Mar 01
A lot of people are asking me how they can protect the source code of HTML of they’re site from being seen or worst being stolen. Well, the simple and short answer is that you can’t everything that the browser loads to render it can be seen by the user. The simplest method to protect you’re source HTML code is never to publish it on Internet 
.
Well seriously, there are some meta methods to protect you’re HTML source from being seen by a common user not from an expert user.I will enumerate some methods starting with the simplest.
Continue reading »
Tagged with: hite web page code • html protector • javascript page encryptor
Feb 24
ASP.Net and JSP are two wonderful enviroment to create web application, application that are easy to modify and adapt to all requirements, but the major problems of ASP.Net and JSP is that they are not cheap and slow, in fact there are not many hosting provider that are offering hosting service for this technologies at a affordable price (for a common user ).
Therefore other affordable technology like PHP are commonly wide used by most common users. In comparison with Java or C#, PHP language is pretty simple and doesn’t relay on so much formalism and doesn’t need a lot of knowledge about programming, allowing users to create application without knowing much think about programming technique.
The side effect is that the applications developed in this way are extremely hard to debug and even more harder to extend from a very wide variety of factors, some I will discuss later in this paper.
- The first think to speak about is the “spaghetti code” where the entire application logic (code) is meshed up in same file, you know what I am talking about: a lot of if/else/for/while and functions with no logic organization. To extend such crap application wrote by some other programmers is quite hard and unproductive.
- Since version 4 PHP offers OOP(object orientated programming) but it seams that most of users doesn’t know how to use it right, how to increase their productivity using OOP programming technique and software engineering technique .It seams that web programmers are still writing code like in the stone age.
- Another problem, the biggest one is that users are creating applications dependent on design. The design of a web site is changing frequently that means restructuring the code again and again and again.
The list is still open. I will continue to add more and more bad programming technique.
Jan 19
Desi javascript nu suporta clase totusi se poate poate programa obiectual si anume folosind prototipuri. Javascript este un limbaj in care gasesti atat cele mai mari idiotenii posibile care s-au putut inventa in vre-un limbaj de programare cat si unele cu adevarat geniale, printre acestea se numara faptul ca un obiect in Javascript este un container generic la care ii poti adauga oricand o noua proprietate sau “metoda”. Mai jos este un exemplu de “clasa” (un echivelent al unei clase din limbaje care suporta asa ceva) ce incapsuleaza mecanismul cunoscut si sub denumirea de AJAX.
Pentru cei care nu stiu AJAX este un mecanism de comunicare asicrona cu server-ul, adica pentru a aduce informatie nu este necesara un refresh de pagina.
Continue reading »
Tagged with: ajax • javascript • prototype
Nov 16
Pentru cei care nu stiu cross site scripting-ul est o vulnerabilitatea de securitate ,specifica aplicatiilor web, ce permite injectare de cod distrugator in paginile web vizualizate de catre utilizator. Ea este o vulnerabilitate client side adica nu are efect propriu-zis asupra informatie de pe server ..ati putea spune ca nu este un pericol din moment ce este client side dar sa ne imaginam urmatoare situatie : ce ar insemna daca pe site-ul unei banci , pe una dintre pagini exista un fromular in care toti clientii sunt rugati sa isi introduca datele personale, iar infromatia se va trimite undeva in internet,..ei bine in acest caz este grav.
Pentru a rezolva problema a inputurilor nesecurizate am realizat utmatoarea Continue reading »
Tagged with: cross site scripting • php • XSS
Nov 11
Dupa cum bine se stie PHP-ul este un limbaj orientat pe cod iar suportul pentru clase a aparut abia mai tarziu.
Astazi m-am gindit sa va arat un mic tutorial, si ca sa fiu mai practic am sa realizez citeva clase ce implementeaza majoritatea operatiilor necersare in lucrul cu baza de date in principiu este vorba de patru clase
MysqlQuerry MysqlConnector MysqlController si MysqlResource.
Si ca sa profitam la maxim de flexibilitatea oferita de progrmarea obiectuala haideti ca si clasele noastre sa implementeze fiecate cite o interfata…poate considerati acest pas inutil dar sa ne inchipuim ca dorim sa realizam o aplicatie ce foloseste un server de Mysql dar in timp s-ar putea sa facem o migratie catre un alt server tot ce trebuie sa facem este sa realizam clase ce implementeaza interfetele si modificariile in aplicatia noastra vor fi minime minime atita vreme cit interfata este respectata.
