PHP & Web Development Blogs

Search Results For: application
Showing 1 to 5 of 27 blog articles.
589 views · 2 months ago

![Web Sockets in PHP](https:/ /cdn.filestackcontent.com/uluFRmjARj6zAQWN05PZ)

In his talk **[Websockets in PHP](https:/ /nomadphp.com/video/219/websockets-in-php)**, [John Fransler](https:/ /johnfansler.com/) walks us through the use of WebSockets in PHP.

While discussing bi-directional real-time application development, John notes that PHP is often not invited to the table due to its lack of native support. Of all the possible attempts to bring in PHP on this stage of real-time development, Ratchet, a PHP WebSocket library, comes closest. "[Ratchet](http:/ /socketo.me/) is a loosely coupled PHP library providing developers with tools to create real-time, bi-directional applications between clients and servers over WebSockets."* Ahem!

### Today's dynamic world

In today's dynamic content world of the internet, it is required to serve real-time bi-directional messages between clients and servers. WebSockets are simple, full-duplex, and persistent. They work over Http and are a standard today.

> WebSockets have compatibility with 96.5% of clients globally

There's a very high chance your client has the necessary plumbing to access your content via WebSockets. WebSockets gives the ability to have real-time data on to your clients without the need for polling.

To understand WebSockets, John takes an example of a Javascript client and Ratchet Server. Javascript has everything built in to allow access to a socket. For example, you can use the send method on a WebSocket variable to send a message to the server, or if you want to respond to a message from the server, you use the `OnConnection` method.

While on the Server, John uses Ratchet, which is built on [React PHP](https:/ /reactphp.org/). A server script is then configured and set up to run and listen on a port for incoming HTTP requests. For messages, JSON is used, and to find public methods, a router is set up. He then goes on to instantiate the server-side script in Ratchet.

**There are four functions of a Ratchets message component interface that are used in this example:**

`OnOpen` gets called when a new connection is made.

`OnClose` gets called when a client quits. It's essential to keep an eye on memory management, and essential to keep tidying up as you move through the code.

`OnError` gets called when there is an exception faced by the user.

`OnMessage` gives the text of the JSON message, which is being exchanged with the client.

For Initialization, Jason continues to walk through the example. He shows how one can loop through the clients, both inside the server and outside the server. Outside the server, it’s a feature of React PHP. On database access, and with traditional standard synchronous MySQL in PHP, what usually happens is that it forces the code to wait for the query to return a result and do nothing — Fortunately, with Asynchronous MySQLi, that is not the case.

John gets into the details explaining Variables, References & Pointers. He also gives a demo where a central site has updated information on the Bitcoin and ether prices. A client terminal reflects the last values. Now the client doesn't have to poll the server for new values. When there is a change in the Bitcoin or ether values, the server pushes down the client's update. No polling helps with a lot of overheads and gets closer to real-time.

### Using Supervisord

For Long-running applications - Jason recommends running a supervisord, use proxy to expose the port, and add a site certificate. Supervisord keeps an eye out for the server running the service; it can be used to restart the service and log any service issues. Recommended proxies are AWS load balancer, Nginx, and HA Proxy. For scalability, use multiple smaller WebSocket servers and a smaller number of clients per server used and load balancing. If one has to support a chat feature to allow clients to talk to each other in near real-time, it is recommended to use [Redis](https:/ /redislabs.com/). The Redis server proxies the messages between the server nodes.

The talk concludes with John summarizing best practices on error handling and takes QnA on various aspects of WebSockets such as handling load balancers and asynchronous calls to MSQLi.

The presentation for this video, along with the code, is hosted at [John Curt's GitHub](https:/ /github.com/johncurt). More info about John's current areas of interest can be found on [John's Blog](https:/ /engagedphp.com/).

### [Watch the video now](https:/ /nomadphp.com/video/219/websockets-in-php)

[Related videos](https:/ /nomadphp.com/search/videos?search_query=async)

1126 views · 5 months ago

![Top 12 PHP Libraries to Leverage Your Web App Development](https:/ /images.ctfassets.net/vzl5fkwyme3u/6Xd3PeEIm87bVI1UPb5q26/98abd4072971b7fc3f8d46aba3dc17f6/libraries2.png?w=1000)

PHP, by all means, is an immensely powerful language!

