Set multilevel top navigation menu bar dynamically using jQuery


Menu will look like example image given below:

dynamicSubmenu-jquery
Add below jQuery in the head section of the page:
$(document).ready(function(){
    $('ul.classname li.classname').each(function(){
        $(this).find('ul').each(function(){
            $(this).find('li').each(function(){
                $(this).find('a').append('<span class="navi-arrowright"></span>');
                $(this).find('a:last').find('span').remove();
            });
        });
    $(this).find('a:first').css('padding-right','25px').append(<img src="/images/down-arrow.png" />');

    });

});

Add below CSS in the style sheet then add on header of the page:

.navi-arrowright {
    background-attachment: scroll;
    background-clip: border-box;
    background-color: transparent;
    background-image: url("images/menu-arrow-right.png");
    background-origin: padding-box;
    background-position: right top;
    background-repeat: no-repeat;
    background-size: auto auto;
    float: right;
    height: 7px;
    position: absolute;
    right: 9px;
    top: 13px;
    width: 4px;
}

How to prevent your site from SQL injection


What is SQL Injection?

SQL injection refers to the act of someone insert a MySQL statement/ MySQL Quries to be run on your system without your knowledge. Injection usually come to the picture when you ask a user for input a data via system, like their name, and instead of a name they give you a MySQL statement that you will unknowingly run on your database.

In fact, the only reason that many websites are “protected” is due to magic quotes, and given that this is due to be disabled in the forthcoming PHP6, then there’s going to be some major problems cropping up.

    // user and password come from a simple Posted form

    $username = $_POST[ 'username' ];
    $password = $_POST[ 'password' ];
     
    $query = "SELECT * FROM user_table WHERE username = '$username ' AND password = '$password' ";
     
    $result = mysql_query( $query );
     
    // check if mysql result not null
    if ( mysql_num_rows( $result ) > 0 )
    {
        $data = mysql_fetch_assoc( $result );
        echo 'Hello '.$user.'!';
        echo 'Your phone number is '.$data[ 'phone' ].'';
    }
    else
    {
        echo 'Incorrect Username or Password! Please try again!';
    }

This will works, BUT it’s about as safe as juggling with scalpels. If I enter “chans” as my username and “admin” as my password, then the MySQL query looks like below code :

SELECT * FROM user_table WHERE username = 'chans' AND password = 'admin'

and I get logged in very simply.

But the problem comes when I start entering other characters. Lets say user will enter password like this : 

 ' or 1=1 ; --

The query that sent to MySQL will look like this:

    SELECT * FROM user_table WHERE username = 'chans' AND password = '' or 1=1 ; -- '

However, the injection attack has actually made our query behave differently than we intended. By using a single quote (‘) they have ended the string part of our MySQL query

 password = ' '

and then added on to our WHERE statement with an OR clause of 1 (always true).

 username = ' ' OR 1 = 1

This OR clause of 1=1 will always be true and so every single entry in the “user_table” table would be selected by this statement!

Now Attempt to fix it ( The magic quotes ):

How to fix this? We need to be escape these quote characters ( both single and double quotes, as well as backslashes). This is done by putting a slash in front of them,
For Example : so s ‘ becomes s \’, and MySQL can work out that that quote mark is “protected” by the slash(\), and its a part of the value and ignore it. We need to use mysql_real_escape_string() function to prevent this serious problem with our applications,

 $password = mysql_real_escape_string($_POST['password']);

so now value of password would be look like this , 

 '\' or 1=1 ; --

So, user attempt to login becomes:

 SELECT * FROM user_table WHERE username = 'chans' AND password = '\' or 1=1 ; -- ';

MySQL thinks my password is the string

 ' or 1=1 ;

and user won’t be able to login.

So where do we get these slashes? Since around PHP version 3.06, PHP tries to do this for you, with a setting called “magic_quotes” . What this does is to automatically add slashes to anything coming in via HTTP get or post requests and via cookies. You can also do this manually using the mysql_real_escape_string() function.

