content types. We can create a validation wizard or field validation for each content type

seperatly. This requires two modules CCK and CCK_validation.

To add a validation field to a content type, go to administer > content >
content types, select the content type you want to add to, and click on the
‘add field’ tab. One of the field types available should be ‘Validation’, and it
should have one bullet point under it, labelled ‘Textarea PHP Code’. If you select
this, give your field a name, and submit the form, you will get to the
configuration page for your new computed field.

Suppose imagine a content type named “Book” and it has custom field “ISBN”. In the ‘Textarea PHP Code’ of the Validation field we can write a validation code like the one below.

if (!isbn_format($node->field_text[0][’value’])){
form_set_error(’field_text’,'The ISBN is not in a valid format.’);
}

function isbn_format($code)
{

if(!preg_match(”/[a-zA-Z]/”,substr($code,0,3),$match))
return false;
if(!is_numeric(substr($code,0,7)))
return false;
return true;
}

When I refer to filtering input, I am really describing three different steps:

*

Identifying input
*

Filtering input
*

Distinguishing between filtered and tainted data

The first step is to identify input because if you don’t know what it is, you can’t be sure to filter it. Input is any data that originates from a remote source. For example, anything sent by the client is input, although the client isn’t the only remote source of dataother examples include database servers and RSS feeds.

Data that originates from the client is easy to identifyPHP provides this data in superglobal arrays, such as $_GET and $_POST. Other input can be more difficult to identifyfor example, $_SERVER contains many elements that can be manipulated by the client. It’s not always easy to determine which elements in $_SERVER constitute input, so a best practice is to consider this entire array to be input.

What you consider to be input is a matter of opinion in some cases. For example, session data is stored on the server, and you might not consider the session data store to be a remote source. If you take this stance, you can consider the session data store to be an integral part of your application. It is wise to be mindful of the fact that this ties the security of your application to the security of the session data store. This same perspective can be applied to a database because the database can be considered a part of the application as well.

Generally speaking, it is more secure to consider data from session data stores and databases to be input, and this is the approach that I recommend for any critical PHP application.

Once you have identified input, you’re ready to filter it. Filtering is a somewhat formal term that has many synonyms in common parlancesanitizing, validating, cleaning, and scrubbing. Although some people differentiate slightly between these terms, they all refer to the same processpreventing invalid data from entering your application.

Various approaches are used to filter data, and some are more secure than others. The best approach is to treat filtering as an inspection process. Don’t correct invalid data in order to be accommodatingforce your users to play by your rules. History has shown that attempts to correct invalid data often create vulnerabilities. For example, consider the following method intended to prevent file traversal (ascending the directory tree):

Can you think of a value of $_POST[’filename’] that causes $filename to be ../../etc/passwd? Consider the following:

…/…/etc/passwd

This particular error can be corrected by continuing to replace the string until it is no longer found:

Of course, the basename( ) function can replace this entire technique and is a safer way to achieve the desired goal. The important point is that any attempt to correct invalid data can potentially contain an error and allow invalid data to pass through. Inspection is a much safer alternative.

In addition to treating filtering as an inspection process, you want to use a whitelist approach whenever possible. This means that you want to assume the data that you’re inspecting to be invalid unless you can prove that it is valid. In other words, you want to err on the side of caution. Using this approach, a mistake results in your considering valid data to be invalid. Although undesirable (as any mistake is), this is a much safer alternative than considering invalid data to be valid. By mitigating the damage caused by a mistake, you increase the security of your applications. Although this idea is theoretical in nature, history has proven it to be a very worthwhile approach.

If you can accurately and reliably identify and filter input, your job is almost done. The last step is to employ a naming convention or some other practice that can help you to accurately and reliably distinguish between filtered and tainted data. I recommend a simple naming convention because this can be used in both procedural and object-oriented paradigms. The convention that I use is to store all filtered data in an array called $clean. This allows you to take two important steps that help to prevent the injection of tainted data :

*

Always initialize $clean to be an empty array.
*

Add logic to detect and prevent any variables from a remote source named clean.

In truth, only the initialization is crucial, but it’s good to adopt the habit of considering any variable named clean to be one thingyour array of filtered data. This step provides reasonable assurance that $clean contains only data that you knowingly store therein and leaves you with the responsibility of ensuring that you never store tainted data in $clean.

In order to solidify these concepts, consider a simple HTML form that allows a user to select among three colors:

In the programming logic that processes this form, it is easy to make the mistake of assuming that only one of the three choices can be provided. As you will learn in the next section, the client can submit any data as the value of $_POST[’color’]. To properly filter this data, you can use a switch statement:

This example first initializes $clean to an empty array in order to be certain that it cannot contain tainted data. Once it is proven that the value of $_POST[’color’] is one of red, green, or blue, it is stored in $clean[’color’]. Therefore, you can use $clean[’color’] elsewhere in your code with reasonable assurance that it is valid. Of course, you could add a default case to this switch statement to take a particular action in the case of invalid data. One possibility is to display the form again while noting the errorjust be careful not to output the tainted data in an attempt to be friendly.

While this particular approach is useful for filtering data against a known set of valid values, it does not help you filter data against a known set of valid characters. For example, you might want to assert that a username may contain only alphanumeric characters:

Although a regular expression can be used for this particular purpose, using a native PHP function is always preferable. These functions are less likely to contain errors than code that you write yourself is, and an error in your filtering logic is almost certain to result in a security vulnerability.

