RSS

Kurinchi Blogger Scribbles …

On Open Source Technologies

Archive for May, 2009

May 28
2009

PHP: Fatal error: Maximum execution time of 30 seconds exceeded

Last updated: May 30th, 2009

This error happens when the execution time of the PHP script exceeds the time limit for program execution in Php.ini file.

By default the timer is set to 30 seconds in php.ini and you can track the time limit by tracing for ‘max_execution_time’ directive in php.ini.

A quick way to find the execution time set for PHP is to check the phpinfo() function.

Solution:
You can set the time limit by issuing “set_time_limit(60);” statement to increase the time limit.

A better way would be trace where the bottlenecks are in the program to identify what causes the time lag. Possible causes may be

* Poorly structured queries
* Never ending iterations
* Read lock on files when they are opened by multiple sources etc.

Tags: , ,
Posted in General, PHP | 1 Comment »

May 26
2009

What does unexpected T_DOUBLE_ARROW means in PHP programming?

Last updated: May 29th, 2009

Sample PHP error statement

PHP: Parse error: syntax error, unexpected T_DOUBLE_ARROW in .\rvunits_controller.php on line 152

It is a syntax error in the coding. Check the line number indcated in the error to see how the values have been assigned to variables. There should be an array that should have been used in that place and the value assignment seems to happen outside the said boundaries – like “xyz” => “name” should be changed to array(“xyz” => “name”) instead.

Tags: ,
Posted in General, PHP | No Comments »

May 24
2009

What is a Third-party cookie?

Last updated: May 25th, 2009

Third party cookies are the cookies that are served by sites other than the site that you are visiting.

For example, Ad serving companies serve their cookies to your computer when you visit a particular site to track which Ads were served, their relevancy to the content where the Ads get published and other such details in addition to keeping track of the user preferences.

Tags: , ,
Posted in General | No Comments »

May 21
2009

CSS FIR Technique explained

Last updated: May 21st, 2009

FIR stands for Fahrner Image Replacement named after Todd Fahrner.

It is a standard compliant technique in which <h1> and <span> tags are used to have nice headings and highlights.

Key fact in this technique is that the text will get displayed even if the CSS is disabled for some reason, hence presenting the text beneath it.
(more…)

Tags: , , , ,
Posted in UI, CSS | 1 Comment »

May 20
2009

PHP Register Globals and Security Vulnerability

Last updated: May 21st, 2009

Register Globals directive is turned OFF from PHP version 4.2.

PHP Global Variables
Environment variables, GET, POST, Server, Cookie variables are knows as Global Variables.

When register_globals directive is turned ON (like what most ISP’s did), you can access/set the global variables like $username, $password instead of $_POST["username"], $_POST["password"].
(more…)

Tags: , , , , ,
Posted in Apache, PHP, Security | 1 Comment »

May 19
2009

PHP: escapeshellcmd, escapeshellarg

Last updated: May 21st, 2009

escapeshellcmd and escapeshellarg are two commands that are used to escape the defect causing characters that are present in the system command or the arguments that get passed to it respectively. Before passing the commands to the system or exec, the strings get escaped using these commands.

Sample program to demonstrate the usage:

<?php

// shell command
$mycmd = "ls -al";
$returncmd = escapeshellcmd($mycmd);
system($returncmd);

// shell arguments
$myshellargs = "al";
system("ls -".escapeshellargs($myshellargs);
?>

Tags: ,
Posted in PHP, Security | No Comments »

May 18
2009

PHP Backtick operator `

Last updated: May 18th, 2009

PHP Backtick operator `

This is the equivalent of shell_exec() command in php. It needs to be present in pair for the commands within it to get executed at the system level.

When shell_exec is disabled or when safe_mode is enabled, this operator is disabled.

Tags: ,
Posted in PHP | No Comments »

May 17
2009

PHP XSS: htmlspecialchars vs. htmlentities

Last updated: May 18th, 2009

Cross site scripting XSS is a term used to refer attacks or loop holes present in the scripting used by websites favoring hackers to exploit this path towards identity theft or phishing.

In PHP, two functions are mainly used to circumvent XSS attacks.
i) htmlspecialchars
ii) htmlentities
(more…)

Tags: , , , , ,
Posted in PHP, Security | 1 Comment »

May 15
2009

MySQL – MyISAM, BSD, InnoDB Considerations

Last updated: May 14th, 2009

MySQL Table Types that are well known
- MyISAM
- InnoDB
- BSD

When making a choice amongst the different types of tables in MySQL, we need to consider the following points

- Size of database based on the activity
- Nature of database access / activity (whether it involves heavy reads / writes)
- Database backup (schema, data)
- Session handling
- If it involves a sync to another database
- What needs to be done if the application is to be scaled
(more…)

Tags: , , , , ,
Posted in MySql | 1 Comment »

May 14
2009

PHP Security: Hiding Program Extensions

Last updated: May 21st, 2009

Obfuscating Scripting Language Extension in PHP is one of the technique that is effective to a certain extent in delaying the unscrupulous act of an active hacker. Following are few simple techniques used for hiding the program extensions.

i) Hiding program extension using .htaccess
ii) Hiding program extension using php.ini
iii) Hiding program extension using apache directive configuration
(more…)

Tags: , , , , , ,
Posted in PHP, Security | No Comments »

Newer Entries

Copyright ©2008 - 2012. Kurinchilion Inc.

Valid HTML 4.01 Strict  Valid HTML 4.01 Strict