What is b2rdf php ?
12-Mar-08
What is b2rdf php? Some of the PHP developers ask me.
It’s a file used in blogging applications to create an RSS feed. It is that simple!
Databases are central to many web applications. One reason why PHP is a great web programming language is its extensive database support.
The MySQL database examples in this blog use PHP PDO database access layer, which is only available since PHP 5. With PDO, you use the same PHP functions no matter what database engine you’re talking to, this it very similar to JDBC if you use Java before. Although the syntax of the SQL may differ from database to database, the PHP code remains similar. This will be helpful if the developer or the management decided to change database after development, it makes the web application integration with other database easier.
Please take note, PDO offers data access abstraction, not total database abstraction, it will certainly improve, maybe PDO2. Other PHP libraries, such as PEAR DB, ADODb, and MDB2 attempt to solve the total database abstraction problem, they hide different databases implementation details such as update statement, date handling and column types behind a layer of code. If you want both data access abstraction and database abstraction together, why not try Zend Framework hidden gems called Zend_Db, but remember if you need to use PDO connecting to MySQL database with Zend_Db, you still have to install pdo_mysql PHP extension.
For now, I will not talk about Zend_Db, I will focus on PDO. I will leave Zend Framework for the next posts. Below is a simple connection to MySQL database table called animal, and execute the select statement to list all the animals from the table:
<?php // mysql hostname $hostname = 'localhost'; // mysql username $username = 'username'; // mysql password $password = 'password'; try { $dbh= new PDO("mysql:host=$hostname;dbname=animal", $username, $password); // echo a message saying we have connected echo 'Connected to database'; // the SQL SELECT statement $sql = "SELECT * FROM animals"; foreach ($dbh->query($sql) as $row) { print $row['animal_type'] .' - '. $row['animal_name'] . ''; } // close the database connection $dbh = null; } catch( PDOException $e) { echo $e->getMessage(); } ?>
Most of the PHP programmer used session to preserve certain data across subsequent pages. Nothing wrong with this method, since the web is stateless, most of the web developer used session to maintain a login site.
Usually, how we achieved this is to place a session cookie, in the form of a session ID (a 32 byte alpha-numeric string), on the client browser. When the client’s browser has cookies disabled, the session cannot be stored, so PHP propagates the session ID to the end of each URI on the page. So now, you may have noticed that an attacker may be capable of exploiting this vulnerability by constructing a malicious link containing script code embedded within this variable. PHP developer needs to take extra measurements to ensure the integrity of the session.
As a programmer, you need to ensure that a user’s session cannot be provided by attacker who seeks to hijack user’s session. One simple method to solve the problem is to regenerate session with session_regenerate_id() when there is a changes in user privileges, for example when user successfully login to the registered user’s restricted pages:
<?php session_regenerate_id(); $_SESSION['logged_in'] = TRUE; ?>
By using session_regenerate_id(), you help to minimize session fixation dramatically.
