As long as there are programming languages people will try to hack them, fortunately for us this means we have to have our wits about us when writing applications. In this 2 part article we’ll be discussing different ways that hackers try and break into our applications and how we go about protecting our applications from possible harm.

Database Security

Many websites fall under the attack known as SQL Injection. SQL injection occurs when a malicious user experiments on a form to gain information about a database. After gaining sufficient knowledge, usually from database error messages the attacker is equipped to exploit the form for any possible vulnerabilities by injecting SQL into form fields. With SQL Injection a hacker can retrieve your data, insert, delete, basicly can do anything with your database.

To view:

http://www.talkphp.com/vbarticles.php?do=article&articleid=62&title=securing-your-php-applications-part-1

In this tutorial you will learn how to create a user registration script along with validation.

To view this tutorial:

http://www.webguideuk.com/tutorials/php/registration-script-with-validation

Ever wanted to add a search feature to your php & MySQL driven web site? Then your in luck this tutorial shows you how!

This tutorial assumes you already have a MySQL database and a table with some data already in your table. This tutorial also assumes your familiar with basic php syntax.

To view this tutorial, please click here:

http://www.webguideuk.com/tutorials/php/searching-with-php-and-mysql-beyond-like

Database abstraction layers provide an important role in modern web applications built with PHP. They allow you to easily switch your back end database server by changing just a few lines of code in your application.

The Zend Framework provides a powerful database abstraction layer in the form of the Zend_Db component. This tutorial will be looking at the Zend_Db component in closer detail.

In Part 1 we will show you how to use the Zend_Db_Select class to build complex SELECT queries simply and quickly.

To view this tutorial:

http://www.talkphp.com/vbarticles.php?do=article&articleid=54&title=database-abstraction-with-zend_db-part-1

Database abstraction layers provide an important role in modern web applications built with PHP. They allow you to easily switch your back end database server by changing just a few lines of code in your application.

The Zend Framework provides a powerful database abstraction layer in the form of the Zend_Db component. This tutorial will be looking at the Zend_Db component in closer detail.

In Part 1 we showed you how to use the Zend_Db_Select class to build complex SELECT queries simply and quickly.

In Part 2 we will show you how to build INSERT, UPDATE and DELETE queries using the Zend_Db component.

To view this tutorial, please click here:

http://www.talkphp.com/vbarticles.php?do=article&articleid=60&title=database-abstraction-with-zend_db-part-2

Well, before I get into details about how to prevent CSRF, lets explain what it is exactly. Cross Site Request Forgery (also known as XSRF, CSRF, and Cross Site Reference Forgery) works by exploiting the trust that a site has for the user. Site tasks are usually linked to specific urls (Example: http://site/stocks?buy=100&stock=ebay) allowing specific actions to be performed when requested. If a user is logged into the site and an attacker tricks their browser into making a request to one of these task urls, then the task is performed and logged as the logged in user. Typically an attacker will embed malicious HTML or JavaScript code into an email or website to request a specific ‘task url’ which executes without the users knowledge, either directly or by utilizing a Cross-site Scripting Flaw. Injection via light markup languages such as BBCode is also entirely possible. These sorts of attacks are fairly difficult to detect potentially leaving a user debating with the website/company as to whether or not the stocks bought the day before was initiated by the user after the price plummeted.

To view this tutorial:

http://www.talkphp.com/vbarticles.php?do=article&articleid=59&title=csrf-post-token-protection

Need a contact form for your site? This tutorial shows you how to create one.

To view:

http://www.webguideuk.com/tutorials/php/contact-form

This tutorial describes how to setup a site using the new up and coming MODx CMS and the YAML CSS framework, it’s quick and easy if you have some markup skills!

To view:

http://www.prodevtips.com/2008/03/16/modx-and-yaml-from-zero-to-finished-site/

The first part in a long series describing how to use the PHP Zend Framework and the PHP Smarty templating engine to create a combined CMS and Community where people will have their own blogs and photo galleries. At the end of the series there is a download link to the source code.

To view this tutorial:

http://www.prodevtips.com/2007/11/02/writing-a-cms-with-smarty-and-the-zend-framework-part-1/

My current CMS experience spans TYPO3, Joomla, Drupal, XOOPS and MODx and I’ve started to feel qualified enough to offer some advice regarding these solutions. There are many CMSs out there, both free and commercial and doing research with the intention of making an informed decision can be very, very time consuming. I hope this contribution will make that process somewhat easier.

To view:

http://www.prodevtips.com/2008/03/15/comparing-typo3-joomla-drupal-and-modx/