Writing the navigation menu for your site can be a pain. You don’t want to write the same code over and over on every page. Ideally, you would have a PHP menu function that would render the menu with the current page highlighted. This hack gives you that simple menu function (for the low cost of this book, no less!).
The Code

Save the code in Example 1, which demonstrates the use of menu.php as index.php.
Example 1. Using the menu library

Example 2 shows the library, which is surprisingly simple.
Example 2. Making everything work with the PHP library, menu.php

.menu-inactive, .menu-active {

padding: 2px;

padding-left: 20px;

font-family: arial, verdana;

}

.menu-inactive { background: #ddd; }

.menu-active { background: #000; font-weight: bold; }

.menu-inactive a { text-decoration: none; }

.menu-active a { color: white; text-decoration: none; }

“>

index.php creates the menu by calling the page_menu function and specifying the page ID. The ID of the page is used to decide which menu item is selected. The index.php script also calls the menu_css function to set up the CSS styles for the menu.

You can change the makeup of the menu by altering the bottom portion of the menu.php file to add or remove menu items. You can also change the look and feel of the menu by altering the CSS class definitions in the menu_css function.

As with filtering input, when I refer to escaping output , I am really describing three different steps:

*

Identifying output
*

Escaping output
*

Distinguishing between escaped and unescaped data

To escape output, you must first identify output. In general, this is much easier than identifying input because it relies on an action that you take. For example, to identify output being sent to the client, you can search for strings such as the following in your code:

*

echo
*

print
*

printf
*

Welcome back, {$html[’username’]}.

“;

?>

An easy way to make sure that a value is of the expected type is to cast or convert it to that type and use it, as follows:

$number_of_nights = (int)$_POST[’num_nights’];
if ($number_of_nights == 0)
{
echo “ERROR: Invalid number of nights for the room!”;
exit;
}

If we have the user input a date in a localized format, such as “mm/dd/yy”‘ for users in the United States, we can then write some code to verify it using the PHP function called checkdate. This function takes a month, day, and year value (4-digit years), and indicates whether or not they form a valid date:

// split is mbcs-safe via mbstring (see chapter 5)
$mmddyy = split($_POST[’departure_date’], ‘/’);
if (count($mmddyy) != 3)
{
echo “ERROR: Invalid Date specified!”;
exit;
}

// handle years like 02 or 95
if ((int)$mmddyy[2] 50)
$mmddyy[2] = (int)$mmddyy[2] + 1900;
else if ((int)$mmddyy[2] >= 0)
$mmddyy[2] = (int)$mmddyy[2] + 2000;

// else it’s

//get the name of our process

string proc = Process.GetCurrentProcess().ProcessName;//Get the list of all processes by that name

Process[] processes = Process.GetProcessesByName(proc);//if there is more than one process

if (processes.Length > 1)

{

MessageBox.Show(”A previous instance of the application is already running”);

return;

}

LINQ stands for Language-Integrated Query is now available as a integral part of Visual Studio.
LINQ has a great power of querying on any source of data, data source could be the collections of objects, database or XML files.We can easily retrieve data from any object that implements the IEnumerable interface.

Microsoft basically divides LINQ into three areas and that are give below.

1.LINQ to Object {Queries performed against the in-memory data}
2.LINQ to ADO.Net
= LINQ to SQL
= LINQ to DataSet
= LINQ to Entities
3.LINQ to XML

Linq Sample - Where
——————–

public void Linqsample()
{

int[] numbers = {1,3,2,5,4,7,6,9,8,0};
var findlow = from n in numbers where n

Most vulnerabilities exist because of oversight, not because of any particular complexity associated with the exploits. Any experienced developer can easily recognize the danger in trusting a URL in the way just described, but this isn’t always clear until someone points it out.

To better illustrate a semantic URL attack and how a vulnerability can go unnoticed, consider a web-based email application where users can log in and check their example.org email accounts. Any application that requires its users to log in needs to provide a password reminder mechanism. A common technique for this is to ask the user a question that a random attacker is unlikely to know (the mother’s maiden name is a common query, but allowing the user to specify a unique question and its answer is better) and email a new password to the email address already stored in the user’s account.

With a web-based email application, an email address may not already be stored, so a user who answers the verification question may be asked to provide one (the purpose being not only to send the new password to this address, but also to collect an alternative address for future use). The following form asks a user for an alternative email address, and the account name is identified in a hidden form variable:

The receiving script, reset.php, has all of the information it needs to reset the password and send the emailthe name of the account that needs to have its password reset and the email address where the new password is to be sent.

If a user arrives at this form (after answering the verification question correctly), you are reasonably assured that the user is not an imposter but rather the legitimate owner of the chris account. If this user then provides chris@example.org as the alternative email address, he arrives at the following URL after submitting the form:

http://example.org/reset.php?user=chris&email=chris%40example.org

This URL is what appears in the location bar of the browser, so a user who goes through this process can easily identify the purpose of the variables user and email. After recognizing this, the user may decide that php@example.org would be a really cool email address to have, so this same user might visit the following URL as an experiment:

http://example.org/reset.php?user=php&email=chris%40example.org

If reset.php trusts these values provided by the user, it is vulnerable to a semantic URL attack. A new password will be generated for the php account, and it will be sent to chris@example.org, effectively allowing chris to steal the php account.

