Tags: PHP

AS3 – AMFPHP – Secure Flash/MySQL Database Calls

I decided to split the original blog post into two separate posts as “Secure” Flash/MySQL DB calls is fairly short, and it was scattered about in a post more on how to set up a High Score DB with AMFPHP. So this will be a couple of very specific tips and things to set up when adding any sort of user-entered data from flash ( or PHP! ) to touch your database. You know the rule… never trust any data. Always make sure you strictly data type variables and typecast user-entered variables. First up, as the user enters data into Flash, via an input TextField, use the .restrict setter to restrict characters entered to only characters that you need.  This is the first layer of protection against SQL injection attacks , and just follows the same sort of common sense “best practices” type of coding as datatyping variables. nameInputTxt.restrict = "A-Z a-z 0-9"; This will restrict the characters allowed in this textField to only alpha-numeric, capitals and lower case. This excludes potential Injection-prone characters like the single apostrophe ” ‘ ” and semi-colon ” ; ” keys. After that data gets entered, we’re going to send those variables thru AMFPHP into our PHP Class.  In the case of our High Scores Database example, we’re sending both the nameInputTxt data, as well as an integer based score value which gets handled by the following PHP code: function addScore( $pName , $pScore ) { $created = date( "Y-m-d H:i:s"); $cleanName = mysql_real_escape_string( $pName ); $cleanScore = intval( $pScore ); return mysql_query( "INSERT INTO $this->table SET `name` = '{$cleanName}' , `score` = $cleanScore , `created` = '{$created}' "); } You’ll see the $cleanName and $cleanScore variables a couple of lines into the function. For String type user-entered data, always run it through PHP’s mysql_real_escape_string() […]

Read More…
FacebookTwitterGoogle+Share

Joomla and Languages: How to Actually Combine the Two

One of the most frustrating things about Joomla is it’s lack of thorough documentation.  Yeah, there’s an API… yeah there’s a Wiki… but it just seems like there are a  lot of gaps and holes that don’t necessarily have to exist. Here’s a quick tutorial on how to implement languages in your component in Joomla! 1.5. First off, lets talk about why this tutorial is important.  Let’s say you’re creating a component to give site admins a way to easily create a special Links (yes, there’s already one for Joomla, it’s 2am, just go with me on this) section.  On the back-end, you’ve got an “Add Link Category” page that takes admins to a nice form that lets them create a category for links in this component.  So you’ve got text for “Name:” and “Description:” and maybe even “Category Image:” if they want to use an image with the text.  You finish your component and release it, and someone in the Joomla community wants to make a Spanish version of your component.  They would have to dig into your source code and basically re-write all of your inline html that you’ve written; essentially necessitating a while new release of your component in an “English version” and “Spanish version.”

Read More…

My Staff Master Joomla! 1.5 Component Has Finally Launched..

Man, I’m all over the place lately.  Actionscript 3 projects… PHP Development… what’s next?  Crochet you say?  Maybe finally master Bocce ball? So, I’ve been working on a new project as of late.  In doing a site redesign for an older site of mine, I’ve been using Joomla!Framework to structure and build the new site.  I’ve used a number of different PHP frameworks and CMS’s over the years, notably Joomla, Drupal, CakePHP, CodeIgnitor, and WordPress, and I just really, really love Joomla.  Maybe thats because I’ve spent so much time ‘under the hood’ in development, but to me, this CMS/Framework just makes sense and speeds up my development on new sites.

Read More…

PHP & Biscuits, A Commentary on Frameworks, CMS’s, and haters

Any time I’m discussing coding with a few friends, I find myself feeling like a huge coder-poser for my love of pre-made frameworks and open-source CMS’s.  As I get around to showing a client or friend the backend administration area of a site, I always cringe when they love it because I know the discussion will roll around to me saying, “yeah, I actually didn’t code all that but used an open-source content management system.” And they respond, “…oh.. well neat…”

Read More…