How to write secure code in Php -3

The third part of the Writing Secure PHP series, covering weak passwords, clients and more advanced topics.

In How to write secure code in Php-1, 2  and 3 I covered many of the basic mistakes PHP developers make, and how to avoid common security problems. It is time to get a little deeper into security though, and begin to tackle some more advanced issues.

Context

Before I start, it is worth mentioning at this point in this series that much of what is to come is highly dependant on context. If you are running a small personal site and are regularly backing it up, the chances are that there is no real benefit to you spending weeks on advanced security issues. If an attacker can gain nothing (and cause no harm) by compromising your site, and it would only take you ten minutes to restore it, should something go wrong, then it would be a waste to spend too long on security concerns. At the other end of the scale, if you are managing an ecommerce site that processes thousands of credit cards a day, then it is negligent not to spend a lot of time researching and improving your site's security.

How to wright secure code in Php-4

Cross-Site Scripting (XSS)

Cross-site scripting (often abbreviated to XSS) is a form of injection, where an attacker finds a way to have the target site display code they control. In its most basic form, this can be as simple as a site that allows HTML characters in usernames, where someone can specify a username like:

DaveChild<script type="text/javascript" src="http://www.example.com/my_script.js"></script>

Now, whenever someone sees my username on the target site, the script I've added to my username will run. I could potentially use this to grab the person's login information, log their keystrokes - any number of nefarious activities.

How to make a xml file in php

Here is the PHP code you can customize it according to your requirements.

<&#63php
$xml = new SimpleXMLElement('<root/>');

$track = $xml->addChild('track');

$track->addChild('fieldName1','fieldValue');

$track->addChild('fieldName2','fieldValue');

$track->addChild('fieldName3','fieldValue');

$track->addChild('fieldName4','fieldValue');

Header('Content-type: text/xml');

print($xml->asXML());

&#63>

Enjoy Coding ..!!

Form validation in Magento

As we know that Magento use Prototype.js as javascript library. It provides a simple way to validate html form values. Below is an example:

< ?php echo $this->__('First name') ?> *




< ?php echo $this->__('Last name') ?>  *

How to Override/Overwrite Core Class In Magento ?

There are many reasons and it’s a bad habit and bad programming if core files are modified and it’s not recommended at all. Therefore Magento brought in an excellent way how to override/overwrite those files.In  this post we learn how to override product Model class.This module we will change   first character of product name in uppercase.

 Override/Overwrite Magento Model Class.