If sessions are being used to keep track of things, this can be avoided easily:

]+@([-a-z0-9]+\.)+[a-z]{2,}$/i’;

if (preg_match($email_pattern, $_POST[’email’]))

{

$clean[’email’] = $_POST[’email’];

$user = $_SESSION[’user’];

$new_password = md5(uniqid(rand(), TRUE));

if ($_SESSION[’verified’])

{

/* Update Password */

mail($clean[’email’], ‘Your New Password’, $new_password);

}

}

?>

Although this example omits some realistic details (such as a more complete email message or a more reasonable password), it demonstrates a lack of trust given to the email address provided by the user and, more importantly, session variables that keep up with whether the current user has already answered the verification question correctly ($_SESSION[’verified’]) and the name of the account for which the verification question was answered ($_SESSION[’user’]). It is this lack of trust given to input that is the key to preventing such gaping holes in your applications

By Charles H Smith

URL snipping services are becoming commonplace today. Surfers use them to mask affiliate URLs, shorten very long URL’s, even to hide email addresses from spammers and automatic email harvesters. Ther are several URL snipping services that are no longer active. These inculde: shortlink.us, quickones.org, smlnk.com, and smurl.it. Hopefully, you didn’t lose any carefully crafted and well planned email link campaigns as these services closed.

As you look to snip your URL’s using a free service, there are several items to investgate.

First, do the links expire? If they expire, you may want to look to another service.

Second, is there a direct redirect? If, upon selecting the short URL, you are sent to a transition or intersitial page, this page may change in the future to display an advertisment of the free service. The preferable redirection is a direct link to your short URL.

Third, the service should check the URL and determine is is valid. Everyone makes typos, this simply check for valid URL format.

Fourth, how long has the service been in business? Longevity and reliability are crucial when you are snipping hundreds of affiliate links.

Fifth, is there any Terms of Service that you do not agree with? If there are, look for another service.

Sixth, can you use the URL snipping service to hide email addresses from spammers? Try to snip mailto:youremailaddress@yourdomain.com. If the resulting snipped URL opens your default email program, then you may hide your email address from spammers.

Seventh, are your links available only to the site administrators or are they available to the general public?

An alternative to the free services is your own snipping service, running from your server. This ensures your links are available until you decide to delete them.

Generally speaking, the short URL generators are php/MySQL driven scripts. You would need php installed on your server, your site administrator could tell you if it is. You would also need a MySQL database, again your site administrator could tell you if this is available to you.

Another item to check is the control panel page. It should be a php template that can be edited for color, position etc.

If you are using a shared hosting situation you may not be able to run a script that requires will not allow Mod Rewrites to be on, It should be a webmaster settable configuration.

What’s the difference Mod Rewrites On/Off? As you compare the resulting snipped URL’s, if has a ? in the URL; such as, http://snippedurl.com/?a then the script is set for Mon Rewrites off. This is probably not the preferable URL format. If there is no ? in the snipped URL then it may only be run with Mod Rewrites on.

As you look to snipping your URL’s you may want to bring the service in-house to your server. This will give your site added stickyness as your customers, return time and time again to snip their URL’s.

Add the below code to your .htaccess file, and upload to root of the directory:

## USER IP BANNING

order allow,deny
deny from 61.11.74.206 //(it’s our IP address)
allow from all

Sometimes there is just too much data to put onto one web page. An easy way to break up a site (or even a content-heavy page) is to display it using tabs, where the data is broken up into subelements, each correlating to a named tab. Lucky for us, tabs are a piece of cake with PHP.
The Code

Save the code in Example 1 as index.php.
Example 1. Using the tabs library to show a tabbed interface

Next, code up a nice PHP and CSS library. Save the code in Example 2 as tabs.php.
Example 2. Using PHP and some CSS to create user-friendly tabs

.tab {

border-bottom: 1px solid black;

text-align: center;

font-family: arial, verdana;

}

.tab-active {

border-left: 1px solid black;

border-top: 1px solid black;

border-right: 1px solid black;

text-align: center;

font-family: arial, verdana;

font-weight: bold;

}

.tab-content {

padding: 5px;

border-left: 1px solid black;

border-right: 1px solid black;

border-bottom: 1px solid black;

}

0 )

endtab();

$tabs []= array(

title => $title,

text => “”

);

}

function tabs_end( )
{

global $tabs;

endtab( );

ob_end_clean( );

$index = 0;

if ( $_GET[’tabindex’] )

$index = $_GET[’tabindex’];

?>

I designed the API on this tabs system to make it easy to create tabs in your document. It starts with invoking tabs_header in the header section of the document. This will set up the CSS for the tabs. Then, within the body, the call to tabs_start sets up the tab system. Each new tab starts with a call to tab with the name of the tab. The call to tabs_end then ends the construction of the tabs.

Internally, the tabs system uses output buffering to hold onto the contents of each tab, and to display whichever tab is selected “on top.”

Before I get to the code, consider a possible request that the controller is going to have to be able to handle.

http://example.com/index.php?module=loginThat looks simple enough. However, seeing that the code now runs inside a framework, things are not as simple as they may seem. Here is a simple list of arguments that the controller understands and what they do.

module defines the basic module that the user is requesting. For instance, you may choose to create a module named users that stores your code for logging in, logging out, and registering.
class defines the actual class the controller will load. For instance, in your users module you might have classes named login, logout, and register. If you don’t specify a class, the controller will attempt to load one with the same name as the module provided.
event defines which method to run after the controller has authenticated the user. By default, the controller will look for and run the __default() method of your class.
A more complex example of what the controller might handle is:

http://example.com/index.php?module=users&class=loginThis tells the controller to locate the module users, load the class login, and, because there is no event defined, run login::__default().

