Saturday, January 25, 2014

POST request to https server php

Use following PHP function to make a POST request to https server


<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.in/
*/

$sock = fsockopen("ssl://secure.yoursite.com", 443, $errno, $errstr, 30);
if (!$sock) die("$errstr ($errno)\n");

$data = "var1=" . urlencode("Value for var1") . "&var2=" . urlencode("Value for var2");

fwrite($sock, "POST /action.php HTTP/1.0\r\n");
fwrite($sock, "Host: secure.yoursite.com\r\n");
fwrite($sock, "Content-type: application/x-www-form-urlencoded\r\n");
fwrite($sock, "Content-length: " . strlen($data) . "\r\n");
fwrite($sock, "Accept: */*\r\n");
fwrite($sock, "\r\n");
fwrite($sock, $data);

$headers = "";
while ($str = trim(fgets($sock, 4096)))
$headers .= "$str\n";

echo "\n";

$body = "";
while (!feof($sock))
$body .= fgets($sock, 4096);

fclose($sock);

?>
By: 4evertutorials On 1/25/2014
Continue Reading

how to protect against cross site scripting php


PHP includes the mysql_real_escape_string() operate, that makes a string safe by adding escaping so it may be employed by alternative MySQL-related functions without concern of SQL injections. By escaping, I mean adding a slash ahead of any special characters. as an example, one quote (') would be regenerate to (\'). This tells MySQL that the only quote does not mark the top of a string however rather is a component of the string.

To protect against cross-site scripting, input has to be change to get rid of any and every one tags, as well as all hypertext mark-up language tags and others like  <script>, <object>, and <embed>. PHP strip_tags() will take away HTML tags, and that we will use a string replace to get rid of the others.
As an extra precaution, you ought to take away all special characters, like / ' $ % and #,, from the string. 

Working Example:




<?php
function make_input_safe($variable) {
    $variable = php_strip_html_tags($variable);
$bad = array("=","<", ">", "/","\"","`","~","'","$","%","#");
$variable = str_replace($bad, "", $variable);
    $variable = mysql_real_escape_string(trim($variable));
    return $variable;
}
?>
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.in/
*/

 function php_strip_html_tags( $text )
{
    $text = preg_replace(
        array(
          // Remove invisible content
            '@<head[^>]*?>.*?</head>@siu',
            '@<style[^>]*?>.*?</style>@siu',
            '@<script[^>]*?.*?</script>@siu',
            '@<object[^>]*?.*?</object>@siu',
            '@<embed[^>]*?.*?</embed>@siu',
            '@<applet[^>]*?.*?</applet>@siu',
            '@<noframes[^>]*?.*?</noframes>@siu',
            '@<noscript[^>]*?.*?</noscript>@siu',
            '@<noembed[^>]*?.*?</noembed>@siu'
        ),
        array(
            '', '', '', '', '', '', '', '', ''), $text );
      
    return strip_tags( $text);
}


?>
By: 4evertutorials On 1/25/2014
Continue Reading
Subscribe to: Posts (Atom)
 

© 2014 4everTutorials. All rights resevered.

Back To Top