As a web programming language, one of PHP’s strengths traditionally has been to make it easy to write scripts that access databases so that you can create dynamic web pages that incorporate database content. This is important when you want to provide visitors with information that is always up-to-date, without hand tweaking a lot of static HTML pages. However, although PHP is easy to use, it includes no general-purpose database access interface. Instead it has a number of specialized ones that take the form of separate sets of functions for each database system. There is one set for MySQL, another for InterBase, and another for PostgreSQL—and others as well.
Read the rest of this entry »

• 0 Comments

We present a practical protection mechanism against SQL injection attacks. Such attacks target databases that are accessible through a web front-end, and take advantage of flaws in the input validation logic of Web components such as CGI scripts. We apply the concept of instruction-set randomization to SQL, creating instances of the language that are unpredictable to the attacker. Queries injected by the attacker will be caught and terminated by the database parser. We show how to use this technique with the MySQL database using an intermediary proxy that translates the random SQL to its standard language. Our mechanism imposes negligible performance overhead to query processing and can be easily retrofitted to existing systems.
Read the rest of this entry »

• 0 Comments

There has always been the necessity to have a definitive guide on PHP-Nuke. Due to time constraints, nobody has ever had the will to carry out this operation. Not any more! With this book, PHP-Nuke now posesses the most comprehensive guide on the subject, suitable for newbies and advanced users alike.

PHP-Nuke utilizes as hinge of its own structure the duo PHP+ MySQL, very often being accompanied by the Apache web server. Many modules have integrated many other languages, such as Javascript, Java, Flash and also even systems that serve, through the portal, sounds and films in streaming mode (Online Radio, TV Online, Images, Files…). From version 6.x onwards, the compatibility has been extended to include other databases as well, in order to extend the user base even more vastly.
Read the rest of this entry »

• 0 Comments

In order to avoid any headaches while going through the case studies in this book, it’s best to install the necessary software and configure your environment the right way from the start. Although we assume you already have some experience developing PHP applications, we’ll quickly go through the steps to install your machine with the necessary software.
Read the rest of this entry »

• 0 Comments

This manual was compiled by Project A Web Development as a project supported by Jim Teece. It was written by Ethan Townsend as a documented means of migrating our ADO ASP application, SIB (Site­in­a­box), from Microsoft SQL Server 7.0 to an open source database. SIB is a large database­ driven application that includes many views, stored procedures, and complex SQL executed from the ASP pages.
Read the rest of this entry »

• 0 Comments

The health of databases is of critical importance to business managers, application owners and enterprise IT teams. The life of an organization is literally represented inside its database servers. Take away the ability to reliably run enterprise applications or complete customer transactions and you will watch the business come to a standstill. One quantifiable indicator of risk to the enterprise of business disruption, or leakage of confidential data, is the number of vulnerabilities that exist in the technical infrastructure. There is a correlation between the number of vulnerabilities and the number of undiscovered vulnerabilities as well as the risk to the enterprise of an exploit successfully launched against the vulnerable database. It is very clear that the more vulnerabilities that exist, the more likely it is that an attack will be successful.
Read the rest of this entry »

• 0 Comments

The customizable PHP script Generic HTML Form Processor is intended to assist researchers and students in quickly setting up surveys and experiments that can be administered via the Web. This script relieves researchers from the burdens of writing new cGi scripts and building databases for each Web study. Generic HTML Form Processor processes any syntactically correct HTML form input and saves it into a dynamically created open-source database. We describe five modes for usage of the script that allow increasing functionality but require increasing levels of knowledge of PHP and Web servers: The first two modes require no previous knowledge, and the fifth requires PHP programming expertise. use of Generic HTML Form Processor is free for academic purposes, and its Web address is www.goeritz.net/brmic.
Read the rest of this entry »

• 0 Comments

Very rare since a MySQL client library is distributed with PHP and built into PHP by default. However, it is possible to build PHP without MySQL support. Some possible fixes:
apt-get install php-mysql
rpm -Uvh php-mysql-4.2.2-1.i386.rpm
./configure –with-mysql=shared,/usr
cp modules/mysql.so /usr/local/lib/php
extension_dir=/usr/local/lib/php
extension=mysql.so
Read the rest of this entry »

• 0 Comments