Monthly Archives: December 2010

How to prevent XSS attacks through php?

There are a number of ways hackers put to use for XSS attacks, PHP’s built-in functions do not respond to all sorts of XSS attacks. Hence, functions such as strip_tags, filter_var, mysql_real_escape_string, htmlentities, htmlspecialchars, etc do not protect us 100%. You need a better mechanism, here is what is solution:

]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#iu', '$1>', $data);

// Remove javascript: and vbscript: protocols
$data = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`\'"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', '$1=$2nojavascript...', $data);
$data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', '$1=$2novbscript...', $data);
$data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*-moz-binding[\x00-\x20]*:#u', '$1=$2nomozbinding...', $data);

// Only works in IE: 
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?expression[\x00-\x20]*\([^>]*+>#i', '$1>', $data);
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?behaviour[\x00-\x20]*\([^>]*+>#i', '$1>', $data);
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*+>#iu', '$1>', $data);

// Remove namespaced elements (we do not need them)
$data = preg_replace('#]*+>#i', '', $data);

do
{
        // Remove really unwanted tags
        $old_data = $data;
        $data = preg_replace('#]*+>#i', '', $data);
}
while ($old_data !== $data);

// we are done...
return $data;
}
?>

MYSQL data manipulation language (DML) commands?

MYSQL data definition language (DDL) commands?

1 Reply

Data Definition Language (DDL)

DDL statements are used to define and modify the database structure of your tables or schema. When you execute a DDL statement, it takes effect immediately.
Some commands of DDL are:

1. CREATE - to create table (objects) in the database
2. ALTER - alters the structure of the database
3. DROP - delete table from the database
4. TRUNCATE - remove all records from a table, including all spaces allocated for the records are removed
5. COMMENT - add comments to the data dictionary
6. RENAME - rename a table

How to backup and restore a MySQL database?

How to run perl in MAMP?

5 Replies

If everything is configured properly, put a perl file in your cgi-bin folder, set permissions so that apache can execute it, and you are all set ready to go. 
Basically, Perl suffers in this aspect just because it was first and that is the way CGIs were done. PHP came along and the default setting allowed PHP scripts to run from any directory. So this is a little trouble for php programmers.

It took one hour for me to figure out how to run perl in MAMP.

Well here are some easy steps for you.

The permissions for all of those files needs to be 755. 

Go to a  Application >> Utility >> and open Terminal. 
    cd /Applications/MAMP
    chmod 755 cgi-bin
    cd cgi-bin
    find . -type f -exec chmod 755 \{\} \;

   Put all perl files in cgi-bin folder.  
  /Applications/MAMP/cgi-bin

Run your script 

http://localhost/cgi-bin/test.pl

You are done!