The code

* @copyright Joe Stump
* @license http://www.opensource.org/licenses/gpl-license.php
* @package Framework
*/

require_once(’config.php’);

// {{{ __autoload($class)
/**
* __autoload
*
* Autoload is ran by PHP when it can’t find a class it is trying to load.
* By naming our classes intelligently we should be able to load most classes
* dynamically.
*
* @author Joe Stump
* @param string $class Class name we’re trying to load
* @return void
* @package Framework
*/
function __autoload($class)
{
$file = str_replace(’_',’/',substr($class,2)).’.php’;
require_once(FR_BASE_PATH.’/includes/’.$file);
}
// }}}

if (isset($_GET[’module’])) {
$module = $_GET[’module’];
if (isset($_GET[’event’])) {
$event = $_GET[’event’];
} else {
$event = ‘__default’;
}

if (isset($_GET[’class’])) {
$class = $_GET[’class’];
} else {
$class = $module;
}

$classFile = FR_BASE_PATH.’/modules/’.$module.’/’.$class.’.php’;
if (file_exists($classFile)) {
require_once($classFile);
if (class_exists($class)) {
try {
$instance = new $class();
if (!FR_Module::isValid($instance)) {
die(”Requested module is not a valid framework module!”);
}

$instance->moduleName = $module;
if ($instance->authenticate()) {
try {
$result = $instance->$event();
if (!PEAR::isError($result)) {
$presenter = FR_Presenter::factory(
$instance->presenter,$instance
);

if (!PEAR::isError($presenter)) {
$presenter->display();
} else {
die($presenter->getMessage());
}
}
} catch (Exception $error) {
die($error->getMessage());
}
} else {
die(”You do not have access to the requested page!”);
}
} catch (Exception $error) {
die($error->getMessage());
}
} else {
die(”An valid module for your request was not found”);
}
} else {
die(”Could not find: $classFile”);
}
} else {
die(”A valid module was not specified”);
}

?>After looking over the code, you might notice a few things. Here’s a walk through the second example URI from above to thoroughly explain things.

1. Include config.php
2. Define the __autoload() function. Because all the classes are named in a structured manner, this function can easily include them when necessary. The __autoload() function is new to PHP 5 and provides a method to load classes dynamically. This eliminates the need to have the controller require every single library needed to function.

3. If there is a module argument, the controller needs to start working on loading the module. The next few lines set up the defaults that I discussed earlier. Once $module, $event, and $class are defined, the controller can move on to loading the module.

4. The next few lines have to do with loading and verifying the requested module and class. The controller loads the module’s config.php and the class file, which in this example is users/login.php. Next, the controller checks to make sure the required file it needs exists and that the requested class is actually defined.

5. Don’t blink! On the next line I used the wonders of variable functions to instantiate the module. It’s very important to note that the controller runs the class’s constructor before it authenticates the user. Due to the class hierarchy, it would be impossible to authenticate before running the constructor. Also, note that the constructor can throw exceptions, which are new to PHP 5, and the controller will handle them appropriately.
Now that the controller has a class, it runs the inherited method authenticate(), which should return a Boolean value. If the function returns true, then the controller continues running the module’s event handler; if false, then the controller exits out. This would be a good place for the controller to redirect to a login form.

6. The next few lines run the given event, which for the example is login::__default(). The event handler can either throw an exception or return a PEAR_Error, which tells the controller that something deadly has happened.

7. Finally–yes, finally–it loads the presentation layer based on what the class has defined. By default, it uses the FR_Presenter_smarty presentation layer. You may not like Smarty, which is fine. Just create a new presentation class and use that instead. If there isn’t anything wrong with the requested presentation layer, the controller finally runs the display() method, which does the heavy lifting of rendering the module. Notice how I pass the instance of the module class to the presentation layer.

For being under 100 lines of code, the controller sure does a lot! The beauty of MVC programming is that the controller is dumb to what is going on. Its sole purpose is to do simple validation on the request, load up the request, and hand off everything to the presentation layer to render the request.

Working within this structure can seem somewhat rigid at first, but once you realize how much more quickly you are able to create large applications and leverage the existing code, you can easily work around the perceived rigidity.

Syntax:
1.start->run->type cmd->click ok
2.Type the root folder path of apache

c:/apache> cd bin
c:/apache>bin>httpd -k install -n “ServiceName”

ServiceName will be called ‘Apache’.

ii.To start,stop,restart,shutdown apache service from command line

Syntax:

c:/apache>bin>httpd -k start
c:/apache>bin>httpd -k restart
c:/apache>bin>httpd -k stop
c:/apache>bin>httpd -k shutdown

The AJAX Controls are been provided to enable the developer to create pages will less postback and to increase the productivity.

The AJAX plays a vital role in the recent world and it happens to be the most needed thing in Web Development.

Here comes a TABContainer Control an AJAX Sample Control for ASP.Net 2.0.

DESCRIPTION

TabContainer is an ASP.NET AJAX Control which creates a set of Tabs that can be used to organize page content. A TabContainer is a host for a number of TabPanel controls.

Each TabPanel defines its HeaderText or HeaderTemplate as well as a ContentTemplate that defines its content. The most recent tab should remain selected after a postback, and the Enabled state of tabs should remain after a postback as well.

