Difference between Notice and warning and fatal error

Notice

• A notice is an advisory message like "You probably shouldn't be doing what you're doing"
• Execution of the script is not halted
• Example
  

  echo $undefinedVariable;

Warning

• A warning is a message like "You are doing something wrong and it is very likely to cause errors in the future, so please fix it." Execution of the script is not halted;
• Example
  

  echo 1/0;

Fatal Error

• Fatal run-time errors
• Execution of the script is not halted
• Example  

  require_once "notexistfile.php"

Best Related Posts are Following:

1. What are differences between $(document).ready and $(window).load?.
2. Difference between MVC and MVP design pattern.
3. What is difference between event.preventDefault() and return false in Javascript?.
4. What is the difference between call and apply in javascript?.
5. Difference between inner join and outer join in MySQL.
6. Difference between theme and template in website.
7. Difference between in_array and array_key_exists in php with Example.
8. Difference between SSL and HTTPS.
9. Difference between Notice and warning and fatal error.
10. Difference between overloading and overriding in php with Example.
11. What is difference between natcasesort and sort?.
12. Difference Between Hadoop and Big-Data.
13. Difference Between Primary Key And Unique Key And Foreign Key And Composite Key.
14. PHP Sessions and Cookie and Security.
15. Difference between WebService and API.
16. Difference Between MyISAM and innoDB - MySQL.
17. Difference Between Zend framework 2 VS Zend framework 1.
18. Difference between JSON and JSONP.
19. Difference Between Cakephp and Zend Framework.
20. Difference between Abstract class and Interface in PHP.

How can I prevent SQL-injection in PHP [SOLVED]

Following are different 3 ways to prevent from SQL Injection.
1. Using PHP inbuilt Functions.

$name = mysql_real_escape_string($_POST["name"]);
mysql_query("INSERT INTO users VALUES($name)");

2. Use MySqli instead of MySQL. MySqli is far better than MySql because is object oriented MySql.

$stmt = $dbConnection->prepare('INSERT INTO users VALUES(?)');
$name=$_POST["name"];
$stmt->bind_param('s', $name);
$stmt->execute();

3. Using PDO

$stmt = $conn->prepare("INSERT INTO users VALUES(:name)");
$stmt->bindValue(':name', $_POST["name"]);
$stmt->execute();

Best Related Posts are Following:

1. How to import csv file to database through phpmyadmin.
2. How to export mysql query results to csv?.
3. MySql replace NULL values with empty string without effecting Rowset.
4. How to fix Headers already sent error in PHP?.
5. Twitter login failed leads to Page not found.
6. How to send an email using Email Template in Zend Framework.
7. How do I get wordpress global variable and functions in custom file [SOLVED].
8. How to convert php array into javascript array.
9. How to store array in Cookie and retrieve array from cookie.
10. Synchronous XMLHttpRequest on the main thread is deprecated.
11. Send Email from Gmail SMTP using Zend Framework.
12. HTML formatted email not showing up correctly in mail clients (Gmail-Outlook-Hotmail-Iphone-Android) [SOLVED].
13. How to change the author of a post in Wordpress.
14. How to clear Facebook image cache.
15. Google trends api php - How to get hot trends.
16. How can delete a user without deleting the post and comments in wordpress?.
17. Using mysqli and parameterized statements in PHP with Example.
18. Wordpress redirect https to http with htaccess [SOLVED].
19. Advanced PHP Interview Questions and Answers.
20. PHP Technical Interview Questions and Answers for Fresher and Experienced.
21. How to Add attribute in A-Tag using jQuery.
22. 
    

PHP Register Globals

register_globals is  PHP Setting, In which it registers the GET/POST array's elements as variables.

For example, If URL is /index.php?name=php-tutorial-php, when you echo $name; It will print the value i.e php-tutorial-php (if register_globals is ON). Same applicable to POST methods also.

When register_globals is ON you need not to extract the value of GET/POST explicitly, variable values are available with the element-Name.


