Sailesh's Journal
PHP to Leadership: Since 2008

We can say that PHP is a mature language with lot's of useful, but potentially dangerous features. The rapid growth of the language and the dynamic nature of the Web let people easily create dynamic web pages without any prior knowledge in computer science or the architecture of the Internet. In this tutorial we’ll have a look at 4 important PHP security measures that you should implement in order to develop a safer website. 1. Register Globals Up until PHP version 4.2.0 the register_globals directive's default value was On . One of the most controversial change in following versions was that the PHP core developers changed this default value to Off , not because the directive itself was insecure, but the common misuse of it was. Note: This feature will be removed starting with PHP 6.0.0 When this directive is On , PHP will inject extra variables in the script such as HTML request variables, etc. The problem with this approach is that a developer canno...

In this article I'm going to cover password hashing, a subject which is often poorly understood by newer developers. Recently I've been asked to look at several web applications which all had the same security issue - user profiles stored in a database with plain text passwords. Password hashing is a way of encrypting a password before it's stored so that if your database gets into the wrong hands, the damage is limited. Hashing is nothing new - it's been in use in Unix system password files since long before my time, and quite probably in other systems long before that. In this article I'll explain what a hash is, why you want to use them instead of storing real passwords in your applications, and give you some examples of how to implement password hashing in PHP and MySQL. Foreword As you read on you'll see that I advocate the use of a hashing algorithm called Secure Hashing Algorithm 1 (or SHA-1). Since I wrote this article, a team of researcher...

When I was working with XAMPP in Ubuntu and asked write PHP script to connect to remote MySQL server which is using PASSWORD hash function to save the password for user, and I found following error. Warning: mysql_connect() [function.mysql-connect]: Premature end of data (mysqlnd_wireprotocol.c:554) in path/to/the/file/where/connection/script/is/written/ Warning: mysql_connect() [function.mysql-connect]: OK packet 1 bytes shorter than expected in path/to/the/file/where/connection/script/is/written/ Warning: mysql_connect() [function.mysql-connect]: mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication. Please use an administration tool to reset your password with the command SET PASSWORD = PASSWORD('your_existing_password'). This will store a new, and more secure, hash value in mysql.user. If this user is used in other scripts executed by PHP 5.2 or earlier you might need to remove the old-passwords flag from your my.cnf file in path/to/the/file/where/conn...

function indianCurrencyFormat($num){ $pos = strpos((string)$num, "."); if ($pos === false) { $decimalpart="00"; } if (!($pos === false)) { $decimalpart= substr($num, $pos+1, 2); $num = substr($num,0,$pos); } if(strlen($num)>3 & strlen($num) <= 12){ $last3digits = substr($num, -3 ); $numexceptlastdigits = substr($num, 0, -3 ); $formatted = makeComma($numexceptlastdigits); $stringtoreturn = $formatted.",".$last3digits.".".$decimalpart ; }elseif(strlen($num)<=3){ $stringtoreturn = $num.".".$decimalpart ; }elseif(strlen($num)>12){ $stringtoreturn = number_format($num, 2); } if(substr($stringtoreturn,0,2)=="-,"){ $stringtoreturn = "-".substr($stringtoreturn,2 ); } return $stringtoreturn; } function makeComma($input){ // This function is written by some anonymous person - I got it from Google if(strlen($input)<=2) { return $input; } $length=substr($input,0,strlen($input)-2)...

The TIOBE Programming Community index gives an indication of the popularity of programming languages. The index is updated once a month. The ratings are based on the number of skilled engineers world-wide, courses and third party vendors. The popular search engines Google, MSN, Yahoo!, Wikipedia and YouTube are used to calculate the ratings. Observe that the TIOBE index is not about the best programming language or the language in which most lines of code have been written. The index can be used to check whether your programming skills are still up to date or to make a strategic decision about what programming language should be adopted when starting to build a new software system. The definition of the TIOBE index can be found here . Position Oct 2013 Position Oct 2012 Delta in Position Programming Language Ratings Oct 2013 Delta Oct 2012 Status 1 1 C 17.246% -2.58%   A 2 2 Java 16.107% -1.09%   A 3 3 Objective-C ...