TABS CONTAINER PROPERTIES

The TABS CONTAINER is initilaized by the following code.

/>

TabContainer Properties

ActiveTabChanged (Event) - Fired on the server side when a tab is changed after a postback
OnClientActiveTabChanged - The name of a javascript function to attach to the client-side tabChanged event
CssClass - A css class override used to define a custom look and feel for the tabs. See the Tabs Theming section for more details.
ActiveTabIndex - The first tab to show
Height - sets the height of the body of the tabs (does not include the TabPanel headers)
Width - sets the width of the body of the tabs
ScrollBars - Whether to display scrollbars (None, Horizontal, Vertical, Both, Auto) in the body of the TabContainer

TabPanel Properties

Enabled - Whether to display the Tab for the TabPanel by default. This can be changed on the client.
OnClientClick - The name of a javascript function to attach to the client-side click event of the tab.
HeaderText - The text to display in the Tab
HeaderTemplate - A TemplateInstance.Single ITemplate to use to render the header
ContentTemplate - A TemplateInstance.Single ITemplate to use to render the body

What’s new in this version:

calling on a fetch method and providing a result resource from a query whos result was taken from cache would send the script in an infinite loop
improved the speed of dlookup() method by adding LIMIT to it - thanks to A.Leeming for suggesting this
added some new methods - close() - alias of mysql_close(), log_debug_info() - which will write debug information to a log file and seek() - alias of mysql_data_seek() wich works seamlessly with cached results (previously users haven’t had a method for iterating through results of a cached query)
the connect() method now returns the link identifier of the connection, which can be later used for closing the connection with the close() method
some documentation refinements (thanks to Vincent van Daal)
completely rewritten template file and stylesheet
a version with the comments stripped out is also available now to be used by those who need a smaller footprint for the classes they include. the script’s size is almost 4 times smaller than the original script. remember to rename the script to class.database.php if you want to use it

What’s this?

This PHP script is a MySQL database access wrapper. It provides a set of methods for interracting with a MySQL databases, from within PHP, easily and securely while providing a fantastic debugger [read more]

The Zebra Content Management System is both an API and a Content Management System (CMS) providing users a powerful and ready-made backend (the CMS itself) and developers a powerful API to interact with the data from the CMS. This gives the possibility for developers to quickly deploy complex websites without having to bother with coding the administration area of it, while having at disposal a powerful yet simple API to produce the front-end. Because of this, the development time of a standard presentation website can be as short as two days (or even a single day!) without sacrificing anything on the website – on the contrary, because more than 95% of the code and logic that is usually written for a website is already implemented in the APIs, the developers can now focus more to perfectly implement the designs and have more time to test it and make sure it’s W3C compliant.

Bottom line is that you can have your website ready very quickly, complete with registered users management, newsletters module, contact requests management (yes, you can forget about that CRM of yours), multiple language support, articles moderation, files management, image galleries and lots of other things, while everything being very search engine optimized.

The Zebra Content Management System (which uses as foundation the Zebra PHP Component Framework) has a very small footprint – the whole package (including documentation) it’s around 7MB. To run it requires an Apache server, PHP 4.3+ and MySQL 4.1+

Watch the quick presentation movie to get an idea of what I am talking about. An online demo will follow soon. Also, maybe you can share some of your thoughts with me…

If you’re interested in having your website done with the Zebra Content Management System please let me know by writing an email to noname at nivelzero dot ro.

<html xmlns=”http://www.w3.org/1999/xhtml”>
<head id=”Head1″ runat=”server”>
<title>Untitled Page</title>
<script type=”text/javascript”>
function TimeOutFuc()
{
var t = setTimeout(”ShowLabel()”,3000);
}
function ShowLabel()
{
var divObj = document.getElementById(’lbl’);
divObj.style.display = ‘none’;
}
</script>
</head>
<body>
<form id=”form1″ runat=”server”>
<div>

</div>
<div id=”lbl” >
<asp:Label ID=”Label1″ runat=”server” ></asp:Label>
</div>
<br />
<asp:Button ID=”Button1″ runat=”server” Text=”Show Label” onclick=”Button1_Click” />
</form>
</body>
</html>

In the code behind page

protected void Button1_Click(object sender, EventArgs e)
{
Label1.Text = “Some Message”;
Page.RegisterStartupScript(”ShowLbl”, “<script>TimeOutFuc();</script>”);
}

<script language=”javascript”>

function set_selection(divid) {

document.getElementById(divid).style.backgroundColor = “red”;

document.getElementById(divid).style.color = “white”;

for(i=1;i<6;i++) {

if(i != divid) {

document.getElementById(i).style.backgroundColor = “white”; document.getElementById(i).style.color = “black”; }

}

} </script>

<table>

<tr> <th colspan=”5″>Select your Shirt Size</th> </tr>

<tr>

<td><div id=1 onclick=”set_selection(1)” style=”border: solid black 1px;width:35px;text-align:center”><b>S</div></td>

<td><div id=2 onclick=”set_selection(2)” style=”border: solid black 1px;width:35px;text-align:center”><b>M</div></td>

<td><div id=3 onclick=”set_selection(3)” style=”border: solid black 1px;width:35px;text-align:center”><b>L</div></td>

<td><div id=4 onclick=”set_selection(4)” style=”border: solid black 1px;width:35px;text-align:center”><b>XL</div></td>

<td><div id=5 onclick=”set_selection(5)” style=”border: solid black 1px;width:35px;text-align:center”><b>2XL</div></td> </tr>

</table>

With the overLIB JavaScript library (http://www.bosrup.com/web/overlib/), you can have handy pop-up labels that appear above text on your page. This hack makes it a little easier to create these links by providing a PHP wrapper function to invoke the library.

