Archive for May, 2009

« Older Entries
May
28
2009

PHP: Fatal error: Maximum execution time of 30 seconds exceeded

This error happens when the execution time of the PHP script exceeds the time limit for program execution in Php.ini file.

By default the timer is set to 30 seconds in php.ini and you can track the time limit by tracing for ‘max_execution_time’ directive in php.ini.

A quick way to find the execution time set for PHP is to check the phpinfo() function.

Solution:
You can set the time limit by issuing “set_time_limit(60);” statement to increase the time limit.

A better way would be trace where the bottlenecks are in the program to identify what causes the time lag. Possible causes may be

* Poorly structured queries
* Never ending iterations
* Read lock on files when they are opened by multiple sources etc.

  • Share/Save/Bookmark

Tags: , ,
Posted in General, PHP | 1 Comment »

May
26
2009

What does unexpected T_DOUBLE_ARROW means in PHP programming?

Sample PHP error statement

PHP: Parse error: syntax error, unexpected T_DOUBLE_ARROW in .\rvunits_controller.php on line 152

It is a syntax error in the coding. Check the line number indcated in the error to see how the values have been assigned to variables. There should be an array that should have been used in that place and the value assignment seems to happen outside the said boundaries – like “xyz” => “name” should be changed to array(”xyz” => “name”) instead.

  • Share/Save/Bookmark

Tags: ,
Posted in General, PHP | No Comments »

May
24
2009

What is a Third-party cookie?

Third party cookies are the cookies that are served by sites other than the site that you are visiting.

For example, Ad serving companies serve their cookies to your computer when you visit a particular site to track which Ads were served, their relevancy to the content where the Ads get published and other such details in addition to keeping track of the user preferences.

  • Share/Save/Bookmark

Tags: , ,
Posted in General | No Comments »

May
21
2009

CSS FIR Technique explained

FIR stands for Fahrner Image Replacement named after Todd Fahrner.

It is a standard compliant technique in which <h1> and <span> tags are used to have nice headings and highlights.

Key fact in this technique is that the text will get displayed even if the CSS is disabled for some reason, hence presenting the text beneath it.
(more…)

  • Share/Save/Bookmark

Tags: , , , ,
Posted in UI, CSS | 1 Comment »

May
20
2009

PHP Register Globals and Security Vulnerability

Register Globals directive is turned OFF from PHP version 4.2.

PHP Global Variables
Environment variables, GET, POST, Server, Cookie variables are knows as Global Variables.

When register_globals directive is turned ON (like what most ISP’s did), you can access/set the global variables like $username, $password instead of $_POST["username"], $_POST["password"].
(more…)

  • Share/Save/Bookmark

Tags: , , , , ,
Posted in Apache, PHP, Security | 1 Comment »

May
19
2009

PHP: escapeshellcmd, escapeshellarg

escapeshellcmd and escapeshellarg are two commands that are used to escape the defect causing characters that are present in the system command or the arguments that get passed to it respectively. Before passing the commands to the system or exec, the strings get escaped using these commands.

Sample program to demonstrate the usage:

<?php

// shell command
$mycmd = "ls -al";
$returncmd = escapeshellcmd($mycmd);
system($returncmd);

// shell arguments
$myshellargs = "al";
system("ls -".escapeshellargs($myshellargs);
?>
  • Share/Save/Bookmark

Tags: ,
Posted in PHP, Security | No Comments »

May
18
2009

PHP Backtick operator `

PHP Backtick operator `

This is the equivalent of shell_exec() command in php. It needs to be present in pair for the commands within it to get executed at the system level.

When shell_exec is disabled or when safe_mode is enabled, this operator is disabled.

  • Share/Save/Bookmark

Tags: ,
Posted in PHP | No Comments »

May
17
2009

PHP XSS: htmlspecialchars vs. htmlentities

Cross site scripting XSS is a term used to refer attacks or loop holes present in the scripting used by websites favoring hackers to exploit this path towards identity theft or phishing.

In PHP, two functions are mainly used to circumvent XSS attacks.
i) htmlspecialchars
ii) htmlentities
(more…)

  • Share/Save/Bookmark

Tags: , , , , ,
Posted in PHP, Security | 1 Comment »

May
15
2009

MySQL – MyISAM, BSD, InnoDB Considerations

MySQL Table Types that are well known
- MyISAM
- InnoDB
- BSD

When making a choice amongst the different types of tables in MySQL, we need to consider the following points

- Size of database based on the activity
- Nature of database access / activity (whether it involves heavy reads / writes)
- Database backup (schema, data)
- Session handling
- If it involves a sync to another database
- What needs to be done if the application is to be scaled
(more…)

  • Share/Save/Bookmark

Tags: , , , , ,
Posted in MySql | 1 Comment »

May
14
2009

PHP Security: Hiding Program Extensions

Obfuscating Scripting Language Extension in PHP is one of the technique that is effective to a certain extent in delaying the unscrupulous act of an active hacker. Following are few simple techniques used for hiding the program extensions.

i) Hiding program extension using .htaccess
ii) Hiding program extension using php.ini
iii) Hiding program extension using apache directive configuration
(more…)

  • Share/Save/Bookmark

Tags: , , , , , ,
Posted in PHP, Security | No Comments »

« Older Entries

  •  

    May 2009
    M T W T F S S
    « Apr   Jun »
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

  • Categories

  • Archives

  • StatPress

    Visits today: 15446
    • w3c

    Recent Posts

    Tags