Example with POST Data (if register_globals is ON)

If you post following data
Array
(
    [name] => php-tutorial-php
    [description] => Web Technology Experts Notes
)
echo $name;//php-tutorial-php
echo $description;//Web Technology Experts Notes

For Example COOKIE Data(if register_globals is ON)

$_SESSION[value] = 123;
$value = 'This is session value';
echo $_SESSION[value]; //This is session value

When register_globals=on, anything passed via $_GET / $_POST / $_SESSION / $_COOKIE automatically appears to be global variable, this can might have security consequences. Due to this register_globals has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.

If you are using lower than php5.4 version, It's highly recommended you should set off the value of register_global.

Best Related Posts are Following:

1. How can I read request-headers in PHP.
2. How can I prevent SQL-injection in PHP?.
3. What is Best method for sanitizing user input with PHP?.
4. Difference between Notice and warning and fatal error.
5. How can I prevent SQL-injection in PHP [SOLVED].
6. PHP Register Globals.
7. PHP Sessions and Cookie and Security.
8. Free Boost Web Application By 20% in Simple Steps.
9. PHP Check Mime Type of File - Return Information About A File.
10. Crontab Interview Questions and Answers.
11. Improve Ajax Performance.
12. PHP Captcha Code Example Code Snippets.
13. PHP - Secure Ajax Call from Hackers - Example.
14. htaccess code snippets example.
15. Manage Cron Job with PHP - SSH2 Connection.
16. Shared Server Security Risk open_basedir disable_functions disable_classes.
17. Spoofed Forms - Stop Spoofed Form Submissions.
18. Session Fixation.
19. Session Hijacking.
20. openssl private encrypt.
21. Cross Site Request Forgery.
22. SQL Injection Attack - PHP & MySQL.
23. Cross-Site Scripting - cross site scripting examples.
24. PHP INI settings.

PHP Sessions and Cookie and Security

Session is Super global variable, that preserve certain data across multiple requests. A visitor accessing your web-site is assigned a unique id, the so-called session id. Its either stored in a cookie on the user side OR is propagated in the URL.

Why its is used
1. Get the Number of unique visitor
2. For Login functionality we need this.
3. It tell us whether user is registered OR not.

Requirements 
No external libraries are needed to build this extension.

Installation 
Session is enabled in PHP by default. If you would not like to build your PHP with session support, you should specify the
--disable-session

Session configuration options

Name	Default	Changeable	Changelog
session.save_path	""	PHP_INI_ALL
session.name	"PHPSESSID"	PHP_INI_ALL
session.save_handler	"files"	PHP_INI_ALL
session.auto_start	"0"	PHP_INI_PERDIR
session.gc_probability	"1"	PHP_INI_ALL
session.gc_divisor	"100"	PHP_INI_ALL	Available since PHP 4.3.2.
session.gc_maxlifetime	"1440"	PHP_INI_ALL
session.serialize_handler	"php"	PHP_INI_ALL
session.cookie_lifetime	"0"	PHP_INI_ALL
session.cookie_path	"/"	PHP_INI_ALL
session.cookie_domain	""	PHP_INI_ALL
session.cookie_secure	""	PHP_INI_ALL	Available since PHP 4.0.4.
session.cookie_httponly	""	PHP_INI_ALL	Available since PHP 5.2.0.
session.use_strict_mode	"0"	PHP_INI_ALL	Available since PHP 5.5.2.
session.use_cookies	"1"	PHP_INI_ALL
session.use_only_cookies	"1"	PHP_INI_ALL	Available since PHP 4.3.0.
session.referer_check	""	PHP_INI_ALL
session.entropy_file	""	PHP_INI_ALL
session.entropy_length	"0"	PHP_INI_ALL
session.cache_limiter	"nocache"	PHP_INI_ALL
session.cache_expire	"180"	PHP_INI_ALL
session.use_trans_sid	"0"	PHP_INI_ALL	PHP_INI_ALL in PHP <= 4.2.3. PHP_INI_PERDIR in PHP < 5. Available since PHP 4.0.3.
session.bug_compat_42	"1"	PHP_INI_ALL	Available since PHP 4.3.0. Removed in PHP 5.4.0.
session.bug_compat_warn	"1"	PHP_INI_ALL	Available since PHP 4.3.0. Removed in PHP 5.4.0.
session.hash_function	"0"	PHP_INI_ALL	Available since PHP 5.0.0.
session.hash_bits_per_character	"4"	PHP_INI_ALL	Available since PHP 5.0.0.
url_rewriter.tags	"a=href,area=href,frame=src,form=,fieldset="	PHP_INI_ALL	Available since PHP 4.0.4.
session.upload_progress.enabled	"1"	PHP_INI_PERDIR	Available since PHP 5.4.0.
session.upload_progress.cleanup	"1"	PHP_INI_PERDIR	Available since PHP 5.4.0.
session.upload_progress.prefix	"upload_progress_"	PHP_INI_PERDIR	Available since PHP 5.4.0.
session.upload_progress.name	"PHP_SESSION_UPLOAD_PROGRESS"	PHP_INI_PERDIR	Available since PHP 5.4.0.
session.upload_progress.freq	"1%"	PHP_INI_PERDIR	Available since PHP 5.4.0.
session.upload_progress.min_freq	"1"	PHP_INI_PERDIR	Available since PHP 5.4.0.