The Code
Save the code shown in Example 1 as index.php.

Example 1. A wrapper function that simplifies overLIB use, courtesy of PHP

‘);” onmouseout=”return nd();”>

So this is just a test of popups. Not something interesting about Rabbits also make good pets.’

); ?>. Because that would just be silly.

You could also put the wrapper function into a PHP library, include that library in your PHP pages, and turn this into a nice, reusable utility function.

Running
Download and unpack the overLIB library into your web server’s documents directory. Then add in the index.php file and surf to it on your browser. You should see something similar to Figure 1.

Figure 1. The page with the pop-up link

Next, move the mouse over the word rabbits, and you will see the pop up appear, which gives you a little more information about rabbits (as seen in Figure 2).

This pop up can be as elaborate as you like, with images, tables, different fonts, styles, and whatever else you please.

The better way to backup and export MySQL database is by doing the task locally on the server, so that the tables’ data can be instantly dumped on the local disk without delay. Thus export speed will be faster and reduce the time MySQL database or table is locked for accessing. This tutorial is the guide on how to backup (export) and restore (import) MySQL database(s) on the database server itself by using the mysqldump and mysql utilities. There are basically two methods to backup MySQL, one is by copying all table files (*.frm, *.MYD, and *.MYI files) or by using mysqlhotcopy utility, but it only works for MyISAM tables. Below tutorial will concentrate on mysqldump which works for both MyISAM and InnoDB tables.

How to Export or Backup or Dump A MySQL Database

To export a MySQL database into a dump file, simply type the following command syntax in the shell. You can use Telnet or SSH to remotely login to the machine if you don’t have access to the physical box.

mysqldump -u username -ppassword database_name > dump.sql

Replace username with a valid MySQL user ID, password with the valid password for the user (IMPORTANT: no space after -p and the password, else mysqldump will prompt you for password yet will treat the password as database name, so the backup will fail) and database_name with the actual name of the database you want to export. Finally, you can put whatever name you like for the output SQL dump file, here been dump.sql.

The while data, tables, structures and database of database_name will be backed up into a SQL text file named dump.sql with the above command.

How to Export A MySQL Database Structures Only

If you no longer need the data inside the database’s tables (unlikely), simply add –no-data switch to export only the tables’ structures. For example, the syntax is:

mysqldump -u username -ppassword –no-data database_name > dump.sql

How to Backup Only Data of a MySQL Database

If you only want the data to be backed up, use –no-create-info option. With this setting, the dump will not re-create the database, tables, fields, and other structures when importing. Use this only if you pretty sure that you have a duplicate databases with same structure, where you only need to refresh the data.

mysqldump -u username -ppassword –no-create-info database_name > dump.sql

How to Dump Several MySQL Databases into Text File

–databases option allows you to specify more than 1 database. Example syntax:

mysqldump -u username -ppassword –databases db_name1 [db_name2 …] > dump.sql

How to Dump All Databases in MySQL Server

To dump all databases, use the –all-databases option, and no databases’ name need to be specified anymore.

mysqldump -u username -ppassword –all-databases > dump.sql

How to Online Backup InnoDB Tables

Backup the database inevitable cause MySQL server unavailable to applications because when exporting, all tables acquired a global read lock using FLUSH TABLES WITH READ LOCK at the beginning of the dump until finish. So although READ statements can proceed, all INSERT, UPDATE and DELETE statements will have to queue due to locked tables, as if MySQL is down or stalled. If you’re using InnoDB, –single-transaction is the way to minimize this locking time duration to almost non-existent as if performing an online backup. It works by reading the binary log coordinates as soon as the lock has been acquired, and lock is then immediately released.

Syntax:

mysqldump -u username -ppassword –all-databases –single-transaction > dump.sql

How to Restore and Import MySQL Database

You can restore from phpMyAdmin, using Import tab. For faster way, upload the dump file to the MySQL server, and use the following command to import the databases back into the MySQL server.

mysql -u username -ppassword database_name

Syntax:
mysql -u [username] -p[password] [datebase_name] > [File_path]

Example:
mysql -u root -p sample > c:/backupfile.sql;

2.To restore a compressed file into the mysql database

Syntax:
gunzip

How to Create a Windows Service Step by Step instructions

1. Open the ID Visual C# 2005 Express Edition - by clicking the menus: [File]->[New Project], Select “Empty Project”, Rename to WindowsService. Click OK to create the project.

2. Project is created, and initially, it’s not saved anywhere but a temporary location, so go ahead and go to [File]->[Save All], and okay through the dialog. This will officially save the project.

3. Add the System.ServiceProcess and System.Configuration.Install references to your project. In the Solution Explorer, right-click “References”, and select “Add Reference…”. In the dialog box that pops up, make sure the “.NET” tab is selected, and then scroll down in the list to “System.ServiceProcess”, select it, and click OK. You’ll see a new entry under References. This will allow you to write code that references the System.ServiceProcess classes. Repeat the process to add the System.Configuration.Install reference.

