You Are Here Home > August 2008

August 2008

The perfect meta description for your site

You may have noticed that in search result pages (SERPs) of Google, there is a two line description:

Google uses (most of the time) your meta description (if it thinks it’s more relevant) and if your description is too long, it will cut it and show 3 dots at the end:

If you don’t want this ti happen, write a good description that is only 155 characters long, for example, in this case the description fits perfectly:

So when writing a meta description remember: (in no particular order)

1 – Write a meta description that is 155 characters long. (or less, obviously)
2 – Write a meta description that is descriptive.
3 – Write a meta description that is provocative.
4 – Use your primary keyword(s) in it, don’t write a stream of keywords, write something meaningful.

The perfect meta description for your site
Comments (0)   Filed under: SEO, Search Engines   Posted by: Codehead

How to fix: Warning: Invalid argument supplied for foreach()

This warning happens only if you try to use foreach on a non array like:

$myvar = 10;
foreach ($myvar as $value) {}

If you run this, you will get:

Warning: Invalid argument supplied for foreach() in YOUR_FILE on line FOREACH_LINE

To fix this just cast $myvar to array like this:

$myvar = 10;
foreach ((array) $myvar as $value) {}
How to fix: Warning: Invalid argument supplied for foreach()
Comments (0)   Filed under: PHP, Web Development   Posted by: Codehead

You can in fact use foreach to change array elements in PHP

Recently I read somewhere that you can’t do this and you have to use this awful syntax:

foreach ($array as &$value) {}

This is only valid in PHP5 and can have very bad consequences for example run this piece of code:

<pre><?php
$array = array(1, 2, 3, 4, 5);
foreach ($array as &$value) {
	echo "$value \n";
}
echo "\n\n";
foreach ($array as $value) {
	echo "$value \n";
}
?>

Here first foreach loop is foreach by reference but the second one is a normal foreach loop.
Run it and see what happens.

The way to change the elements using foreach is very simple actually, the only thing you need is a $key along with the $value!

/* Filter the input */
foreach ($_POST as $key => $value) {
   $_POST[ $key ] = trim(strip_tags($value));
}
You can in fact use foreach to change array elements in PHP
Comments (0)   Filed under: PHP, Web Development   Posted by: Codehead

A PHP form obfuscator; secure and spam free PHP forms

[ D O W N L O A D ]

Example usage:

<?php
 
        session_start();
	require_once 'class_obfuscator.php';
 
	$form_fields = array('username', 'password', 'email');
	$obfuscator  = new Form_Obfuscator($form_fields);
	$obfuscator->set_secret_key('My Secret Key - ET8439FSKJ - EDIT THIS');
 
	if( empty($_POST) ) {
		$fields   = $obfuscator->obfuscate();
		$_SESSION['__enc_form__'] = $obfuscator->encode_form();
		?>
<form action="" method="post">
	Name:<br /><input type="text" name="<?php echo $fields['username']; ?>" /><br /><br />
   Password:<br /><input type="password" name="<?php echo $fields['password']; ?>" /><br /><br />
   Email:<br /><input type="email" name="<?php echo $fields['email']; ?>" /><br /><br />
   <input type="submit" />
</form>
      <?php
	} else {
		foreach ($_POST as $key => $value) $_POST[ $key ] = trim(strip_tags($value)); /* Filter input */
		$form = $obfuscator->decode_form($_SESSION['__enc_form__'], $_POST);
 
		foreach ($form as $key => $value) $form[ $key ] = htmlentities($value, ENT_QUOTES, 'utf-8'); /* Escape output */
		echo "Username: {$form['username']}<br />
				Password: {$form['password']}<br />
				Email: {$form['email']}";
	}
 
?>

This is a class I developed a while back while working on a project of mine and we already know that it’s very effective.

In order to understand what it does you need to first understand how a browser sends a POST request.
When a user submits a form, browser sends something like this to the server:

POST /somepage.php HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: THE LENGTH

username=blah&password=blah&email=some_email

There are 2 problems with this:

1 – Someone along the way can view the password and email address by looking at the packets that are going to the server. (take a look at Wireshark software)

2 – You can send automatic queries to servers, for example automated spam through contact forms works like this. (some spam software can also read Captcha images so you need more protection)

The class I developed will change this POST request to something like this:

POST /somepage.php HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: THE LENGTH

JDF8W9JHF=blah&OEROWF83=blah&VLKDSFOE=some_email

Note that the field names are changed to random strings, and they also change every time the form is shown, so:

1 – Even if a user in the middle can see the packets, he/she won’t know that OEROWF83 stands for “password”.

