Thursday, May 31, 2012
Monday, May 14, 2012
Security Checklist for PHP website - Input from $_GET, $_POST, $_COOKIE, and $_REQUEST is considered tainted.
http://markjaquith.wordpress.com/2009/09/21/php-server-vars-not-safe-in-forms-or-links/
Common example:
<form action=" |
Another example:
<a href=" |
Here are my two rules regarding
$_SERVER['PHP_SELF'] or $_SERVER['REQUEST_URI'] in forms:- Do not use them
- If you use one of them, escape it with
esc_url()
Thursday, May 10, 2012
Setting Up Virtual Hosts for XAMPP
Ref: http://sawmac.com/xampp/virtualhosts/
Launch Notepad and open the hosts file located at C:\windows\system32\drivers\etc\hosts. (You may not be able to see the windows folder–some files are hidden by default under Windows. Here are instructions to make those files visible.)
On Vista, you’ll also need to have access to change the hosts file.
To do that, launch Notepad by right clicking on Notepad from the Start
menu and choosing "Run As Administrator." This will give you permission
to edit and save the file.
At the end of that file type:
127.0.0.1 clientA.local
127.0.0.1 is how a computer refers to itself—it’s an IP address that points back to the computer, kind of like a computer’s way of saying "ME." The second part (clientA.local) is the "domain" of the virtual host. To visit this domain in a Web browser you’d type http://clientA.local. You don’t have to add the .local part to the hosts files—you could just as easily add 127.0.0.1 clientA and access the site in your Web browser with http://clientA—but I find it helpful for differentiating between a real Web site out on the Internet like clientA.com, and the test sites I have running on my own computer.
Save and close the hosts file.
That finishes the first part of this task. You’ve prepared your
computer to handle requests to http://clientA.local. Now you need to
tell the Web server, Apache, how to handle those requests.
In Notepad open the Apache configuration file located at C:\xampp\apache\conf\extra\httpd-vhosts.conf
At the bottom of that file add:
The stuff in yellow represents a single Virtual Host. You’ll add one chunk of code just like this for each Virtual Host (or Web site) on your computer
You’ll need to modify the stuff highlighted in blue. The first item — DocumentRoot — indicates where the files for this site are located on your computer. The second part–ServerName — is the name you provided in step 2 above: the virtual host name. For example, clientA.local. The third item — the part — is the same path you
provided for the DocumentRoot. This is required to let your Web browser
have clearance to access these files.
Save and close the Apache configuration file, and restart Apache from the XAMPP control panel.
Start a Web browser and type a URL for the virtual host. For example: http://clientA.local/.
You should now see the home page for your site.
127.0.0.1 clientA.local
127.0.0.1 is how a computer refers to itself—it’s an IP address that points back to the computer, kind of like a computer’s way of saying "ME." The second part (clientA.local) is the "domain" of the virtual host. To visit this domain in a Web browser you’d type http://clientA.local. You don’t have to add the .local part to the hosts files—you could just as easily add 127.0.0.1 clientA and access the site in your Web browser with http://clientA—but I find it helpful for differentiating between a real Web site out on the Internet like clientA.com, and the test sites I have running on my own computer.
NameVirtualHost *
<VirtualHost *>
DocumentRoot "C:\xampp\htdocs"
ServerName localhost
</VirtualHost>
<VirtualHost *>
DocumentRoot "C:\Documents and Settings\Me\My Documents\clientA\website"
ServerName clientA.local
<Directory "C:\Documents and Settings\Me\My Documents\clientA\website">
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
The stuff in yellow represents a single Virtual Host. You’ll add one chunk of code just like this for each Virtual Host (or Web site) on your computer
You’ll need to modify the stuff highlighted in blue. The first item — DocumentRoot — indicates where the files for this site are located on your computer. The second part–ServerName — is the name you provided in step 2 above: the virtual host name. For example, clientA.local. The third item — the
You should now see the home page for your site.
