This is the results so far of the survey which is on the page : http://www.withinweb.com/phpeseller/index.php
These are running results :
mp3 audio files 34.1%
ebooks 15.1%
video files 14.6%
physical cds/dvds 9.8%
images 8.1%
software 7.4%
other physical goods 5.9%
other content 5%
→ No CommentsTags: OnLine Poll Results · PHP-eSeller
Here are a few suggestions to counter the problem of sql injections.
Database Permissions
Set the permissions on the database username / password as tightly as possible. If you are displaying data, there is no need for the user to have insert or update permissions into the database. One solution is to have two usernames / passwords. One would have select permissions, and would be used only for display.
The other would have select, insert and update permissions used only for forms that require data to be stored in the database.
Test all data input
All form data and all url query strings should be tested.
For example, if you are passing data using a query string any record id’s are usually integer, so test that they are actually integer values with a function such as isumeric in classic ASP.
Use correct data types and data sizes in the databaseThis means that if you have a colunn which is a persons name, the data type size only needs to be 40 characters.
There is no need to have a data size any larger than required.
Convert text to htmlBefore storing text in a database, convert it into html. This will change inputs such as the Javascript <script> to its html equilivant which cannot be executed on a web page.
Filter out any characters that may cause issues. and are not required.
Use parameterized queries
If you use parametized queries for connection to the database you eliminate string concatenation. You should always use parametized queries rather than constucting the sql.
Check characters particlarly with username / password
If an entry is a username, it normally does not require any other characters other than a to z and 0 to 9 and it only needs to be say, 8 characters long.
→ No CommentsTags: SQL databases
These are the results from the on line poll on http://www.withinweb.com/phpeseller/index.php
The poll asks what file types you are selling from your web site.
mp3 audio fliles 32%
e-books 16%
video files 13%
physical CDs / DVDs 9%
images 8%
software 8%
Other physical goods 6%
other content 5%
It looks like selling audio mp3 files is very popular with selling e-books being the next most popular product being sold.
→ No CommentsTags: OnLine Poll Results
PHP-eSeller is a PHP/mySQL application for selling mp3 and other digital files from your web site.
PHP-eSeller will work with Google Checkout and with PayPal. As PHP-eSeller is based around IPN (instant payment notification) it will work with all PayPal accounts.
For a full description of PHP-eSeller, go to http://www.withinweb.com/phpeseller/index.php
→ No CommentsTags: PHP-eSeller
For free hints tips and tricks see
http://www.withinweb.com/global/hints_tips_and_tricks/digital_files.pdf
→ 1 CommentTags: PHP-eSeller
The fckeditor is described on the web site http://www.fckeditor.net and is a configurable html text editor with many add ons and plugins.
The configuration file in the fckconfig.js file is set to use the english language ‘en’ with a toolbar set called ‘pg_toolbar’. The FCKEditor web site provides full desciption on its options and configuration.
The fckeditor has the ability to upload images and files with a file manager system. This is disabled by default.
To set up the upload facility in fckeditor.
(A)
In the file \fckeditor\editor\filemanager\browser\default\connectors\php\config.php
change ‘false’ to ‘true’ to allow uploads.
The relevant line in config.php file :
// SECURITY: You must explicitly enable this “connector”. (Set it to “true”).
$Config['Enabled'] = false ;
(B)
Create a folder on the server where you want the files to be located and identify
the folder in \fckeditor\editor\filemanager\browser\default\connectors\php\config.php
Then change the permissions on that folder to 777.
The relevant line in config.php file :
// Path to user files relative to the document root.
$Config['UserFilesPath'] = ‘/UserFiles/’;
the document root being the root of the web server.
Another area of customisation that you may want to implement is defining the toolbar that appears above the text box which is used to enter product descriptions. The toolbar has been trimmed to make it more manageable and to remove tools that are not required all that often. However, you may want to add back in some buttons which is very easy to do.
Open up the file /fckeditor/fckeditor.js with a suitable text editor.
The toolbar that we use is called FCKConfig.ToolbarSets["pg_toolbar"].
The default toolbar is FCKConfig.ToolbarSets["Default"].
If you want to add a button from the default toolbar, just copy it and place it into FCKConfig.ToolbarSets["pg_toolbar"].
Or if you want all the buttons, rename FCKConfig.ToolbarSets["Default"] to FCKConfig.ToolbarSets["pg_toolbar"] and remove the old FCKConfig.ToolbarSets["pg_toolbar"].
Note that the very last button on the toolbar is used to maximise the editor window which can help if you are doing more detailed work with the html.
→ No CommentsTags: PHP-SecureArea · PHP-eSeller
EasyPHP is an application that you install on your Windows computer which you can use as a development system for PHP / Apache and mySQL databases.
It can be downloaded form http://www.easyphp.org/ and I find it a very good way to develop applications using PHP on my Windows computer.
EasyPHP contains a single exectuable which when run, installs PHP, Apache web server and a mySQL database onto your Windows computer. All
very neat an convenient to use.
However, when I tried to install on Windows 7 I came across a number of issues with Apache and with mySQL.
When I launched the software, Apache wouldn’t start. Here is the error :
Apache cannot run: another Web server is using the Web port or port is blocked by firewall.
To overcome this issue :
1. Click the EasyPHP icon beside the “Apache” button.
2. Click “Configure” then click “EasyPHP“.
3. Uncheck “Check server’s TCP port before starting” then click “Apply” button and then “Close” button.
4. Click “Apache” button and then click “Start“.
That fixes the “Apache cannot run…” problem.
The above gets the Apache server to work but after I closed EasyPHP and ran it again, I got this second error message :
Unexpected end of MySql… See log file?
This is a mySQL error message and is actually a file permission problem.
So I changed the user permission for the EasyPHP directory and mySQL correctly started.
To set your permissions this is what you do :
1. Open and view Drive C using the windows explorer, then double click “Program Files” assuming that you installed EasyPHP in that folder.
2. Right click on the folder where you installed EasyPHP then click “Properties“.
3. On “Security” tab click “Edit…” button.
4. Select the user that you are currently using. This will probably be something like “Users (computer name)”
5. Under “Permissions for Users” box, tick “Full control” on “Allow” column.
6. And then click “OK” button to apply the changes.
Now you should be able to start mySQL server by clicking “mySQL” button on EasyPHP dialog and then click “Start“. Or shut down EasyPHP and restart it again.
Hopefully that will solve issues when working with Windows 7 and EasyPHP.
→ No CommentsTags: General PHP
Interesting Google watch site : http://googlewatch.eweek.com/index.html
Provides information on Google developments and other Google issues.
→ No CommentsTags: SOE
Sometimes you may want to display one page using a link to the shop, say page 2.
This is easily done by the following link :
http://www.yourservername.com/shop/index.php?page=2
→ No CommentsTags: PHP-eSeller
Running results for the on line poll asking ‘What kind of content are you mainly selling” up to the begining of April 2010.
You can vote on the page : http://www.withinweb.com/phpeseller/index.php
The survey is located on the right hand side of the page.
Comparing with the previous results, the mp3 audio files appear to be the most popular type of files that are being sold.