301 Redirects

A 301 redirect is an efficient and Search Engine friendly method for webpage redirection. It is relatively simple to implement and it should preserve search engine rankings for that particular page should you need to rename or move it. The code “301” is interpreted as “moved permanently”.

There are multiple ways depending on your server and scripting platform, however I will deal with ones most relevant to Boolean clients.

PHP page level redirects:

<?
Header( "HTTP/1.1 301 Moved Permanently" );
Header( "Location: http://www.new-url.com" );
?>

.htaccess domain level redirects (Apache Mod-Rewrite moduled must be enabled)

Options +FollowSymLinks
RewriteEngine on
RewriteRule (.*) http://www.new-url.com/$1 [R=301,L]

You can test your redirection with the Search Engine Friendly Redirect Checker available here.

301 Redirects Read More »

WordPress Worm

wordpress_logo

Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.

As always, keep your WordPress installation up to date, further reading is available here.

WordPress Worm Read More »

IE6 No More

ie6nomore-logo

Why?
Enough is enough. Microsoft Internet Explorer 6 was released in late 2001. For its time, it was a decent browser, but in 2009, it is still in use by a significant portion of the web population, and its time is now up.

As any web developer will tell you, working with IE 6 is one of the most difficult and frustrating things they have to deal with on a daily basis, taking up a disproportionate amount of their time. Beyond that, IE 6’s support for modern web standards is very lacking, restricting what developers can create and holding the web back.

What?
This website is run by a group of people who want to see IE 6 disappear as soon as possible. To help make that happen, we’re encouraging the IE 6 users of our websites to upgrade to a more modern browser, so they can have a better experience using our sites and browsing the web.

This site has examples for various platforms to display a banner to IE6 users to encourage them to get up to date. Code examples are available directly here

IE6 No More Read More »

The future of PHP

php-logo

A few changes in PHP 6:

This post is mainly about what is removed (and will no doubt break countless scripts out there)

  • magic quotes
  • register_globals
  • register_long_arrays
  • safe_mode

magic_quotes


// Assuming magic_quotes is on
$sql = "INSERT INTO USERS (USERNAME) VALUES $_GET['username'];

// Using proper parameterised query method (MySQL)
$statement = $dbh->prepare("INSERT INTO USERS (USERNAME) VALUES ?";
$statement->execute(array($_GET['username']));

Obviously the get_magic_quotes_gpc() function will no longer be available.

register_globals

// a security hole because if register_globals is on the value for user_authorised can be set by a user sending
// them in the query string
// i.e www.example.com/index.php?user_authorised=true
if ($user_authorised){
// show all the data
}

// Being specifc
function is_authorised{
if (isset($_SESSION['user'])){
return true;
}else{
return false;
}
}
$user_authorised = is_authorised();

register_long_arrays

Using deprecated registered arrays:

// Echo the name of the user value given on the query string
// http://www.example.com/index.php?username=notgood
echo "Welcome, $HTTP_GET_VARS['username']";

Using $_GET

// Using the supported $_GET array instead
echo "Welcom, $_GET['username']@;

safe_mode
This was originally to ensure that the owner of a file being operated on matches the owner of the script that is executing. It was originally a way to attempt to handle security when operating on a shared server environment (like many ISPs would have) It is outside the scope of this blog to document the numerous functions affected by this change, so consult your documentation.

The future of PHP Read More »

WordPress Tips

wordpress_logo

Ongoing tips and tricks for WordPress installations:

1) By default WordPress adds a version number to the header of blog pages.

<meta name="generator" content="WordPress 2.7" />

Unfortunately this information is valuable for WordPress hackers as they can target blogs using the older and less secure versions of WordPress software. To remove this version number from the header add this line to your functions.php file in the WordPress themes folder.

<?php remove_action('wp_head', 'wp_generator'); ?>

2) Since WordPress 2.6 there are document revisions allowing access to all previous versions. This is a fantastic feature for blogs with multiple authors and multiple versions of documents; however many of us do not require this functionality. These post revisions also increase the size of the wp_posts table as each revision creates a new row.

To disable revisions add the following line to your wp-config.php file

define('WP_POST_REVISIONS', false);

3) Hot Linking is the unauthorised linking of images or downloads from your website to another. Basically the images are hosted on your website and other websites link their image tags to your files, – essentially stealing your bandwidth. If people are ‘hotlinking’ to your image files, they are using your bandwidth which you pay for one way or another through bandwith or performance issues.
You can edit your .htaccess file to disable this behaviour:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(.*\.)?yourservername.com [NC]
RewriteRule \.(jpeg|jpg|gif|png)$ - [F]

4) Users can of course print from your blog directly from their browser, however you can simplify this by providing a direct print button right there on the post.

Edit the single.php file (for individual posts) from the relevant theme folder and add the following code wherever you want to have the option to print.

<a href="javascript:window.print()" rel="nofollow">Print post</a>

WordPress Tips Read More »

Maxlength for MySQL TEXT field types

mysql_logo

MySQL supports four TEXT field types (TINYTEXT, TEXT, MEDIUMTEXT and LONGTEXT)

MyISAM tables in MySQL have a maximum row size 65,535 bytes and all the data in a row must fit within that limit.

Luckily however TEXT field types are stored outside of the table itself and thus only contribute 9 – 12 bytes towards that limit.

Further reading is here.

Because TEXT data types are able to store so much more data than VARCHAR and CHAR field types it makes sense to use them when storing web pages or similar content in the database.

The maximum amount of data that can be stored for each data type is approximately:

TINYTEXT 256 bytes
TEXT 65,535 bytes ~64kb
MEDIUMTEXT 16,777,215 bytes ~16MB
LONGTEXT 4,294,967,295 bytes ~4GB

So most of the time TEXT will suffice, but if you are scratch building a CMS it might be an idea to think about MEDIUMTEXT

Update: (20/05/2014) – I see a lot of hits on this page, so I thought I’d spell out the information here for the terms you seem to be searching for…

TINYTEXT is a string data type that can store up to to 255 characters.

TEXT is a string data type that can store up to 65,535 characters. TEXT is commonly used for storing blocks of text such as the body of an article.

MEDIUMTEXT is a string data type with a maximum length of 16,777,215 characters. Use MEDIUMTEXT if you need to store large blocks of text, such as a book.

Maxlength for MySQL TEXT field types Read More »

Understanding CSS Class and ID

css_logo

Often these selectors can confuse beginners. In CSS a class is represented by a dot “.” while an id is a hash “#”. Simply put an id is used on a unique style that doesnt repeat whilst a class can be re-used.

Often it can be hard to decide where to use a class versus an id for an element

Use a class tag if:

1.The style is used in various places throughout the document.
2.The style is very general.

Use an id tag if:

1.The style is only used once ever in the document.
2.The style is specific to a certain area of the document.

Remember that an id can only appear once in any HTML document. Once you’ve used that id it should not be used again on that page.

Understanding CSS Class and ID Read More »

MySQL date_format

mysql_logo

I always seem to be digging around to find MySQL’s date formatting syntax, so here is a couple of common conversions…

select date_format(date, '%d %M %Y') as new_date from tablename

where date is the name of your date field, and new_date is the variable name which you can use to reference the value.

date_format String Example
‘%e/%c/%Y’ 25/4/2009
‘%c/%e/%Y’ 4/25/2009
‘%d/%m/%Y’ 25/04/2009
‘%m/%d/%Y’ 04/25/2009
‘%a %D %b %Y’ Fri 25th Apr 2009

A more complete list of specifiers is available here.

MySQL date_format Read More »