I am working with drupal 7 really its crazy but some how i confused in drupal $form & $form_state
I discussed with many people now i got some clarification on this $form & $form_state values.$form defines the form, $form_state carries information about the processed form.
function test_form_validate($form, &$form_state) {
if ($form_state['values']['name'] == '') { form_set_error('name', t('You must select a name for this group of settings.'));
}
}
Description:
Format a set of checkboxes. #options is an associative array, where the
key is the #return_value of the checkbox and the value is displayed.
The #options array cannot have a 0 key, as it would not be possible to
discern checked and unchecked states.
Step1:- Download mod_auth_sspi-1.0.4-2.2.2
from google Step2:- Install mod_auth_sspi.so
module in apache modules folder Step3 :- LoadModule
sspi_auth_module modules/mod_auth_sspi.so
in httpd.conf file Step4 :- Add below
code to httpd.conf file <Directory
"C:/Program Files/BitNami WAMPStack/apps/htdocs/itscrefresh">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
AuthName "NTLM"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain Domain name
SSPIOfferBasic On
SSPIBasicPreferred On
require valid-user
</Directory> Step5 :- Restart apache
server and check
Node module manages the creation, editing, deletion, settings, and display of the main site content. Content items managed by the Node module are typically displayed as pages on your site, and include a title, some meta-data (author, creation time, content type, etc.), and optional fields containing text or other data
Usage Node
Creating content
When new content is created, the Node module records basic information about the content, including the author, date of creation, and the Content type. It also manages the publishing options, which define whether or not the content is published, promoted to the front page of the site, and/or sticky at the top of content lists. Default settings can be configured for each type of content on your site.
Creating custom content types
The Node module gives users with the Administer content types permission the ability to create new content types in addition to the default ones already configured. Creating custom content types allows you the flexibility to add fields and configure default settings that suit the differing needs of various site content.
Administering content
The Content administration page allows you to review and bulk manage your site content.
Creating revisions
The Node module also enables you to create multiple versions of any content, and revert to older versions using the Revision information settings.
User permissions
The Node module makes a number of permissions available for each content type, which can be set by role on the permissions page.
The Taxonomy module allows you to classify the content of your website. To classify content, you define vocabularies that contain related terms, and then assign the vocabularies to content types.
Best Example of USAGE :
Uses
Creating vocabularies
Users with sufficient permissions can create vocabularies and terms through the Taxonomy page. The page listing the terms provides a drag-and-drop interface for controlling the order of the terms and sub-terms within a vocabulary, in a hierarchical fashion. A controlled vocabulary classifying music by genre with terms and sub-terms could look as follows:
vocabulary: Music
term: Jazz
sub-term: Swing
sub-term: Fusion
term: Rock
sub-term: Country rock
sub-term: Hard rock
You can assign a sub-term to multiple parent terms. For example, fusion can be assigned to both rock and jazz.
Terms in a free-tagging vocabulary can be built gradually as you create or edit content. This is often done used for blogs or photo management applications.
Views
Create lists, tables, and feeds of content. This can be nodes, comments, users, or entities of any type.
Token
Use generic placeholders to display dynamic data. Token is usually installed as a dependency for another
module.
Pathauto
Automatically create search engine-friendly, human-readable URLs based on customizable patterns. An example URL alias is http://drupal.org/project/pathauto.
Administration Menu
Provides a horizontal, drop-down style administration menu at the top of each page, with links to all major administrative tasks.
Date
Creates a flexible date/time field and provides an API for other modules to use.
Google Analytics
Adds the Google Analytics web statistics tracking system to your site.
wysiwyg
Wysiwyg (What You See Is What You Get) provides a word processor-style content editor in the browser, similar to the interface of popular office applications like LibreOffice or Microsoft Office.
Webform
Create custom input forms for surveys, contest entry forms, contact forms, petitions and the like.
Chaos tool suite
Provides APIs and tools. This module is generally installed as a dependency of other modules.
Panels
The Panels module allows a site administrator to create customized layouts for multiple uses. At its core it is a drag and drop content manager that lets you visually design a layout and place content within that layout. Integration with other systems allows you to create nodes that use this, landing pages that use this, and even override system pages such as taxonomy and the node page so that you can customize the layout of your site with very fine grained permissions.
