Injection Prevention – mysql_real_escape_string()


this problem has been known for a while and PHP has a specially-made function to prevent these attacks. All you need to do is use the mouthful of a function mysql_real_escape_string.

What mysql_real_escape_string does is take a string that is going to be used in a MySQL query and return the same string with all SQL Injection attempts safely escaped. Basically, it will replace those troublesome quotes(‘) a user might enter with a MySQL-safe substitute, an escaped quote \’.

Lets try out this function on our two previous injection attacks and see how it works.

Continue reading

Creating a MySQL Index


Creating a MySQL Index – New Table

If you are creating a new MySQL table you can specify a column to index by using the INDEX term as we have below. We have created two fields: name and employeeID (index).

MySQL Code:

CREATE TABLE employee_records (
	name VARCHAR(50), 
	employeeID INT, INDEX (employeeID)
)

Creating a MySQL Index – Existing Table

You can also add an index to an older table that you think would benefit from some indexing. The syntax is very similar to creating an index in a new table. First, let’s create the table.

MySQL Code:

CREATE TABLE employee_records2 (name VARCHAR(50), employeeID INT)

With our newly created table we are going to update the “employee_records2” table to include an index.

MySQL Code:

CREATE INDEX id_index ON employee_records2(employeeID)

Alphanumeric & Number Validation using Onkeypress event


<script language="javascript" type="text/javascript">
function isNumberKey(evt){ // Numbers only
    var charCode = (evt.which) ? evt.which : event.keyCode;
    if (charCode > 31 && (charCode < 48 || charCode > 57))
        return false;
    return true;
}
     function isAlphaNumeric(e){ // Alphanumeric only
            var k;
            document.all ? k=e.keycode : k=e.which;
            return((k>47 && k<58)||(k>64 && k<91)||(k>96 && k<123)||k==0);
         }
    </script>
----------------------------------------------------------------
OnKeypress="javascript:return isNumberKey(event);"
---------------------------------------------------------------
OnKeypress="javascript:return isAlphaNumeric(event,this.value);"

How to restrict digit & decimal


<script language="javascript" type="text/javascript">
function isNumberKey(evt){
var charCode = (evt.which) ? evt.which : event.keyCode;
if (charCode &gt; 31 &amp;&amp; (charCode &lt; 48 || charCode &gt; 57))
return false;
return true;
}

function isNumberKeyWithDecimal(evt){
var charCode = (evt.which) ? evt.which : event.keyCode;
if (charCode != 46 &amp;&amp; charCode &gt; 31 &amp;&amp; (charCode &lt; 48 || charCode &gt; 57))
return false;
return true;
}
</script>
onkeypress="return isNumberKey(event)"
onkeypress="return isNumberKeyWithDecimal(event)"

How to Solve Magento 500 Internal Server Errors


Many users encounter some weird magento internal server errros (Error type 500). I will try to list the most common solutions. These errors are not always caused by the same reason. You should try to take a look at your server’s error logs to get some help about this error.

You can get additional info about the errors by Turning on Developer Mode. Look in the Magento bootstrap file (index.php), you’ll see lines similar to the following

#Mage::setIsDeveloperMode(true);
#ini_set(‘display_errors’, 1);

Uncomment these. In a production system, you’d never want to have your errors display to the browser, but while developing having an errors and warnings thrown immediately in your face is invaluable. This way, you will see the actually problem which lead to the Internal Error Server. In almost cases, the reason is that there is an exception throw after output is sent to browser.

Continue reading