

How to fix it:
The right way is actually very simple make your script call all header related functions before you start any output and set output_buffering = Off in php.ini (at your development platform). If this is a problem on existing scripts you can all ways hack about with the output control functions.

(lebih…)

Baca Pos Lengkap | Make a Comment ( None so far )

CSS Layout

Posted on Agustus 5, 2008. Filed under: Utek-utek Layout | Tag:, , , , |

<!– @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom: 0.08in } H2 { margin-bottom: 0.08in } H3 { margin-bottom: 0.08in } –>


by Ross Shannon

A major promise that came with the launch of CSS was that we would no longer be forced to lay our sites out in tables, and would instead be given complete control over the positions and dimensions of page elements. For the most part, this has been fulfilled.

You have probably been irritated in the past by the inability of your browser to render your page exactly as you had wanted. Table structures aren’t the most flexible of page layout devices, as they weren’t really designed for this purpose. Now however, with the release of the CSS-2 spec, and some reliable browser support in the current generation of browsers, you have a new and much improved option.

Page Navigation:
Working with divs · Floating Elements | CSS Positioning · Absolute Positioning · Positioning Layers · Relative Positioning | Horizontal Centering

This page was last updated on 2008-02-15

Turn off
HighlightingThe search terms you used to find this page can be highlighted. Click the button to toggle this feature on or off.

(lebih…)

Baca Pos Lengkap | Make a Comment ( 2 so far )

Entri Berikutnya »

Liked it here?
Why not try sites on the blogroll...