As a web programming language, one of PHP’s strengths traditionally has been to make it easy to write scripts that access databases so that you can create dynamic web pages that incorporate database content. This is important when you want to provide visitors with information that is always up-to-date, without hand tweaking a lot of static HTML pages. However, although PHP is easy to use, it includes no general-purpose database access interface. Instead it has a number of specialized ones that take the form of separate sets of functions for each database system. There is one set for MySQL, another for InterBase, and another for PostgreSQL—and others as well.
Read the rest of this entry »

• 0 Comments

FileMaker is a popular and powerful desktop database application toolkit. Recently, FileMaker, Inc. released a beta version of the FileMaker API for PHP, which allows PHP to more easily talk to the FileMaker Server Advanced product. Learn how to leverage FileMaker’s strengths to deliver complex Web applications in a fraction of the time it would take using a typical SQL database.
Read the rest of this entry »

• 0 Comments

We present a practical protection mechanism against SQL injection attacks. Such attacks target databases that are accessible through a web front-end, and take advantage of flaws in the input validation logic of Web components such as CGI scripts. We apply the concept of instruction-set randomization to SQL, creating instances of the language that are unpredictable to the attacker. Queries injected by the attacker will be caught and terminated by the database parser. We show how to use this technique with the MySQL database using an intermediary proxy that translates the random SQL to its standard language. Our mechanism imposes negligible performance overhead to query processing and can be easily retrofitted to existing systems.
Read the rest of this entry »

• 0 Comments

There has always been the necessity to have a definitive guide on PHP-Nuke. Due to time constraints, nobody has ever had the will to carry out this operation. Not any more! With this book, PHP-Nuke now posesses the most comprehensive guide on the subject, suitable for newbies and advanced users alike.

PHP-Nuke utilizes as hinge of its own structure the duo PHP+ MySQL, very often being accompanied by the Apache web server. Many modules have integrated many other languages, such as Javascript, Java, Flash and also even systems that serve, through the portal, sounds and films in streaming mode (Online Radio, TV Online, Images, Files…). From version 6.x onwards, the compatibility has been extended to include other databases as well, in order to extend the user base even more vastly.
Read the rest of this entry »

• 0 Comments

How is it different from building an application using visual studio for dot net or any visual java development tool?
The basic difference is the amount of programming that needs to be done is significantly reduced. Reasonably complex applications ERP, CRM, HMS, HCMS, etc can be built without writing programs in any programming language. However, fundamental database and SQL (select statements)
Read the rest of this entry »

• 0 Comments

Web sites today face many threats to the confidentiality and integrity of the data used and the functionality provided by the application. This problem is compounded by the fact that Web developers are simply lack of either adequate knowledge and skills in writing secure Web application codes (Huang et al., 2005) or sufficient testing methodologies for the audit and control of Web development (Mansouir and Houri, 2006). Works in the design and implementation of security measures for Web applications are greatly in need.
Read the rest of this entry »

• 0 Comments

A Word About Secure Database Access
Unfortunately, this database access code exhibits insecurities of its own. For example, you should never use the sa account (or an equivalent) to access databases from Web applications. Instead, use weak accounts that lack permission to drop tables, insert, update, and delete records, and the like. In addition, you should use stored procedures or parameterized commands in lieu of dynamic SQL commands for added protection against malicious input parameters. Finally, consider encrypting database connection strings to minimize the risk of information disclosure if your source code falls into the wrong hands. And note that truly paranoid ASP.NET programmers encrypt connection strings and store them in ACLed registry keys. When it comes to Web security, a little paranoia can be a good thing.
Read the rest of this entry »

• 0 Comments

Information and communication technologies continue to pervade our lives in various aspects which include health, education, entertainment and ecommerce. People need to be able to trust computer systems as the dependence on them increases. The Trustworthy Computing vision (CRA, 2003) refers to computer systems that are intuitive, controllable, reliable and predictable and that ensure availability and security. Secure cod- ing is not trivial and poor code security management may leave the developed web application vulnerable to attack or turn the application into a launch pad for serious attacks.
Read the rest of this entry »

• 0 Comments