Membuat Anti SQL Injection

Tinggalkan komentar

Contoh Aplikasi Form Login
Langkah pertama adalah pembuatan database:

Kemudian membuat script php:
Script
1. Public_html /Login _form.php
<!DOCTYPE html>
<head>
<title>form login</title>
</head>
<body>
<form name=”login” action=”config/login_check.php” method=”post”>
<table border=”1″ align=”center” bordercolor=”#00CCFF”>
<tr><td colspan=”2″><div align=”center”>Form Login</div></td></tr>
<tr><td>Username</td><td> : <input type=”text” name=”username”></td></tr>
<tr><td>Password</td><td> : <input type=”password” name=”password”></td></tr>
<tr><td colspan=”2″><div align=”center”>
  <input type=”submit” value=”Login”>
</div></td></tr>
</table>
</form>
</body>
</html>
2. public_html/config/login_check.php
<?php
include “../conn.php”; //connection file
function anti_injection($data){
$filter = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data,ENT_QUOTES))));
return $filter;
}
$username = anti_injection($_POST[‘username’]);
$pass     = anti_injection(md5($_POST[‘password’]));
//make sure the username and password are character or number.
if (!ctype_alnum($username) OR !ctype_alnum($pass)){
echo “Bingo!! sekarang login form telah terlindungi. Tidak ada SQL Injection.”;
}
else{
$login=mysql_query(“select * from users where username=’$username’ and password=’$pass’
and block=’N'”);
$found=mysql_num_rows($login);
$r=mysql_fetch_array($login);
//If found the username and password
if ($found > 0){
session_start();
include “timeout.php”;
$_SESSION[username]     = $r[username];
$_SESSION[fullname]     = $r[full_name];
$_SESSION[passuser]     = $r[password];
$_SESSION[leveluser]    = $r[level];
// session timeout
$_SESSION[login] = 1;
timer();
$old_sid = session_id();
session_regenerate_id();
$new_sid = session_id();
mysql_query(“update users set id_session=’$new_sid’ where username=’$username'”);
header(‘location:../home.php’); //page redirection, after success login
}
else{
echo “<center>LOGIN GAGAL!!<br/>
salah username atau password.<br/>
atau accaunt anda diblokir<br/>”;
echo “<a href=../login_form.php><b>Coba Lagi</b></a></center>”;
}
}
?>
3. . public_html/config/timeout.php
<?php
session_start();
function timer(){
$time=10000; //set the timer
$_SESSION[timeout]=time()+$time;
}
function login_check(){
$timeout=$_SESSION[timeout];
if(time()<$timeout){
timer();
return true;
}else{
unset($_SESSION[timeout]);
return false;
}
}
?>
4. public_html/config/logout.php
<?php
session_start();
session_destroy();
echo “<center>Anda berhasil Keluar dari sistem.<b>[LOGOUT]</b></center>”;
?>
5.public_html/home.php
<?php
session_start();
error_reporting(0);
include “config/timeout.php”;
if($_SESSION[login]==1){
if(!login_check()){
$_SESSION[login] = 0;
}
}
if($_SESSION[login]==0){
header(‘location:login_form.php’);
}
else{
if (empty($_SESSION[‘username’]) AND empty($_SESSION[‘passuser’]) AND $_SESSION[‘login’]==0){
“<center>Untuk mengakses halaman ini, login dulu ya!<br/>”;
echo “<a href=login_form.php><b>LOGIN</b></a></center>”;
}
else{
?>
<!DOCTYPE html>
<head>
<title></title>
<style type=”text/css”>
<!–
#Layer1 {
            padding:10px;
            width:1000px;
            height:280px;
            background-color: #00CCFF;
}
.style1 {color: #000000}
–>
</style>
</head>
<body>
<div id=”Layer1″>
  <h1 align=”center”>Selamat Datang </h1>
  <h4 align=”center”>Di Web Ku </h4>
  <p align=”center”><a href=”config/logout.php” target=”_parent”>logout</a></p>
  <p>&nbsp;</p>
</div>
</body>
</html>
<?php
}
}
?>
6.public_html/conn.php
<?php
$host = “localhost”;
$username = “root”;
$password = “”;
$databasename = “users”;
$connection = mysql_connect($host, $username, $password) or die(“Kesalahan Koneksi … !!
“);
mysql_select_db($databasename, $connection) or die(“Database Error”);
?>
Source : suranto-uty.blogspot.com
Iklan

Edit dan hapus data (mysql php)

Tinggalkan komentar

Sebelumnya kita tampilkan dulu data yg maw di update

contoh :

<?php
include”koneksi.php”;
$result = mysql_query(“SELECT * FROM tamu”);
echo “<table border=’1′>
<tr>
<th>No</th>
<th>nama</th>
<th>email</th>
<th>telpon</th>
<th>pesan</th>
<th colspan=’2′> Aksi</th>
</tr>”;
$i=1;
while($row = mysql_fetch_array($result))
{
echo “<tr>
<td> $i </td>
<td>$row[nama]</td>
<td>$row[email]</td>
<td>$row[notelp]</td>
<td>$row[pesan]</td>
<td><a href=edit.php?id=$row[id]>Edit</a></td>
<td><a href=hapus.php?id=$row[id]>Hapus</a></td>
</tr>”;
$i++;
}
echo “</table>”;
?>