Drupal's module system is based on the concept of "hooks". A hook is a PHP function that is named foo_bar(), where "foo" is the name of the module (whose filename is thus foo.module) and "bar" is the name of the hook. Each hook has a defined set of parameters and a specified result type.
To extend Drupal, a module need simply implement a hook. When Drupal wishes to allow intervention from modules, it determines which modules implement a hook and calls that hook in all enabled modules that implement it.
In Drupal7 you can install modules from the admin section, but I still feel this new feature doesn't have any meaning, because we have to search for the module link in the Druapl site and then copy paste into the admin module installation area, really crazy. It would have been so good if they would have made it something like wordpress a small search feasture. Anyway I just gonna download and istall it in the old way (I still recommend this old way).
Download all the modules from Drupal site and install in the directory yoursitename/sites/all/modules.
Go to http://www.yoursitename.com/node#overlay=admin/modules and enable these modules as below;
(1) Views (2) Views UI (3) Views Slideshow (4) (5) Chaos tools (6) Link (7) Libraries (8) Token (Optional)
(3) Create Image Cache
In Drupal7 imagecache is part of core module and is named as Image styles. So let's create two image cache from here, one for the full size slider image and other for the thumbnail image. In this tutorial I use 935x293 (pixels) dimension for the full size slider image and 210x100 (pixels) dimension for the thumbnail image. Note: These configurations csn be defered depends on your needs. * Fullsize Slider image settings
Go to http://www.yoursitename.com/node#overlay=admin/config/media/image-styles and click on the add new style link
(1) Give an Image style name and click on create new style button
(2) On the next configuration screen select new style you want and then click add button (In this tutorial I choose resize style)
(3) On the next screen set the width and height and click on the add effect button. (The settings may vary depend on the style you choose). I set width as 935 and height as 293 pixels.
Do this same process for the thumbnail image too. (for the thumbnail image dimension, I set width as 210 and height as 100 pixels.)
(4) Create New Content Type
Let's create a new content type, From the dashboard menu bar cick on Structure and then content types then click on the add new content type link.
(1) Give a human-readable name, I named it as Featured Slider (machiine name will be auto generated based on the human readable name)
(2) Give a brief and relevant description
(3) Submission form settings, I leave as the default settings
(4) Publishing options, I checked only published (all other settings unchecked)
(5) Display settings, I have unchecked the authour and date info.
(6) Comment settings,I set hidden (disabled)
(7) Menu settings, I leave as default settings.
(8) Click Save and add fields Button
(5) Create New Fields
Here in this example I create only two fileds, and they are image field and link field.
We will use image field for uploading our slider image and link field for creating a custom link where we want our slider to be linked. Image Field Settings
(1) Label: Slider Image
(2) Field: slider_image
(3) Field type: image
(4) Widget (form element): image
(5) Click Save button, and on the field settings page leave default settings and click on Save field settings button.
(6) On the image field configuration settings page you can configure as you wish.
I set this field as required, I added a file director name called slider-image so that this images will be arranged sperately from other images.
You can set the maximum upload size and resolution here, I have anabled alt and title field and finally click Save settings button.
By using same method create the link field too. Link Field Settings
(1) Label: Slider Link
(2) Field: slider_link
(3) Field type: link
(4) Widget (form element): link
(5) Click Save button,
For the link field configurations leave evrything to default settings.
I have re arranged the field like shown below;
Title field
Image field
Link field
Body field (you can even remove this field if not necessary)
Manage Display
On the manage display tab you can conigure how the out put of the field to be diplayed.
I have set the link field as hidden and I have also set image label as hidden
(6) Create Feature Slider Content
I have created four featured slider content for this tutorial.
(1) Click on add content link
(2) Create Featured Slider content
(3) Give a proper title name
(4) Upload slider image
(5) Give alt and title field names
(6) Give a link title and url where you want the slider to be linked
(7) Leave all othe settings as default except for the path field if yo want you can give an SEO friendly URL alias.
(8) Save the content.
Same way create more Featured Slider contents (I have created four contents)
(7) Create a New View
Now it's time to create our new Slideshow view.
From the Dashboard menu click on the Structure and then click on the Views.
(1) Click add new view link
(2) Give view name, I have named as Featured Slider (machiine name will be auto generated)
(3) Give an apropriate view description
(4) Choose Show Content of type Featured Slider (your content type name).