How to set the Cookie?
bool setcookie ($name, $value);//set the cookie

bool setcookie ($name, $value,time()+3600); //set the cookie with expire 1 hour
bool setcookie ($name, $value, $expire = 0, $path, $domain, $secure = false, $httponly = false );//all parameter of set cookie
bool setrawcookie ($name, $value, $expire = 0, $path, $domain, $secure = false, $httponly = false );//Send a cookie without urlencoding the cookie value

Parameter of set_cookie function
name: The name of the cookie.
value: The value of the cookie. This value is stored on the clients computer; do not store sensitive information.
expire: The time the cookie expires. This is a Unix timestamp so is in number of seconds since the epoc. If set to 0, or omitted, the cookie will expire when the browser closes.
path: The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain.
domain: The domain that the cookie is available to.
secure: Indicates that the cookie should only be transmitted over a secure HTTPS connection from the client. 
httponly: When TRUE the cookie will be made accessible only through the HTTP protocol. 

How to get cookie?

echo $_COOKIE["cookieName"];

How to print all cookie?

print_r($_COOKIE);

How to delete a cookie?

setcookie ("cookieName", "", time() - 60);

How to set Array Cookie?

setcookie("cookieName[one]", "c_1");
setcookie("cookieName[three]", "c_2");
setcookie("cookieName[two]", "c_3");

How to get Array cookie?

print_r($_COOKIE["cookieName"]);

Best Related Posts are Following:

1. XMLRPC Wordpress Attack.
2. How can I read request-headers in PHP.
3. How can I prevent SQL-injection in PHP?.
4. Shared Server Security Risk open_basedir disable_functions disable_classes.
5. What is Best method for sanitizing user input with PHP?.
6. Difference between Notice and warning and fatal error.
7. How can I prevent SQL-injection in PHP [SOLVED].
8. PHP Register Globals.
9. PHP Sessions and Cookie and Security.
10. PHP Check Mime Type of File - Return Information About A File.
11. Improve Ajax Performance.
12. PHP Captcha Code Example Code Snippets.
13. PHP - Secure Ajax Call from Hackers - Example.
14. htaccess code snippets example.
15. Manage Cron Job with PHP - SSH2 Connection.
16. Spoofed Forms - Stop Spoofed Form Submissions.
17. Session Fixation.
18. Session Hijacking.
19. openssl private encrypt.
20. Cross Site Request Forgery.
21. SQL Injection Attack - PHP & MySQL.
22. Cross-Site Scripting - cross site scripting examples.
23. PHP INI settings.