Mai jos este dat codul pentru fiecare dintre interfete
DbQuerry
| Cod: |
| interface DbQuerry {
/**
* @ReturnType void
* @ParamType querry
*/
public function execQuery($querry);
} |
DbController
| Cod: |
| interface DbController {
/**
* @ReturnType void
* @ParamType name string
* @ParamType colomns
*/
public function createTable($name, $colomns);
/**
* @ReturnType void
* @ParamType name string
*/
public function deleteTable($name);
/**
* @ParamType name string
* @ParamType clone string
*/
public function cloneTable($name, $clone);
/**
* @ParamType name string
* @ParamType connector Database.DbConnector
*/
public function createDatabase($name);
/**
* @ParamType name string
* @ParamType connector Database.DbConnector
*/
public function deleteDatabase($name);
/**
* @ReturnType Database.DbResource
*/
public function getLink();
} |
DbConnector
| Cod: |
| interface DbConnector {
/**
* @ReturnType Database.DbResource
*/
public function getLink();
/**
* @ReturnType void
*/
public function disconnect();
/**
* @ReturnType void
*/
public function reconnect();
} |
DbTable
| Cod: |
| interface DbTable {
/**
* @ParamType colomns
* @ParamType values
*/
public function insert($colomns, $values);
/**
* @ParamType condition
*/
public function delete($condition,$operation=’AND’);
/**
* @ParamType colomns
* @ParamType values
* @ParamType conditions
*/
public function update($colomns, $values, $conditions);
/**
* @ParamType condition
*/
public function select($colomns,$condition=”");
/**
* @ReturnType Database.DbResource
*/
public function getData();
/**
* @ReturnType integer
*/
public function getRowsNumber();
} |
Aplicatia va lucra doar cu interfatele (de fapt cu implementari ale interfetelor) si in acest mod se respecta bine cunoscutul principuiu al segregarii interfetelor de implementare.
Acum haideti sa arunacam o privire asupra implemetarii interfetelor
MysqlQuerry
| Cod: |
class MysqlQuerry implements DbQuerry {
/**
* @AttributeType Database.MysqlResource
*/
private $resource;
/**
* @AttributeType boolean
* */
public static $debug=false;
/**
* @ParamType resource Database.MysqlResource
*/
public function setResource(MysqlResource $resource) {
$this->resource=$resource;
}
/**
* @ParamType resource Database.MysqlResource
*/
public function MysqlQuerry(MysqlResource $resource) {
$this->setResource($resource);
}
/**
* @ParamType querry
*/
public function execQuery($querry) {
if(MysqlQuerry::$debug==true)
echo($querry);
$result=mysql_query($querry,$this->resource->getResource());
if(!$result){
$error=mysql_error();
throw new MysqlSintaxException($error);
}
$resource=new MysqlResource($result);
if(MysqlQuerry::$debug==true)
echo(mysql_info($this->resource->getResource()));
return $resource;
}
} |
MysqlController
| Cod: |
class MysqlController extends MysqlQuerry implements DbController {
/**
* @AttributeType string
*/
private $databaseName;
/**
* @AttributeType DbResource
*/
private $resource;
/**
* @ParamType dbName
* @ParamType connector Database.MysqlConnector
*/
public function MysqlController($dbName, MysqlConnector $connector) {
parent::MysqlQuerry($connector->getLink());
$this->databaseName=$dbName;
$this->resource=$connector->getLink();
}
/**
* @ReturnType void
* @ParamType name string
* @ParamType colomns
*/
public function createTable($name, $colomns) {
if(is_array($colomns))
$colomns=implode(”,”,$colomns);
$this->execQuery(”CREATE TABLE $name ($colomns)”);
}
/**
* @ReturnType void
* @ParamType name string
*/
public function deleteTable($name) {
$this->execQuery(”DELETE TABLE $name”);
}
/**
* @ParamType name string
* @ParamType clone string
*/
public function cloneTable($name, $clone) {
$this->execQuery(”CREATE TABLE $clone LIKE $name”);
$this->execQuery(”INSERT $clone SELECT * FROM $name”);
}
/**
* @ParamType name string
*/
public function createDatabase($name) {
$this->execQuery(”CREATE DATABASE $name”);
}
/**
* @ParamType name string
*/
public function deleteDatabase($name) {
$this->execQuery(”DELETE DATABASE $name”);
}
/**
* @ParamType querry
*/
public function execQuery($querry) {
mysql_select_db($this->databaseName,$this->resource->getResource());
return parent::execQuery($querry);
}
/**
* @ReturnType Database.DbResource
*/
public function getLink(){
return $this->resource;
}
}; |
MysqlConnector
| Cod: |
lass MysqlConnector implements DbConnector {
/**
* @AttributeType string
*/
private $password;
/**
* @AttributeType Database.DbResource
*/
private $link;
/**
* @AttributeType string
*/
private $user;
/**
* @AttributeType string
*/
private $host;
/**
* @ReturnType boolean
*/
public function pingServer() {
$result= mysql_ping($this->getLink());
return $result;
}
/**
* @ParamType host
* @ParamType user
* @ParamType password
*/
public function MysqlConnector($host=null, $user=null, $password=null) {
