All about PHP/MySQL

Wednesday, February 27, 2008

Random string generator in PHP

In many cases, like generating a new password or setting up the custom session id, i do use the following function often in my PHP scripts for random string generation:


function random_string($length='8')
$ran_string = "";
$chars = array("1", "2", "3", "4", "5", "6", "7", "8", "9", "0", "a", "A", "b", "B", "c",

"C", "d", "D", "e", "E", "f", "F", "g", "G", "h", "H", "i", "I", "j", "J", "k", "K", "l",

"L", "m", "M", "n", "N", "o", "O", "p", "P", "q", "Q", "r", "R", "s", "S", "t", "T", "u",

"U", "v", "V", "w", "W", "x", "X", "y", "Y", "z", "Z");

$count = count($chars) - 1;

srand((double)microtime() * 1000000);

for ($i = 0; $i < $length; $i++)
$ran_string .= $chars[rand(0, $count)];



$new_random_string = random_string();

Happy coding :-)

function for SQL Injection Protection

If you are using the web forms on your website to collect some user based data to put into a database then this function is right there for you to avoid any SQL injection injected by an experienced hacker. Without going into the details of hacking stuff i am putting the function here to enhance the site's security:

function quote_smart($value)
if (get_magic_quotes_gpc())
$value = stripslashes($value);

if (!is_numeric($value))
$value = "" . mysql_real_escape_string($value) . "";
return $value;

Simply scan the posted data before inserting it into database table. For example:

$form_field_value = quote_smart($_POST['form_field_name']);

This would help a lot am sure.

Happy coding :-)

Tuesday, February 26, 2008

Solution of a common error - Headers already sent!!

Since the beginning (not too long), while working on many php scripts i faced the 'Headers already sent' error many times and i was realy got stucked with that. I passed many hours on google and visited lot of forum posts but wasnt able to detect any quick solution. Some were saying to remove the blank spaces before starting of php tag and some where enforcing to do some other checks around the scripting files. Ofcourse the solutions worked for sometime but they were really time taking. Then a friend of mine, Rajneesh from india, suggested me to use a php function ob_start() while i was again stucked with same error in a script and deadline of that project was almost there. Here is the official definition i could get from regarding this really useful function.

'' This function will turn output buffering on. While output buffering is active no output is sent from the script (other than headers), instead the output is stored in an internal buffer.''

This solved my problem for ever! Here is the method of its implementation.

Write down the ob_start() in very beginning of the script like:


And add this at the end:


And thats it. You will no more receive the 'Headers already sent' error ever on that script even if your script is sending the headers before any output.

I hope this solution will help someone else too facing same problem with PHP.