Archive for December, 2007

« Previous Entries
Next Entries »

PHP Solution (Ecommerce web host) 5-8: Getting data from check boxes

Monday, December 24th, 2007

PHP Solution 5-8: Getting data from check boxes BRINGING FORMS TO LIFE Check boxes are similar to radio button groups, except that they permit multiple selections. This affects how you name a check box group and extract the selected values. 1. The following listing shows the code for the check boxes in contact.php. To save space, just the first two check boxes are shown. The name attribute and PHP sec tions of code are highlighted in bold.


Interests in Japan

checked=”checked” />

checked=”checked” />

. . .

The really important thing to note about this code is the empty pair of square brackets following the name attribute of each check box. This tells PHP to treat interests as an array. If you omit the brackets, $_POST[’interests’] contains the value of only the first check box selected; all others are ignored. The PHP code inside each check box element performs the same role as in the radio button group, wrapping the checked attribute in a conditional statement. The first two conditions are the same as for a radio button, but the third condition uses the in_array() function to check whether the value associated with that check box is in the $_POST[’interests’] subarray. If it is, it means the check box was selected. 145
If you are looking for affordable and reliable webhost to host and run your business application visit our ftp web hosting services.

Posted in MYSQL5 | No Comments »

Free web hosting services - PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY You

Sunday, December 23rd, 2007

PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY You need to take this into account in the code that preserves the selected value when a required field is omitted. The following listing shows the subscribe radio button group from contact.php, with all the PHP code highlighted in bold:


Subscribe to newsletter?

checked=”checked” /> checked=”checked” />

The checked attribute in both buttons is wrapped in an if statement, which checks three conditions, all of which must be true. The value of the first condition, $OK, is determined by the following line of code: $OK = isset($_POST[’subscribe’]) ? true : false; This uses the conditional operator to check whether $_POST[’subscribe’] is set. The only reason for this line is to avoid having to type isset($_POST[’subscribe’]) in both if statements. With only two buttons in the radio group, this may hardly seem worthwhile, but I ve used the same technique in all multiple-choice elements, and it certainly makes things easier when you have six items in a group, as is the case with the check boxes and multiple-choice list. The other two conditions inside the if statements check whether $missing has been set and the value of $_POST[’subscribe’]. 2. When building the body of the email message, you also need to take into account that $_POST[’subscribe’] may not exist. Otherwise, you could end up with unprofessional error messages onscreen. Again, using the conditional operator offers the most succinct way of doing this. The following code goes in the section that prepares the message prior to sending it: // go ahead only if not suspect and all required fields OK if (!$suspect && empty($missing)) { // set default values for variables that might not exist $subscribe = isset($subscribe) ? $subscribe : ‘Nothing selected’; If $subscribe exists, the value is simply passed to the same variable. If it doesn t exist, it s set to the string Nothing selected. You can now safely use $subscribe within the body of the message.
Visit our web design programs services for an affordable and reliable webhost to suit all your needs.

Posted in MYSQL5 | No Comments »

Web site design and hosting - BRINGING FORMS TO LIFE Figure 5-8. The feedback

Saturday, December 22nd, 2007

BRINGING FORMS TO LIFE Figure 5-8. The feedback form with examples of each type of form element PHP Solution 5-7: Getting data from radio button groups Radio button groups allow you to pick only one value. This makes it easy to retrieve the selected one. 1. All buttons in the same group must share the same name attribute, so the $_POST array contains the value attribute of whichever radio button is selected. If no button is selected, the radio button group s $_POST array element remains unset. This is different from the behavior of text input fields, which are always included in the $_POST array, even if they contain nothing. 143
Go visit our java server pages services for a reliable, lowcost webhost to satisfy all your needs.