(5) Uncheck Create a Pge and check Create a block
(6) Type in Block title and choose display format as "Slideshow" of "fields" items per page 5 (you can enter the number of items you want to display)
(7) Click the button "Continue & edit" Views Field Settings
First let's add link field (link must be the first field in order to work everything properly) so click on the add icon and from the filter Groups select Content
Add Content: Link, Click "Add & configure button" in the next cofiguration window uncheck "Create a label". "Check" Exclude from display.
Click "Apply button"
Next let's add image field, so click on the add icon and from the filter Groups select content
Add Content: image field (Note:make sure you choose the image field which we crerated for this slider content type only.)
Click "Add & configure button" in the next cofiguration window uncheck "Create a label". Formatter: Image (if you have installed Colorbox or lightbox you can choose them here!) Image Style: Fullsize (Choose the imagecache you have created in the above step) Link image to: Nothing Style Settings: Leave default settings No result behaviour: Leave default settings Rewrite Results: Check Output this field as a link Link path: [view_node] (Note:Scroll dow a bit and you can see replacement patterns created by Core Token module, (if we didn't set the link field as first we can't see link field option here) copy only [view_node] then scroll up and paste it in the link path field.)
Click "Apply button"
Finally we need one more field for the thumbnail, so let's click on the add icon and from the filter Groups select Content
Add Content: image field (Note:make sure you choose the image field which we crerated for this slider content type only.)
Click "Add & configure button" in the next cofiguration window uncheck "Create a label" and CHECK EXCLUDE FROM DISPLAY, Formatter: Image (if you have installed Colorbox or lightbox you can choose them here!) Image Style: Thumbnail (Choose the imagecache you have created in the above step) Link image to: Nothing Style Settings: Leave default settings No result behaviour: Leave default settings Rewrite Results: Check Output this field as a link Link path: [view_node] (Note:Scroll dow a bit and you can see replacement patterns created by Core Token module, (if we didn't set the link field as first we can't see link field option here) copy only [view_node] then scroll up and paste it in the link path field.)
Click "Apply button" Views Filters Settings In views3 the filters are created in the beginning while we choose the content type and other settings! If you need any additional filetering you can create it here! Views Style Settings
Click on the Format Slideshow | settigs and on the next configuratioin window set as below;
(1) List type: Unordered list
(2) Wrapper class: Leave default settings
(3) Style> Skin: deafult
(4) Slides> Slideshow type: cycle
(5) Cycle options You need to download jQuery cycle plugin and copy jquery.cycle.all.min.js to sites/all/libraries/jquery.cycle You can find the plugin athttp://malsup.com/jquery/cycle. IN SIMPLE ENGLISH
Create a folder named "libraries" in the site/all directory and then create an another folder named "jquery.cycle" in that directory and finally copy and paste only the "jquery.cycle.all.min.js" into this directory.
(6) Transittion: Fade
(7) Action: pause on hover
(8) Internet Explorer Tweaks: default
(9) Widgets: You can choose either or both Top and Bottom (I choose bottom here, and the advance settings as below;)
(10) Bottom Widgets>Pager>Pager type: Fields
(11) Pager field: Content: Image (Note:last one we added for the thumb, don't mistake since both field will be named same.)
(12) Activate Slide and Pause on Pager Hove: checked, controls and slider counter leave unchecked.
(13) Click Apply button. Format Show Field Settings
Inline fields: Choose the thumbnail field as inline.
Click Apply button. (Note: Well it actually doesn't change much in appearance but it does change in the code. Next step use the firebug and find the class and add some styles to display properly.)
(8) Create a Custom Region (optional step)
(1) On your thems folder open the your_theme_name.info file and add a new region like this shown below; regions[featured_slider] = Featured Slider and save the .info file.
(2) Open your themes page.tpl.php file and add these code where you want your slide to be displayed as shown below; <?php if ($page['featured_slider']): ?>
<div id="featured-slider">
<?php print render($page['featured_slider']); ?>
</div> <!-- End Featured Slider-->
<?php endif; ?>
You can even create custom front page template like page--front.tpl.php so that you do't need to make any changes to the default page.tpl.php template.
