hello my bosses and my fellow learners and to all aspiring...
i have been study php for a while now and i think its time to put my brain and skills to work... i want to solve some tough problems strictly on php...
can you pls bring on some provlems you had while learning or anything innovative... i really want to get my hands to work. i'll be waiting....

Thanks
Chuzzy

Hmmmm,let's cc cc..


U have a world popular forum,written in php,unfortunately, d success of dat forum has attracted badass haters...and nw sum black hat dude is trying to "brute force" his way into ur Admincp to damage ur site from the inside,out.... what can u do to stop this scenerio.
..UR ANSWER IN IMAGINARY OOP CODE PLZ

CODE-EATER:
Hmmmm,let's cc cc..


U have a world popular forum,written in php,unfortunately, d success of dat forum has attracted badass haters...and nw sum black hat dude is trying to "brute force" his way into ur Admincp to damage ur site from the inside,out.... what can u do to stop this scenerio.
..UR ANSWER IN IMAGINARY OOP CODE PLZ

dis one is strong ooooo....but i believe i can do it...but pls what is "imaginary"

Chuzzyrules:

dis one is strong ooooo....but i believe i can do it...but pls what is "imaginary"

d normal. Word na,to imagine sum tin...

what I mean is...4 example including classes wit IMAGINARY methods in dem n comment on wat d method dose den use it....just explain as u type..we go undrstand

Why not pick some projects from my blog to help build your CV

Your SQL query in your PHP log-in script, on your
website:
<?
$q = "SELECT `id` FROM `users` WHERE `username`= '
" .$_GET['username']. " ' AND `password`= ' " .$_GET
['password']. " ' ";
?>
One day a self-proclaimed hacker stumbles upon your
website. He clicks the 'Log In' button.
He enters the following in the 'username' field:
' ; SHOW TABLES;
The hacker now has been shown every table you have
in your database.
Since he knows your table's name, he enters :
'; DROP TABLE [your table's name];
All of your information is gone.
Note: There are attempts that are much more complicated than this, and someone can spend a lot of
time to get into your database, or they can even use a
program to try to exploit the vulnerability of your
website, database, application, etc.
Step 1 Use mysql_real_escape_string()
This PHP function escapes special characters for use in
SQL queries and protects you from attack.
The query would now look like this:
<?
$q = "SELECT `id` FROM `users` WHERE `username`= '
" .mysql_real_escape_string( $_GET['username'] ). " '
AND `password`= ' " .mysql_real_escape_string( $_GET
['password'] ). " ' ";
?>
Step 2 Use mysql_query()
Using 'mysql_query()' has additional protection against
SQL Injection. A query not wrapped in 'mysql_query()'
could allow a hacker to use multiple SQL commands
from your 'username' field, instead of just one, which
is another vulnerability. 'mysql_query()' only allows
one command at a time.
So, our query would now look like this:
<?
//connection
$database = mysql_connect("localhost",
"username","password";
//db selection
mysql_select_db("database", $database);
$q = mysql_query("SELECT `id` FROM `users` WHERE
`username`= ' " .mysql_real_escape_string( $_GET
['username'] ). " ' AND `password`= ' " .mysql_real_
escape_string( $_GET['password'] ). " ' ", $database);
?>
Recommendation: Centralize Your Connections
In your script, you should centralize your connections
to one page.
On each page that needs it, just use the 'include()'
function to include the page that hosts your SQL
database connection information. This would force you
to create queries with the same format on every page
you create, and reduces the chances of a mistake
leaving a vulnerability open.
So, let's say we make a page called 'connections.php'
and put in the following:
<?
//connection
$database = mysql_connect("localhost",
"username","password";
//db selection
mysql_select_db("database", $database);
?>
We could modify our query using the new setup. Our
log-in page would have:
<?
include("connections.php";
$q = mysql_query("SELECT `id` FROM `users` WHERE
`username`= ' " .mysql_real_escape_string( $_GET
['username'] ). " ' AND `password`= ' " .mysql_real_
escape_string( $_GET['password'] ). " ' ", $database);
?>
Recommendation: Clean Data at the Beginning of the
Page
Many programming languages force you to declare
variables before you can use them throughout the
script. PHP does not force you to do this, however, it's
a good habit to clean out your variables at the
beginning of the page anyway!
Sure someone can ask, "If I'm cleaning each variable
throughout the page, why should I clean the variables
at the top? Aren't I doing the same thing with your
recommendation?".
It is easier on you to clean variables at the beginning
of the page for a few different reasons, beyond
formatting.
1. It reduces the amount of code you have to write.
2. Once the variable is clean, you can use it freely
throughout the page, without the fear of
vulnerabilities.
3. It is cleaner and more organized, allows you to
work easier, and avoids mistakes.
If we cleaned variables at the beginning of the page,
our script would look like this:
<?
include("connections.php";
$username = mysql_real_escape_string( $_GET
['username'] );
$password = mysql_real_escape_string( $_GET
['password'] );
$q = mysql_query("SELECT `id` FROM `users` WHERE
`username`= ' " .$username. " ' AND `password`= ' " .$
password. " ' ", $database);
?>
You could even go as far as creating a function to do
all cleaning for you, reducing the amount you have to
type further. Look at the following example.
<?
function cleaner($input){
//clean variable, including mysql_real_escape_string()
}
include("connections.php";
$username = cleaner( $_GET['username'] );
$password = cleaner( $_GET['password'] );
$q = mysql_query("SELECT `id` FROM `users` WHERE
`username`= ' " .$username. " ' AND `password`= ' " .$
password. " ' ", $database);
?>
Recommendation: Check Even After It Is Cleaned
You can have additional checks in place to guard
against unnecessary processing on your server. This is
achieved by adding checks to your script before you
ever get to the point of running the query; only
running the query when you find the data acceptable.
<?
function cleaner($input){
//clean variable, including mysql_real_escape_string()
}
include("connections.php";
$username = cleaner( $_GET['username'] );
$password = cleaner( $_GET['password'] );
//Check if the input is blank.
if( ($password == '') || ($username == '')){
//dont let them pass
}
//Check if they are putting in way too many characters
than should be allowed.
else if( (strlen($username) > 20) || (strlen($password)>
20) ){
//dont let them pass
}
//Passed all of our checks! Run query.
else {
$q = mysql_query("SELECT `id` FROM `users` WHERE
`username`= ' " .$username. " ' AND `password`= ' " .$
password. " ' ", $database);
}
?>
That's pretty much it.