We may fall short of words, but there won't come any end to its qualities. The endless functionalities and possibilities of this server-side scripting language have managed to get it a strong and supportive community of PHP programmers on a global level. At present, PHP powers more than half on websites and applications on the internet.

**Do you know what makes PHP so praiseworthy?**

It is the simplicity, easy programming structure, and developer-friendly web functionalities that are to be credited to turn PHP into one of the top programming languages. You can create highly interactive and dynamic websites and applications with desired results by making use of PHP.

However, coding often could be a tough and tedious task to accomplish. As a solution to this, you get built-in PHP libraries that optimize the process of coding for maximum productivity.

### But what are these libraries?

That's exactly what you will find out as you move ahead in this article, a list of top 12 PHP libraries capable of leading the development process in an intended manner.

So, without waiting any further, let's move ahead to learn about PHP libraries in-depth.

#### [PChart](http:/ /www.pchart.net/)

PChart is a PHP library assisting with the generation of text data in the form of something more appealing to the eyes and known as visual charts.

You can use this library to represent data as bar charts, pie charts, and many more different formats. The PHP script here utilizes SQL queries to put data in the impressive charts or graphs form.

#### [Mink](http:/ /mink.behat.org/en/latest/)

Another well-known in the list of PHP libraries is Mink. It allows you to keep an eye on if a proper interaction is happening between your web apps and the browser. Eliminating the API differences between the two types of browser emulators, Mink offers an authentic testing environment for you. It also supports PHPUnit, Behat, and Symfony2.

#### [Monolog](https:/ /github.com/Seldaek/monolog)

Monolog is a PHP logging library that helps you with saving logs to the specified locations by sending them to set files, sockets, inboxes, databases, or other web services. The use of the PSR-3 interface permits to type-hint logs in counter to your libraries that maintain optimum interoperability.

#### [Hoa](https:/ /hoa-project.net/En/)

This modular, extensible, and structured set of PHP libraries we know as Hoa establishes a link between the research and the industry.

It recommends essential paradigms, mechanisms, and algorithms for building the reliability of a site. Many PHP developers in different parts of the world use Hoa for ideal PHP development.

#### [Guzzle](http:/ /docs.guzzlephp.org/en/stable/)

Guzzle is an HTTP client library for PHP that enables you to send HTTP requests to combine with web services.

It offers a simple interface that makes the development of query strings, POST requests, HTTP cookies, and many other attributes possible. You can also use Guzzle to send synchronous and asynchronous requests from the similar interface.

#### [Ratchet](http:/ /socketo.me/)

If your need is to develop real-time, two-directional apps between clients and servers over WebSockets, Ratchet is the PHP library you need to do it effectively.

Creating event-driven apps with Ratchet is a rapid, simple, and easy job to do!

#### [Geocoder](https:/ /geocoder-php.org/)

Geocoder is a library to create applications that are very well geo-aware.

With Geocoder, there is an abstraction layer that helps with geocoding manipulations.

It is further split into two parts, known as HttpAdapter and Provider.

#### [ImageWorkshop](https:/ /phpimageworkshop.com/)

ImageWorkshop is an open-source PHP library letting you work over the manipulation of images with layers. You can crop, resize, add watermarks, create thumbnails, and so much more. You can also enhance the images on the sites.

#### [PhpThumb](http:/ /phpthumb.sourceforge.net/)

phpThumb is the library specialized at handling the work associated with creating thumbnails with minimal coding. Accepting every image source type and image formats, it makes you do a lot ranging from rotating or cropping to watermarking or defining the image quality.

#### [Parody](https:/ /github.com/dotink/Parody)

This simple library we know as Parody is used to copy classes and objects. It also provides results for method calls, acquiring properties, instantiating objects, and more. Sequential method chaining is used by Parody to produce defining class structures.

