Author Archives: rafiq7s

AFAIK

AFAIK = As far as I know
BBL = Be back later
BRB = Be right back
BTW = By The Way
CYA = See you
DIY = Do it yourself
ETA = Estimated time of arrival
ETD = Estimated time of departure
FWIW = For what it’s worth
FYI = For your information
GJ = Good job
H/O = Hold on
IMAO = In My Arrogant Opinion
IMO = In my opinion
J/K = Just joking
K = OK
L8 = Late
MMB = Message me back
NP = No problem
Pls = Please
ROFL = Rolling on the floor laughing
Sup = What’s up?
TBH = To Be Honest

Advertisements

SQL Injection

What it is

SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data, or to override valuable ones, or even to execute dangerous system level commands on the database host. This is accomplished by the application taking user input and combining it with static parameters to build an SQL query.

SQL queries are able to circumvent access controls, thereby bypassing standard authentication and authorization checks, and sometimes SQL queries even may allow access to host operating system level commands.

Avoidance Techniques

  • Never connect to the database as a superuser or as the database owner. Use always customized users with very limited privileges.
  • Use prepared statements with bound variables. They are provided by PDO, by MySQLi and by other libraries.
  • Check if the given input has the expected data type. PHP has a wide range of input validating functions, from the simplest ones found in Variable Functions and in Character Type Functions (e.g. is_numeric(), ctype_digit() respectively) and onwards to the Perl compatible Regular Expressions support.
  • If the application waits for numerical input, consider verifying data with ctype_digit(), or silently change its type using settype(), or use its numeric representation by sprintf().
  • If the database layer doesn’t support binding variables then quote each non numeric user supplied value that is passed to the database with the database-specific string escape function (e.g. mysql_real_escape_string(), sqlite_escape_string(), etc.). Generic functions like addslashes() are useful only in a very specific environment (e.g. MySQL in a single-byte character set with disabled NO_BACKSLASH_ESCAPES) so it is better to avoid them.
  • Do not print out any database specific information, especially about the schema, by fair means or foul. See also Error Reporting and Error Handling and Logging Functions.
  • You may use stored procedures and previously defined cursors to abstract data access so that users do not directly access tables or views, but this solution has another impacts.
  • You benefit from logging queries either within your script or by the database itself. Obviously, the logging is unable to prevent any harmful attempt, but it can be helpful to trace back which application has been circumvented.

Reff:
http://php.net/manual/en/security.database.sql-injection.php

Tasneem – meaning of name

Tasneem means a heavenly fountain.

Tasneem is the name of one of the most honorable drinks of the inhabitants of the Paradise. It is poured on them form the heights.

Tasneem is the name of a fountain in Jannahh (Paradise) whose drink is superior to the purest of wines. Its nectar will only be drunk by those nearest to Allah Ta’ala. Literally means “rich and elevated”.

Tasneem is the name of a spring in Paradise as stated in the Glorious Quran Chapter 83 Surah Mutaffefeen verse 27 & 28:
27      With it will be (given) a mixture of Tasneem;
28      A spring from (the waters), whereof drink those Nearest to Allah.

Reff:
http://www.islamweb.net/emainpage/index.php?page=showfatwa&Option=FatwaId&Id=88629
http://wiki.answers.com/Q/What_does_the_name_Tasneem_mean_in_the_Arabic_Quran
http://www.gowister.com/islam-answer-1933.html

Using Zend Log in Codeigniter

If you are developing a complex script then LOG helps you to keep trace the function execution flow and thus helps fixing out bug.

Here is an implementation of using Zend Log in Codeigniter framework:
1. Copy Zend Log Library:
i. Download ZendFramework-1.11 from here: http://framework.zend.com/downloads/latest
ii. Extract it. Inside it there is a “Log” folder inside “library/Zend” directory.
iii. Create a folder inside “application/libraries” of your codeigniter and copy “Log” folder (from ii.) into it.
iv. Copy “Exception.php” and “Log.php” from extracted “library/Zend”  directory to Codeigniter’s “application/libraries/Zend” directory.

