PHP
The answer is: it depends.
It depends on the programming language you are using and partially on the database you are using.
Most of the databases are services running on a web service. We can communicate with them using a special protocol, while we know the address and the port of the server where it runs. There are also databases stored in files, where we specify the target file.
Most of the programming lanugages and frameworks provide a "Connector" for databases, which allows us to communicate with the database. Of course you need to check if your programming language has a driver for the database type you want to connect to. Some frameworks or programming languaes also offer a higher level control structures called object-relational mapping, where the user can easily read or write some objects defined in the project.
There are many different possibilities to answer this question. We will go top down beginning with the browser.
Most of the browsers support the html input tag of type "email" and most of them would automatically warn the user about a wrong format of the address. However there are many standards of email address pattern. Furthermore the user might disable the browser validation, so we should not rely on this.
The second station is the javascript of the browser. Probably the easiest way to validate the email address is to use a regular expression an match the input against this expression. However the user may disable the javascript or send a request in other way than browser. Therefore it's absolutely necessary to validate the email address on the server side. This might be done by a regular expression, but some more sophisticated systems would check the MX record of the domain given in the email address, to be sure it might be a real address of a real mail server.
Wiener Linien API
The challenge was to get a public transport route, by sending time, date, start and destination address. The problem was solved by using the "Wiener Linien API" (http://akirk.github.com/Wiener-Linien-API/). The PHP-Code sends a XML-request with all details of the appointment and get a XML-respond with the transport connection.
For building a request the PHP-function "buildRequest()" can be used.
The following example illustrates a query from "Seckendorfstrasse 4" to "Wiedner Hauptstr. 8":
$params = array();
$params["outputCoords"] = "WGS84";
$params["from"] = "Seckendorfstrasse 4";
$params["to"] = "Wiedner Hauptstr. 8";
$params["year"] = "2011";
$params["month"] = "12";
$params["day"] = "14";
$params["hour"] = "17";
$params["minute"] = "00";
$params["deparr"] = "arr";
$params["modality"] = "pt";
$params["sourceFrom"] = "gps";
$params["sourceTo"] = "stoplist";
$req = buildRequest("api_get_route", $params);
Afterwards, the XML-request must be sent to the following webservice: http://webservice.qando.at/2.0/webservice.ft.
$response = httpPost("http://webservice.qando.at/2.0/webservice.ft", $req);
Finally, the XML-response must be load into a Document Object Model (DOM). A DOM presents an XML document as a tree-structure, which makes it easy to interpret and evaluate the local public transport route.
$dom = new DOMDocument();
$dom->formatOutput = true;
$dom->preserveWhiteSpace = false;
$dom->loadXML($response);
The complete DOMDocument manual is available on the website: http://php.net/manual/de/class.domdocument.php.
To print out the XML-response of the public transport route, use the following PHP-code:
echo "Response: " .$dom->saveXML(). "";
PHP mail() Function
The problem was solved by the creation of the PHP mail()-function.
Programmers have to include the receiver or receivers, subject, message, header (From, Cc, and Bcc) and optional parameter of the eMail.
The syntax of the mail()-function is mail(to,subject,message,headers,parameters).
For an example, see "Screenshot PHP Mail-Function" or the following code-snippet:
<?php
$to = "somebody@example.com";
$subject = "test subject";
$txt = "Hello world!";
$headers = "From: from@example.com" . "\r\n" .
"CC: cc@example.com";
mail($to,$subject,$txt,$headers);
?>
Taggings:
Use the apache mod_rewrite
The default CodeIgniter URL is composed in the following way:http://domain.com/index.php?myController/myMethod/param1/param2/param3This URL loads the file myController.php in the controller subdirectory and calls the public method myMethod(“param1”, “param2”, “param3”) with the given strings as parameters. What I wanted to do was hiding the substring “index.php?” from the users to make the URL look better. The website runs under the apache webserver so I used the rewrite module to finish this task. So before you continue, make sure that this module is running properly. The first step I had to do was writing an .htaccess file which contains those few lines of code and save it in the directory where the index.php is located: <code> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?/$1 [L] </code>The first line activates the rewrite module. The second line states the scope of the rewrite rule. Since the index.php and the .htaccess files are located in the same folder I used a backslash to use the current directory as the scope. The RewriteCond commands can be perceived as conditions that have to be met until the rewrite rule is activated. My two conditions test if the URL calls another file (f) or directory (d) that exist in the current directory. If so, the URL want be changed and the desired resources will be loaded. This is important if there are any other resources than those provided by CodeIgniter in your root directory. If there are no such resources, the rule will be activated which is depicted in the last line. It says that the complete URL string after the domain plus toplevel domain (left term in the regular expression) has to be copied behind the term “index.php?/”. The $1 represents this copied value which in the upper example is the string “myController/myMethod/param1/param2/param3”. The [L] says that this is the last rule (this is just importand if we would have used a sequence of rules). In the last step we have to tell the framework that it should not use the term “index.php” for the creation of links anymore (this step is now done by the apache module implicitly). Therefore we open the file system/application/config/config.php and change the variable$config['index_page'] = "index.php"; to$config['index_page'] = ''; Thats it! After an apache restart the thing should be working!
Using PHP-IDS to secure php web pages
The use of PHP-IDS is pretty simple. Not much coding has to be done. The tool is nicely tested and easy to configure. Once you have downloaded PHP-IDS from http://php-ids.org/downloads/ you can start securing your user-input. After including PHP-IDS with
require_once 'IDS/Init.php';
you can define which arrays should be checked by the tool
$request = array( 'REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
initialise and run PHP-IDS with your config
$init = IDS_Init::init('IDS/Config/Config.ini');$ids = new IDS_Monitor($request, $init);$result = $ids->run();
finally you can look at the $result object to determine the content
if (!$result->isEmpty()) { echo $result;}
PHP-IDS is not 100% secure but it provides help to make your web page safer.
