Resources on Web, Mobile, SEO, Outsourcing and more.

Here is another nice, well I think it is nice, since it’s pretty short and gives you an over view quickly. All PHP developers must find one Framework for them before your client forces you to learn one.

Thanks to Ryan and Team for this precise information.

Many of our customers who look for Ecommerce solutions find Opensource solutions to build it cost effectively and they like what we recommended, Cubecart!There are reasons:1. Easy to customize (skin based), and this keeps the cost low.
2. You can bring great look and feel with skins, you can make the site like complete custom design. No footsteps of Cubecart would be visible.
3. PHP programmers likes it. – Clean code structure, easy to manage. Our PHP programmers have a great feel about it.
4. Designers like it. Clean XHTML interface and CSS driven.
5. SEO guys like it. Search Engine Friendly URLs, Custom URLs, Meta Tags, Robots.txt & PHP Session Killer etc
6. Good support from Cubecart team apart from forum support (Like http://www.cubecartforums.org/)
7. Low cost, $180 only.
8. Good number of alternate payment solutions, Shipping modules (http://www.cubecart.com/modules)
9. Web2.0 interface, But I am yet to see any Mashups.We strongly recommend and teach the importance of SEO for customers who wants us to build Ecommerce sites, as any online business should consider SEO as their primary marketing channel – Not just news paper ads, for long term business through online. Cubecart is one good choice to build SEO friendly Ecommerce sites that supports online marketing.

The Problem with all the codes is that the value is not sanitized before it will be sent as a query. All we need to make sure is that we passing the secure data into database. We can send secure data and prevent the data hacking by following the four prime SQL injection methods

Function mysql_real_escape_string() :

In php, we have a function to deal with strings in MYSQL. (Modified Content)

Function:
mysql_real_escape_string()

Above function seize the string that will be used in the MYSQL query and return the same string with all SQL Injection attempts securely escaped. Above functions will assist to replace each troublesome quotes in SQL Injection query with “backslash \”

Magic Quotes:

Magic quotes will helps to escape from risky form data that is used in SQL Injection. It will automatically include “backslash \” for each special characters in SQL Injection query submitted.

Function to check whether Magic quotes are enabled on server is
“get_magic_quotes_gpc function”

Example:
After adding magic quotes
The   \  becomes  \\
The   ‘  becomes  \’
The   “  becomes  \”

HTML Entities:

HTML Entities function translates all applicable characters to HTML Entities and returns the encoded string.

Function used to translate is,

string htmlentities ( string $string [, int $quote_style=ENT_COMPAT [, string $charset [, bool $double_encode=true ]]] )

Example: 

 <?php $str = “A ‘quote’ is <b>bold</b>”;

// Outputs: A ‘quote’ is &lt;b&gt;bold&lt;/b&gt;
echo htmlentities($str);

Validation:

Length Validation: Hamper of all the input fields in the application to the absolute minimum (7 to 15 characters). This will helps to block long queries input.
Input Validation: Validate the data entered in the input field. For eg. Age field should accept only number and only 2 digits are allowed.
User Privileges:  Create “Admin user” for each database and provide “create, drop and edit ” tables privileges only to the “admin user “