Many of the code snippets we have shown for accessing databases have included the database name, username, and user password in plain text, as follows:

$conn = @new mysqli("localhost", "bob", "secret", "somedb");

While this is convenient, it is slightly insecure because somebody could have immediate access to our database with the full permissions that the user "bob" has if he got his hands on our .php file.

It would be better to put the username and password in a file that is not in the document root of the web application and include it in our script, as follows:

 // this is dbconnect.inc
 $db_server = 'localhost';
 $db_user_name = 'bob';
 $db_password  = 'secret';
 $db_name = 'somedb';

?>


 include('../code/dbconnect.inc');

 $conn = @new mysqli($db_server, $db_user_name, $db_password,
                     $db_name);
 // etc

?>

We should think about doing the same thing for other sensitive data.

Some would argue that any file not directly accessible to the user from the Internet should not find a place in the document root of the web site. For example, if the document root for our message board web site is /home/httpd/messageboard/www, we should place all of our .inc files and other files in a place such as /home/httpd/messageboard/code. When we want to include those files, we can simply write in our code:

require_once('../code/user_object.inc');

The reasons for this degree of caution come down to what happens when a malicious user makes a request for a file that is not a .php or .html file. Many web servers default to dumping the contents of that file to the output stream. Thus, if we were to keep user_object.inc in the public document root and the user requested it, he might see a full dump of our code in his web browser. This would let him see the implementation, get at any intellectual property we might have in this file, and potentially find exploits that we might have missed.

To fix this, we should be sure that the web server is configured to only allow the request of .php and .html files , and that requests for other types of files should return an error from the server.

Similarly, files such as password files, text files, configuration files, or special directories are best kept away from the public document root. Even if we think we have our web server configured properly, we might have missed something. Or if our web application is moved to a new server that is not properly configured in the future, we might be exposed to exploitation.

HTML form elements have no types associated with them, and most pass strings (which may represent things such as dates, times, or numbers) to the server. Thus, if you have a numeric field, you cannot assume that it was entered as such. Even in environments where powerful client side code can try to make sure that the value entered is of a particular type, there is no guarantee that the values will not be sent to the server directly, as in the "Double Checking Expected Values" section.

An easy way to make sure that a value is of the expected type is to cast or convert it to that type and use it, as follows:

$number_of_nights = (int)$_POST['num_nights'];
if ($number_of_nights == 0)
{
 echo "ERROR: Invalid number of nights for the room!";
 exit;
}

If we have the user input a date in a localized format, such as "mm/dd/yy"' for users in the United States, we can then write some code to verify it using the PHP function called checkdate. This function takes a month, day, and year value (4-digit years), and indicates whether or not they form a valid date:

// split is mbcs-safe via mbstring (see chapter 5)
$mmddyy = split($_POST['departure_date'], '/');
if (count($mmddyy) != 3)
{
 echo "ERROR: Invalid Date specified!";
 exit;
}

// handle years like 02 or 95
if ((int)$mmddyy[2] < 100)
{
 if ((int)$mmddyy[2] > 50)
   $mmddyy[2] = (int)$mmddyy[2] + 1900;
 else if ((int)$mmddyy[2] >= 0)
   $mmddyy[2] = (int)$mmddyy[2] + 2000;

 // else it's < 0 and checkdate will catch it
}

if (!checkdate($mmddyy[0], $mmddyy[1], $mmddyy[2]))
{
 echo "ERROR: Invalid Date specified!";
 exit;
}

By taking the time to filter and validate the input, we can not only help ourselves out for natural error-checking that we should be doing in the first place (such as verifying whether a departure date for a plane ticket is a valid date), but we can also improve the security of our system.

When building and getting a site online you have to think of a number of things. Some of these include the following:

1.What is your site going to be about If you want to get a site online to make money then you need to do some good research before you choose what your site is going to be about. This is because there is no point in you choosing a topic for your site where other people have no interest in. If no one has any interest in the topic of your site then you will find it very had to get a good amount of visitors to your site. So the best thing to do is to choose a topic that is likely to interest a large number of people and is also likely to make you some good revenue online.

