PHP. What’s so important about it?

PHP is a server side programming language designed to produce amazing dynamic web pages which :

• allows you to create dynamic html pages and files.
• can be used to authenticate logins to a site
• allows web owners to redirect pages
• keep counters
• allows you to personalize pages. For example, if I login to a site using my username and password, the PHP codes will then tell the server to generate a personal note that says ‘Welcome, Chris!’. So if another person logs in, the server will generate another personal page that says ‘Welcome, (username)!’.
• If you set up your own server you can use also PHP to allow people to download files from a certain folder and then log the ip address of the person that downloaded it. As long as the page saves or changes a file on the server, PHP will most likely be used.

There are plenty of PHP training courses out there that helps people to learn even faster. Open Technology Group is one fine example that provides the highest quality training at an affordable prices that includes post meet ups after classes. Their courses are taught by Zend certified PHP MySQL training instructors with over decade’s experience.

At the moment, they conduct classes on a monthly basis. The classes are carried out for a period of 5 days. If you live in the US and some other parts of Canada, airfare to North Carolina, accommodation, shuttle services and course materials are all included with the fee you pay.

Interested people are encouraged to submit a simple form or call them to ask about enrollment questions. They will even wire in a technical instructor to take calls, if needed. I believe that they have special pricing for government or educational bodies.

* sponsored review *

PHP MySQL Training
PHP training solutions

aaahh… adsense. Everyone’s favourite advertising program. Almost everyone who owns a blog/website has it. After all, anything that generates cash is most welcomed.

For those who aren’t so sure, you might ask, what is adsense?

AdSense is an advertising program run by Google. Website owners enroll in this program to enable text and image advertisements on their sites. These ads are administered by Google and generate revenue on a per-click basis based on website content. Though it’s pretty amazing how certain people can earn 4 figure income in a day through adsense, there are 2 BIG issues that come with it.

Click Fraud

If you are hated by certain groups for something controversial that you’ve said, you’re dead. There are certain groups of people out there who pick out websites that they disagree with and destroy the webmaster’s adsense income. All that has to be done is to click on the ads multiple times, say for example 100 clicks per person. A group of 3 is already enough to get your site’s adsense suspended.

Tracking Visitor Clicks

Of course it’s all great when you get clicks, at first. As time goes on, you’d want to improve the content and layout of your site. However, you can’t see who clicked what, where that visitor came from, how many clicks that particular visitor makes, or even which advertisement he clicked on. The only thing that you and I can do in the adsense dashboard is to see the clickthrough rate and how much you’ve earned.

However, the world of adsense publishing became a better place thanks to Trevor Fitzgerald, a 20-year-old student studying Business Administration at Michigan State University, who developed this amazing nifty tool called the ‘Adlogger‘. However, you gotta be able to use FTP to upload the folder to your website.

Guys, if you’re an adsense / YPN freak, you’re gonna love the 16 benefits that come with using the super cool, free, open source, amazing Adlogger.

1. Track and log when a visitor clicks on one of your AdSense ads
2. Optionally receive an email after every reported click
3. Receive an email after every reported multiple click
4. Secure administrative backend
5. Know the total number of clicks and the total number of unique visitors that clicked
6. Know the IP address, hostname, user agent, browser information, operating system of the visitor who clicked on the ad
7. Determine which advertisment was clicked
8. Get past click performance for a specific date or range of dates
9. Find your best performing pages
10. Custom channels help you monitor which pages are receiving clicks
11. Block ads for a specific IP address or range of IPs
12. Automatically block ads for visitors who are clicking too many within a certain time period
13. Know exactly when, why, and for whom ads were successfully blocked
14. If AdSense ads are blocked, you can display an alternate advertisement
15. Code generator page to make installation and setup easySynchronize all of the reporting to Google AdSense server time

You gotta start using it, man. Actually, everyone should. =)

Adlogger
Prevent click fraud & track clicks

Basically, SQL injections happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. Any webmaster creating web applications that involves database manipulation will have to take these measures to prevent SQL injections.

According to WhiteHat Security’s statistics, there is a 20% likelihood that 8 out of 10 websites have a vulnerability in the area of SQL Injections.

Keeping It Clean

For example, it is important to make sure that users insert only codes that have these characters in the email field :

• abcdefghijklmnopqrstuvwxyz
  ABCDEFGHIJKLMNOPQRSTUVWXYZ
  0123456789
  @.-_+

Quotes Quotes Quotes

Many database interface languages caters to the need of safe-quoting text. For example, MySQL uses 2 functions to ’string quote’ and to ’string parse’ :

• mysql_real_escape_string() adds backslashes in front of all the quotation marks.
• stripslashes() removes backslashes in front of the quotation marks.

Bounding Parameters

• Insecure

Statement s = connection.createStatement();
ResultSet rs = s.executeQuery(”SELECT email FROM member WHERE name = ” + formField); // *boom*

• Secure

PreparedStatement ps = connection.prepareStatement(”SELECT email FROM member WHERE name = ?”);
ps.setString(1, formField);
ResultSet rs = ps.executeQuery();

Above is an example of bound parameters in Java. Neither quotes, semicolons, backslashes nor SQL comment notations are able to corrupt the string because it’s been turned into data. Bounding parameters is one of the most important step anyone can take to truly secure the database from injection attacks.

Rights Management

Web applications should use connections to the database with as little rights as possible. Web applications should start with only 1 type of access which is query access to members table. This method eliminates the possibility of using the ‘UPDATE’ statement to taint the database. Let rights access be progressive, like allowing more flexibility only after a successful user validation.

Making Use Of Stored Procedures

As long as the interface on the stored procedure stays the same, the table structure can change with no consequence to the application that is using the database. This layer of abstraction is like an extra barrier because table permission is implicitly set. By only allowing database modifications through stored procedures, tables are safe from exposure to external applications.

Separating TRUSTED and UNTRUSTED networks

A DMZ is a computer network that is accessible from two other computer networks that have no direct contact with each other. Often, one of these networks is the Internet and the other is a local, internal network. Having a web server with very, very little access in a DMZ prevents total control of all networks, even if one manages to take full control of the machine.

SQL Injection Attacks
Useful tips on SQL injection attacks