Smart Webs

What is new in php 5.3 ?

2009-11-25T22:09:00.000-08:00

With last week's announcement of RC4, the final release of PHP 5.3 is imminent. So what can we expect in this version? Here I'll outline the biggest and most interesting changes and additions. This is definitely not exhaustive since there are tons of minor changes and improvements in this version, but these are some of the ones I found interesting.
Namespaces

Namespaces are a way to separate classes and functions to avoid naming collisions. Using namespaces prevents problems with using classes with the same name but different functionality. You can declare a namespace using the namespace keyword. You can also use the use keyword to set the namespace for all future calls to classes or functions without specifying the path each time.

PHP Manual on Namespaces
MySQL Native Driver

PHP 5.3 comes with a native MySQL driver designed specifically for PHP called mysqlnd, replacing the external libmysql driver. This should increase performance with MySQL functions.

PHP Manual on the MySQL Native Driver
Class Constants

It is now possible to declare constants within the context of a class. You declare constants the same way you declare normal variables, except you use the const keyword.

PHP Manual on Class Constants
Late Static Bindings

Late static binding causes static calls to methods within a class to use the latest version of that method if it was overridden. To use this, you use the static keyword instead of self. It's best shown as an example, which you can find at the link below.

PHP Manual on Late Static Bindings
The goto Operator

An interesting addition to the PHP language is the goto operator, which allows you to jump to a named section of you code to start executing. You name a section with a label followed by a colon (section:) and you move to it using goto followed by the label (goto section;). This might be useful in some very strange circumstances, but it should probably be avoided.

PHP Manual on goto
Other Points of Interest

* Native support for the math functions: asinh(), acosh(), atanh(), log1p(), and expm1()
* Pixelation support using the GD imagefilter() function
* Blowfish and extended DES support for crypt()
* Deprecated all ereg_ functions (use PCRE preg_ functions instead)
* SQLite3 support
* Several new classes and methods
* Much more...

5 Basic PHP Security Tips

2009-11-25T21:53:00.000-08:00

Security should be a top concern throughout the development of any PHP web application. There are some very simple measures you can take to protect your application from potential abuse. This post will cover some of the basics of PHP security. For more detailed explanations of good security practices, check out the PHP Security Guide.

I do not consider myself a PHP security expert, but these are things that every developer should know. Also keep in mind that security is a process and not a result.

1. Input Filtering

Assume everything is dirty until proven clean. Filtering all data from external sources is probably the most important security measure you can take. This can be as easy as running some simple built-in functions on your variables.

When it comes to accepting user input, never directly use anything in $_GET or $_POST. Check each value to make sure it is something expected and assign it to a local variable for use.

// input filtering examples

// Make sure it is an integer
$integer = intval($_POST['variable_name']);

// Make it safe to use in a URL
$url_string = urlencode($_POST['variable_name']);

You can also check a value against a list of acceptable values. Here are two methods of doing this:

$page = 'home'; // initialize the variable

// Check input against a white-list of known options
$valid_options = array();
$valid_options[] = 'home';
$valid_options[] = 'downloads';
$valid_options[] = 'about';

if(in_array($_GET['page'], $valid_options))
{
$page = $_GET['page'];
}

// OR this also works
switch($_GET['page'])
{
case 'home':
case 'downloads':
case 'about':
$page = $_GET['page'];
break;
}

PHP as of version 5.2 provides a set of filtering functions designed just for the purpose of filtering user data. The filter_input() function is used to access a filtered version of input variables. This way you never have to touch the raw input via the $_GET or $_POST arrays.

// filter_input examples

// Make sure it is an integer
$integer = filter_input(INPUT_POST, 'variable_name', FILTER_SANITIZE_NUMBER_INT);

// Make it safe to use in a URL
$url_string = filter_input(INPUT_POST, 'variable_name', FILTER_SANITIZE_ENCODED);

// Make sure it is a valid URL
$url = filter_input(INPUT_POST, 'variable_name', FILTER_VALIDATE_URL);

2. Output Filtering

It is also important to filter what comes out of your applications. You want to avoid outputting the wrong characters and breaking the page rendering. This is also important in order to block certain attacks involving JavaScript injected by malicious users. There are a few functions to know for cleaning up text to display to the user:

* htmlspecialchars(): Converts special HTML characters to entities
* htmlentities(): Converts all possible characters to HTML entities
* strip_tags(): Remove all HTML tags from a string (you can also selectively allow tags using the second optional parameter)

$text = 'Test';
echo htmlspecialchars($text); // <a href="test">Test</a>
echo strip_tags($text); // Test

3. Database Queries

If your application uses a database to store data, this is another source of potential vulnerabilities. SQL Injection is a very common attack that involves maliciously crafted user input designed to change the logic of a query. This potentially allows the user to run any kind of query or bypass security measures. Stopping it is usually as easy as properly escaping data, or using prepared statements.

Escape functions:

* mysql_real_escape_string(): For use with the mysql_* functions
* mysqli::escape_string(): For use with the MySQLi extension/class
* pg_escape_string(): For use with PostgreSQL
* addslashes(): This is a generic escape function to use only if your database engine does not have a specific function

Here is an example using each function:

// $db refers to database connection resource/object
$name = "O'reilly"; // Contains a quote that will break the query

// MySQL via mysql_*
$safe = mysql_real_escape_string($name, $db);

// MySQL via MySQLi
$safe = $db->escape_string($name); // OOP Style
$safe = mysqli_real_escape_string($db, $name); // Procedural Style

// PostgreSQL
$safe = pg_escape_string($db, $name);

// Generic (last resourt)
$safe = addslashes($name);

4. Hide Your Errors

It's never a good idea to show the world your errors. Not only does it make you look bad, it also might give malicious users another clue to help them break your site. You should always have display_errors disabled in a production environment, but continue logging errors with log_errors for your own information.

These PHP configuration directives are suitable for a production server:

display_errors 0
log_errors 1

5. Use POST for Dangerous Actions

There are two common methods used to send data to a PHP application, GET and POST. GET works by adding variables to the end of URL's (eg. http://www.example.com/process.php?action=delete&id=123). POST works by sending variables in the body of the request (normal users will not see them). It is important to carefully consider which method to use for a certain task.

You should generally stick to POST when you are performing a potentially dangerous action (like deleting something). The reason is that is is much easier to trick a user into accessing a URL with GET parameters than it is to trick them into sending a POST request. Take this example:

If a user with an active session on your site visits another web page with the above image tag, the user's browser will quietly send a request to your site telling it to delete record 123.

Keep in mind that other precautions should also be taken to ensure requests are legitimate under a secure session. It is also easily possible to create a form that does the same as above using a POST request, so don't assume that method is "safe" either. See sections 2 and 4 of the PHP Security Guide for more information on form and session security.

Conclusion

This article is just a general overview of PHP security practices. For more detailed explanations if the topics covered here as well as some not covered, see the PHP Security Guide by the PHP Security Consortium. There are also many other articles and books on the topic that you may be interested in.

Of course there may be some that disagree with some of the details in this post. Don't hesitate to post a comment if you have any corrections, improvements, or additions!

this articel from : http://www.ultramegatech.com

How Search Engines Work

2009-11-25T21:48:00.000-08:00

The first basic truth you need to learn about SEO is that search engines are not humans. While this might be obvious for everybody, the differences between how humans and search engines view web pages aren't. Unlike humans, search engines are text-driven. Although technology advances rapidly, search engines are far from intelligent creatures that can feel the beauty of a cool design or enjoy the sounds and movement in movies. Instead, search engines crawl the Web, looking at particular site items (mainly text) to get an idea what a site is about. This brief explanation is not the most precise because as we will see next, search engines perform several activities in order to deliver search results – crawling, indexing, processing, calculating relevancy, and retrieving.
First, search engines crawl the Web to see what is there. This task is performed by e piece of software, called a crawler or a spider (or Googlebot, as is the case with Google). Spiders follow links from one page to another and index everything they find on their way. Having in mind the number of pages on the Web (over 20 billion), it is impossible for a spider to visit a site daily just to see if a new page has appeared or if an existing page has been modified. Sometimes crawlers will not visit your site for a month or two, so during this time your SEO efforts will not be rewarded. But there is nothing you can do about it, so just keep quiet.

