withinweb

Date Only from SQL using Microsoft SQL Server

admin — Thu, 17 May 2012 14:15:00 +0000

Here is quite a useful function for producing or saving only the date part of the smalldatetime datatype.

This can be useful if you only need to store the date or you need to group some results by date only.

SelectConvert([smalldatetime],floor(Convert([float],getdate(),(0))),(0))

Vote for the digital content type that you are selling

admin — Wed, 16 May 2012 08:06:29 +0000

Take the survey to tell us what type of digtial content you are selling or about to sell.

This is an on going survey – we publish the results every month to see if there are any changes in trends.

The survey is located on the right hand side of the page http://www.withinweb.com/phpeseller/index.php

When you make a vote, you will be able to see the running totals of figures on the page.

We also publish the results once a month to review any changes.

Further PHP try / catch PHP 5

admin — Tue, 15 May 2012 14:55:52 +0000

A try / catch block is meant to catch exceptions. An exception would be something like divide by zero which causes a program exception and this can be caught.

An error on the other hand is not usually recoverable. An example of an error would be forgetting to place a ; at the end of a line or not enclosing a string with ” marks.

In the case of divide by zero, if you use a try / catch block, program execution will continue because you have caught the exception.

Each try must have at least one corresponding catch block. You can have multiple catch blocks to catch different classes of exceptions.

When an exception is thrown, the code following the statement will not be executed and PHP will then attempt to find the first matching catch block.

The general form of a try / catch block is :

try
{
$a = 1;
$b = 0;
$c = $a / $b;
}
catch (Exception $e)
{
echo($e->getMessage());
}

Other functions of the exception class are :

getMessage();        // message of exception
getCode();           // code of exception
getFile();           // source filename
getLine();           // source line
getTrace();          // an array of the backtrace()
getPrevious();       // previous exception
getTraceAsString(); // formatted string of trace

You may extend the exception class to create your own custom exceptions and the use them as multiple catch blocks to catch different classes of exception as shown in the following code :

//Extending the exception class

class WidgetNotFoundException extends Exception {}

function use_widget($widget_name) {
$widget = find_widget($widget_name);

if (!$widget) {
throw new WidgetNotFoundException(t(‘Widget %widget not found.’, array(‘%widget’ => $widget_name)));
}
}

//The try / catch block

try {
$widget = ‘thingie’;
$result = use_widget($widget);

// Continue processing the $result.
// If an exception is thrown by use_widget(), this code never gets called.
}
catch (WidgetNotFoundException $e) {
// Error handling specific to the absence of a widget.
}
catch (Exception $e) {
// Generic exception handling if something else gets thrown.
watchdog(‘widget’, $e->getMessage(), WATCHDOG_ERROR);
}

Simple PHP 5 error handling

admin — Mon, 14 May 2012 13:13:59 +0000

//create function with an exception
function checkNum($number)
{
if($number>1)
{
throw new Exception(“Value must be 1 or below”);
}
return true;
}

//trigger exception in a “try” block
try
{
checkNum(2);//If the exception is thrown, this text will not be shownecho ‘If you see this, the number is 1 or below’;}
//catch exception
catch(Exception $e)
{
echo ‘Message: ‘ .$e->getMessage();
}
?>

Examples of using PDO objects in PHP

admin — Sun, 13 May 2012 21:36:36 +0000

//Example of fetching data from a database using PDO objects

# using the shortcut ->query() method here since there are no variable
# values in the select statement.

try {

$dbhost = “localhost”;
$dbname = “users”;
$dbusername = “root”;
$dbpass = “”;

//Connect to the database
$dbh = new PDO(“mysql:host=” . $dbhost . “;dbname=” . $dbname, $dbusername, $dbpass);

//the sql query
$sql = “SELECT * FROM users”;

//statment handle
$sth = $dbh->query($sql);

# setting the fetch mode
$sth->setFetchMode(PDO::FETCH_ASSOC);

echo(“——————————————–
”);
echo(“An example of a while loop
”);
while($row = $sth->fetch()) {
echo( $row["first_name"] . “
” );
$table[] = $row;
}

$dbh = null;

} catch (PDOException $e) {
print “Error!: ” . $e->getMessage() . “
”;
die();
}

echo(“

”);

echo(“——————————————–
”);
echo(“An example of looping around an array
”);

if ($table) { //Check if there are any rows to be displayed
//Retrieve each element of the array
foreach($table as $d_row) {
echo( $d_row["first_name"] . ” ” . $d_row["last_name"] . “
” );
}
}

echo(“——————————————–
”);
echo(“An example of printing one element from the array
”);
echo($table[0]["first_name"]);