Umo u get power to type o....me m using touch screen, cnt type dis long stuff...nice guide though..

Nice post @chuzz. You have to create a function for all those if you dont want to die typing. Create a functions.php file and insert your different functions; isSqlSafe(), isEmail(), isAlphanumeric(), isShort(), isLong() bla bla bla and include it on every page. Create a config.php file and input ur db conn stuffs inside also. Hope that helps.

Hi guys am looking to develope an intranet application with php,also a desktop app with php that runs throug a browser

themanager: Hi guys am looking to develope an intranet application with php,also a desktop app with php that runs throug a browser

desktop app wit php?to run tru d browser?

Php scripts cnt just run like dat now...needs a server of some sort

themanager: Hi guys am looking to develope an intranet application with php,also a desktop app with php that runs throug a browser

desktop apps do not run through web browsers. You'll need to install php gtk to be able to create desktop apps with php.

Nice stuff, I am a new php developer. I hav a question 4 u, it may not be as hard as u might want but it will be nice 2 see hw u tackle it.

U want a login page 2 direct users dat hav logged in to d page dat brought them 2 d login page. E.g u hav a job site, and d person didn't login once he/she entered d site, and started searching 4 jobs, and afta goin 2ru a lot of pages, he/she wants 2 apply but he's den taken 2 d login page 2 login. After login in, u want d person 2 b directed back 2 d page dat he was on b4 and not 2 d home page or any static page, bearing in mind dat d person can refresh d page and thus makin $_SERVER['HTTP_REFFERER'] to become empty.

X3n: Nice stuff, I am a new php developer. I hav a question 4 u, it may not be as hard as u might want but it will be nice 2 see hw u tackle it.

U want a login page 2 direct users dat hav logged in to d page dat brought them 2 d login page. E.g u hav a job site, and d person didn't login once he/she entered d site, and started searching 4 jobs, and afta goin 2ru a lot of pages, he/she wants 2 apply but he's den taken 2 d login page 2 login. After login in, u want d person 2 b directed back 2 d page dat he was on b4 and not 2 d home page or any static page, bearing in mind dat d person can refresh d page and thus makin $_SERVER['HTTP_REFFERER'] to become empty.

i think you can simply do this,
To preserve your $_SERVER['HTTP_REFFERER'], make it a session variable.
Then on upon successful login, you redirect using an IF statement. See sample..

//PUT THIS ON THE PAGE THE USER IS COMING FROM..

$_SESSION['referrer'] =$_SERVER['HTTP_REFFERER'];
//THIS HELPS TO SAVE $_Server to a more permanent $_SESSION variable.


//PUT THIS ON THE LOGIN PAGE, this helps to determine where to redirect. Static or Previous.
if($_SESSION['referrer']){
$goto = $_SESSION['referrer'];
}
elseif(!$_SESSION['referrer']){
$goto="static_page.php";
}


I hope you get the gist.
Ask any questions if ur not clear. This is not a complete code, just giving you an insight on the method to apply.

Djtm:
desktop apps do not run through web browsers. You'll need to install php gtk to be able to create desktop apps with php.

i have seen some software that runs through a web browser,u dnt install them,u just click on it then,ur browser opens then u begin to work with it.though what i saw was designed using java.was wondering if there was a way arround that with php.How about the intranet software ,hw can i go about that with php.thanks ALot!!!!!

Depending on your web browser,
Most browsers will only open, html,php,asp,aspx(Infact webpages) + .txt, some .pdf

A software can be designed to output a html interface for the user. Whereas a server language like PHP, ASP is the extension, a server must be running in the host machine(USER'S computer). If trying to open a PHP on a windows computer u will need a server to locally run in your computer for it to work. This is because .php is a unix language..

Hope any bit of this information is useful,
elseif(!useful){
ignore.it;
}

LOL...GOD I LOVE PHP

Chuzzyrules: hello my bosses and my fellow learners and to all aspiring...
i have been study php for a while now and i think its time to put my brain and skills to work... i want to solve some tough problems strictly on php...
can you pls bring on some provlems you had while learning or anything innovative... i really want to get my hands to work. i'll be waiting....

Thanks
Chuzzy

It's good that you want to do the practical of the PHP skills you have learned. It will be good to start your own website and implement your skills as it will help to furnish your php skills and also to get confidence. The website can be community website, social networking, classified ad, business directory or on any other topic.