[9] Enable & configure the Block
Now this block will be visible in the blocks disabled area, so from the Dashboard menu go to Structure>Block and enable the block to a themes default region or the custom region we created (featured_slider). (Regions varies depends on the theme you are using.) Block Configuration Settings
After enabling the block you get a link to configure the block so click on the Configure link and on the settings section set as below;
(1) Block title (if you don't want blobk title to be displayed just type <none>)
(2) Again you get all enabled theme specific Region settings. On visibility setings
(3) Pages>Show block on specific page: choose Only the listed pages and type <front> so that this block will be displayed only on the front page.
php_flag log_errors on
php_value error_log /home/path/public_html/domain/PHP_errors.log
php_flag display_errors off
php_flag html_errors off
# prevent access to PHP error log
<Files PHP_errors.log>
Order allow,deny
Deny from all
Satisfy All
</Files>
# PHP error handling for production servers
php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
php_flag log_errors on
php_flag ignore_repeated_errors off
php_flag ignore_repeated_source off
php_flag report_memleaks on
php_flag track_errors on
php_value docref_root 0
php_value docref_ext 0
php_value error_log /home/path/public_html/domain/PHP_errors.log
# [see footnote 3] # php_value error_reporting 999999999
php_value error_reporting -1
php_value log_errors_max_len 0
<Files PHP_errors.log>
Order allow,deny
Deny from all
Satisfy All
</Files>
MyISAM table is stored in a separate files, which could be compressed then with myisamchk if needed. With InnoDB the tables are stored in tablespace, and not much further optimization is possible. TRhe COUNT(*)s execute slower than in MyISAM due to tablespace etc
1. MyISAM
2. Heap
3. Merge
4. INNO DB
5. ISAM
MyISAM is the default storage engine as of MySQL 3.23 and as a result if
we do not specify the table name explicitly it will be assigned to the
default engine.
Search Result Code
<!-- Google Search Result Snippet Begins -->
<div id="googleSearchUnitIframe"></div>
<script type="text/javascript">
var googleSearchIframeName = 'googleSearchUnitIframe';
var googleSearchFrameWidth = 650;
var googleSearchFrameHeight = 1300;
var googleSearchFrameborder = 0 ;
</script>
<script type="text/javascript"
src="http://www.google.com/afsonline/show_afs_search.js">
</script>
<!-- Google Search Result Snippet Ends -->
Google supports OpenID authentication or behaves as openid identity provider, using Google Apps accounts.
This is especially useful for companies to unite other internal services with Google Apps single sign-in point. This is related to Standard edition as well.
I have done my requirement with Google Apps OPEN-ID
Please go through with below URLS. You will get the solution
If your working with PHP 5.3 or heighter, chances are high you’re going to run into a few warnings or deprecated function messages. TO
ereg('\.([^\.]*$)',string$string [, array&$regs ] );
<?php // Turn off all error reportingerror_reporting(0); // Report simple running errorserror_reporting(E_ERROR | E_WARNING | E_PARSE); // Reporting E_NOTICE can be good too (to report uninitialized
// variables or catch variable name misspellings ...)error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE); // Report all errors except E_NOTICE
// This is the default value set in php.inierror_reporting(E_ALL ^ E_NOTICE); // Report all PHP errors (see changelog)error_reporting(E_ALL); // Report all PHP errorserror_reporting(-1); // Same as error_reporting(E_ALL);ini_set('error_reporting', E_ALL); ?>
No longer we have to rely upon third party plug-in in order to render audio/video
HTML5 removes the need for JavaScript solutions
HTML5 in mobile devices Advanced web application features are available in all mobile browsers supporting the markup language, using the same standard syntax and displaying the same standard behavior.
HTML5 improves interoperability and reduces development costs by making precise rules on how to handle all HTML elements, and how to recover from errors.
Some of the new features in HTML5 are functions for embedding audio, video, graphics, client-side data storage, and interactive documents.
HTML5 also contains new elements like <nav>, <header>, <footer>, <figure>…
The HTML5 working group includes AOL, Apple, Google, IBM, Microsoft, Mozilla, Nokia, Opera, and many hundreds of other vendors.
Creating a WordPress Theme HTML Structure
Now we’re starting to get into the real meat of WordPress Theme development: coding the HTML structure.
The HTML Structure for Your WordPress Theme
Let’s take a look at the HTML structure we’ll be using for the body of our WordPress Theme.
<html>
<head>
</head>
WordPress Theme Template & Directory Structure
While the most minimal of WordPress Themes really only needs an index.php Template and a style.css file (or just the style file if it’s a Child Theme) most WordPress Themes need something a little more solid.
