Menambahkan syntak higlighter di blogger


Bagi para programmer syntak highliger(SH)  sangatlah penting, kenapa? yups karena dengan SH kode yang kita buat lebih mudah dibaca karena setiap fungsi meiliki warna yang berbeda-beda. Langsung saja kita mulai memasangkannya di blog kita.







Secure Image Upload with PHP

Security is an important thing for a php application. For this reason I tried to learn it. This case exist in the process of uploading a picture. To avoid undesirable I use the secure image are written by Mesut Timur. In addition I have also included an image filter .

web security, nudity filter

Download Script
 
Example Usage:

HTML code:
 
<!DOCTYPE HTML>
<head>
 <meta http-equiv="content-type" content="text/html" />
 <meta name="author" content="Boomer" />

 <title>Secure Image Upload</title>
</head>

<body>

<form action="upload.php" method="post" enctype="multipart/form-data" >
    <input type="file" name="images" />
    <input type="submit" value="Upload" />
</form>

</body>
</html>

PHP code:
 
<?php
include 'inc/upload.php';
include 'inc/SecureImage.php' ;
include 'inc/NudityFilter.class.php';
    
class Image_Upload
{
    public $massage         = "";
    public $secure          = true;
    public $nudity_filter   = false;
    public $allowed_image   = "jpg|png|jpeg|gif";
    public $destination     = "";
    
    function upload( $parameter, $path )
    {
        if( !class_exists( 'Secure_Upload')) {
            $this->massage = 'Upload Class not exists';
            return false;
        }
        
        $upload = new Secure_Upload();
        $proses = $upload->upload( $parameter , $path );
        if( !$proses ) {
            $this->massage = $upload->massage;
            return false;
        }
   
        if( $this->secure && class_exists( 'SecureImage' )) {
            $image  = new SecureImage($upload->file_destination);
            if( !$image->CheckIt()) {
                unlink( $upload->file_destination );
                $this->massage = "Bad image";
                return false;
            }
        }
        
        if( $this->nudity_filter && class_exists( 'NudityFilter' ) ) {
            $nfilter = new NudityFilter();
            if( $nfilter->check( $upload->file_destination ) ) {
                $this->massage = "nude detected";
                unlink( $upload->file_destination );
                return false;
            }
        }
        
        $this->destination  = $upload->destination;
        $this->massage      = "Upload Sukses";
        return true;
    }
}

$image = new Image_Upload();
$image->nudity_filter = true;
$image->upload('images','images');
echo $image->massage;
?>

Simple PHP file cache

I try to share my experience on write php code, in this time i will share simple php librarary for caching content, this very simple. If you interesting you can get it from my dropbox.

PHP Data Objects (PDO)

PDO adalah cara baru untuk mengakses database pada PHP ,kelebihannya adalah kemudahan dalam penggantian database engine yang digunakan karena dalam PDO query setiap database engine tetap sama yang membeakan hanyalah koneksinya.Oke dari pada berlama-lama mari kita mulai:


Sebelumnya pastikan dulu exstension PDO telah terinstall edit php.ini dan periksa pada baris extension=php_pdo.dll jika sebelumnya ada tanda ";" hapus terlebih dahulu lalu restart webserver anda.

class crud
{
    public $db;


    public function conn() {

     $sgbd="mysql"; // DSN o banco
     $host="localhost"; //ip do server do banco
     $user="login do banco";
     $pass="senha";
     $database="nome do banco de dados";
//---------------------------------------------------------------------------
//CASO USE PostGreSQL $conn = new PDO("pgsql:host=$host dbname=$database", $user, $pass);
//CASO USE SQLite "sqlite:/opt/database/localblabla/seu_banco.sq3"
     if (!$this->db instanceof PDO) {
      $this->db = new PDO("$sgbd:host=$host;dbname=$database", $user, $pass);
      $this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
     }
    }


        /***
         *
         * @select values from table
         *
         * @access public
         *
         * @param string $table The name of the table
         *
         * @param string $fieldname
         *
         * @param string $id
         *
         * @return array on success or throw PDOException on failure
         *
         */
        public function dbSelect($table, $fieldname=null, $id=null)
        {
            $this->conn();
            $sql = "SELECT * FROM `$table` WHERE `$fieldname`=:id";
            $stmt = $this->db->prepare($sql);
            $stmt->bindParam(':id', $id);
            $stmt->execute();
            return $stmt->fetchAll(PDO::FETCH_ASSOC);
        }


        /**
         *
         * @execute a raw query
         *
         * @access public
         *
         * @param string $sql
         *
         * @return array
         *
         */
        public function rawSelect($sql)
        {
            $this->conn();
            return $this->db->query($sql);
        }

        /**
         *
         * @run a raw query
         *
         * @param string The query to run
         *
         */
        public function rawQuery($sql)
        {
            $this->conn();
            $this->db->query($sql);
        }


        /**
         *
         * @Insert a value into a table
         *
         * @acces public
         *
         * @param string $table
         *
         * @param array $values
         *
         * @return int The last Insert Id on success or throw PDOexeption on failure
         *
         */
        public function dbInsert($table, $values)
        {
            $this->conn();
            /*** snarg the field names from the first array member ***/
            $fieldnames = array_keys($values[0]);
            /*** now build the query ***/
            $size = sizeof($fieldnames);
            $i = 1;
            $sql = "INSERT INTO $table";
            /*** set the field names ***/
            $fields = '( ' . implode(' ,', $fieldnames) . ' )';
            /*** set the placeholders ***/
            $bound = '(:' . implode(', :', $fieldnames) . ' )';
            /*** put the query together ***/
            $sql .= $fields.' VALUES '.$bound;

            /*** prepare and execute ***/
            $stmt = $this->db->prepare($sql);
            foreach($values as $vals)
            {
                $stmt->execute($vals);
            }
        }

        /**
         *
         * @Update a value in a table
         *
         * @access public
         *
         * @param string $table
         *
         * @param string $fieldname, The field to be updated
         *
         * @param string $value The new value
         *
         * @param string $pk The primary key
         *
         * @param string $id The id
         *
         * @throws PDOException on failure
         *
         */
        public function dbUpdate($table, $fieldname, $value, $pk, $id)
        {
            $this->conn();
            $sql = "UPDATE `$table` SET `$fieldname`='{$value}' WHERE `$pk` = :id";
            $stmt = $this->db->prepare($sql);
            $stmt->bindParam(':id', $id, PDO::PARAM_STR);
            $stmt->execute();
        }


        /**
         *
         * @Delete a record from a table
         *
         * @access public
         *
         * @param string $table
         *
         * @param string $fieldname
         *
         * @param string $id
         *
         * @throws PDOexception on failure
         *
         */
        public function dbDelete($table, $fieldname, $id)
        {
            $this->conn();
            $sql = "DELETE FROM `$table` WHERE `$fieldname` = :id";
            $stmt = $this->db->prepare($sql);
            $stmt->bindParam(':id', $id, PDO::PARAM_STR);
            $stmt->execute();
        }
    }

?>