2 – A spam software won’t have a way of guessing the field names because they are random every time. There is also a secret encryption key which you only know what it is.

Questions and comments are welcome :)

A PHP form obfuscator; secure and spam free PHP forms
Comments (7)   Filed under: PHP, Security, Web Development   Posted by: Codehead

Programming Paradigms 3; Arrays and Structures

In this lecture, Professor Jerry Cain explains arrays and structures and their internal representations.

Programming Paradigms 3; Arrays and Structures
Comments (0)   Filed under: Assembly Programming, C Programming   Posted by: Codehead

Better PHP Applications

Developing better applications requires practice and study but there are little things you can do while you develop your applications that will help.

One of the things I think is very important and all great PHP developers do this is developing your application with error_reporting(E_ALL);

You have to simply place these lines on top of your PHP source files: (or put it on top of your common include file, hopefully you have one)

ini_set('display_errors', 1); /* Output all errors as oppose to logging them */
error_reporting(E_ALL);     /* Show all errors */

What this does is that it will ask PHP to show you all the errors (almost, later on this) such as warnings and notices. (It is most likely that PHP is already set to show you parser and fatal errors.)

Warnings are very important to address, they are run time errors but the compiler doesn’t halt the execution of the script.
Notices are most likely logical errors (in my experience). If you develop with error_reporting set to E_ALL you will see that PHP was telling you where the problems that took you 5 hours to find were all along.

Here is how to produce a notice and how it can help you with some problems.

Suppose you have this self submitting form:

<?php
error_reporting(0);
 
if (isset ($_POST['name'])) :
 
?>
 <form action="" method="post">
 Enter your name:
 <input type="text" name="name" /><br />
 <input type="submit" />
 </form>
<?php
 
else: /* This is the alternate PHP syntax */
 
    echo 'Hello and welcome ' .htmlentities($_POST['name1'], ENT_QUOTES);
 
endif; /* This syntax will make your templates more readable */
?>

This won’t work, you might have spotted the issue but if you didn’t, you will see that this doesn’t work.
What it does is it turns error reporting off completely on line 2 and this is where the problem is (well, not the problem itself) because if you change line 2 to:

echo 'Hello and welcome ' .htmlentities(@$_POST['name'], ENT_QUOTES);

@ will tell the compiler that you know already what’s going on and the compiler won’t show the notice.

After you are done developing your application and ready to launch it, you will replace error_reporting(E_ALL); with error_reporting(0); to turn this off so the PHP compiler won’t show anything at all.

Better yet I suggest to do something like this:

ini_set("display_errors", 0);
ini_set("log_errors",     1);
ini_set("error_log",      "path/to/php.log");
error_reporting(E_ALL);

This will set the PHP to log errors rather than displaying them to the user and I suggest that you visit that error log every once in a while.

This way if your application crash or your users report strange things you will be able to check your log and possibly find some notices ;)

Also one of the reason you don’t want users to see PHP errors is that PHP will show the error and a path to the file that the error was occurred and some information about the error.
This could help malicious users identify your application’s file and folder structure and give them some clues on how they can exploit your application.

Happy Coding :)

Better PHP Applications
Comments (0)   Filed under: PHP, Web Development   Posted by: Codehead

Programming Paradigms 2; Data Types

This is the second video of “Programming Paradigms” course, Stanford by Professor Jerry Cain.
This one is about C data types and how your computer stores and converts different data types internally:

Enjoy :)

Programming Paradigms 2; Data Types
Comments (0)   Filed under: Assembly Programming, C Programming   Posted by: Codehead

Programming Paradigms 1; Introduction

I found these great videos on Youtube that are lectures of a programming course in Stanford by Professor Jerry Cain.
This first one is the introduction of the course

I will post them as I watch them.

Enjoy :)

Programming Paradigms 1; Introduction
Comments (0)   Filed under: Assembly Programming, C Programming   Posted by: Codehead

Steve Jobs’ 2005 Stanford Commencement Address

Thank you, thank you!

Steve Jobs’ 2005 Stanford Commencement Address
Comments (0)   Filed under: General   Posted by: Codehead

A robot that is controlled by real living brain cells!

This is really amazing

A robot that is controlled by real living brain cells!
Comments (0)   Filed under: Artificial Intelligence   Posted by: Codehead
« Newer PostsOlder Posts »