#### [Imagine](https:/ /imagine.readthedocs.io/en/stable/)

This object-oriented PHP library is meant for working with images along with manipulating them. The often adopted operations such as resizing, cropping, and applying filters happen instantly and relatively well with Imagine.

With Imagine, you get a color class that forms the RGB values of any given color. Draw shapes like arc, ellipse, line, etc. with the features available.

#### [PhpFastCache](https:/ /www.phpfastcache.com/)

PhpFastCache is an open-source [PHP library](https:/ /www.hireindependentdevelopers.com/blog/libraries-for-php-web-development/) that makes caching feasible. Coming as a single-file, it can be integrated within a matter of minutes.

Caching methods supported by PhpFastCache involve apc, memcache, memcached, wincache, pdo, and mpdo.

**The Bottom Line**

It's not about what extra difference these libraries make; it's about what significant individual contributions these libraries make for a final desired PHP app or website.

A [PHP programmer](https:/ /hireindependentdevelopers.com/php-developers/), too, agrees with these libraries' benefits.

It's your time now to try and believe!

1938 views · 9 months ago

![Laravel Eloquent Relationship Part 2](https:/ /images.ctfassets.net/vzl5fkwyme3u/3gY1sugUC3gTUtfgbhgNi5/410818aed6a8d4ea08e0ec796477291c/laravel_blog.png?w=1000)

As you all know, Laravel Eloquent Relationships are powerful and easy methods introduced by Laravel for helping developers to reduce the complexity when connecting with multiple tables. While connecting with multiple tables, this method is very easy for developers for creating the application

Here you can see the next three methods of the eloquent relationships:

1. Has Many Through Relationship

2. One to Many Polymorphic

3. Many to many Polymorphic

## HAS MANY THROUGH ELOQUENT RELATIONSHIP

Has many through is a little bit complicated while understanding. I will provide a shortcut method to provide access data of another mode relationship. We will create a user table, post table, and country table and they will be interconnected with each other.

Here we will see Many through relationship will use `hasManyThrough()` for the relation

### Create Migrations

**Users table**

```

Schema::create('users', function (Blueprint $table) {

$table->increments('id');

$table->string('name');

$table->string('email')->unique();

$table->string('password');

$table->integer('country_id')->unsigned();

$table->rememberToken();

$table->timestamps();

$table->foreign('country_id')->references('id')->on('countries')

->onDelete('cascade');

});

```

**Posts table**

```

Schema::create('posts', function (Blueprint $table) {

$table->increments('id');

$table->string("name");

$table->integer('user_id')->unsigned();

$table->timestamps();

$table->foreign('user_id')->references('id')->on('users')

->onDelete('cascade');

});

```

**Countries table**

```

Schema::create('countries', function (Blueprint $table) {

$table->increments('id');

$table->string('name');

$table->timestamps();

});

```

### Create Models

**Country Model**

```

<?php

namespace App;

use Illuminate\Database\Eloquent\Model;

class Country extends Model

{

public function posts(){

return $this->hasManyThrough(

Post::class,

User::class,

'country_id', / / Foreign key on users table...

'user_id', / / Foreign key on posts table...

'id', / / Local key on countries table...

'id' / / Local key on users table...

);

}

}

```

**Now we can retrieve records by**

```

$country = Country::find(1);

dd($country->posts);

```

## ONE TO MANY POLYMORPHIC RELATIONSHIP

One to many polymorphic relationships used one model belongs to another model on a single file. For example, we will have tweets and blogs, both having the comment system. So we need to add the comments. Then we can manage both in a single table

Here we will use sync with a pivot table, create records, get all data, delete, update, and everything related to one too many relationships.

Now I will show one too many polymorphic will use `morphMany()` and `morphTo()` for relation.

