Tuesday, April 26, 2016

a simple PHP mySQL example

Important: All the bulleted points’ headings are hyperlink to code) Common code link
1.      .htaccess :   This is used to set home page of site something else than index.* Also, any page opened like *.htm is interpreted as *.php  This is done do hide that its  a php site
2.     img Folder:   files in this folder serve as random backgrounds for captcha.
3.     connect.php :  This code loads db details and creates a connection to db.
4.     dbHandler.php: This code provides common methods which are intermediate functionalities specific to application and use connect.php to talk to DB.
5.     dbdetails.php:  When code is deployed at new server, these DB details will change.
6.     captcha.php: This is the code to generate captcha as an image output to browser. Treat this file as an image . As per config in htaccess , you can refer it as captcha.htm also. This will generate two random numbers and save the output in session for future input verification. Captcha puzzle is printed on random location in a random image chosen.
7.     hkproject1.sql : This is to generate a table in db with required fields to save opt ins.
8.     register.php : This is the main input form where user registers. Major php code for this form is in registersubmit.php
9.     sale.php: This is the basic landing page with link to signup ( register.htm /register.php)
10.  thankyou.php: This page is opened after successful submission on register.php and simply shows a success message based on query string parameters.

1. MySQL : One mistake I did here was, I didn’t pay much attention to environment I used for dev and production. I developed on local using latest xampp ( Windows based)  and deployed on goDaddy linux based  localhost MySQL.  On dev box root was used as user and blank as password, lucky me that I kept configurations in separate file, so edits while deployment were easy.  One more thing, after creation of new DB on goDaddy, it takes a while , before you could actually connect to the DB, for me connection started working after 3 hrs, during these three hrs I was doing a lot of hook and crook to connect to db on production. Obviously, turned a waste of time after three hrs, since it was only first time issue to be faced after DB creation.

One more thing here, in the table we store opt ins, I created an extra column of type timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP , so that it may be tracked when user actually signed up, just in case, this info is required in future. Also , ALTER TABLE `signups`  ADD PRIMARY KEY (`email`(256)); The email was kept primary key here, to avoid multiple signups by same user again and again at DB level itself.

2. DB access:  In PHP , which methods I use to connect to MySQL greatly depend on what version of PHP I am using on both devand production environment. So be extra careful here to use similar dev box as production.  For some fields, I wanted to allow deliberately some characters like  in the field, so I had to do $firstname = $this->conn->real_escape_string($firstname);  before putting value in the query.
3. General :
·         At many places, while development, I actually wanted to see errors and warning which were being suppressed by framework, so  had to use : error_reporting(E_ALL);
·         At one place session start code was required to be moved to top of the php file, before any kind of html even, this seems to be weird behavior of php
·         I thought, before actually starting session, it was always wise to check existing one like :

if ((function_exists('session_status') && session_status() !== PHP_SESSION_ACTIVE) || !session_id()) {



·          On PHP side, it was easier to validate email format like :

if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {

        $email = strtolower($email);

        $emailValid = true;


Here I specifically converted email to lower, because I wanted to keep this field as primary, and you never know end users behaving as monkeys who sometime use same email with some characters upper case.

·         On success of submission of data, I took user to thankyou page with variables in query string. But since I was trying to use query string I made sure to use urlencode  and decode  on sender and consumer side.
·         It is always advisable to hide page extensions to make it difficult to hackers, so all my pages in my deployed version look like *.htm  This I achieved using .htaccess   entry : RewriteRule ^(.*)\.htm$ $1.php [NC]
·         Default page in my application was different than index.*, so I used RewriteEngine on  ( enter) DirectoryIndex brrr.php in .htaccess

4. Custom Captcha:  For mathematical captcha, I used sessions to validate user input. I had thousands of images in a fixed folder. I picked a random image from this folder using scandir($dir);  $randomImage  =  $dir . "/" . $images[rand(2, sizeof($images)-1)];

On the top of this image , using imagestring, I printed the string, whose answer is saved in session. $im =imagecreatefrompng($randomImage); $textcolor = imagecolorallocate($im, 0, 0, 0); $randX = rand(0,100); $randY = rand(0,200); imagestring($im, 5, $randX, $randY , $displayText , $textcolor);

header('Content-Type: image/png'); imagepng($im); imagedestroy($im);

Please note that text is also printed at random location on image.

On UI I also gave a refresh button, using Jquery code above mentioned php was reloaded and new answer is saved in session with altogether new captcha to display:

  $(document).ready(function () { $("#reloadCaptcha").click(function () {                $("#myCaptchaImage").attr("src", "captcha.htm?randomToRefresh=" + (Math.random() * 10));

                $("#answer").val("");                ApplycssValidation()



Please don’t get puzzled with Math.random in javascript code, which is just to avoid caching of captcha image content on client side.

5. CSS / html / UI / look and feel and validations on client side:   Even though this assignment was specifically concentrated on PHP / MySQL, but moral responsibility of a developer is to make sure, it is usable.  So I reverse engineered manywordpress templates to make something good looking , jquery/javascript validation obviously had to be form specific, but styles are easy to copy paste , so I did .

No comments:

Post a Comment