SQL injection or SQLi is a common php technique used to hack into a website. Using this below code can help you prevent or stop the hacking. Shown below is a sequence of code snippets, which relate to preventing SQL injection with its use. It is a common technique that hacks into the site to see the contents of it, use of the code snippet is necessary when you are in the beginning process avoiding the hack.
function clean($input) { if (is_array($input)) { foreach ($input as $key => $val) { $output[$key] = clean($val); // $output[$key] = $this->clean($val); } } else { $output = (string) $input; // if magic quotes is on then use strip slashes if (get_magic_quotes_gpc()) { $output = stripslashes($output); } // $output = strip_tags($output); $output = htmlentities($output, ENT_QUOTES, 'UTF-8'); } // return the clean text return $output; } function clean($input) { if (is_array($input)) { foreach ($input as $key => $val) { $output[$key] = clean($val); // $output[$key] = $this->clean($val); } } else { $output = (string) $input; // if magic quotes is on then use strip slashes if (get_magic_quotes_gpc()) { $output = stripslashes($output); } // $output = strip_tags($output); $output = htmlentities($output, ENT_QUOTES, 'UTF-8'); } // return the clean text return $output; } <?php $text = "<script>alert(1)</script>"; $text = clean($text); echo $text; ?> <?php $text = "<script>alert(1)</script>"; $text = clean($text); echo $text; ?> If the clean function has not be applied above, the page shows an alert box and wastage of time results. Detection with PHP Coding Using below function calls you will want to check the city from which the user is visiting your website. Users on the website have a location, chosen meaningfully to see who and where the user is. function detect_city($ip) { $default = 'UNKNOWN'; $url = 'http://ipinfodb.com/ip_locator.php?ip=' . urlencode($ip); $ch = curl_init(); $curl_opt = array( CURLOPT_FOLLOWLOCATION => 1, CURLOPT_HEADER => 0, CURLOPT_RETURNTRANSFER => 1, CURLOPT_USERAGENT => $curlopt_useragent, CURLOPT_URL => $url, CURLOPT_TIMEOUT => 1, CURLOPT_REFERER => 'http://' . $_SERVER['HTTP_HOST'], ); curl_setopt_array($ch, $curl_opt); $content = curl_exec($ch); if (!is_null($curl_info)) { $curl_info = curl_getinfo($ch); } curl_close($ch); if ( preg_match('{<li>City : ([^<]*)</li>}i', $content, $regs) ) { $city = $regs[1]; } if ( preg_match('{<li>State/Province : ([^<]*)</li>}i', $content, $regs) ) { $state = $regs[1]; } if( $city!='' && $state!='' ){ $location = $city . ', ' . $state; return $location; }else{ return $default; } } function detect_city($ip) { $default = 'UNKNOWN'; $curlopt_useragent = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)'; $url = 'http://ipinfodb.com/ip_locator.php?ip=' . urlencode($ip); $ch = curl_init(); $curl_opt = array( CURLOPT_FOLLOWLOCATION => 1, CURLOPT_HEADER => 0, CURLOPT_RETURNTRANSFER => 1, CURLOPT_USERAGENT => $curlopt_useragent, CURLOPT_URL => $url, CURLOPT_TIMEOUT => 1, CURLOPT_REFERER => 'http://' . $_SERVER['HTTP_HOST'], ); curl_setopt_array($ch, $curl_opt); $content = curl_exec($ch); if (!is_null($curl_info)) { $curl_info = curl_getinfo($ch); } curl_close($ch); if ( preg_match('{<li>City : ([^<]*)</li>}i', $content, $regs) ) { $city = $regs[1]; } if ( preg_match('{<li>State/Province : ([^<]*)</li>}i', $content, $regs) ) { $state = $regs[1]; } if( $city!='' && $state!='' ){ $location = $city . ', ' . $state; return $location; }else{ return $default; } } <?php $ip = $_SERVER['REMOTE_ADDR']; $city = detect_city($ip); echo $city; ?> <?php $ip = $_SERVER['REMOTE_ADDR']; $city = detect_city($ip); echo $city; ?> PHP Code Snippet Use Using this function below you will want to acquire the HTML code of any webpage and perfect your page layout and features you need to add. function display_sourcecode($url) { $lines = file($url); $output = ""; foreach ($lines as $line_num => $line) { // loop thru each line and prepend line numbers $output.= "Line #<b>{$line_num}</b> : " . htmlspecialchars($line) . "<br>\n"; } } Use HTML based code, edit and change it according to what addition and deletion seems necessary seeing a compulsory addition to the coding trend. function display_sourcecode($url) { $lines = file($url); $output = ""; foreach ($lines as $line_num => $line) { // loop thru each line and prepend line numbers $output.= "Line #<b>{$line_num}</b> : " . htmlspecialchars($line) . "<br>\n"; } } <?php $url = "http://blog.koonk.com"; $source = display_sourcecode($url); echo $source; ?> <?php $url = "http://blog.koonk.com"; $source = display_sourcecode($url); echo $source; ?> Source code of a Facebook page shown in the snippet below easily has specifications and credentials making maximum use of source code exposure necessarily. function fb_fan_count($facebook_name) { $data = json_decode(file_get_contents("https://graph.facebook.com/".$facebook_name)); $likes = $data->likes; return $likes; } function fb_fan_count($facebook_name) { $data = json_decode(file_get_contents("https://graph.facebook.com/".$facebook_name)); $likes = $data->likes; return $likes; } <?php $page = "koonktechnologies"; $count = fb_fan_count($page); echo $count; ?> <?php $page = "koonktechnologies"; $count = fb_fan_count($page); echo $count; ?>
0 Comments
Leave a Reply. |