$this->host=$host;
$this->user=$user;
$this->password=$password;
$this->reconnect();
}
/**
* @ReturnType Database.DbResource
*/
public function getLink() {
return $this->link;
}
/**
* @ReturnType void
*/
public function disconnect() {
mysql_close($this->getLink()->getResource());
}
/**
* @ReturnType void
*/
public function reconnect() {
$result=mysql_connect($this->host,$this->user,$this->password);
if($result==false){
$error=mysql_error();
throw new MysqlConnectionException($error);
return;
}
$this->link=new MysqlResource($result);
}
/**
* @ReturnType void
*/
public function __destruct(){
$this->disconnect();
}
}; |
MysqlResource
| Cod: |
class MysqlResource implements DbResource {
private $resource;
/**
* @ParamType resource
*/
public function MysqlResource($resource) {
$this->resource=$resource;
}
public function getResource() {
return $this->resource;
}
} |
MysqlTable
| Cod: |
class MysqlTable extends MysqlQuerry implements DbTable {
/**
* @AttributeType string
*/
private $name;
/**
* @AttributeType string
*/
private $tableResource=null;
/**
* @AttributeType DbController
*/
private $controllerLink;
/**
* @ParamType name
* @ParamType connector Database.MysqlConnector
*/
public function MysqlTable($name, MysqlController $controler) {
parent::MysqlQuerry($controler->getLink());
$this->name=$name;
$this->controllerLink=$controler;
}
/**
* @ParamType colomns
* @ParamType values
*/
public function insert($colomns, $values) {
if(is_array($colomns))
$colomns=implode(”,”,$colomns);
if(is_array($values))
$values=implode(”,”,$values);
$this->execQuery(”INSERT INTO $this->name ($colomns) VALUES (’$values’)”);
}
/**
* @ParamType condition
*/
public function delete($condition,$operation=’AND’) {
if(is_array($condition))
$condition=implode(” $operation “,$condition);
$this->execQuery(”DELETE FROM $this->name WHERE $condition”);
}
/**
* @ParamType colomns
* @ParamType values
* @ParamType conditions
*/
public function update($colomns, $values, $conditions) {
if(!is_array($colomns))
$colomns=explode(”,”,$colomns);
if(!is_array($values))
$values=explode(”,”,$values);
if(is_array($conditions))
$conditions=implode(” AND “,$conditions);
if(count($colomns)!=count($values))
throw new SintaxErrorException(”values and colomn must have the same size.”);
$rez=array();
for($i=0;$i<count($colomns)-1;$i++){
$rez.=$colomns[$i]=”=’$values[$i]‘,”;
}
$rez.=$colomns[$i]=”=’$values[$i]‘”;
$this->execQuery(”UPDATE $this->name SET $rez WHERE $conditions”);
}
/**
* @ParamType condition
*/
public function select($colomns,$condition=”") {
if(is_array($colomns))
$colomns=implode(”,”,$colomns);
if(is_array($condition))
$condition=implode(” AND “,$condition);
if($condition!=”")
$this->tableResource=$this->execQuery(”SELECT $colomns FROM $this->name WHERE $conditions”);
else
$this->tableResource=$this->execQuery(”SELECT $colomns FROM $this->name “);
}
/**
* @ReturnType Database.DbResource
*/
public function getData() {
if($this->tableResource==null)
throw new MysqlTableException(”no data selected in table”);
$i=0;
$result=array();
while($row=mysql_fetch_object($this->tableResource->getResource()))
{
$result[$i++]=$row;
}
return new MysqlResource($result);
}
/**
* @ReturnType integer
*/
public function getRowsNumber() {
if($this->tableResource==null)
throw new MysqlTableException(”no data selected in table”);
return mysql_num_rows($this->tableResource->getResource());
}
/**
* @ParamType querry
*/
public function execQuery($querry) {
return $this->controllerLink->execQuery($querry);
}
}; |
Pentru a trata diversele erori ce pot aparea in timpul lucrului cu baza de date se lucreaza cu exceptii.Iata un exemplu ce foloseste clasele de mai sus, sa presupunem ca avem un tabel cu doua cimpuri id si nume:
| Cod: |
<?php
…
try
{
$connector=new MysqlConnector(”host”,”user”,”parola”);
$controller=new MysqlController(”nume_baza_de_date”,$connector);
$table=new MysqlTable(”nume_tabel”,$controller);
$table->select(”*”,”id=’1′”);
$data=$table->getData()->getResource();
for($i=0;$i<count($data);$i++)
{
echo($data->id);
}
}
catch $ex)
{
echo(”eroare de sintaxa:”.$ex->getMesage());
}
catch(MysqlTableException $ex)
{
echo(”eroare:”.$ex->getMessage());
}
catch(MysqlConnectionException $ex)
{
echo(”eroare :”.$ex->getMessage());
}
catch(MysqlException $ex)
{
echo(”eroare :”.$ex->getMessage());
}
..
?> |
O observatie foarte importanta este ce in cazul catchurilo ordinea este importanta astfel de exmplu daca aveam primul chatch MysqlException de fiecare data cind aparea o exceptie se intra pe primul catch deoarece MysqlException este o calsa din care se deriveaza celelalte tipuri astfel o exceptie de tipul MysqlSintaxException este si de tipul MysqlException.
Pentru a va face o face o imagine asupra ierarhiei de clase am atasat o imagine
Tagged with: clase • oop • php mysql