Posted in MYSQL5 | No Comments »

PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY 3. (Jetty web server)

Friday, December 21st, 2007

PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY 3. Save contact.php and test the form. When you receive the email, click the Reply button in your email program, and you should see the address that you entered in the form automatically entered in the recipient s address field. You can check your code against contact09.php in the download files. Handling multiple-choice form elements You now have the basic knowledge to process user input from an online form and email it to your inbox, but to keep things simple, the form in contact.php uses only text input fields and a text area. To work successfully with forms, you also need to know how to handle multiple-choice elements, namely: Radio buttons Check boxes Drop-down option menus Multiple-choice lists Figure 5-8 shows contact.php with an example of each type added to the original design. The principle behind them is exactly the same as the text input fields you have been working with: the name attribute of the form element is used as the key in the $_POST array. However, check boxes and multiple-choice lists store the selected values as an array, so you need to adapt the code slightly to capture all the values. Let s look briefly at each type of form element. Rather than go through each step in detail, I ll just highlight the important points. The completed code for the rest of the chapter is in contact10.php.
Searching for affordable and reliable webhost to host and run your web applications? Go to our java web server services and you will be pleased.

Posted in MYSQL5 | No Comments »

Best web hosting - BRINGING FORMS TO LIFE // go ahead only

Friday, December 21st, 2007

BRINGING FORMS TO LIFE // go ahead only if not suspect and all required fields OK if (!$suspect && empty($missing)) { Designing a regular expression to recognize a valid-looking email address is notoriously difficult, and many that you find in books or on the Internet reject valid email addresses. Instead of striving for perfection, $checkEmail simply checks for an @ mark surrounded by at least one character on either side. More important, it rejects any attempt to append spurious email headers. If the contents of $email don t match the regex, email is added to the $missing array. I decided not to create a special variable to indicate a suspected attack because the user may have innocently mistyped the email address. Moreover, it keeps the logic of the code simple. If the $missing array contains any elements, the message isn t sent, which is the whole point: you ve stopped the attack. 2. You now need to add the additional headers to the section of the script that sends the email. Place them immediately above the call to the mail() function like this: // limit line length to 70 characters $message = wordwrap($message, 70); // create additional headers $additionalHeaders = ‘From: Japan Journey‘; if (!empty($email)) { $additionalHeaders .= “rnReply-To: $email”; } // send it $mailSent = mail($to, $subject, $message, $additionalHeaders); If you don t want email to be a required field, there s no point in using a nonexistent value in the Reply-To header, so I have wrapped it in a conditional statement. Since you have no way of telling whether the Reply-To header will be created, it makes sense to put the carriage return and new line characters at the beginning of the second header. It doesn t matter whether you put them at the end of one header or the start of the next one, as long as a carriage return and new line separates each header. For instance, if you wanted to add a Cc header, you could do it like this: $additionalHeaders = “From: Japan Journeyrn”; $additionalHeaders .= ‘Cc: admin@example.com’; if (!empty($email)) { $additionalHeaders .= “rnReply-To: $email”; } Or like this: $additionalHeaders = ‘From: Japan Journey‘; $additionalHeaders .= “rnCc: admin@example.com”; if (!empty($email)) { $additionalHeaders .= “rnReply-To: $email”; } Finally, don t forget to add $additionalHeaders as the fourth argument to mail(). 141
Note: If you are looking for cheap and reliable webhost to host and run your mysql application check mysql web server services.

Posted in MYSQL5 | No Comments »

PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY If (Unlimited web hosting)