4. Add two new class files to the project, one labeled: “WindowsService.cs” and the other: “WindowsServiceInstaller.cs”. In the Solution Explorer, right-click the project name and go to: [Add]->[Class]. Name the class “WindowsService.cs” and then hit OK. Repeat the process for “WindowsServiceInstaller.cs”. Now you have two brand-new files with the basics.

5. In WindowsService.cs copy the following code

using System;
using System.Diagnostics;
using System.ServiceProcess;

///
/// OnSessionChange(): To handle a change event
/// from a Terminal Server session.
/// Useful if you need to determine
/// when a user logs in remotely or logs off,
/// or when someone logs into the console.
///
/// The Session Change
/// Event that occured.
protected override void OnSessionChange(
SessionChangeDescription changeDescription)
{
base.OnSessionChange(changeDescription);
}
}
}

6. In WindowsServiceInstaller.cs copy the following code.

using System;
using System.ComponentModel;
using System.Configuration.Install;
using System.ServiceProcess;

this.Installers.Add(serviceProcessInstaller);
this.Installers.Add(serviceInstaller);
}
}
}

7.The ServiceAccount section of the code is important for the security context under which your code will run. For every enumeration except User, set the Username and Password properties to null.

You can set the Account property to the following (this is mostly from Microsoft’s help file):

The LocalSystem enumeration defines a highly privileged account, but most services do not require such an elevated privilege level.
The LocalService enumeration provides a lower privilege level for the security context.
The NetworkService enumeration provides extensive local privileges, and provides the computer’s credentials to remote servers.
The User enumeration allows the use of a username and password combination to set the privilege level for the security context to that of a specified user.
There. That wasn’t so tough! Now, in the WindowsService class, depending on what you’re creating this service for, you’ll probably want to include a background working thread to handle, well, the work. I’ve used this code simply by leaving everything as-is with just the OnCustomCommand method modified, and it works OK. If you wish to handle constant or timed processing, best add at least one working thread.

8. Installation

To install a service, you could create an installation program that encapsulates the executable for deployment, which I find time consuming and inefficient when testing an application. Or, you could install the service though the InstallUtil.exe process that comes with the .NET Framework.

The first method we will look at is the mod_rewrite module that comes with Apache. This module works by matching the requested URL against a set of predefined rules, and then passing in the data to the specified script in the format you determine.

Let’s say that we have a script called news.php in the root directory of the web site (so you could access via http://www.example.com/news.php). This script is responsible for outputting a single news article, as chosen by the news_id parameter passed in the URL.

So if you were trying the access the new article with an ID of 63, you would use http://www.example.com/news.php?news_id=63.

Instead though, we want to make this a bit fancier, so rather than passing an in the URL, we want to access articles using http://www.example.com/news/63.html. There’s no particular reason for having it like this – it’s just for our example.

Anyway, we can make this happen with mod_rewrite with a very simple rule, either in the web server config (httpd.conf), or in a .htaccess file in the web site directory.

The contents would look like this:
Listing 1 .htaccess

RewriteEngine on
RewriteRule ^/news/([0-9]+)\.html /news.php?news_id=$1

Using the above regular expression, we match all requests to the web site that start with news, then have a number followed by .html. Items stored in brackets are stored in variables, such as $1 or $2 (we only have one set of brackets so only $1 is set here).

We then use the $1 parameter in the destination URL. Now inside the news.php script, we just access the news_id parameter as we would have if we called the script in the original way. That is:
Listing 2 news.php

Extra URL parameters

Sometimes you have a situation where you want to pass extra URL parameters to the script. So going back to our example above, perhaps you can access the news.php script with an extra parameter called ‘print’, which displayed a printer friendly version of the article (technically you should be using CSS stylesheets for this, but that doesn’t matter for this example).

So you would normally access the printer friendly version of article 63 using http://www.example.com/news.php?news_id=63&print=1.

Using our rewrite version, we want to access the article using http://www.example.com/news/63.html?print=1, however, the rule we created above will simply discard the print parameter in the URL. To pass this to the news script, we need to use the internal Apache variable %{QUERY_STRING} in our mod_rewrite pattern. We just append this to the news_id with an ampersand.
Listing 3 .htaccess

RewriteEngine on
RewriteRule ^/news/([0-9]+)\.html /news.php?news_id=$1&%{QUERY_STRING}

So now, we can access both parameters through $_GET.
Listing 4 news.php

So that’s all there is to using mod_rewrite. This is a very powerful and complex module, and it is easy to get into trouble using it. Sometimes it can be hard to get your patterns to match correctly, or you create recursive rules, etc. There are several debug settings you can use to try and resolve any problems you might have.
Using The Apache Forcetype Directive

An alternative to using mod_rewrite is to instead use the ForceType directive. What this does, is allow PHP scripts without a .php extension to be executed as PHP scripts. Normally web servers are configured so PHP scripts must finish with .php, so other non-PHP scripts (such as .html files) don’t have to be processed by PHP.

Going back to our example in the mod_rewrite section, instead of having a script called news.php in the root directory, our script would just be called news. So it would be accessed using http://www.example.com/news.

Using the following in our httpd.conf or a .htaccess, this news file will processed on the server as a PHP file.
Listing 5 .htaccess

ForceType application/x-httpd-php

Now, when we access our article using http://www.example.com/news/63.html, our news script is accessed directly, and we must parse out the /63.html part. This is stored in the server variable PATH_INFO.
Listing 6 news

So now we can use regular expressions to extract the number 63 from this string. There are other techniques you will find useful for extracting data also, such as using PHP’s explode() function. For example, if you explode this string on /, then all parts of the path will be stored in an array (there’s only 1 part in this example though, so it’s not worth doing). Anyway, back to regular expressions.

