Use the code below to create a function which can be used to implement a secure timeout threshold.

{code type=php}
/* Set timeout threshold to 10 minutes (600 seconds) */
@session_start();
$timeout = 600;
$_SESSION["expires_by"] = time() + $timeout;
{/code}

The code below will allow you to generate a backup as often as you’d like. It only makes sense to run this via a CRON job. This is pretty easy to do and you can set the frequency as you wish.

The backup files will be stored in the same directory as this script.

Please leave feedback and let me know if this works for you!

Here’s the PHP code:
{code type=php}
backup_tables(‘localhost’,'username’,'password’,'blog’);

// Backup the entire database or just a specific table.
function backup_tables($host,$user,$pass,$name,$tables = ‘*’)
{

$link = mysql_connect($host,$user,$pass);
mysql_select_db($name,$link);

//get all of the tables
if($tables == ‘*’)
{
$tables = array();
$result = mysql_query(‘SHOW TABLES’);
while($row = mysql_fetch_row($result))
{
$tables[] = $row[0];
}
}
else
{
$tables = is_array($tables) ? $tables : explode(‘,’,$tables);
}

//This method is completed for each table
foreach($tables as $table)
{
$result = mysql_query(‘SELECT * FROM ‘.$table);
$num_fields = mysql_num_fields($result);

$return.= ‘DROP TABLE ‘.$table.’;';
$row2 = mysql_fetch_row(mysql_query(‘SHOW CREATE TABLE ‘.$table));
$return.= “\n\n”.$row2[1].”;\n\n”;

for ($i = 0; $i < $num_fields; $i++)
{
while($row = mysql_fetch_row($result))
{
$return.= ‘INSERT INTO ‘.$table.’ VALUES(‘;
for($j=0; $j<$num_fields; $j++)
{
$row[$j] = addslashes($row[$j]);
$row[$j] = ereg_replace(“\n”,”\\n”,$row[$j]);
if (isset($row[$j])) { $return.= ‘”‘.$row[$j].’”‘ ; } else { $return.= ‘”"‘; }
if ($j<($num_fields-1)) { $return.= ‘,’; }
}
$return.= “);\n”;
}
}
$return.=”\n\n\n”;
}

//Now, we’ll save the file
$handle = fopen(‘backup-’.time().’-’.(md5(implode(‘,’,$tables))).’.sql’,'w+’);
fwrite($handle,$return);
fclose($handle);
}
{/code}

The PHP snippet below shows you how to automatically redirect your users to a page which is optimized for the iPhone Safari browser.

{code type=php}
if(strstr($_SERVER['HTTP_USER_AGENT'],’iPhone’) || strstr($_SERVER['HTTP_USER_AGENT'],’iPod’))
{
// Change your URL below
header(‘Location: http://www.domain.com/iphone’);
exit();
}
{/code}

To help prevent XSS attacks, it’s best to restrict and filter the data that you get from a user through your site.  Have you ever wondered why popular bulletin boards, such as vB or phpBB, use custom tag formats like [url] or [b]?  They’re trying to prevent attacks.

This tutorial is a very basic example of a way to help prevent XSS attacks.  There are other methods — and more comprehensive methods out there.

okHTML function:
Let’s start with a simple function that converts any HTML code (or character) into literals.

{code type=php}

// ChrisCook.me
function ok_HTML($string, $length = null)
{
// get rid of the extra space
$string = trim($string);

// avoid unicode codec issues
$string = utf8_decode($string);

// convert HTML characters
$string = htmlentities($string, ENT_NOQUOTES);
$string = str_replace(“#”, “#”, $string);
$string = str_replace(“%”, “%”, $string);

$length = intval($length);
if($length > 0) {
$string = substr($string, 0, $length);
}
return $string;
}
{/code}

The Explanation:
One  of the  most important components of that function is the htmlentities() funcion call that converts &, <, and > into &amp;, &lt;, and &gt;. This helps resolve the simple hacks.  We’re not done yet, though.  All XSS attacks aren’t basic.  Hackers know programmers have implemented these attacks to they tend to encode their hacks and malicious scripts in UTF-8 or hexadecimal instead of using the normal ASCII text.

To help prevent this, transform_HTML() takes the additional step of converting # and % signs into the correct entities.

In my readings on preventing XSS attacks, many experts recommend that you limit the  string length in case some goober tries to overload your string with a very, very long input in hopes that they’ll crash the server or your database. You can edit the $length parameter to help control this.

That’s it for today,
Chris

Disclaimer: As always, I want to add my handy-dandy disclaimer.  Please understand that this tutorial is intended to demonstrate a specific function.  Please review the code and add appropriate security measures before using it in a production environment.

1) Paste the following code into a .js file.  For demonstration purposes, we have named it “ajax_click.js”.

{code type=html}

/*
* ajax_click.js
* chriscook.me
*/

function loadurl(dest) {

try {
// Moz supports XMLHttpRequest. IE uses ActiveX.
// browser detction is bad. object detection works for any browser
xmlhttp = window.XMLHttpRequest?new XMLHttpRequest(): new ActiveXObject(“Microsoft.XMLHTTP”);
} catch (e) {
// browser doesn’t support ajax. handle however you want
}

// the xmlhttp object triggers an event everytime the status changes
// triggered() function handles the events
xmlhttp.onreadystatechange = triggered;

// open takes in the HTTP method and url.
xmlhttp.open(“GET”, dest);

// send the request. if this is a POST request we would have
// sent post variables: send(“name=aleem gender=male)
// Moz is fine with just send(); but
// IE expects a value here, hence we do send(null);
xmlhttp.send(“null”);
}

function triggered() {
if ((xmlhttp.readyState == 4) (xmlhttp.status == 200)) {

document.getElementById(“ajaxlink”).innerHTML = xmlhttp.responseText;
}
}
{/code}

2) Next, add the following code in the section of your HTML file.

{code type=html}<script src=”ajax_link.js” type=”text/javascript”></script>{/code}

3) The following code should be placed in the HTML body of a PHP file.

{code type=html}

<div id=”ajaxlink” onclick=”loadurl(‘ajax_function.php’)”>Click Here</div>

{/code}

Replace ‘ajax_function.php’ with the correct file you want to execute.  For instance, if you want your users to “click here” in order to send themselves a copy of their monthly invoice, you’d code the mailer function in ‘ajax_function.php’.

4) That’s it.  Ensure that you keep the <div> id  as “ajaxlink”.  Once you click the link, it will disappear (until the page is refreshed).

Feedback: I’d love to hear how you’ve used this tool.  Please feel free to post a comment on my blog.

Disclaimer: This tutorial is provided to demonstrate how to perform the function.  Please ensure that you review the code and add security measures before using this in a production environment.