SQL injection happens when user provided input through forms or query string is directly used in a SQL query without any sanitation done to it. For example a badly coded login script would allow an attacker to login without knowing the username/password or login with full rights of admin users. Though this can happen to any web page developed in any language, this issue seems to be affected more PHP pages than .NET applications. Perhaps simplicity of PHP programming and inexperience coders are reasons for this. In any case, keeping following poins in mind while developing PHP sites should help avoid mistakes which can be prevented easily.

More...

If you like to use smarty for designing your views while developing codeigniter applications, just read on. Smarty is a powerful templating engine for php. Its template language is simple yet powerful. By default, codeigniter doesn't use any templating system. Instead it relies on plain old php for designing views. Integrating smarty into codeigniter is rather simple. First, download the latest smarty version and copy the libs folder into /system/application/libraries/.

Now create a new file “View.php” inside the /system/application/libraries folder. Note: the case of the filename is important it must be “View.php”. Now put the following code inside the View.php file.

More...

What is PHP?

PHP is a high level scripting language particularly used in developing websites. PHP is very powerful and easy to learn. PHP is platform independent that is, PHP can run on either Linux or Windows and many other OS. Unlike C or C++, PHP is an interpreted language that is, the PHP code we write doesn’t get converted into machine code. Instead the PHP reads and executes the source code when we run the script. For more information about PHP and its history, visit http://en.wikipedia.org/wiki/PHP

More...

Often we have to display email addresses and other contact information on our pages. For example providing a mailto link etc. However, along with the intended users, some other persons/bots are also interested in getting those email IDs for sending spams. For this, spammers use special bots for harvesting email/contact info from the web. In this post, I will show a method using javascript and any server side language by which we can easily protect such important information.

Today I upgraded the wordpress from 2.51 to 2.61 and also made some layout changes to the other section of the site.

I been using wp 2.51 from the very beginning of this site and didn't upgrade to wordpress 2.6 when it was released. But finally, I decided to upgrade my blog to the latest wordpress version.

and the layout changes to the other parts of the site was to modify the design to match the wordpress default theme. Also I removed the about page and transferred the contents of it to the homepage. As I am not a design person by any means, the responsibility of doing it cleanly and making sure that it looks nice was entrusted upon my brother.

Also, the new upgrade to wordpress 2.61 doesn't break the txcaptcha. The txcaptcha logical captcha protection is working very well.

Yes, nobody want errors to happen in their code, however when they happen, you must be able to retrieve full information about them no matter which language or framework you use. I came across this issue while developing a site with codeigniter. I looked through the user guide but was not able to find it. However after searching through the web I came across some forum posts answering my concerns. Although I missed the url, Here is the name of the function using which you can retrieve the info about the errors.

$this->db->_error_message()

Returns the error message from the database depending upon the database driver being used. For MySql, it uses mysql_error()

$this->db->_error_number()

Returns the error number from the database depending upon the database driver being used. For MySql, it uses mysql_errno()

I didn't find it documented anywhere so I am posting here. Let me know if anyone have references to it in the user guide.