majdi (18)
Majdi M. S. Awad Back End Developer Email: majdiawad.php@gmail.com | Mobile: +971 (055) 993 8785 Linkedin Account: https://www.linkedin.com/in/majdi-awad-aa2384317/ HackerRank Account: https://www.hackerrank.com/profile/majdiawad_php Abu Dhabi, United Arab Emirates PHP | SQL | Python | Java
Posts 9 Posts
Moderating 0 Room
It's really great to share information and experiences with others and I really thank you for this post. But what makes a site stand out is how accurate and comprehensive the information is. Here are some notes about the scripts you've posted, especially regarding security. 1. There’s a few things you gotta watch out for. First up, you're using user input directly in the query, which is a big no-no unless you’re super sure that the $userId variable is sanitized and...
[ATS_Prototype](https://github.com/majdi-php-sql/ATS_Prototype)
The system handles this issue by tossing out all those trivial and worthless factors. Those factors are just old-school ATS system restrictions that some folks still use to make a quick buck by crafting resumes for job seekers. Lazy, corrupt, and often clueless HR people use them to cover up their shady practices. The system gets rid of these factors by converting the whole content of the file into text stored in the database, making it easier to search and analyze, no matter how the job...
Generating a changelog based on commits and adhering to Conventional Commits can be streamlined using various GitHub Actions. GitHub Action for Conventional Changelog, release-drafter/release-drafter, Semantic Release.
Without any logical reason, I hate JSON
Yeah, SanitizeString($string) uses htmlentities() and strip_tags(), which are still solid for cleaning up HTML output. But MysqlSanitizeString($string) uses mysql_real_escape_string(), which is kinda old-school. For modern PHP apps, you should go with mysqli_real_escape_string() or PDO prepared statements for handling database interactions. We’ll dive into these techniques in the next parts of this series.
yes, I totally agree
Check this: [MySQL Setup at Hostinger Explained](https://www.hostinger.com/blog/mysql-setup-at-hostinger-explained)
Definitely possible to replicate a database on shared hosting, though it can vary a bit depending on what your hosting provider supports. First off, you'll need to check if your hosting plan lets you manage databases and set up replication. Some shared hosting plans might put the brakes on that kind of thing, so it's worth a look. Once you're set, you’ll want to get your main database prepped. Create a replica database through your hosting control panel—like cPanel or...
Yes, almost every day. To be clear, I don't recommend using it, but I gotta say, if you use it right as a programmer, it'll save you a ton of time and effort.
Look, from an academic and scientific perspective, I’m not really into content management systems or frameworks. I’d rather start from scratch with a blank page and write my own script. But from a commercial and practical standpoint, using content management systems the right way can churn out awesome products super fast. Regarding security, it’s a solid yes, as long as they’re used correctly.
I hope so
there are a bunch of security issues that need fixing to keep the system safe from potential hacks. First off, using `SELECT *` in SQL queries is a waste because it grabs all columns from the users table, even if you don't need them all. This can slow things down and use up resources, especially with big tables. While this doesn't mean the system is hacked, it can expose more data if an attacker uses SQL injection to run their own queries. Next, not having automatic rehashing for...
I think the article highlights several critical issues regarding CrowdStrike's recent massive global outage. The incident, triggered by a software update, caused widespread disruptions, including flight cancellations, banking transaction failures, and media broadcast interruptions. Given CrowdStrike's reputation as a cybersecurity powerhouse, this failure is particularly significant and concerning. George Kurtz, the co-founder, publicly apologized and acknowledged the severity of the...
Meanwhile, let's focus on using the tools to find security vulnerabilities in part 3.
What you say is correct regarding the state of the code currently in front of you, but this is part of a 12-part series where we’ll review all these details and more gradually. The purpose of publishing this series here is to: 1. Increase content. 2. Communicate ideas to students (aged 17 to 22, as mentioned in the first part) in detail and gradually, following a structured approach. 3. Discuss what you’re talking about now in Part 8 of this series, so that students understand the real...
By the way, this comment should be in part 3, but it's all good.
You are correct Using PDO is better but can you hack it as it is now, and how?
