Forms can create all kinds of security holes in PHP applications. The biggest reason for this is that you can never be sure just what kind of input you’ll be getting.
There are some steps you can take later on to protect your applications from this unknown input. But first, let’s take a look at why you can never trust a user’s input and just how easy it is for someone to spoof a form.
(more…)
A couple weeks ago, I wrote a short article about how to create a multi-page form.
The simple solution I suggested involved a foreach loop that cycled through the $_POST array and sent every value along in a hidden input element. After a bit of reflection (and some useful comments), I realized there’s a teeny tiny security hole in that approach - so I’ve slightly modified it to close the loophole.
(more…)
Sometimes forms get long, unsightly, and intimidating. It’d be great if you could cut them up into three or four parts - with a few fields on each page.
In order to do that, you need to figure out some way of storing or passing along the information from the first pages. I’ve heard a bunch of crazy ideas - from storing the information in session variables to writing each part to the database.
The easiest thing to do is attach a very brief php function to the bottom of each page. It’ll do all the work for you and continue to post every item the user has entered. (more…)
Don’t know what a trackback is? Check out this set of articles for a bit more information.
Assuming you do know what a trackback is, how do you send one - technically speaking? And how can we write a php script to send one?
A trackback is a simple ping - an HTTP Request. It is specially formatted with a limited amount of information. The receiving server is set up to handle that information and use it to create the comment based on your trackback ping.
(more…)
I just created the “Online Tools” page section, and added the first tool to the list.
What is it? It’s a form that let’s you send a trackback to a blog from any website. It might sound silly, but trust me… it’s not.
(more…)
So you want to submit a trackback, but you’re website or blogging platform doesn’t support it? No problem!
Fill out the form below, and we’ll do the trackbacking for you.The Trackback URI comes from the website you’re sending the ping to. The other sections are pretty self-explanatory - describe the post you’re trackbacking from.
If you want to test it out, trackback to this page and watch the magic work. You should get a response if it works, or an error message if something goes wrong.
Trackbacks are a great way to publicize your blog or website. They allow you to ping a person’s blog, say “Hey, I’m talking about you!” and leave a message.
These trackback pings will show up in the target post’s comment section, and sometimes the author will separate trackbacks out to show at the beginning of the list. Although they won’t always get you search engine ju-ju, thanks to rel=nofollow, they are a great way to get people to come to your website.
I know that every time I get a trackback to one of my websites, I immediately check out the source. To some extent I want to check for spam, but I’m also concerned with, “Who’s this new guy talking to me?”
When I’m viewing another person’s blog, I also usually follow the trackbacks if I was interested in the original post. I rarely click on the typical name-link included in a comment, though.
The trackback signals to both the target website’s author and to its readers that this comment has something worth while for them to read. So often they’ll click the link and see what you have to say.
Well, if you’re using a standard blogging platform like Wordpress, it’s pretty easy. At the bottom of your post editing screen, you’ll probably see a space to enter a trackback URI. This is the link from the original website that you send the trackback ping to.
Just enter the URI in your editor, and you’re all set. The problem, though, is that not every blogging platform supports sending trackbacks. You might also want to send a trackback from a non-blog website, if you’ve added some content that speaks to the original post.
Enter the trackback-via-form tool. This form will do all the work for you. Enter the necessary information (Trackback URI, your page’s title, your page’s URL, an excerpt of your page, and your blog name), and hit submit.
You should see a response with either an “All clear! Trackback was sent successfully.” or some kind of error message.
Enjoy, and good luck trackbacking. Test it out by sending a trackback to this page or the form’s page.
If you’re done with the trackback form, why don’t you go back and browse through some other online tools?
Subscribe to the Web Cash feed and stay up to date on all the latest tips, tricks, and tutorials.
Web Dev Links (DZone)