Happy Coding…. 🙂

What is CRM?


CRM, Customer Relationship Management is a business strategy that enables organizations to get closer with their customers, to better serve their needs,requirements, improve customer service, enhance customer satisfaction and thereby maximize customer loyalty and retention.

Organizations are quickly recognizing that in order to survive competition it is important to grab customer attention with unique brand identity and superior service levels. Businesses which initially focused on finance / sales / marketing management are now shifting their priority towards customer relationship management.

CRM solutions are flooding the market with easy-to-use tools to manage business customers.

Understanding CRM

Just a precise CRM definition may not do justice to this industry leading technology. So rather than attempting to a CRM definition the better approach would be to gain a clear understanding of this high-end concept.

CRM, Customer Relationship Management is a business philosophy towards customers. To focus on their needs and improve customer relationships, with a view to maximize customer satisfaction. It encompasses the variety of technology employed to streamline customer interaction to find, acquire and retain customers.

With human relationships at its core, CRM tools help to add value to business by streamlining operational processes and business functions. The key focus is towards retaining customers, improving customer loyalty and thereby maximizing profitability.

Why CRM is Important?

Every business has to focus on the needs of the customer. CRM (Customer relationship management) is the array of processes that help a company to understand the preferences or dislikes of individual customers in order to build lasting relationships. CRM solutions help to safely store volumes of customer data in an organized easy-to-access manner. By analyzing this data businesspersons can determine individual customer behavior, analyze preferences and provide one-to-one services to maximize customer satisfaction. Such a customer-centric approach helps to augment customer loyalty and increase their value to the company.

MVC design/structure for PHP


Hello, here is the brief description for MVC (Model-View-Controller).

The MVC paradigm is a way of breaking an application, or even just a piece of an application’s interface, into three parts: the model, the view, and the controller. MVC was originally developed to map the traditional input, processing, output roles into the GUI realm:

Input –> Processing –> Output
Controller –> Model –> View

Model :

  • A model is an object representing data or even activity, e.g. a database table or even some plant-floor production-machine process.
  • The model manages the behavior and data of the application domain, responds to requests for information about its state and responds to instructions to change state.
  • The model represents enterprise data and the business rules that govern access to and updates of this data. Often the model serves as a software approximation to a real-world process, so simple real-world modeling techniques apply when defining the model.
  • The model is the piece that represents the state and low-level behavior of the component. It manages the state and conducts all transformations on that state. The model has no specific knowledge of either its controllers or its views. The view is the piece that manages the visual display of the state represented by the model. A model can have more than one view.

View:

  • A view is some form of visualisation of the state of the model.
  • The view manages the graphical and/or textual output to the portion of the bitmapped display that is allocated to its application.
  • Instead of a bitmapped display the view may generate HTML or PDF output.
  • The view renders the contents of a model. It accesses enterprise data through the model and specifies how that data should be presented.
  • The view is responsible for mapping graphics onto a device. A view typically has a one to one correspondence with a display surface and knows how to render to it. A view attaches to a model and renders its contents to the display surface.

Controller:

  • A controller offers facilities to change the state of the model. The controller interprets the mouse and keyboard inputs from the user, commanding the model and/or the view to change as appropriate.
  • A controller is the means by which the user interacts with the application. A controller accepts input from the user and instructs the model and view to perform actions based on that input. In effect, the controller is responsible for mapping end-user action to application response.
  • The controller translates interactions with the view into actions to be performed by the model. In a stand-alone GUI client, user interactions could be button clicks or menu selections, whereas in a Web application they appear as HTTP GET and POST requests. The actions performed by the model include activating business processes or changing the state of the model. Based on the user interactions and the outcome of the model actions, the controller responds by selecting an appropriate view.
  • The controller is the piece that manages user interaction with the model. It provides the mechanism by which changes are made to the state of the model.

The purpose of the MVC pattern is to separate the model from the view so that changes to the view can be implemented, or even additional views created, without having to refactor the model.