PHP allows you to edit some configuration options during run-time, including the interpreter error messages. To turn on (or off) these messages you just place the following code:
<?php
error_reporting(E_ALL);
ini_set('display_errors','On');
?>
PHP Sessions
Session code allows us to maintain state information for a user during site navigation and page refreshes. This is immensely useful for account management and shopping cart systems. Using sessions is very, very simple...
<?php
// start up your PHP session! Nothing else is needed...
// All the client-server verification is done in the background
session_start();
// Test to see if a SESSION variable is set or not...
if(isset($_SESSION['views'])) {
// Variable exists; we can use it
$_SESSION['views'] = $_SESSION['views']+ 1;
} else { // Variable does not exist; create it $_SESSION['views'] = 1;
}
// Print out a session variable
echo "views = ". $_SESSION['views'];
// Clear a session variable (means it will no longer exist for this user)
if(isset($_SESSION['views'])) { unset($_SESSION['views']);
}
// Destroy ALL Session data!!! Make sure you use this wisely!!
session_destroy();
?>
User Details
The following code grabs some details from the user's client browser such as IP Address and HTTPS status:
<?php
// The IP address of the client
$ip=$_SERVER['REMOTE_ADDR']; // The protocol that the information was requested in
$proto=$_SERVER['SERVER_PROTOCOL'];
// The user's browser
$browser=$_SERVER['HTTP_USER_AGENT'];
// Another way to check for HTTPS
$https=$_SERVER['HTTPS'];
?>
MySQL integration
The following code assumes that you have correctly set-up your MySQL database:
<?I am mentioning this seperately because it is pretty much the most important part. SQL Injection is very serious and could compromise your web application; safe-guard against this my escaping your query strings before executing them:
// The connection data
$user="username";
$password="password";
$database="database";
// Connect to the database
mysql_connect(localhost,$user,$password);
// Selects a database OR gracefully fails
@mysql_select_db($database) or die( "Unable to select database");
// Creates a SQL that creates a new contacts table (provided that your MySQL user has these permissions
$query="CREATE TABLE contacts (id int(6) NOT NULL auto_increment,first varchar(15) NOT NULL,PRIMARY KEY (id),UNIQUE id (id),KEY id_2 (id))";
// Executes the query on the database
mysql_query($query);
// Closes the database connection
mysql_close();
?>
<?php
// An example of a possible input with SQL injection code
$name_evil = "'; DELETE FROM customers WHERE 1 or username = '";
// Use in-built function to escape the bad code
$name_evil = mysql_real_escape_string($name_evil);
// Create a query with the now safe input
$query_evil = "SELECT * FROM customers WHERE username = '$name_evil'";
// Execute this input
mysql_quesry($query_evil);
?>
References
- The PHP manual for displaying error messages during runtime.
- PHP session tutorial from TizTag
- PHP Reference for session functions
- PHP Reference for the $_SERVER variable
- PHP MySQL tuturiol from TizTag
- PHP and MySQL manual
- Function reference for PHP and MySQL
- SQL injection prevention tutorial from TizTag
Hey Nice Blog!! Thanks For Sharing!!!Wonderful blog & good post.Its really helpful for me, waiting for a more new post. Keep Blogging!
ReplyDeletebest web development course in coimbatore
php training in coimbatore