Thursday, December 20th, 2007

PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY If you want to send the email in an encoding other than iso-8859-1 (English and Western European), you need to set the Content-Type header. For Unicode (UTF-8), set it like this: $additionalHeaders = “Content-Type: text/plain; charset=utf-8rn”; The web page that the form is embedded in must use the same encoding (usually set in a tag). Hard-coded additional headers like this present no security risk, but anything that comes from user input must be filtered before it s used. So, let s take a look at incorporating the user s email address into a Reply-To header. Although PHP Solution 5-5 should sanitize any user input, it s worth subjecting the email field to a more rigorous check. PHP Solution 5-6: Automating the reply address Continue working with the same page. Alternatively, use contact08.php from the download files. 1. Although I suggested at the end of PHP Solution 5-3 that you add the email field to the $required array, there may be occasions when you don t want to make it required. So, it makes more sense to keep the code to validate the email address separate from the main loop that processes the $_POST array. If email is required, but has been left blank, the loop will have already added email to the $missing array, so the message won t get sent anyway. If it s not a required field, you need to check $email only if it contains something. So you need to wrap the validation code in an if statement that uses !empty(). An exclamation mark is the negative operator, so you read this as not empty. Insert the code shown in bold immediately after the loop that processes the $_POST array. It contains a complex line, so you may prefer to copy it from contact09.php. // otherwise, assign to a variable of the same name as $key elseif (in_array($key, $expected)) { ${$key} = $temp; } } } // validate the email address if (!empty($email)) { // regex to ensure no illegal characters in email address $checkEmail = ‘/^[^@]+@[^srn’”;,@%]+$/’; // reject the email address if it doesn’t match if (!preg_match($checkEmail, $email)) { array_push($missing, ‘email’); } }
We highly recommend you visit web and email hosting services if you need stable and cheap web hosting platform for your web applications.

Posted in MYSQL5 | No Comments »

Web hosting providers - BRINGING FORMS TO LIFE } } } Don t

Wednesday, December 19th, 2007

BRINGING FORMS TO LIFE } } } Don t forget the extra curly brace to close the else statement. 5. Just one final change is required to the section of code that builds and sends the email. If suspect content is detected, you don t want that code to run, so amend the condition in the opening if statement like this: // go ahead only if not suspect and all required fields OK if (!$suspect && empty($missing)) { // build the message 6. Save contact.php, and test the form. It should send normal messages, but block any message that contains any of the suspect phrases. Because the if statement in step 4 sets $mailSent to false and unsets $missing, the code in the main body of the page displays the same message that s displayed if there s a genuine problem with the server. A neutral, nonprovocative message reveals nothing that might assist an attacker. It also avoids offending anyone who may have innocently used a suspect phrase. You can check your code against contact08.php in the download files. Safely including the user s address in email headers Up to now, I ve avoided using one of the most useful features of the PHP mail() function: the ability to add extra email headers with the optional fourth argument. A popular use of extra headers is to incorporate the user s email address into a Reply-To header, which enables you to reply directly to incoming messages by clicking the Reply button in your email program. It s convenient, but it provides a wide open door for an attacker to supply a spurious set of headers. With PHP Solution 5-5 in place, you can block attacks, but safely pass filtered email addresses to the mail() function. You can find a full list of email headers at www.faqs.org/rfcs/rfc2076, but some of the most well-known and useful ones enable you to send copies of an email to other addresses (Cc and Bcc), or to change the encoding (often essential for languages other than Western European ones). Each new header, except the final one, must be on a separate line terminated by a carriage return and new line character. This means using the r and n escape sequences in double-quoted strings. Let s say you want to send copies of messages to other departments, plus a copy to another address that you don t want the others to see. Email sent by mail() is often identified as coming from nobody@yourdomain (or whatever username is assigned to the web server), so it s also a good idea to add a more user-friendly From address. This is how you build those additional email headers and pass them to mail(): $additionalHeaders = “From: Japan Journeyrn”; $additionalHeaders .= “Cc: sales@example.com, finance@example.comrn”; $additionalHeaders .= ‘Bcc: secretplanning@example.com’; $mailSent = mail($to, $subject, $message, $additionalHeaders); 139
Searching for affordable and proven webhost to host and run your servlet applications? Go to Linux Web Hosting services and you will find it.