Sunday, May 6, 2012
Xampp with PHP and Oracle from Mysql
Oracle Based Changes
1. Install oracle any version
2. configure with database creation ( database will create automatically )
3. import mysql tables to oracle
4. Note hostname, username, password and SID.
5. While start the xampp if NLS_LANG error will come for oci8 follow the below steps
a.) run --> regedit --> hkey local machine --> softwares --> oracle --> NLS_LANG key rename or delete
b.) restart system.
PHP Based Changes After Installed Xampp
1. In your XAMPP Start Page, go to phpinfo, look for string oci8. If string found it indicate that connection to oracle is available, otherwise to activate connection do the following steps:
2. Open the currently used php.ini file by looking at the phpinfo, from the XAMPP folder.
3. Find string ;extension=php_oci8.dll. Remove the semicolon (;) ahead of the string to activate the oracle extension.
4. Save the php.ini file.
5. Download the “Instant Client Package – Basic” for Windows from the OTN Instant Client page. Unzip it to c:\instantclient_11_1
6. Edit the PATH environment setting and add c:\instantclient_11_1 before any other Oracle directories. For example, on Windows XP, follow Start -> Control Panel -> System -> Advanced -> Environment Variables and edit PATH in the System variables list.
7. Set desired Oracle globalization language environment variables such as NLS_LANG. If nothing is set, a default local environment will be assumed. See An Overview on Globalizing Oracle PHP Applications for more details.
8. Unset Oracle variables such as ORACLE_HOME and ORACLE_SID, which are unnecessary with Instant Client (if they are set previously).
9. Restart XAMPP (or Start if its not already started).
10. To make sure that connection to oracle database has successfully activated, go to phpinfo. Find string: oci8. If found, then XAMPP can now communicate with Oracle Database.
PHP Based sample connection
1. Install oracle any version
2. configure with database creation ( database will create automatically )
3. import mysql tables to oracle
4. Note hostname, username, password and SID.
5. While start the xampp if NLS_LANG error will come for oci8 follow the below steps
a.) run --> regedit --> hkey local machine --> softwares --> oracle --> NLS_LANG key rename or delete
b.) restart system.
PHP Based Changes After Installed Xampp
1. In your XAMPP Start Page, go to phpinfo, look for string oci8. If string found it indicate that connection to oracle is available, otherwise to activate connection do the following steps:
2. Open the currently used php.ini file by looking at the phpinfo, from the XAMPP folder.
3. Find string ;extension=php_oci8.dll. Remove the semicolon (;) ahead of the string to activate the oracle extension.
4. Save the php.ini file.
5. Download the “Instant Client Package – Basic” for Windows from the OTN Instant Client page. Unzip it to c:\instantclient_11_1
6. Edit the PATH environment setting and add c:\instantclient_11_1 before any other Oracle directories. For example, on Windows XP, follow Start -> Control Panel -> System -> Advanced -> Environment Variables and edit PATH in the System variables list.
7. Set desired Oracle globalization language environment variables such as NLS_LANG. If nothing is set, a default local environment will be assumed. See An Overview on Globalizing Oracle PHP Applications for more details.
8. Unset Oracle variables such as ORACLE_HOME and ORACLE_SID, which are unnecessary with Instant Client (if they are set previously).
9. Restart XAMPP (or Start if its not already started).
10. To make sure that connection to oracle database has successfully activated, go to phpinfo. Find string: oci8. If found, then XAMPP can now communicate with Oracle Database.
PHP Based sample connection
$conn = oci_connect('username', 'password', 'host:port/servicename');
$query = 'select table_name from user_tables';
$stid = oci_parse($conn, $query);
oci_execute($stid, OCI_DEFAULT);
while ($row = oci_fetch_array($stid, OCI_ASSOC)) {
foreach ($row as $item) {
echo $item." | ";
}
echo "
\n";
}
oci_free_statement($stid);
oci_close($conn);
ADODB Based Sample Connection
$DB = NewADOConnection("oci8");$DB->Connect('localhost', 'system', 'system', 'orasrv');
Subscribe to:
Posts (Atom)