### Create Migrations

**Posts table**

```

Schema::create('posts', function (Blueprint $table) {

$table->increments('id');

$table->string("name");

$table->timestamps();

});

```

**Videos Table**

```

Schema::create('videos', function (Blueprint $table) {

$table->increments('id');

$table->string("name");

$table->timestamps();

});

```

**Comments Table**

```

Schema::create('comments', function (Blueprint $table) {

$table->increments('id');

$table->string("body");

$table->integer('commentable_id');

$table->string("commentable_type");

$table->timestamps();

});

```

## Create Models

**Post Model**

```

<?php

namespace App;

use Illuminate\Database\Eloquent\Model;

class Post extends Model

{

/ **

* Get all of the post's comments.

*/

public function comments(){

return $this->morphMany(Comment::class, 'commentable');

}

}

```

**Video Model**

```

<?php

namespace App;

use Illuminate\Database\Eloquent\Model;

class Video extends Model{

/ **

* Get all of the post's comments.

*/

public function comments(){

return $this->morphMany(Comment::class, 'commentable');

}

}

```

**Comment Model**

```

<?php

namespace App;

use Illuminate\Database\Eloquent\Model;

class Comment extends Model{

/ **

* Get all of the owning commentable models.

*/

public function commentable(){

return $this->morphTo();

}

}

```

### Create Records

```

$post = Post::find(1);

$comment = new Comment;

$comment->body = "Hi Harikrishnan";

$post->comments()->save($comment);

/ / Video

$video = Video::find(1);

$comment = new Comment;

$comment->body = "Hi Harikrishnan";

$video->comments()->save($comment);

```

Now we can retrieve records

```

$post = Post::find(1);

dd($post->comments);

$video = Video::find(1);

dd($video->comments);

```

## MANY TO MANY POLYMORPHIC RELATIONSHIPS

Many to many polymorphic is also a little bit complicated like above. If we have a tweet, video and tag table, we need to connect each table like every tweet and video will have multiple persons to tag. And for each and every tag there will be multiple tweet or videos.

Here we can understand the creating of many to many polymorphic relationships, with a foreign key schema of one to many relationships, use sync with a pivot table, create records, attach records, get all records, delete, update, where condition and etc..

Here `morphToMany()` and `morphedByMany()` will be used for many to many polymorphic relationships

### Creating Migrations

**Posts Table**

```

Schema::create('posts', function (Blueprint $table) {

$table->increments('id');

$table->string("name");

$table->timestamps();

});

```

**Videos Table**

```

Schema::create('videos', function (Blueprint $table) {

$table->increments('id');

$table->string("name");

$table->timestamps();

});

```

**Tags table**

```

Schema::create('tags', function (Blueprint $table) {

$table->increments('id');

$table->string("name");

$table->timestamps();

});

```

**Taggables table**

```

Schema::create('taggables', function (Blueprint $table) {

$table->integer("tag_id");

$table->integer("taggable_id");

$table->string("taggable_type");

});

```

### Creating Models

**Post Model**

```

<?php

namespace App;

use Illuminate\Database\Eloquent\Model;

class Post extends Model

{

/ **

* Get all of the tags for the post.

*/

public function tags(){

return $this->morphToMany(Tag::class, 'taggable');

}

}

```

**Video Model**

```

<?php

namespace App;

use Illuminate\Database\Eloquent\Model;

class Video extends Model

{

/ **

* Get all of the tags for the post.

*/

public function tags(){

return $this->morphToMany(Tag::class, 'taggable');

}

}

```

**Tag Model**

```

<?php

namespace App;

use Illuminate\Database\Eloquent\Model;

class Tag extends Model

{

/ **

* Get all of the posts that are assigned this tag.

*/

public function posts(){

return $this->morphedByMany(Post::class, 'taggable');

}

/ **

* Get all of the videos that are assigned this tag.

*/

public function videos(){

return $this->morphedByMany(Video::class, 'taggable');

}

}