Here is a regular expression (compatible with preg_match()), that looks for a string that has precisely a slash at the start, then a number, followed by .html. It then stores the matches to an array, from which we extract the article Id.
Listing 7 news

Normally we’d use / as the regex delimeter, but since we’re matching a slash, it’s tidier to use something different (in this case !). Additionally, we’re matching 1 (+) or more digits (\d), and we must escape the . since we’re matching a literal period (. normally means “any character�).

So that’s all there is to it. Now you can use the $news_id accordingly in that script. Of course, if the path was in an incorrect format, the matched $news_id would come out as 0 after we casted it as an int, so in other words, it’ll still be safe to plugin to your database, even if the article doesn’t exist.
Using A Custom 404 Handler

This is probably the most complicated method of achieving this result, however, it is also the simplest to expand upon and is more powerful.

By taking advantage of Apache’s custom 404 handler, you can have a single controlling script that decides how all requests are handled. Of course, this is only requests that do not match an existing file. For example, if you have images on your web site, you can still access them in an identical fashion — the image file will exist, hence the 404 handler will not be used.

Additionally, by taking advantage of PHP’s header() function, you can output, say, a 200 OK header rather than a 404 File Not Found header, so from the end user’s point of view, they have no idea the page wasn’t really found.
An example of where this would be used

Taking this idea further, you probably wouldn’t bother implementing a system like this for just a news handling engine as in our examples, but rather, on a larger site that has a lot more content.

For example, if you look at the following URL: http://www.phpriot.com/d/articles/php/index.html. PhpRiot is actually using the ‘ForceType’ method with a PHP script called ‘d’ that handles requests, but we could have implemented it using this method.
Note: This URL was used in a previous version of PhpRiot - the URL scheme of the site no longer works in this fashion.

Suppose we wanted our URL to look like this: http://www.phpriot.com/articles/php/index.html. Instead of creating this path on our web server for each and every article, we would use the 404 handler to parse out the article path like we currently do with our d file.
Implementing the 404 handler

We’re not going to implement the example listed above as it involves other complexities not relevant to this article, so instead, we’ll implement our news article example. We’re also going to add in scope to handle other requests (other than news) and also for outputting error pages.

The first thing to do would be to setup the 404 handler. This can be done either in a .htaccess or in the httpd.conf.
Listing 8 .htaccess

ErrorDocument 404 /handler.php

This means that all requests that don’t match an existing file, are passed to the handler.php script in our web root.

So in this script, we need to parse out the request. You can find the original request in the server REDIRECT_URL variable.
Listing 9 handler.php

Obviously this script is slightly crude, but hopefully in its simplicity you can see how powerful this method can be and what possibilities it can open.

<script type=”text/javascript” src=”jquery.js” mce_src=”jquery.js”></script>

<script type=”text/javascript” src=”dimensions.js” mce_src=”dimensions.js”></script>

<script type=”text/javascript” src=”autocomplete.js” mce_src=”autocomplete.js”></script>

Now we need to call the function that will bring life to our auto-complete field - setAutoComplete.

<script type=”text/javascript”>

$(function(){

    setAutoComplete(”searchField”, “results”, “autocomplete.php?part=”);

});

</script>

The call to setAutoComplete is inside a jQuery special code that is only executed when the DOM is ready, or in other words, when all the code is already loaded. The setAutoComplete function takes 3 parameters:

the id of the input field
the id of the div that will hold the returned data
the URL of the remote script that will process the request
Be aware that the URL should reflect your remote script and that it will be combined with the text typed in the input field.

Now we include our stylesheet to define the look of the elements. We need to define the styles of the div that will contain the results, they include two classes for the selected and unselected items. Take a look at the CSS file linked at the end of this post. There is also a style for the input field.

<link rel=”stylesheet” href=”autocomplete.css” mce_href=”autocomplete.css” type=”text/css”>

To finish the client side part now we need to define the code of the input field as follows:

<label for=”searchField”>Colors: </label>

<input type=”text” id=”searchField” name=”searchField”>

We are almost there! Now that the client side is finished it’s time for the server script. Here is an example of a script that try to match colors. I’m using PHP but you can use whatever language you prefer for the job, of course. You just need to return the results as an array encoded as JSON.

// define the colors array

$colors = array(’black’, ‘blue’, ‘brown’, ‘green’, ‘grey’,

                ‘gold’, ‘navy’ , ‘orange’, ‘pink’, ’silver’,

                ‘violet’, ‘yellow’, ‘red’);

 

// check the parameter

if(isset($_GET[’part’]) and $_GET[’part’] != ‘’)

{

        // initialize the results array

        $results = array();

 

        // search colors

        foreach($colors as $color)

        {

               // if it starts with ‘part’ add to results

               if( strpos($color, $_GET[’part’]) === 0 ){

                       $results[] = $color;

               }

        }

 

        // return the array as json

        echo json_encode($results);

 

        // or return using Zend_Json class

        // require_once(’Zend/Json/Encoder.php’);

        // echo Zend_Json_Encoder::encode($results);

}

Done! As said before, we return the data as an array encoded as JSON. If you are running PHP >= 5.2.0 or the json extension you simply use json_encode for the job. Another option is to use Zend_Json_Encoder from the Zend Framework!