Posted in MYSQL5 | No Comments »

PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY else (Web hosting comparison)

Wednesday, December 19th, 2007

PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY else { // if one of the suspect phrases is found, set Boolean to true if (preg_match($pattern, $val)) { $suspect = true; } } } The isSuspect() function is another piece of code that you may want to just copy and paste without delving too deeply into how it works. The important thing to notice is that the third argument has an ampersand (&) in front of it (&$suspect). This means that any changes made to the variable passed as the third argument to isSuspect() will affect the value of that variable elsewhere in the script. The other feature of this function is that it s what s known as a recursive function. It keeps on calling itself until it finds a value that it can compare against the regex. 3. Don t worry if that last paragraph makes your brain hurt. Calling the function is very easy. You just pass it three values: the $_POST array, the pattern, and the $suspect Boolean variable. Insert the following code immediately after the code in the previous step: // check the $_POST array and any subarrays for suspect content isSuspect($_POST, $pattern, $suspect); Note that you don t put an ampersand in front of $suspect this time. The amper- sand is required only when you define the function in step 2, not when you call it. 4. If any suspect phrases are detected, the value of $suspect changes to true, so you need to set $mailSent to false and delete the $missing array to prevent the email from being sent, and to display an appropriate message in the form. There s also no point in processing the $_POST array any further. Wrap the code that processes the $_POST variables in the second half of an if… else statement like this: if ($suspect) { $mailSent = false; unset($missing); } else { // process the $_POST variables foreach ($_POST as $key => $value) { // assign to temporary variable and strip whitespace if not an array $temp = is_array($value) ? $value : trim($value); // if empty and required, add to $missing array if (empty($temp) && in_array($key, $required)) { array_push($missing, $key); } // otherwise, assign to a variable of the same name as $key elseif (in_array($key, $expected)) { ${$key} = $temp;
We recommend cheap and reliable webhost to host and run your web applications: Coldfusion Web Hosting services.

Posted in MYSQL5 | No Comments »

Adelphia web hosting - BRINGING FORMS TO LIFE // assume that there

Tuesday, December 18th, 2007

BRINGING FORMS TO LIFE // assume that there is nothing suspect $suspect = false; // create a pattern to locate suspect phrases $pattern = ‘/Content-Type:|Bcc:|Cc:/i’; // process the $_POST variables The string assigned to $pattern will be used to perform a case-insensitive search for any of the following: Content-Type: , Bcc: , or Cc: . It s written in a format called Perl-compatible regular expression (PCRE). The search pattern is enclosed in a pair of forward slashes, and the i after the final slash makes the pattern case- insensitive. This is a very simple example, but regular expressions (regex) are a complex sub- ject that can reduce grown men to tears. Fortunately, you can find a lot of tried and tested regular expressions that you can simply drop into your own scripts. Two good places to look are http://regexlib.com and Regular Expression Recipes: A Problem Solution Approach by Nathan A. Good (Apress, ISBN: 1-59059-441-X). In addition to PCRE, you will probably also come across Portable Operating System Interface (POSIX) regular expressions. They tend to be easier to read, but they are slower and less powerful than PCRE. The easy way to tell whether a PHP script uses PCRE or POSIX is to look at the function used with the regex. All PCRE functions begin with preg_, while POSIX functions begin with ereg. To prevent your scripts from breaking in future, always use PCRE regular expressions, because there are plans to drop the ereg functions from the default configura- tion of PHP 6. 5 2. You can now use the PCRE stored in $pattern to filter out any suspect user input from the $_POST array. At the moment, each element of the $_POST array contains only a string. However, multiple-choice form elements, such as check boxes, return an array of results. So you need to tunnel down any subarrays and check the content of each element separately. That s precisely what the following custom-built function isSuspect() does. Insert it immediately after the $pattern variable from step 1. // create a pattern to locate suspect phrases $pattern = ‘/Content-Type:|Bcc:|Cc:/i’; // function to check for suspect phrases function isSuspect($val, $pattern, &$suspect) { // if the variable is an array, loop through each element // and pass it recursively back to the same function if (is_array($val)) { foreach ($val as $item) { isSuspect($item, $pattern, $suspect); } } 137
Note: If you are looking for cheap and reliable webhost to host and run your mysql application check mysql web server services.

Posted in MYSQL5 | No Comments »

PHP SOLUTIONS: DYNAMIC (Business web hosting) WEB DESIGN MADE EASY 3.

Monday, December 17th, 2007

PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY 3. The comments text area needs to be handled slightly differently because It s important to position the opening and closing PHP tags right up against the