```

**Creating Records**

```

$post = Post::find(1);

$tag = new Tag;

$tag->name = "Hi Harikrishnan";

$post->tags()->save($tag);

$video = Video::find(1);

$tag = new Tag;

$tag->name = "Vishnu";

$video->tags()->save($tag);

$post = Post::find(1);

$tag1 = new Tag;

$tag1->name = "Kerala Blasters";

$tag2 = new Tag;

$tag2->name = "Manajapadda";

$post->tags()->saveMany([$tag1, $tag2]);

$video = Video::find(1);

$tag1 = new Tag;

$tag1->name = "Kerala Blasters";

$tag2 = new Tag;

$tag2->name = "Manajappada";

$video->tags()->saveMany([$tag1, $tag2]);

$post = Post::find(1);

$tag1 = Tag::find(3);

$tag2 = Tag::find(4);

$post->tags()->attach([$tag1->id, $tag2->id]);

$video = Video::find(1);

$tag1 = Tag::find(3);

$tag2 = Tag::find(4);

$video->tags()->attach([$tag1->id, $tag2->id]);

$post = Post::find(1);

$tag1 = Tag::find(3);

$tag2 = Tag::find(4);

$post->tags()->sync([$tag1->id, $tag2->id]);

$video = Video::find(1);

$tag1 = Tag::find(3);

$tag2 = Tag::find(4);

$video->tags()->sync([$tag1->id, $tag2->id]);

```

Now we can retrieve records

```

$post = Post::find(1);

dd($post->tags);

$video = Video::find(1);

dd($video->tags)

$tag = Tag::find(1);

dd($tag->posts);

$tag = Tag::find(1);

dd($tag->videos);

```

Hence we completed all the relationships. In the above blog how has many through relationship, one to many polymorphic relationships and many to many polymorphic are working. This feature is introduced from Laravel 5.0 onwards and till the current version. Without the model, we can’t able to do this relationship. If we are using an eloquent relationship it will be very useful while developing an application.

2546 views · 9 months ago

![](https:/ /cdn.filestackcontent.com/Ve0Q3jp4S4KuL2N4Mub7)

#### Welcome back! If you’re new to this series have a look at [Part 1 here](https:/ /nomadphp.com/blog/1925/code-with-me-challenge-custom-cms-development-with-php-and-mysql)

Today’s focus is on templating, the aesthetic that will make or break your web application.

Having a clean design with well defined CSS that’s responsive and user friendly goes a long way.

Developers often stick to their lane but delving into templating will bode in your favor, you can indeed

create a functional and launch-worthy application all on your own!

Let’s jump into it!

## Structured structure

Everything you tackle should be found with ease down the line. Therefore careful planning is fundamental to the success and sustainability of your project. You’ll also find that clearly defining your work lends itself to more productivity overall as you spend less that explaining your work during a handover / looking for a specific piece of code or resource. You’ll probably end up spending more time on actual work.

Finding your own unique pattern with file structure and CSS identifiers will also work in your favor as something unique to your process will most likely be easier to remember and form a tactile relationship with.

Our project’s current structure looks like this:

![](https:/ /cdn.filestackcontent.com/yvGBC8qbRMmsHklihrq2)

>If you need to backtrack, [Part 1](https:/ /nomadphp.com/blog/1925/code-with-me-challenge-custom-cms-development-with-php-and-mysql) is a great place to start!

In part 1, we created our index.php which displays info from our database.

Let’s take this a step further and create a header and a footer for our index.php

Create a file called header.php and save this to your includes folder.

Next, create a file called footer.php and save this to your includes folder.

Your file structure should now look like this.

![](https:/ /cdn.filestackcontent.com/8xTDBQkrTtSoZHC1aW5o)

### A header above all the rest

The header file will be a file we reuse throughout your web application. This file will contain important information that’s vital to the functionality and aesthetic of your website.

The type of info you’ll expect to see in a header.php file:

Script includes

Such as JQuery and important libraries

CSS includes

CSS files loaded from internal or external sources

Meta information

Contains important information that’s readable by search engines.

The basic structure of the beginning of your app, including your menu, and your logo.

For now, how header is going to have a basic layout.

Let’s get our HTML on!

```

<html>

<head>

<title>My Awesome CMS – Page Title</title>

</head>

<body>

```

### A footer that sets the bar

Create a file called footer.php and save it to your includes folder (yourcms/includes/footer.php).