Our new minimal will include 6 files. Make a folder in wp-content/themes/ for your theme—for this tutorial I’ll be using “your-theme” but it can be whatever you want—and create the following files in that new folder (don’t worry, they’ll be blank until the next few steps).
• index.php
• header.php
• sidebar.php
• footer.php
• functions.php
• style.css
Now let’s open up the last file we created, style.css, in a text editor. The first thing we need to do is add a section at the top of this file bracketed by what are called CSS “comments” (these guys: /* and */). It’s here that we need to put the info that tells WordPress about your theme. Without it, your theme won’t show up in the themes panel.
Using PHP we can send mail very easily mail — Send mail mail ( string$to , string$subject , string$message [, string$additional_headers [, string$additional_parameters ]] );
The first step in creating a module is to choose a "short name" for it. This short name will be used in all file and function names in your module, so it must start with a letter, and it must contain only lower-case letters and underscores. For this example, we'll choose "current_posts" as the short name.
Create a folder and a module file
Given that our choice of short name is "current_posts" :
Start the module by creating a folder in your Drupal installation at the path:
sites/all/modules/current_posts
Create the PHP file for the module :
Save it as current_posts.module in the directory sites/all/modules/current_posts
As of Drupal 6.x, sites/all/modules is the preferred place for non-core modules (and sites/all/themes for non-core themes), because this places all site-specific files in the sites directory. This allows you to more easily update the core files and modules without erasing your customizations. Alternatively, if you have a multi-site Drupal installation and this module is for only one specific site, you can put it in sites/your-site-folder/modules.
Add an opening PHP tag to the module :
<?php
Module files begin with the opening PHP tag. Do not place the CVS ID tag in your module. It is no longer needed with drupal.org's conversion to Git. If the coder module gives you error messages about it, then that module has not yet been updated to drupal.org's Git conventions.
The error code can be found in the error segment of the file array that is created during the file upload by PHP. In other words, the error might be found in $_FILES['file']['error']
UPLOAD_ERR_OK
Value: 0; There is no error, the file uploaded with success.
UPLOAD_ERR_INI_SIZE
Value: 1; The uploaded file exceeds the upload_max_filesize directive in php.ini.
UPLOAD_ERR_FORM_SIZE
Value: 2; The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.
UPLOAD_ERR_PARTIAL
Value: 3; The uploaded file was only partially uploaded.
UPLOAD_ERR_NO_FILE
Value: 4; No file was uploaded.
UPLOAD_ERR_NO_TMP_DIR
Value: 6; Missing a temporary folder. Introduced in PHP 4.3.10 and PHP 5.0.3.
UPLOAD_ERR_CANT_WRITE
Value: 7; Failed to write file to disk. Introduced in PHP 5.1.0.
UPLOAD_ERR_EXTENSION
Value: 8; A PHP extension stopped the file upload. PHP does not provide a way to ascertain which extension caused the file upload to stop; examining the list of loaded extensions with phpinfo may help. Introduced in PHP 5.2.0.
Classes defined as abstract may not be instantiated, and any class that contains at least one abstract method must also be abstract. Methods defined as abstract simply declare the method's signature - they cannot define the implementation.
For interface all the methods by default are abstract methods only. So one cannot declare variables or concrete methods in interfaces
In Abstract class we can declare public, private, protected methods & properties
In interface class we can declare only public
Abstract class contain abstract methods and common methods
Interface class all the methods should be an abstract
A class can Inherit only one Abstract class and Multiple inheritance is not possible for Abstract class.
A class can implement many interfaces and Multiple interface inheritance is possible.
Open the file [XAMPP Installation Folder]/apache/conf/httpd.conf.
Now search for the string Listen 80 (I’m assuming that your XAMPP was using the port 80. Otherwise, just search for the string “Listen”). This is the port number which XAMPP uses. Change this 80 to any other number which you prefer.
Then search for the string “ServerName” and update the port number there also.
Now save and re-start XAMPP server and you are done.
