Welcome!

[Vitaly]

Today, we are glad to welcome Jason Lengstorf, a PHP- and MySQL-expert to our Smashing Magazine Editorial Team. From now on, Jason will regularly answer your PHP- and SQL-related questions and present answers to the most interesting, useful and original ones in his articles on Smashing Magazine. Welcome, Jason!

Of course, you can submit any PHP-related questions you want. To ask a question, please post it in this thread.

[skunkbad]

I've been using php for a few years now, but have never really understood the use of sockets, and using the socket functions of php. If you would take the time to explain, I would really appreciate it.

[Vitaly]

by @spikesan:
how about importing and exporting xls files via PHP?

[dh3]

This is not PHP related, but concerns importing data into a MYSQL database. I would like to be able to automatically collect an xml or csv feed from an affiliate program, and import it into my database, and have this run every night or so often.

I haven't got the first idea how to do this and can't find anything helpful on Google.

Would really appreciate a point in the right direction.

Cheers

[mynameiszanders]

Is it possible to undefine constants? If it's possible to do this with Classes and Functions that would be even better.
To the best of my knowledge, and to the best of the knowledge of the PHP Manual, this is impossible. But you never know, my luck could change!!!

Thanks to anyone who attempts to solve this question!

Example:

Code: Select all

// Define a load of classes...
// Define a load of functions in the global scope...
define("SYSPATH", "/home/username/public_html/system");

// Something happens in the script, that means you have to change SYSPATH to another value.

define("SYSPATH", "/home/username/public_html/application");
// Now run your script with the new parameters.


[libyano]

i have questions related to performance .... and security !!

how i can protect my sessions variables when my website is in shared host ?

is using join really makes query slower? and what is alternative way if join is slower?

What is the best practice you do in php secuirty , php and mysql performance?

What is the best way to protect $_post values that coming from form (e.g. registration form) ?

Thanks

[jasonatennui]

I've been using php for a few years now, but have never really understood the use of sockets, and using the socket functions of php. If you would take the time to explain, I would really appreciate it.

Sockets are a method to communicate with another server, such as a third-party company. There's a really good article explaining sockets here.

by @spikesan:
how about importing and exporting xls files via PHP?

There isn't a way that I'm aware of to import XLS files natively, but you can export them as a CSV or tab-delimited .txt file and import them relatively easily. There are a handful of existing scripts out there to browse through.

To write an XLS file, you can use this PEAR package.

I would like to be able to automatically collect an xml or csv feed from an affiliate program, and import it into my database, and have this run every night or so often.

For a CSV file, see the scripts I linked to above. One of them will probably do what you're looking for.

XML is tricky, but PHP5 provides a great tool for parsing XML files in SimpleXML. If you're trying to read an RSS feed, I've written a script that will get you started on reading XML, and you could pretty easily save the values in your DB rather than displaying them. Let me know if you have trouble with it.

Is it possible to undefine constants? If it's possible to do this with Classes and Functions that would be even better.

As far as I know, you can't redefine constants in PHP. Furthermore, I think there are probably better ways of accomplishing the same task. When you need to change the constant value, you could simply declare a new variable with the value required and use that instead. If this will vary from script to script, maybe create an alias of your constant that you can easily change.

how i can protect my sessions variables when my website is in shared host ?

is using join really makes query slower? and what is alternative way if join is slower?

What is the best practice you do in php secuirty , php and mysql performance?

What is the best way to protect $_post values that coming from form (e.g. registration form) ?

These are great questions, and I'm going to answer them in the next Ask SM. Thanks!


Great questions, everyone! Don't forget to ask questions on Twitter: @smashingmag or @jasonatennui.

-Jason

[libyano]

Hi ...

I've one more question , i programmed login process (login form and some code for redirect to targeted page) so i want to protect login form against several attacks including brute force attack , what is the best way to protect my login form?

thanks again

[popbogdan]

Hi ...

I've one more question , i programmed login process (login form and some code for redirect to targeted page) so i want to protect login form against several attacks including brute force attack , what is the best way to protect my login form?
thanks again

The best way to go around brute force attacks is to log each access to it by its IP (which is stored on your database). You can than increment faulty logins from that IP, and once they reach a number you like, you can ban that IP.