Add this code to your new file.

```

</body>

</html>

```

### Next, let’s focus on the gravy… The CSS

CSS, when written beautifully, can truly set you apart.

You can tell your web application to load various styles to specific elements by defining unique identifiers.

Styles that are only used once are denoted with a # (a CSS “ID”) whereas styles that are reused multiple times are denoted with a . (a CSS “class”)

The best way to delve into the realm of CSS is to learn by experience.

### Let’s create!

First, we need to create and load our CSS file. Remember our nifty new pal header.php? This created a convenient way to load our CSS file!

Add the following code to your header.php just above the `</head>` tag.

```

<link href=”../assets/css/style.css” type=”text/css” rel=”stylesheet”/>

```

The ../ in the link to our stylesheet means we have to leave the current directory (the directory that header.php is in) and look for the assets/css/ directories.

Go ahead and create the css folder under your assets folder.

Next we’re going to create some simple CSS to test things out.

### It’s time to add some style!

We are going to create two divs.

A div is a divider / section in HTML.

Add this to your index.php (located in your CMS’ root folder) above the `<?php` tag.

```

<div id="myfirstid"></div>

<div class="myfirstclass"></div>

<div class="myfirstclass"></div>

<div class="myfirstclass"></div>

<div class="myfirstclass"></div>

<div class="myfirstclass"></div>

```

Then, create a CSS file

Add this:

```

#myfirstid{

Background:lightblue;

Font-family:Arial;

Font-size:44px;

Font-weight: Bold;

}

.myfirstclass{

Font-size:15px;

Color: darkblue;

}

```

Save your newly created CSS to assets/css/ as style.css.

### Pulling it all together, let’s see what we can do!

Let’s apply what we just learned to our index.php. But first, we should add our header.php and footer.php files.

### Including everyone

Add this to the top of your index.php file:

```

include(‘includes/header.php’);

```

Remove the `<divs>` we used for practice earlier, we have something better in store!

Add this to the bottom of your index.php:

```

include(‘includes/footer.php’);

```

Next, let’s modify our code so we can add some style to the data we retrieve from our database.

Modify the following line:

```

foreach($getmydata as $mydata){ echo "Title: "; echo $mydata['title']; echo "<br/>"; echo "Content: "; echo $mydata['content']; echo "<br/>"; echo "Author: "; echo $mydata['author']; echo "<br/>"; echo "<br/>";

```

as follows:

```

?>

<div id=”myfirstid”>

<?php

foreach($getmydata as $mydata){

echo "<div class=”myfirstclass”>Title: ";

echo $mydata['title'];

echo "<br/>";

echo "Content: ";

echo $mydata['content'];

echo "<br/>";

echo "Author: ";

echo $mydata['author'];

echo "</div><br/><br/>";

}?>

</div>

<?php

```

Your full index.php should now look like this:

```

<?php

include('includes/header.php');

include('includes/conn.php');

if ($letsconnect -> connect_errno) { echo "Error " . $letsconnect -> connect_error;

}else{

$getmydata=$letsconnect -> query("SELECT * FROM content");

?>

<div id="myfirstid">

<?php

foreach($getmydata as $mydata){

echo "<div class=”myfirstclass”>Title: ";

echo $mydata['title'];

echo "<br/>";

echo "Content: ";

echo $mydata['content'];

echo "<br/>";

echo "Author: ";

echo $mydata['author'];

echo "</div><br/><br/>";

}

?>

</div>

<?php

}

$letsconnect -> close();

include('includes/footer.php');

?>

```

## Go ahead, test it out!

There’s a lot to unpack and I will break things down a little more during our next tutorial!

## Challenge

Study the final index.php and try to form a few theories about why closing a php tag is necessary before adding raw html.

## Next Up: #CodeWithMe Part 4: Building A Good Base

2820 views · 9 months ago

![](https:/ /cdn.filestackcontent.com/ZriVX3EQNqmKgVF9FEdy)

#### Welcome back!, if you’re new please be sure to read [Part 1 here](https:/ /nomadphp.com/blog/1925/code-with-me-challenge-custom-cms-development-with-php-and-mysql).

