Centering your web page via a div

I center my websites in the browser and normally have the site width set to 950 pixels.

To center I create a div with the following class='wrapper', the style will be 

.wrapper {

width: 950px;

margin: 0 auto;

}

As IE as issues with the above we enter into the body tags, style="width: 100%; text-align: center;"

PHP Sessions

A Session stores temporary data on the server for later use while on a website, the session data is destroyed after the website has been closed.

Sessions work by creating a unique identification(UID) number for each visitor and storing variables based on this ID. This helps to prevent two users' data from getting confused with one another when visiting the same webpage.

I use sessions after I have verified the log on details of an user. The user is able to access allowed pages. Any one not logged in will get a message say that they are not authorised.

All page that require the use of a session, even the original log on page must have this code.

session_start();
header("Cache-control: private"); // Allows the backspace of a page will in a session

Once I have verified the user logging in I would place this code.

if($user = 'user' && $pass = 'password') // This section of code is a simple example to show

{

$_SESSION['name'] = true; // Names the session for later use.

echo "Your are logged in";

}

else

{

echo "Incorrect username or Password";

}

All pages that the user has permision will nee the following code:

session_start();
header("Cache-control: private");

if($_SESSION['name'])

{

echo "You have access to this page"; // Plus all the information that the only the user can is autorised to see.

}

else

{

echo "You are not authorised to see the contents of this page";

}

Number of Rows in Database Function

Have created a function that will query a database and return the number of rows as a result of the query.

I use this function as part of log in access of myweb site. The first section of code is on the log in page.

$username = $_POST['usernamel'];

$password = $_POST['password'];

include "functionfile.php";

$rowqry = "SELECT * FROM tablename WHERE username = '$username' AND password = '$password' ";

if(numofrows($rowqry) == 1)  // calling the fuction and checking that the results equal 1

{

// if result is correct add the info that you want to display here

}

else

{

echo "Your password or username may be incorrect, please try again";

}

This is the function that is called, I have a single fill (functionfile.php) with all my functions that I include in the code.

function numofrows($rowqry)

{

$host = "localhost"; // database host

$un = "username"; // database username

$pw = "password"; // database password

$dbname = "database"; // database name

$dbase = mysql_connect($host, $un, $pw);

if (!$dbase)

die ( "No Connection"); // connecting to database

mysql_select_db($dbname, $dbase)

or die ("Could not open $dbname: ".mysql_error()); // Opening database

$result = mysql_query($rowqry, $dbase); // applying query to database

$rows = mysql_num_rows($result); // counting rows in the applied query

return $rows; // returns result to fuction

}

PHP Form, Code Injection

A HTML form, can be used to inject a piece of code to produce results that the hacker wants. An unprotected  form can be used to run a simple php code like ' echo "hello world";'  or a more destructive code.... 

To stop the form from being hacked I use the following steps:

Step 1. Check the data via JavaScript;

Call the JavaScript function by putting onsubmit='return checkform()' in the form tags

The folowing code checks that the password is alpha numerical, and if so returns and processes the form. The main reaon for the JavaSrcipt is to validate the form for the standard user, making sure that the correct data format is entered.

function checkform()

{

re = "no";

repass = /^[0-9A-Za-z]+$/;

if(repass.test(document.form.password.value))

{

re='yes';

}

else

{

alert('Please make sure the password is alpha numeric');

document.form.password.select();

document.form.password.focus();

return false;

}

if(re=="yes")

{

return true

}

}

Step 2.  Check the data via PHP

This code recieves the data from the forms textbox, makes sure that the data is alpha numeric. If the data is not apha numeric the error message is displayed, and the code stops running. 

The main purpose for this extra code, is that the hacker would not be using the form provided, thus rendering the JavaScript useless, so if a hacker or spammer enters any thing but numbers or letters then the code will cease.

$pw = $_POST['password'];

$passpattern = '/^[0-9A-Za-z]+$/';

$errormessage = " field, has invalid information and needs to be changed.";

if (!preg_match("$passpattern", "$pw")) 

{

echo "Your Password $errormessage"; 

exit();

}

Step 3. Preparing the data for MYSQL

The mysql_escape_string() function replaces characters that have a special meaning in MySQL with an escape sequence. eg " is replaced with \" and ' is replaced with \'. This will stop any code being written to the database and executed as it will be displayed as plain text.

If you use  mysql_real_escape_string() as the preffered alternative then you will need to be connected to the database before you run the code.

$pw = mysql_escape_string($pw);

Step 4. Use my examples as a basis to do your own research, and if find and alternative please post.