The second solution is the above scenario implemented with cookies. However, cookies are stored on the visitor's machine, and if they are cleared or denied, the attacker can continue with the brute force attacks etc.

I think I have some pre-historic script that does just this, somewhere on a site developed a few years ago. Let me know if you need it, or can do the trick yourself.

[libyano]

Hi ...

I've one more question , i programmed login process (login form and some code for redirect to targeted page) so i want to protect login form against several attacks including brute force attack , what is the best way to protect my login form?
thanks again

The best way to go around brute force attacks is to log each access to it by its IP (which is stored on your database). You can than increment faulty logins from that IP, and once they reach a number you like, you can ban that IP.

The second solution is the above scenario implemented with cookies. However, cookies are stored on the visitor's machine, and if they are cleared or denied, the attacker can continue with the brute force attacks etc.

I think I have some pre-historic script that does just this, somewhere on a site developed a few years ago. Let me know if you need it, or can do the trick yourself.

Thanks I need the files to just make sure that i got your idea clearly

[iEthan]

Hello Jason! I have a question:

Is there a script (or is there a way for me to script it myself) that auto-corrects code. Say, I have some code that has a parse error or something--could it auto-correct? I'm not sure on it, but I think I've seen it on the web somewhere.

Thanks a lot!
~iE

[Johnathan]

What about how to automatically back up a database or certain tables and have it overwrite the previous backup in a .sql file and have it email you? Then something to restore the backup. Really need something like this for the site I'm working on at the minute and it's taking soo long to get working

[valentinbora]

Regarding autobackup, a simple search on Google resulted in some script:

http://www.dagondesign.com/articles/automatic-mysql-backup-script/

The site describes how to make a cron job to do it automatically, and I'm pretty sure you can code some functionality in your php scripts to make backups at certain events if you want to.

[jakefolio]

i have questions related to performance .... and security !!

how i can protect my sessions variables when my website is in shared host ?

is using join really makes query slower? and what is alternative way if join is slower?

What is the best practice you do in php secuirty , php and mysql performance?

What is the best way to protect $_post values that coming from form (e.g. registration form) ?

Thanks

Libyano,

Here is a quick response to all of your questions

protect sessions on a shared host:

Code: Select all

ini_set('session.save_path','/full_path_to_your_site/httpdocs/sessions');

By doing this you are now saving all sessions from your site out of the shared default area.

utilizing joins:
Using an Inner Join can bog your query down, it is best to utilize LEFT JOINs instead, http://www.w3schools.com/sql/sql_join_left.asp

Also, your problem could lie in the design of your actual Database, you may want to re-evaluate if you find yourself using a lot of joins.

What is the best practice you do in php secuirty , php and mysql performance:
I'm assuming you're looking to protect yourself from SQL Injections. Your new best friend is mysql_real_escape_string(), http://us2.php.net/mysql_real_escape_string. You could also look into possibly using "prepared statements" to also help prevent malicious data from getting into your queries, http://us3.php.net/manual/en/pdostatement.execute.php.
The best advice is to not trust anything the user gives you. Have set standards on what you should expect, integer, string, the actual string length, etc.

What is the best way to protect $_post values that coming from form (e.g. registration form):
IMO, the best way to prevent/protect your $_POST is by utilizing tokens in any of your form submission. The best article I've found details the most common attacks and how to prevent them: http://phpsec.org/projects/guide/2.html

I hope that gets you started!

[Curvatique]

Is it possible to undefine constants? If it's possible to do this with Classes and Functions that would be even better.
To the best of my knowledge, and to the best of the knowledge of the PHP Manual, this is impossible. But you never know, my luck could change!!!

Thanks to anyone who attempts to solve this question!

Example:

Code: Select all

// Define a load of classes...
// Define a load of functions in the global scope...
define("SYSPATH", "/home/username/public_html/system");

// Something happens in the script, that means you have to change SYSPATH to another value.

define("SYSPATH", "/home/username/public_html/application");
// Now run your script with the new parameters.


This has already been answered: constants can not be redefined. I just wanted to add that this ofcourse servers a purpose. Constans being unchangeable (constant) is actually a feature, not a shortcoming. If a developer of a script has defined something a constant he (should) do this with a purpose. For example to make other script users or other developers brake the appication unitentionally.