2. Create Library:
Create Zend.php inside application/libraries and paste following codes:

if (!defined('BASEPATH')) { exit('No direct script access allowed'); }

class CI_Zend {
	private $writer;
	private $logger;

	public function __construct() {
		ini_set('include_path',ini_get('include_path') . PATH_SEPARATOR . APPPATH . 'libraries');
	}

	public function log_init($logfile) {
		require_once 'Zend/Log.php';
		require_once 'Zend/Log/Writer/Stream.php';

		$this->writer = new Zend_Log_Writer_Stream($logfile);
		$this->logger = new Zend_Log($this->writer);
	}

	public function info_log($msg) {
		$this->logger->log($msg, Zend_Log::INFO);
	}

	public function err_log($msg) {
		$this->logger->log($msg, Zend_Log::ERR);
	}
}

3. Create controller myzend.php:

if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Myzend extends CI_Controller {

    public function __construct() {
	
        parent::__construct();
    }

    public function index() {
	
        $this->load->library('zend');
        $this->zend->log_init('application.log');

       $this->zend->info_log('This is Info message', Zend_Log::INFO);
       $this->zend->err_log('This is Error message', Zend_Log::ERR);
    }
}

Thats it.

Ref:
Log Your PHP Application With Zend_Log (Part 2)
Integrate Zend library in code Igniter

Phonetic Alphabet

A phonetic alphabet is a list of words used to identify letters in a message transmitted by radio or telephone. Spoken words from an approved list are substituted for letters. For example, the word “Navy” would be “November Alfa Victor Yankee” when spelled in the phonetic alphabet. This practice helps to prevent confusion between similar sounding letters, such as “m” and “n”, and to clarify communications that may be garbled during transmission.

Letter NATO Phonetic Western Union Phonetic

A

Alpha Adams

B

Bravo Boston

C

Charlie Chicago

D

Delta Denver

E

Echo Easy

F

Foxtrot Frank

G

Golf George

H

Hotel Henry

I

India Ida

J

Juliet John

K

Kilo King

L

Lima Lincoln

M

Mike Mary

N

November New York

O

Oscar Ocean

P

Papa Peter

Q

Quebec Queen

R

Romeo Roger

S

Sierra Sugar

T

Tango Thomas

U

Uniform Union

V

Victor Victor

W

Whiskey William

X

X-ray X-ray

Y

Yankee Young

Z

Zulu Zero

Source:

  1. http://www.history.navy.mil/faqs/faq101-1.htm
  2. http://www.osric.com/chris/phonetic.html

Get multiple checkbox values selected in PHP

<?php
$test_chk = array();

if(isset($_POST) && !empty($_POST)) {

	$test_chk = $_POST['test_chk'];

	if(empty($test_chk)){ 
		$test_chk = array();
	}
}
?>

<form method="post" action="">
	<strong>Multiple Check Test:</strong><br />
	
	<input type="checkbox" name="test_chk[]" value="value A" <?php if(in_array("value A", $test_chk)) echo ' checked="checked"';?> /> value A<br />
	<input type="checkbox" name="test_chk[]" value="value B" <?php if(in_array("value B", $test_chk)) echo ' checked="checked"';?> /> value B<br />
	<input type="checkbox" name="test_chk[]" value="value C" <?php if(in_array("value C", $test_chk)) echo ' checked="checked"';?> /> value C<br />
	<input type="checkbox" name="test_chk[]" value="value D" <?php if(in_array("value D", $test_chk)) echo ' checked="checked"';?> /> value D<br />
	
	<input type="submit" name="test_sbt" value="Submit" />
</form>

YAML

YAML (rhymes with ‘camel’) is a human-friendly, cross language, Unicode based data serialization language designed around the common native data structures of agile programming languages.

YAML is not Markup Language. It is a human friendly data serialization standard for all programming languages.

It is an human friendly and versatile data serialization language which can be used for log files, config files, custom protocols, the works.

It is broadly useful for programming needs ranging from configuration files to Internet messaging to object persistence to data auditing. It is easy to use, easy to learn, and cool.

Example: click here

invoice: 34843
date   : 2001-01-23
bill-to: &id001
    given  : Chris
    family : Dumars
    address:
        lines: |
            458 Walkman Dr.
            Suite #292
        city    : Royal Oak
        state   : MI
        postal  : 48046
ship-to: *id001
product:
    - sku         : BL394D
      quantity    : 4
      description : Basketball
      price       : 450.00
    - sku         : BL4438H
      quantity    : 1
      description : Super Hoop
      price       : 2392.00
tax  : 251.42
total: 4443.52

YAML is a balance of the following design goals:
– YAML documents are very readable by humans.
– YAML interacts well with scripting languages.
– YAML uses host languages’ native data structures.
– YAML has a consistent information model.
– YAML enables stream-based processing.
– YAML is expressive and extensible.
– YAML is easy to implement.

Spyc is a Simple PHP YAML Class.

Useful links:
1.http://yaml.org
2. http://spyc.sourceforge.net