This tutorial will focus primarily on Security and will touch on how to plan functionality.

Planning out an application and seeing progress regularly is a good strategy as you are most likely to complete your tasks in a timely fashion with this approach.

Ready?, ok let’s jump into it!

### DISCLAIMER

> We highly recommend that you follow these tutorials on a localhost testing server like Uniserver. Read through [Part 1 here](https:/ /nomadphp.com/blog/1925/code-with-me-challenge-custom-cms-development-with-php-and-mysql) to look at our recommendations. These tutorials follow a phased approach and it is highly recommended that you do not make snippets of code live prior to completing this tutorial series.

## Where we left off – the serious stuff.

In the previous tutorial we saved variables to the database.

It’s important to note that further steps are needed to ensure that data transactions to / from the database are secure.

A great first step is to ensure that all POST data (data transmitted after a user clicks a form’s submit button) is sanitized.

## What we’re trying to prevent

One of the most common exploits is SQL Injection, an attack most commonly used to insert SQL into db queries. POST data that’s not sanitized leaves a huge security hole for malicious exploits. In some cases SQL injection can be leveraged to rage an all out assault on a server’s operating system.

A few examples of a basic version of what this might look like can be seen below.

![](https:/ /cdn.filestackcontent.com/GdjoE6bPRQOT582LSGNQ)

#### OUTCOME

This might delete your database table

![](https:/ /cdn.filestackcontent.com/MlAzWxaJQWqsy7MjFQiM)

#### OUTCOME

This might provide access to the entire user table and the password protected area/dashboard.

***Please note that there are various types of SQL injection techniques and I will delve into this during the course of this series.***

## So what exactly is sanitization and what does it do?

When sanitizing POST data, we are essentially looking for any special characters that are often used in SQL injection attacks.

In many ways, this tiny piece of code is the unsung superhero of many database driven applications.

## Let’s secure that POST data!

Navigate to your backend folder and open index.php

Locate the following line of code:

```

$sql = "INSERT INTO content(title,content,author)VALUES ('".$_POST["title"]."', '".$_POST["content"]."', '".$_POST["author"]."')";

```

Ok, let’s get to work.

Based on what I mentioned a few moments ago, it’s clear that our SQL statement is vulnerable so we need to sanitize the POST data pronto!

The method I will focus on first is $mysqli->real_escape_string. This will escape any special characters found in the POST data.

Add the following just above your $sql.

```php

$title = $letsconnect -> real_escape_string($_POST['title']);

$content = $letsconnect -> real_escape_string($_POST['content']);

$author = $letsconnect -> real_escape_string($_POST['author']);

```

Did you notice the use of `$letsconnect`? This was used because of our db connection defined in conn.php.

Our new query will look like this:

```

$sql = "INSERT INTO content (title,content,author) VALUES ('".$title."', '".$content."', '".$author."')";

```

Go ahead and replace the old `$sql`.

Phew!, we can breathe easy now.

## Next, let’s lighten things up a bit by focusing on functionality and aesthetics.

A phased approach is the best way to tackle projects of any size.

I tend to jot this down on paper before creating a more legible professional spec!.

Typically the phased approach lends itself to logical progression.

For example, over the next several days I will go over the following:

* Account Access

* The login process

* The registration process

* The password recovery process

* Frontend

* The look and feel

* Menus

* Sidebars

*Main Content

*Footer

* Backend

* Content Management

* Add/Edit/Delete

* Security

This will give us a good springboard to delve into more complex functionality.

The aesthetic I have in mind will be barebones at first with clean CSS practices (this will make life a whole lot easier when we have to make changes down the line!).

## Challenge :

Plan out your own CMS, think about the user interface and design choices you’d like to implement, and create a phased approach.

## Conclusion

I hope this tutorial encouraged you to think about security and understand one of the most common exploits. During the course of this series, you will receive the tools necessary to beef up security while maintaining your sanity!

#### Next up

##### CodeWithMe – Let’s go templating.

SPONSORS

Faster PHP Cloud Hosting