I made this site for a friend , it is yet on a free domain - vereecken-gearbox-repair.com.nu
Site i build for a mate
- Thread starter bruno
- Start date
Vakarian17
New member
Use a second font for headers. That creates more visual interest in the website.
Overall, clean and simple. I like it.
Overall, clean and simple. I like it.
smalpierre
New member
bruno said:No i am not so in to framework yet , i used a bootstrap and modified it to my needs .iGdesigner said:
I am a starting PHP'er , i have doubts tho
php isn't ridiculously difficult for the most part.You'll find a lot of examples that are not done particularly well though. By a lot I mean possibly most examples
Might want to stay away from cms systems if you want to learn it too. They're all kind of clunky. I've been using the Slim micro-framework, but there's things about it that I don't like so I'm building my own.
If you get stuck on something I'll help you out if I can, I've been coding php for over 10 years
Great , and thanks for the offered help i will definitely come back to that when i need .smalpierre said:bruno said:No i am not so in to framework yet , i used a bootstrap and modified it to my needs .iGdesigner said:
I am a starting PHP'er , i have doubts tho
php isn't ridiculously difficult for the most part.You'll find a lot of examples that are not done particularly well though. By a lot I mean possibly most examples
Might want to stay away from cms systems if you want to learn it too. They're all kind of clunky. I've been using the Slim micro-framework, but there's things about it that I don't like so I'm building my own.
If you get stuck on something I'll help you out if I can, I've been coding php for over 10 years
Yea good point , i have a look at it .Vakarian17 said:
Thanks for the tip .
smalpierre
New member
Here's a tip for PHP
Your first scripts are probably going to be handling forms for things like logins and contact form mailers. Do NOT rely on JavaScript for form validation, and sanitize your inputs so special characters don't get passed. Also if you're accessing a database don't just build a querystring dynamically, use a prepared statement.
What can happen is a malicious user can enter code in the text entry fields like this:
'; //enter malicious code here
the quotation breaks you out of the string, then the semicolon ends the current statement so the malicious code can execute. If the server has it enabled, a user could use exec(), or system() to run programs on the server, or if you're within a query to execute sql commands.
Lets say you have a login form that connects to a database and looks up the users password to compare it to what they typed in the password field. If you use string concatenation to build the query like this:
$query = "select password from users where username = '" . $_POST['username'] . "'";
An attacker can type ';drop table users in the username field ... and now your users table is gone.
Or a contact form:
A user could type '; mail('you@someone.com', 'The SCHLONGLONGER!', 'spam spam SPAMMM!!!!', null, 'vakarian17@yourdomain.com');
They could loop it and send a million spam messages from your server - which would displease your host a lot.
Or they could '; exec(sudo ifconfig eth0 down); to try to shut down your network interface or whatever they want.
Your first scripts are probably going to be handling forms for things like logins and contact form mailers. Do NOT rely on JavaScript for form validation, and sanitize your inputs so special characters don't get passed. Also if you're accessing a database don't just build a querystring dynamically, use a prepared statement.
What can happen is a malicious user can enter code in the text entry fields like this:
'; //enter malicious code here
the quotation breaks you out of the string, then the semicolon ends the current statement so the malicious code can execute. If the server has it enabled, a user could use exec(), or system() to run programs on the server, or if you're within a query to execute sql commands.
Lets say you have a login form that connects to a database and looks up the users password to compare it to what they typed in the password field. If you use string concatenation to build the query like this:
$query = "select password from users where username = '" . $_POST['username'] . "'";
An attacker can type ';drop table users in the username field ... and now your users table is gone.
Or a contact form:
A user could type '; mail('you@someone.com', 'The SCHLONGLONGER!', 'spam spam SPAMMM!!!!', null, 'vakarian17@yourdomain.com');
They could loop it and send a million spam messages from your server - which would displease your host a lot.
Or they could '; exec(sudo ifconfig eth0 down); to try to shut down your network interface or whatever they want.
smalpierre
New member
Not to mention you don't want someone using exec(wget()) or somethign to install malicious software on your webserver - things that could compromise every hosting account on that machine ...
I was aware of sql injection .smalpierre said:
Alot of hosting services have some form of protection against malicious software .My small homeserver even has protection ,multiple layers even .
And this home server with personal sql (MariaDB) so if i dont give out details i should be fine for testing purposes , but on the otherhand i understand that we need good protection to stay a step in front , for our own sake and for our users .
There is always people out there to just try to infect you or steal your data or just because they can .