PHP Check Mime Type of File - Return Information About A File

Now a days, we are uploading files like Profile images, Video files OR excel files in our web application. 
With uploading these files there are chances some user upload the .exe file (Virus) by renaming the .exe into .jpg, which can damage website.

You might have added the extension check from javaScript as well as PHP. But this is not enough from security end because someone can upload the file after changing the extension of file( ".exe" to ".png"). In this case your security check will be failed.

What to do.
Answer is  check the Mime of file before get uploaded in your web server.

How to do this
"fileinfo" is extension which must be enabled in your php.ini. (for existence you can check  in phpinfo)
If this extension is not enabled ask your server admin, he will do this for you OR you can also do this your self (http://php.net/manual/en/fileinfo.installation.php).


After installing the fileinfo extension, use following code to get the mime type of file before get uploaded in web server.

if (function_exists("finfo_file")) {
    $finfo = finfo_open(FILEINFO_MIME_TYPE);    

    //file which you want to check the mime of the file
    $file = $_SERVER['DOCUMENT_ROOT'] . '/images/feedback.png';    //file which is going to get uploaded in web server
    try {
        $type = finfo_file($finfo,$file);        
        echo "File Type: ".$type;
    } catch (Exception $e) {
        echo $e->getMessage();
    }
} else {
    echo "'finfo_file' is Not installed";
}

When you execute above code, if will get the mime-type of file. This is directly checking the mime type of already uploaded file.
You can use $type = finfo_file($finfo,$file); for checking the file type, before using move_uploaded_file function.

Best Related Posts are Following:

1. Top 10 PHP Interview Questions and Answers.
2. PHP Questions and Answers for experienced.
3. PHP Difficult Interview Questions and Answers.
4. How to Detect Request type (GET OR Post ) in PHP.
5. PHP Basic questions and answers for fresher and experienced.
6. PHP Mysql Interview Questions and Answers for fresher and experienced.
7. PHP interview questions and answers for 5 year experienced.
8. PHP Frequently asked Questions and Answer 2015.
9. PHP problem solving interview questions and answers for Fresher and Experienced.
10. PHP Interview Questions and Answers for 2 year Experience.
11. What is stdClass? and How to create stdClass class?.
12. Advanced PHP Interview Questions and Answers.
13. SPDY Protocol - Improve the Speed of web page.
14. PHP Technical Interview Questions and Answers for Fresher and Experienced.
15. How to stop parsing the HTML tags?.
16. Difference between Notice and warning and fatal error.
17. Object Oriented Programming in PHP.
18. Htaccess RewriteRule Flags by Code Example.
19. Enabling the openssl in Wamp-Xampp.
20. How to find day of week in php in a specific timezone.
21. Zend Cache Tutorial - Zend Framework 1.12.
22. Important PHP Interview Questions and Answers - jQuery, SQL Modes, Client Programs and Reset.
23. PHP Check Mime Type of File - Return Information About A File.
24. PHP Captcha Code Example Code Snippets.
25. PHP - Secure Ajax Call from Hackers - Example.
26. Zend Database Query - Zend Profiler Example - Code Snippets.
27. Export to CSV File - PHP.
28. htaccess code snippets example.
29. OOP Interview Questions and Answers.
30. CURL Example.
31. PHP Interview Questions and Answers PDF.
32. Stored Procedure - Advantage of Stored Procedure - Disadvantage of Stored Procedure.
33. How To Track the Real IP Address Behind the Proxy - PHP - REMOTE_ADDR.
34. Pending Interview Questions and Answers.
35. Cache in PHP - Speed Up your website.
36. PHP DataStructures.
37. php interview questions and answers for 1 year experience.
38. PHP Interview Questions and Answers for Experienced.
39. Difference between Abstract class and Interface in PHP.
40. Concurrent Connections of Apache Server.
41. Regular Expressions PHP/Javascript.
42. php interview questions and answers.
43. What is Zend Engine in PHP.