Site i build for a mate

bruno

New member
iGdesigner said:
Looking clean, simple and nice. Is this Foundation 5 from Zurb?
No i am not so in to framework yet , i used a bootstrap and modified it to my needs .
I am a starting PHP'er , i have doubts tho ;)
 

Vakarian17

New member
Use a second font for headers. That creates more visual interest in the website.

Overall, clean and simple. I like it.
 

smalpierre

New member
bruno said:
iGdesigner said:
Looking clean, simple and nice. Is this Foundation 5 from Zurb?
No i am not so in to framework yet , i used a bootstrap and modified it to my needs .
I am a starting PHP'er , i have doubts tho ;)

php isn't ridiculously difficult for the most part.You'll find a lot of examples that are not done particularly well though. By a lot I mean possibly most examples :D

Might want to stay away from cms systems if you want to learn it too. They're all kind of clunky. I've been using the Slim micro-framework, but there's things about it that I don't like so I'm building my own.

If you get stuck on something I'll help you out if I can, I've been coding php for over 10 years :)
 

bruno

New member
smalpierre said:
bruno said:
iGdesigner said:
Looking clean, simple and nice. Is this Foundation 5 from Zurb?
No i am not so in to framework yet , i used a bootstrap and modified it to my needs .
I am a starting PHP'er , i have doubts tho ;)

php isn't ridiculously difficult for the most part.You'll find a lot of examples that are not done particularly well though. By a lot I mean possibly most examples :D

Might want to stay away from cms systems if you want to learn it too. They're all kind of clunky. I've been using the Slim micro-framework, but there's things about it that I don't like so I'm building my own.

If you get stuck on something I'll help you out if I can, I've been coding php for over 10 years :)
Great , and thanks for the offered help i will definitely come back to that when i need .


Vakarian17 said:
Use a second font for headers. That creates more visual interest in the website.

Overall, clean and simple. I like it.
Yea good point , i have a look at it .

Thanks for the tip .
 

smalpierre

New member
Here's a tip for PHP

Your first scripts are probably going to be handling forms for things like logins and contact form mailers. Do NOT rely on JavaScript for form validation, and sanitize your inputs so special characters don't get passed. Also if you're accessing a database don't just build a querystring dynamically, use a prepared statement.

What can happen is a malicious user can enter code in the text entry fields like this:

'; //enter malicious code here

the quotation breaks you out of the string, then the semicolon ends the current statement so the malicious code can execute. If the server has it enabled, a user could use exec(), or system() to run programs on the server, or if you're within a query to execute sql commands.

Lets say you have a login form that connects to a database and looks up the users password to compare it to what they typed in the password field. If you use string concatenation to build the query like this:

$query = "select password from users where username = '" . $_POST['username'] . "'";

An attacker can type ';drop table users in the username field ... and now your users table is gone.

Or a contact form:

A user could type '; mail('you@someone.com', 'The SCHLONGLONGER!', 'spam spam SPAMMM!!!!', null, 'vakarian17@yourdomain.com');

They could loop it and send a million spam messages from your server - which would displease your host a lot.

Or they could '; exec(sudo ifconfig eth0 down); to try to shut down your network interface or whatever they want.
 

bruno

New member
@"smalpierre" You seem to have alot of knowledge and experience .

We dont want our userdata to be compromised or deleted or even be stolen .

Really great tips thanks .
 

smalpierre

New member
Not to mention you don't want someone using exec(wget()) or somethign to install malicious software on your webserver - things that could compromise every hosting account on that machine ...
 

bruno

New member
smalpierre said:
Not to mention you don't want someone using exec(wget()) or somethign to install malicious software on your webserver - things that could compromise every hosting account on that machine ...
I was aware of sql injection .
Alot of hosting services have some form of protection against malicious software .My small homeserver even has protection ,multiple layers even .
And this home server with personal sql (MariaDB) so if i dont give out details i should be fine for testing purposes , but on the otherhand i understand that we need good protection to stay a step in front , for our own sake and for our users .
There is always people out there to just try to infect you or steal your data or just because they can .