2.What web hosting provider are you going to choose to host your site with Choosing the right Web hosting provider is very important when choosing it to host your site. This is because there is no point in choosing a Web hosting provider that is likely to be unreliable just because it is cheap or just because you don�t know enough about it. The article at: http://www.simplysearch4it.com/article/a00033/854.html gives you a better idea on how to choose a good Web hosting provider to host your site with.

3.How can you add more content to your site Once you have your site up and running, you will then need to think of ways of making your site bigger and also updating your sites content on a regular basis so that your visitors don�t get bored of your site and so that they will have a reason to keep visiting your site on a regular basis. Some ways of adding content to your site could include the following:

�You could add some free reprint able articles to your site that is on the same topic as your site. You can find well over 800 reprint able articles at: http://www.simplysearch4it.com/article/articledir.php �You could add some free to play games on your site so it becomes stickier. You can find a load at: http://www.miniclip.com �You could add a forum to your site so people can keep informed of current events and updates on your site and also chat amongst each other. You can find some good forum scripts at: http://www.hotscripts.com where some of these are free with the GPL.

4.How are you going to earn from your site Once you have built your site and have found a good web host to host your site with, you will then need to think about how you are going to earn from your site.

If you are selling your own products or offering your own services, you may also want to add a few affiliate programs to your site so that you can produce a little extra income from these programs as well as earning the money from selling your own products or offering your own services. You can find well over 800 affiliate programs at: http://www.affiliateseeking.com. These include pay per click programs, pay per lead programs, two-tiered programs, pay per impression programs, residual income programs and more.

5.How are you going to promote your site to get visitors Now that you have your site up and running with maybe a few affiliate programs included within your sites content, you will now need to promote your site so that you can start getting noticed on the Web. The article at: http://www.simplysearch4it.com/article/a00000/197.html gives you some of the best ways of getting visitors to your site.

Once you have done the above five things, you should now have your own site online. The amount of visitors that your site will receive and the amount of money you will make from your site will all depend on the amount of work and effort you put into your site. The more work you do with your site, the more money you are likely to make.

7 things to look for in a URL snipping Service

By Charles H Smith

URL snipping services are becoming commonplace today. Surfers use them to mask affiliate URLs, shorten very long URL's, even to hide email addresses from spammers and automatic email harvesters. Ther are several URL snipping services that are no longer active. These inculde: shortlink.us, quickones.org, smlnk.com, and smurl.it. Hopefully, you didn't lose any carefully crafted and well planned email link campaigns as these services closed.

As you look to snip your URL's using a free service, there are several items to investgate.

First, do the links expire? If they expire, you may want to look to another service.

Second, is there a direct redirect? If, upon selecting the short URL, you are sent to a transition or intersitial page, this page may change in the future to display an advertisment of the free service. The preferable redirection is a direct link to your short URL.

Third, the service should check the URL and determine is is valid. Everyone makes typos, this simply check for valid URL format.

Fourth, how long has the service been in business? Longevity and reliability are crucial when you are snipping hundreds of affiliate links.

Fifth, is there any Terms of Service that you do not agree with? If there are, look for another service.

Sixth, can you use the URL snipping service to hide email addresses from spammers? Try to snip mailto:youremailaddress@yourdomain.com. If the resulting snipped URL opens your default email program, then you may hide your email address from spammers.

Seventh, are your links available only to the site administrators or are they available to the general public?

An alternative to the free services is your own snipping service, running from your server. This ensures your links are available until you decide to delete them.

Generally speaking, the short URL generators are php/MySQL driven scripts. You would need php installed on your server, your site administrator could tell you if it is. You would also need a MySQL database, again your site administrator could tell you if this is available to you.

Another item to check is the control panel page. It should be a php template that can be edited for color, position etc.

If you are using a shared hosting situation you may not be able to run a script that requires will not allow Mod Rewrites to be on, It should be a webmaster settable configuration.

What's the difference Mod Rewrites On/Off? As you compare the resulting snipped URL's, if has a ? in the URL; such as, http://snippedurl.com/?a then the script is set for Mon Rewrites off. This is probably not the preferable URL format. If there is no ? in the snipped URL then it may only be run with Mod Rewrites on.