What you can do is to check what a crawler sees from your site. As already mentioned, crawlers are not humans and they do not see images, Flash movies, JavaScript, frames, password-protected pages and directories, so if you have tons of these on your site, you'd better run the Spider Simulator below to see if these goodies are viewable by the spider. If they are not viewable, they will not be spidered, not indexed, not processed, etc. - in a word they will be non-existent for search engines.
After a page is crawled, the next step is to index its content. The indexed page is stored in a giant database, from where it can later be retrieved. Essentially, the process of indexing is identifying the words and expressions that best describe the page and assigning the page to particular keywords. For a human it will not be possible to process such amounts of information but generally search engines deal just fine with this task. Sometimes they might not get the meaning of a page right but if you help them by optimizing it, it will be easier for them to classify your pages correctly and for you – to get higher rankings.
When a search request comes, the search engine processes it – i.e. it compares the search string in the search request with the indexed pages in the database. Since it is likely that more than one pages (practically it is millions of pages) contains the search string, the search engine starts calculating the relevancy of each of the pages in its index to the search string.
There are various algorithms to calculate relevancy. Each of these algorithms has different relative weights for common factors like keyword density, links, or metatags. That is why different search engines give different search results pages for the same search string. What is more, it is a known fact that all major search engines, like Yahoo!, Google, MSN, etc. periodically change their algorithms and if you want to keep at the top, you also need to adapt your pages to the latest changes. This is one reason (the other is your competitors) to devote permanent efforts to SEO, if you'd like to be at the top.
The last step in search engines' activity is retrieving the results. Basically, it is nothing more than simply displaying them in the browser – i.e. the endless pages of search results that are sorted from the most relevant to the least relevant sites.

What Is SEO

2009-11-25T21:46:00.000-08:00

Search Engine Optimization (SEO) is often considered the more technical part of Web marketing. This is true because SEO does help in the promotion of sites and at the same time it requires some technical knowledge – at least familiarity with basic HTML. SEO is sometimes also called SEO copyrighting because most of the techniques that are used to promote sites in search engines deal with text. Generally, SEO can be defined as the activity of optimizing Web pages or whole sites in order to make them more search engine-friendly, thus getting higher positions in search results.
One of the basic truths in SEO is that even if you do all the things that are necessary to do, this does not automatically guarantee you top ratings but if you neglect basic rules, this certainly will not go unnoticed. Also, if you set realistic goals – i.e to get into the top 30 results in Google for a particular keyword, rather than be the number one for 10 keywords in 5 search engines, you will feel happier and more satisfied with your results.

Although SEO helps to increase the traffic to one's site, SEO is not advertising. Of course, you can be included in paid search results for given keywords but basically the idea behind the SEO techniques is to get top placement because your site is relevant to a particular search term, not because you pay.
SEO can be a 30-minute job or a permanent activity. Sometimes it is enough to do some generic SEO in order to get high in search engines – for instance, if you are a leader for rare keywords, then you do not have a lot to do in order to get decent placement. But in most cases, if you really want to be at the top, you need to pay special attention to SEO and devote significant amounts of time and effort to it. Even if you plan to do some basic SEO, it is essential that you understand how search engines work and which items are most important in SEO.

Trik Mudah Percepat Kinerja Firefox

2009-11-21T00:09:00.000-08:00

Berikut cara mempercepat kinerja Firefox :
1. Pada Address Bar. Anda harus mengetik “about:config” lalu jalankan dengan cara menekan Enter
2. Cari ke bawah tulisan “browser.tabs.showSingleWindowsModePrefs ”, lalu atur settingannya menjadi True
3. Cari lagi tulisan “network.http.pipelining”, lalu atur settingannya menjadi True.
4. Cari lagi tulisan “network.http.pipelining.maxrequests&rdq uo;, lalu ubah angkanya yang muncul di Pop-up menjadi 60, lalu Enter (OK).
5. Lalu tutup atau restart Firefox Anda kemudian nikmati hasilnya.
6. Cara lain adalah dengan menggunakan add-on yang terdapat pada Firefox, namanya “Fasterfox”. Setelah meng-instal, bisa langsung di-restart.

sumber : beritanet.com