In my case as per the requirement admin can import csv file and all the data we need to store in MySQL database
Before inserting data i need to check the data already existed or not ? :)
Find the below code
$query="SELECT * FROM table"; $result=mysql_query($query); echo mysql_error(); while($row = mysql_fetch_array($result)){ $query1="SELECT * FROM table WHERE order_number='".$result_data[0]."' "; $result1=mysql_query($query1); $count = mysql_num_rows($result1) - 1; mysql_query("DELETE FROM table WHERE order_number='".$result_data[0]."' "); //echo "deleted $row[1] "; }
After this code INSERT the records
Any web application security is most important throughout the development. There are very simple ways you can take to protect your application from hackers. This post will cover some of the basics of PHP security.
The below mentioned tips every developer should know
1. Filtering Input :-
Filtering all data from external sources is probably the most important security measure you can take. This can be as easy as running some simple built-in functions on your variables.
whenever user enter some data into the form never directly use anything in $_GET or $_POST.. Check each value to make sure it is something expected and assign it to a local variable for use
// input filter examples// Make sure it is an integer$int=intval($_POST['variable']);// Make it safe to use in a URL$string=urlencode($_POST['variable']);
PHP as of version 5.2 provides a set of filtering functions designed
just for the purpose of filtering user data.
filter_input— Gets a specific external variable by name and optionally filters it
<?php
$search_html = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_SPECIAL_CHARS);$search_url = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_ENCODED);
echo "You have searched for $search_html.\n";
echo "<a href='?search=$search_url'>Search again.</a>";?>
Out Put
You have searched for Me & son. <a href='?search=Me%20%26%20son'>Search again.</a>
2.Register_Globals:-
PHP is when the default value for the PHP directive register_globals went from ON to OFF in PHP » 4.2.0.
This post will explain how one can write insecure code with this directive but keep in mind that the directive itself isn't insecure but rather it's the misuse of it.
<?php// define $authorized = true only if user is authenticatedif (authenticated_user()) { $authorized = true;
} // Because we didn't first initialize $authorized as false, this might be
// defined through register_globals, like from GET auth.php?authorized=1
// So, anyone can be seen as authenticated!if ($authorized) {
include "/highly/sensitive/data.php";
}?>
Example use of sessions with register_globals on or off
<?php// We wouldn't know where $username came from but do know $_SESSION is
// for session dataif (isset($_SESSION['username'])) {
echo "Hello <b>{$_SESSION['username']}</b>";
} else {
echo "Hello <b>Guest</b><br />";
echo "Would you like to login?";
}?>
3. Error Reporting:-
The error_reporting() function sets the error_reporting directive at runtime. PHP has many levels of errors, using this function sets that level for the duration (runtime) of your script. If the optional level is not set, error_reporting() will just return the current error reporting level.
It's never a good idea to show the world your errors. It make you look bad, it also might give malicious users another clue to help them break your site. You should always have display_errors disabled in a production environment, but continue logging errors with log_errors for your own information.
Production Development
display_errors 0 1
log_errors 1 0
error_reporting E_ALL E_ALL
4. Use POST for Dangerous Actions
There are two common methods used to send data to a PHP application, GET and POST. GET works by adding variables to the end of URL's (eg. http://www.example.com/process.php?action=delete&id=123). POST works by sending variables in the body of the request (normal users will not see them). It is important to carefully consider which method to use for a certain task.
You should generally stick to POST when you are performing a potentially dangerous action (like deleting something). The reason is that is is much easier to trick a user into accessing a URL with GET parameters than it is to trick them into sending a POST request. Take this example:
If a user with an active session on your site visits another web page with the above image tag, the user's browser will quietly send a request to your site telling it to delete record 123.
Keep in mind that other precautions should also be taken to ensure requests are legitimate under a secure session. It is also easily possible to create a form that does the same as above using a POST request, so don't assume that method is "safe" either. See sections 2 and 4 of the PHP Security Guide for more information on form and session security.
5. Database Queries Filtering:-
Example #1 Simple mysql_real_escape_string() example <?php// We didn't check $_POST['password'], it could be anything the user wanted! For example:$_POST['username'] = 'aidan';$_POST['password'] = "' OR ''='"; // Query database to check if there are any matching users$query = "SELECT * FROM users WHERE user='{$_POST['username']}' AND password='{$_POST['password']}'";mysql_query($query); // This means the query sent to MySQL would be:echo $query;?>
6.Output Filtering
It is also important to filter what comes out of your applications.
htmlspecialchars();//Convert special characters to HTML entities
htmlspecialchars();//Convert all applicable characters to HTML entities
strip_tags();// Strip HTML and PHP tags from a string