As you look to snipping your URL's you may want to bring the service in-house to your server. This will give your site added stickyness as your customers, return time and time again to snip their URL's.

Think about your own surfing behavior. What types of websites do you visit the most often; which ones keep drawing you back?

If you are like most internet surfers, you will spend much of your time hanging around websites with dynamic website content, or content that is updated constantly or personalized to your preferences. The age of static, archival websites is long gone, in in its place is a dynamic and powerful internet driven by PHP, ASP, CGI, and Java.

But setting up a website with full SQL support and advanced features is not an easy task, especially for someone who is still waist deep in HTML coding.

So...what to do?

If you don't have the time or the will to commit to an advanced website with cutting-edge features and complicated scripts, there are still a good number of options that will make your website look more professional, with minimal effort.

An excellent resource is Hotscripts - you can find a huge number of complete server side scripts there, many of them free. Another great resource is this Random Text Generator, which is a powerful PHP script to generate random content on your website. Show a new quote every day!

In the end, the choice to go all-out is up to you, but with the help of a few handy scripts and some rudimentary server-side know-how, you can turn a static page into an impressive multi-faceted datacenter overnight!

How To Create A Successful Forum

Hello I have decided to take a few hours of my time to write up a how to on creating a successful forum, these days there are hundreds if not thousands of forums launched each day and I bet more the 80% of them over the next month will shut down. This is because making a forum is just as hard as making a web site if not harder as there is no real content to get visitors attracted what you need is a great design and active members to be on your way to having a forum in which you can receive an income and maybe even live off selling advertising and getting members to pay to signup.

Choosing A Theme:

When choosing a theme make sure you are knowledgeable in that area as most users will be looking for someone to answer there questions and if the admin cant it kind of sets the theme for the rest of the board and you will end up failing in your quest to becoming a successful webmaster/forum owner. Before choosing a theme make sure you have a look at the market I can tell you right now setting up a webmaster forum or domain forum unless you have funds in which to spend then you are wasting your time there are to many out there and the market its flooded but by all means if you have a great idea then go for it as they are very profitable if you manage to get members.

Buying A Suitable Domain:

Okay the second step in setting up a forum is buying a domain depending on your theme this will be different but try to limit the amount of words to at most 3 and try and use the following words after the theme, forum, chat, discussion, board, talk if not you may need to think of a catchy word that goes well with what you want. Choosing a registrar is fairly easy as there are about a million out there these days but my favourite is DomainSite it provides cost effective and easy to manage features for your domain, they also allow you to use Paypal as a source of payment as well.

Choosing A Forum Software:

One of the hardest things you will come by before setting up your forum is choosing what software you are going to use with your forum, the main 3 which are widely used today are Vbulletin, PHPbb and Invision Power Board. All of which have there good's and bad points I will give you a brief overlook at them but before going ahead with one I suggest you read abit more about the features before setting one up. Ill start with VB (Vbulletin) this is used a lot because of its great reputation especially within business and webmaster related sites, this is due because it is a very safe and well updated software which gives buyers probably the most advanced bulletin board on the market to date, although it sounds great it does have some flaws this mainly is its price tag for a leased licence (one year) it is $80 usd and $160 usd for an owned license there are also other optional fees but don't need to be bought. Another non free bulletin board is Invision Power Board which retails for $185 usd this offers like Vbulletin a well made and updated forum software which you mainly see used in gaming and graphics forums as a lot of the mods and free skins are dedicated to those themes. Then we have the most used forum software on the web PHPbb it is a free but yet still advanced and well made with updates regular brought out, if you are on a low cost budget this is the way to go. Overall I prefer to use Vbulletin over the others but this is just a personal choice and offers me the needs that I want from a forum software and I don't mind paying the extra dollars for. But like I said before making a choice read a bit more about them by searching in google, msn and yahoo to find out what they all offer I can only tell you what I think but that's not the option every body chooses really depends on your budget and type of forum you intend to set-up.