The purpose of this code is to create a visual representation of a grid structure, which is super handy for debugging, visualization, or prepping data for further processing in a grid-like format. Based on the provided code, I can see that it initializes an empty array called `grid` and runs through a loop 65 times (from 0 to 64) to build a grid structure with 8 rows, each with 8 cells. Inside the loop, it checks if the counter modulo 8 is zero, which means it's the start of a new row....
Lottery Picker Script,I believe it solved!
As I understand from your question, you want to create a Lottery Picker program with the following features: it should ensure that each number is unique within a game and that no two games are the same. Users should be able to set the maximum number allowed in the game (greater than 1), choose how many numbers are picked per game (more than 4), and decide how many games are generated in one run (more than 1). Additionally, the program should include a special number in each game. Okay but...
As you can see, it is presented by Google, and Google determines it to be a hard-level problem. Therefore, I believe it is best to encourage the curious to climb the ladder step by step instead of simplifying the solution any further. Sure, I will check the problem you mentioned and try to solve it. ![Problem Image](https://i.ibb.co/ggs2qYg/1.png)
Note: If you think that I’ve explained everything about SQL injection tools and that you can use this article to hack other websites with SQLmap, you’re mistaken. I haven’t covered everything, and the SQLmap commands mentioned in this post, such as `PHPSESSID=your_session_id`, are not the exact ones I used for testing.
I'm sorry, I didn't catch that
It was more than plenty
We are discussing security patterns and best practices, which are generally language-agnostic principles that can be applied across different programming languages. While specific implementation details may vary based on the language and its ecosystem, these principles remain consistent. We may explore specific implementation nuances for different languages towards the conclusion of this series.
Maybe in part 3 after we test the script using SQLmap, OWASP ZAP, Burp Suite, and Netsparker. After testing we are going to discover more issues and we will talk how to enhance the script.
Thank you for your insightful comment. I will address the text formatting issue in future posts.
From an academic educational point of view, I believe both lists offer valuable learning opportunities, but they emphasize different aspects. The original lists provide a solid foundation in technical skills such as CRUD operations, authentication, and data management through applications like blogs, chat systems, and e-commerce platforms. These projects focus on practical implementation and user interaction features like comments, real-time messaging, and shopping carts, which are essential...
Is PHP a Dead Language? Recently, two young men approached me to discuss the question: Is PHP a dead language? Here, I aim to provide a neutral, in-depth, and scientific analysis to answer this question. First, we need to identify the indicators and symptoms that suggest a language might be deteriorating or approaching obsolescence. The most prominent and important indicators are: - Declining Popularity: Decreased activity and interest in online communities and forums. - Reduced Adoption:...
Okay, it's dying but as a programmer I don't care about ranking and all of these trend shits, I learned to believe in numbers and numbers says: 1- 1,548,000,000 Websites are using PHP 1- PHP is used by 77.4% of all the websites whose server-side programming language we know. 2- Around 474 million websites are built on WordPress. WordPress dominates the CMS market with a 62.7% share. 3- Around 474 million websites are built on WordPress. WordPress dominates the CMS market with a...
You forgot to mention 'LOVE' I am in love with this language.
MySQL, PostgreSQL, SQL Server, and Oracle. known as RDBMS (Relational database management system) SQLite, Microsoft Access, Apache Cassandra, Redis, Neo4j, and Amazon DynamoDB are examples represent a range of DBMS types, from traditional relational databases to newer non-relational (NoSQL) databases. What is the difference? we will talk about it later.
I think that I can't upload a file here anyway, you can check this project on my github account. https://github.com/majdi-php-sql/loginregistrationsystem Also you can know more by checking the design pattern. https://github.com/majdi-php-sql/loginregistrationsystem/blob/main/Secure%20PHP%20%26%20SQL%20Login%20System.pdf I will write a post (tomorrow maybe) to explain the details.
notepad++
Regarding you Complete PHP Protection Example: I believe it's crucial to address several security issues in your PHP code snippet for database interaction and user authentication. Firstly, there's a risk of SQL injection due to how user input is directly inserted into the SQL query. To mitigate this, I suggest fully utilizing prepared statements by binding parameters explicitly rather than passing them directly into the execute() method. This ensures that user input is treated as...