Buat script untuk imput data baru

<?php
$id = $_GET[‘id’];
$row = mysql_query(“select * from tamu where id=’$id'”);
?>
<form method=”post” action=p_edit.php?id=<?php echo”$id”;?>>
<table border=”1″>
<tr>
<td>Nama</td><td>:</td><td><input type=”text” name=”nama”></td>
<tr></tr>
<td>Email</td><td>:</td><td><input type=”text” name=”email”></td>
<tr></tr>
<td>No Telpon</td><td>:</td><td><input type=”text” name=”notelp”></td>
<tr></tr>
<td>Pesan</td><td>:</td><td><textarea name=”pesan” cols=”1″ rows=”1″></textarea></td>
</tr>
</table>
<input type=”submit” value=”ubah”><input type=”reset” value=”hapus”>
</form>

Buat Script proses pengubahan data

<?php
include”koneksi.php”;
$id = $_GET[‘id’];
$nama=$_POST[‘nama’];
$email=$_POST[’email’];
$notelp=$_POST[‘notelp’];
$pesan=$_POST[‘pesan’];
$simpan=mysql_query(“update tamu SET nama=’$nama’,email=’$email’,notelp=’$notelp’,pesan=’$pesan’ where id=’$id'”);
if($simpan){echo”data berhasil diupdate “;}
else{echo”gagal diupdate”;}
?>

Script hapus data

<?php
include”koneksi.php”;
$id=$_GET[‘id’];
$hapus=mysql_query(“delete from tamu where id=’$id'”);
if($hapus)
{echo “data terhapus”;}
else
{echo “data gagal dihapus”;}
?>
<hr>
<a href=”lihat.php”>lihat data</a>
<br><a href=”guesbook.php”>input data</a>

MENAMPILKAN DATA (mysql & php)

2 Komentar

Berdasarkan pengurutan

ASC/DESC

Contoh :

Tanpa tabel :

<?php
include”koneksi.php”;
$result=mysql_query(“SELECT * FROM tamu order by id desc”);
$row = mysql_fetch_array($result);
?>
<?php
echo”Nama :$row[nama]<br>”;
echo”Email : $row[email]<br>”;
echo”No Telpon : $row[notelp]<br>”;
echo”Pesan : . $row[pesan]<br> .”;
?>

Dengan tabel :

<?php
include”koneksi.php”;
$result = mysql_query(“SELECT * FROM tamu ORDER BY id DESC”);
$row = mysql_fetch_array($result);
?>
<table width=”200″ border=”0″>
<tr>
<td>nama</td>
<td>:</td>
<td><?php echo “$row[nama]”;?></td>
</tr>
<tr>
<td>email</td>
<td>:</td>
<td><?php echo “$row[email]”; ?></td>
</tr>
<tr>
<td>no telpon</td>
<td>:</td>
<td><?php echo “$row[notelp]”; ?></td>
</tr>
<tr>
<td>pesan</td>
<td>:</td>
<td><?php echo “$row[pesan]”; ?></td>
</tr>
</table>

Secara langsung /tampil semua menurun 

Contoh :

Tanpa tabel :

<?php
include”koneksi.php”;
$result = mysql_query(“SELECT * FROM tamu”);

while($row = mysql_fetch_array($result))
{
echo $row[‘nama’] . ” ” . $row[’email’] . ” ” . $row[‘notelp’] . ” ” . $row[‘pesan’];
echo “<br />”;
}
?>

Dengan tabel :

<?php
include”koneksi.php”;
$result = mysql_query(“SELECT * FROM tamu”);
echo “<table border=’1′>
<tr>
<th>nama</th>
<th>email</th>
<th>telpon</th>
<th>pesan</th>
</tr>”;
while($row = mysql_fetch_array($result))
{
echo “<tr>”;
echo “<td>” . $row[‘nama’] . “</td>”;
echo “<td>” . $row[’email’] . “</td>”;
echo “<td>” . $row[‘notelp’] . “</td>”;
echo “<td>” . $row[‘pesan’] . “</td>”;
echo “</tr>”;
}
echo “</table>”;
?>

 

 

tambah data (mysql dan php)

Tinggalkan komentar

script untuk menambah data koneksi php mysql

mysql_query ("insert into namatabel(field1,fiel2,field3)values('$field1','$field2','$field3');");

contoh :

<?php
$nama=$_POST[‘nama’];
$email=$_POST[’email’];
$notelp=$_POST[‘notelp’];
$pesan=$_POST[‘pesan’];
include”koneksi.php”;
$simpan=mysql_query(“insert into tamu(nama,email,notelp,pesan)values(‘$nama’,’$email’,’$notelp’,’$pesan’);”);
if($simpan){echo”data tersimpan”;}
else{echo”gagal disimpan”;}
?>

include dan require

Tinggalkan komentar

include “namafile”;

require “nama file”;

contoh :

<?php

include “namafile.php”;

//script selanjutnya;

?>

Fungsi Gatedate

Tinggalkan komentar

getdate(timestamp)

format, element

jam [hours]

menit [minutes]

detik [seconds]

hari dalam sebulan [mday]

hari dalam seminggu [wday]

tahun [year]

hari dalam setahun [yday]

nama hari dalam seminngu [weekday]

nama bulan dalam setahun [month]

 

contoh :

<?php
$tgl=getdate();
print(“$tgl[weekday], $tgl[mday] $tgl[month] $tgl[year]”);
?>

 

Date defaul timezone set

Tinggalkan komentar

date_default_timezone_set (‘zona daerah’);

lihat daftar di web resmi php 

contoh :

<?php
$tgl=date(‘l,d F Y’);
echo(date_default_timezone_set (‘Asia/Jakarta’));
echo”Hari/Tanggal : $tgl”;
?>

 

Older Entries