//Example of fetching data from a database using PDO objects

//This uses a prepared statement using named values

try {

$dbhost = “localhost”;
$dbname = “users”;
$dbusername = “root”;
$dbpass = “”;

$first_name = “%paul%”;

//Connect to the database
$dbh = new PDO(“mysql:host=” . $dbhost . “;dbname=” . $dbname, $dbusername, $dbpass);

//the sql query using a named placeholder
$sql = “SELECT * FROM users WHERE first_name LIKE :first_name “;

//statment handle
$sth = $dbh->prepare($sql);

$sth->execute(array(“:first_name” => $first_name));

$sth->setFetchMode(PDO::FETCH_ASSOC);

echo(“

”);
echo(“——————————————–
”);
echo(“An example of printing values from a select statement with parameters
”);

while($row = $sth->fetch()) {
echo( $row["first_name"] . “
” );
$table[] = $row;
}

$dbh = null;

} catch (PDOException $e) {
print “Error!: ” . $e->getMessage() . “
”;
die();
}

Some regular expression matches

admin — Sat, 12 May 2012 09:27:49 +0000

Regular Expression Will match…

foo    The string “foo”
^foo    ”foo” at the start of a string
foo$    ”foo” at the end of a string
^foo$    ”foo” when it is alone on a string
[abc]    a, b, or c
[a-z]    Any lowercase letter
[^A-Z]    Any character that is not a uppercase letter
(gif|jpg)    Matches either “gif” or “jpeg”
[a-z]+    One or more lowercase letters
[0-9\.\-]    ?ny number, dot, or minus sign
^[a-zA-Z0-9_]{1,}$    Any word of at least one letter, number or _
([wx])([yz])    wy, wz, xy, or xz
[^A-Za-z0-9]    Any symbol (not a number or a letter)
([A-Z]{3}|[0-9]{4})    Matches three letters or four numbers

Possible way of dealing with inserting quote marks into a database

admin — Fri, 11 May 2012 11:23:17 +0000

This is another possible way of dealing with quote marks for inserting data into a database :

if (!get_magic_quotes_gpc()) {
$item_name = addslashes($_POST['txtItem_Name']);
}
else
{
$item_name = $_POST['txtItem_Name'];
}

Dealing with quote marks for inserting data into a database
———————————————————–

if (!get_magic_quotes_gpc()) {
$item_name = addslashes($_POST['txtItem_Name']);
}
else
{
$item_name = $_POST['txtItem_Name'];
}

Regular Expression Will match…

admin — Thu, 10 May 2012 20:02:41 +0000

Regular Expression Will match…

foo                                The string “foo”
^foo            “foo” at the start of a string
foo$                            “foo” at the end of a string
^foo$                         “foo” when it is alone on a string
[abc]                           a, b, or c
[a-z]                           Any lowercase letter
[^A-Z]                      Any character that is not a uppercase letter
(gif|jpg)                   Matches either “gif” or “jpeg”
[a-z]+                       One or more lowercase letters
[0-9\.\-]                  any number, dot, or minus sign
^[a-zA-Z0-9_]{1,}$    Any word of at least one letter, number or _
([wx])([yz])                    wy, wz, xy, or xz
[^A-Za-z0-9]                 Any symbol (not a number or a letter)
([A-Z]{3}|[0-9]{4})    Matches three letters or four numbers

Use regular expressions to validate PHP inputs

admin — Thu, 10 May 2012 09:17:16 +0000

To help counter SQL injections you need to make sure that entered values use minimum character types as possible. So you restrict usernames to just a-z and 0-9 characters.

To test for these, use something like :

//——————————————————
/**
* Purpose : Check input for paticular characters
* Only allow a – z, A – Z , 0-9
* returns true if a match was found, false if no match was found
* @return boolean
*/
function is_valid_input($words) {

if ( preg_match( “/[^0-9a-zA-Z]/”, $words, $array ) )
return false; //invalid characters
else
return true; //valid characters

}

Ways to counter SQL Injection

admin — Wed, 09 May 2012 08:31:58 +0000

Database Permissions

Set the permissions on the database username / password as tightly as possible. If you are displaying data, there is no need for the user to have insert or update permissions into the database. One solution is to have two usernames / passwords. One would have select permissions, and would be used only for display. The other would have select, insert and update permissions used only for forms that require data to be stored in the database.

Test all data input

All form data and all url query strings should be tested.

For example, if you are passing data using a query string any record id’s are usually integer, so test that they are actually integer values with a function such as is_numeric in PHP.

Use correct data types and data sizes in the database

This means that if you have a colunn which is a persons name, the data type size for that column only needs to be 40 characters. There is no need to have a data size any larger than required.
Convert text to html

Before storing text in a database, convert it into html. This will change inputs such as the Javascript