callumcarolan

Lesta Skateboards

Callum — Sat, 04 Sep 2010 19:14:37 +0000

Show your support for the soon-to-be-released site!

Birthday pictures

Callum — Tue, 13 Jul 2010 03:38:43 +0000

Moved to the USA!

Callum — Mon, 12 Jul 2010 04:02:14 +0000

I recently moved to America and my pc in on a ship somewhere in some ocean on its way here so I’m using an old laptop. Tutorials and updates shall be a bit thin on the ground sorry.
In other news, Happy birthday me! may upload pictures and things tomorrow.

Introduction to PHP Custom Functions

Callum — Tue, 06 Jul 2010 14:50:28 +0000

This tutorial is intended to be a simple easy to understand introduction to the custom functions php allows you to create.

Please note: This function is not intended to be useful nor should it be used. It is solely for learning purposes.


	$var = 'Hello Im a variable.';
 
	function makeBold( $text ) //The variable inside our makeBold fucntion $text, does not have to be a variable called
				   //$text when we run the function. It is just showing you where a variable or string should
				   //go so that it can be used inside the function.
	{
		$var = '' . $text . '';
		//Here we just set a variable $var inside our function, notice we already
		//have a variable called var in the first line of out code? it will not overwrite it.
		//variables made inside the function are used only inside the function that they were.
		//made in. 
 
		return $var;
		//return $var is the last part to this function and will output whatever $var may be to the page
		//once the function has been used within it.
	}
 
 
	$string = 'Here I have a different variable name and I would like the string it carries to be bold';
 
 
	makeBold( $string ); //Now this is where you may not understand it. When we created our function the variable 
			     //inside the brackets said $text and weve just put a variable called $string inside there!
			     //Do not fear this was intentional, I promise. The $text variable in the brackets when we created our
			     //function was only meant to show where the variable or string would be going once we put
			     //our function to use.
 
	echo '
';//dont want out text all bunched up now do we :)
 
	makeBold( 'I would like to be bold please' ); //you can also enter just a string inside the brackets of our function
						      //the string will replace the variable $text when we created our function
						      //if that helps you understand it better.
 
	echo '
';//dont want out text all bunched up now do we :)
 
	echo $var; //Finally we echo the variable we created before we created the function just to show that 
		   //a variable with the same name inside the function will not overwrite it.
?>

Now if you read all the comments I made within the code you should hopefully have a better grasp of what a function does and how it works.

conclusion

A simple function like this would be used to repeat a simple task or piece of code over and over without having to rewrite the code over and over again.
e.g.:


$var = 10;
$var2 = 11;
$var3 = 12;
 
$var = $var / 5 + 1 * 2;
echo $var.'
';
 
$var2 = $var2 / 5 + 1 * 2;
echo $var.'
';
 
$var2 = $var2 / 5 + 1 * 2;
echo $var.'
';
?>

This piece of code requires you to redo the same calculations over and over which makes your code look messy and it is inefficient.


function math( $var ){
$var = $var / 5 + 1 * 2;
return $var.'
';
}
math( '10' );
math( '11' );
math( '12' );
?>

Now on a small scale like this it may not seem like a massive difference but on a large scale it makes a massive difference and greatly reduces your code.

If you liked or found this helpful please comment or if you didn’t please comment and ask why and maybe I can help

Free Photoshop Repeating Pattern

Callum — Mon, 18 Jan 2010 17:03:02 +0000

i didn’t personally make this but i found it to be really useful. i hope its useful to you guys too just click the thumbnail :3

This can be hued to get a different colour alternatively you could just use the colour it is.

Preventing XSS Attacks

Callum — Sun, 17 Jan 2010 19:15:21 +0000

xss attacks

you may have heard of xss before but thought, “wtf is that”. xss stands for Cross-Site-Scripting(XSS). you’re probably thinking: okay… so what. xss is not as dangerous as most vulnrebilities in website scripts but can still be very serious.

examples

okay i’ll show you what exactly happens with an xss attack and why its bad.


 
    if ( isset( $_SESSION['name'] ) )
    {
        echo 'Your name is:
'.
              $_SESSION['name'];
    }
    else
    {
        $_SESSION['name'] = $_GET['name'];
        echo 'Session set as: '. $_GET['name'];
    }
 
 
?>

okay so that looks pretty harmless right? wrong. if i were to send this link to my friend: http://site.com/page.php?name= the part in bold is the script that is being injected into your code. the user would be redirected to an evil site because of your insecure script.this is not however all the xss is. xss can be used for various other malicious things such as cross-site-request-forgery. i wont go into too much detail because it can seem daunting for beginners so if you google CSRF then you can read about it on wikipedia or something.

how to prevent it

okay so now you know why its bad and what can happen its time to stop it.


 
function clean ( $string )
{
    $malicious = array( 'javascript' , 'script>' , 'style>' , 'meta>' );
    $string    = str_replace( $malicious , '' , $string );
    $string    = htmlspecialchars( mysql_real_escape_string( $string ) );
    return $string;
}
 
    if ( isset( $_SESSION['name'] ) )
    {
        echo 'Your name is:
'.
              $_SESSION['name'];
    }
    else
    {
        $_SESSION['name'] = clean( $_GET['name'] );
        echo 'Session set as: '. $_GET['name'];
    }
 
 
?>

so in our php code we have created a function called clean. this function will take the value of $string and use str_replace to remove malicious code parts, use htmlspecialchars to turn <, >, ; etc.. into hex values so that they can not be used in a malicious way in our script and will just be displayed as text instead of executing code. just for an added measure we use mysql_real_escape_string to stop any sql injection even though our script doesn’t have an sql query its there incase you decide to use this function in the future. thanks if you read it all it took me a while to write :3

HAY!!!

Callum — Sun, 17 Jan 2010 18:37:57 +0000

hai there. i finally bothered to set up a blog although not my original plan of writing my own blog script. suppose i’m just lazy lol.

anyway keep checking back and i’ll have loads of useful stuff for everyone :3