Attracting Members Without Paying

But before you can do this there are many months of hard work recruiting and getting new members, when I started when there wasn't sites and services such as Google Adwords or Paid Post programs which can help you get steady traffic and members for a pretty reasonable price, so we had to find other ways this usually involved posting on other forums not blatant advertising though as this will usually get you band and have your post deleted not giving much exposure for the time it took you to sign up and post. I found the best way was to add your site into your signature and post topics and replies that had to do with your subject, forget posting about anything as this will only waste your time and have minimal effect, take your time to make larger and more detailed posts also as more people will read and contribute to your topic on larger forums you can get up to 500 unique visitors from one post not even having your sites link in the text just as a signature, always make sure it is a different colour try reds, blues and greens these aren't to bright that it deters viewers but still catch's there eye. I also found adding the hyperlink into a form of text this makes the advert look nicer and tells them a bit about the site before going to the forum, this allows you to get only those wanting to be apart of your community and are related to the advertising that you may have on your page. Over the last few months there has been also an increase of free forum directories try and add your forum to as many as you can this will improve your search engine rankings whilst receiving more visitors in the mean time.

Attracting Members By Paying:

There are many ways to advertise on the internet these days but many don't work and are a waste of time and money that's why I will try and lead you in the right direction and give you my thoughts on what is the best method of getting a successfully forum for the lowest cost. First off Adwords, this method of advertising can be great if you have an established forum with regular posters and members its also cost effective (depending on keywords) and easy to do if you have a credit card on hand. Don't get me wrong this could be a great way to get members to your forum at the early stages but I don't believe it's the best way at this point of time. One way I have found to be very successful is www.PaidPosts.com this provides a cost effective way to not only get members on your forum but to get posts which people will search for on search engines, find via friends and will want to respond to giving you more members and helping to create your active forum. Although some places do not provide detailed posts but just 3 word replies which really do nothing for getting members apart from deterring people as the forum will look spammed, and you don't want this so early on you will have enough of this later on in your forum. Another way is one of the most common seen on the internet Banner Advertising this is where you either buy or trade banner spots on another forum or site, usually you will try and advertise on a site with the main topic related to your forum to maximise your CTR (click through rate). The best way to go about this is to find a friend or someone via another forum/chat room and purchase a spot for a small amount of team and report how well its doing by the number of click throughs to the number of new members if its not looking to good move on until you find something you think works, there's no point advertising if you don't get anything in return it will just be a waste of money in the long run.

Making Money From Your Forum:

One of the main reasons people decide to make a forum is to make a profit or a return by doing something they enjoy and have an interest in, this is quite common and a lot of people actual do make a living from doing so but it does involve a lot of time and dedication, don't expect to wake up the next morning with thousands of dollars in your account from setting one up. There are many ways to make money from your forum it would take me days to list them all but I will list the main ones, first of Google Adsense you would have seen this been used many times before on sites and forums you have seen you may not know it well but it is a box like shown on www.ArcadeBay.com to the top right of screen, it can be seen many ways to find out more please have a look at www.Google.com/adsense set-up your account and simply add it to your board somewhere preferable in sight of your visitors and members this will improve the revenue made and help you put money back into the forum. It is very easy to customize and edit to suit your forums colour, size and it automatically adds ads related to your forums theme this improving the amount of clicks. Another way is Yahoo Publisher Network which also provides you with a service that like Google's, I personally haven't used this but I have heard the amount per Click is higher giving you more money per click but have found to get less clicks, this giving you the choice to use what you think will better fit your forum. One way that has been used probably the most of the last 4-5 years is banner advertising allowing people to pay upfront for a spot on your forums pages whether it be just the index or site wide this is up to you, there is no current rate for what you should charge this should be up to you depending on amount of members, hits, posts a day. I found it better to list services, items related to your theme better then other things even though you get the same amount of money but it seems to make your forum look more professional, so you wouldn't list computer games on a car forum. There are also thousands of referral programs out there where you receive a commission based on item sold and amount of clicks I'm not going to list them all but try searching for referral programs, affiliate programs in your preferred search engine, I'm sure you'll find something that will fit in quite well with your up coming community.