Keredari - Developer's Blog

As per MySQL documentation CONCAT() returns NULL if any argument is NULL. So, we need to use  CONCAT   with   IFNULL . For Example SELECT    CONCAT( IFNULL(`contact_name`, ''),' ',IFNULL(`last_name`, '')) AS full_name FROM `users`

  render() method just once in the beginning even with empty array, then call the updateSeries() method in ajax call to update data of the chart. var options = { series: [{   name: 'Completed trips',   data: [] }, {   name: 'Cancelled trips',   data: [] }], chart: {   height: 350,   type: 'bar',   toolbar: { show: false },   zoom: { enabled: false } }, plotOptions: {   bar: { horizontal: false, columnWidth: '55%', endingShape: 'rounded'   }, }, dataLabels: { enabled: false }, stroke: {   show: true,   width: 2,   colors: ['transparent'] }, fill: { colors: ['#ffc074', '#6e6e6e'] }, markers: { colors:  ['#ffc074', '#6e6e6e'] }, legend: {   markers: { fillColors: ['#ffc074', '#6e6e6e'] } }, noData: { text: 'Loading...'}, xaxis: {   categories: ['Jan','Feb', 'Mar', 'Apr', 'May'

 Sometime we face a problem with session while moving site from localhost to the live server. So if you get error message something like that: A PHP Error was encountered Severity: Warning Message: mkdir(): Permission denied Filename: drivers/Session_files_driver.php Line Number: 117   SOLUTION:    Just add below code to your config.php, This would be really helpful to you. $config [ 'sess_save_path' ] = sys_get_temp_dir();

 Typically server have 2 response headers in Apache2 which you want to remove for security reason. ServerSignature - used to configure a footer line under the server-generated documents.  ServerTokens - controls the details which the server sends. The details can include OS and other complied modules. Implementation Procedure in Apache2 Run this command sudo nano /etc/apache2/conf-enabled/security.conf Within that file, search for SeverTokens and set it to Prod Then search for ServerSignature and set it to Off Save and close that file. Restart Apache with the command sudo systemctl restart apache2

 This is a new security feature introduced by Microsoft in IE 6 SP1 to mitigate the possibility of a successful Cross-Site scripting attack by not allowing cookies with the HTTP only attribute to be accessed via client-side scripts. We can mitigate most common XSS attacks in our web application using HttpOnly and Secure flag with cookie. Implementation Procedure in Apache2 Ensure that mod_headers.so are enabled in Apache HTTP server Add below line in httpd.conf            Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure Restart Apache HTTP server to test ( sudo systemctl restart apache2 ) Note: You can check either leverage the browser’s inbuilt developer tools to check the response header or use an online tool .

 A Cross-Frame Scripting (XFS) vulnerability can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page.       The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering, or Cross-Site Request Forgery attacks. To defend Clickjacking attack on Apache web server, we can use X-FRAME-OPTIONS to avoid web application being hacked from Clickjacking attack. Browser vendors have introduced and adopted a policy-based mitigation technique using the X-FrameOptions header. Developers can use this header to instruct the browser about appropriate actions to perform if their site is included inside an iframe.  Developers must set the X-Frame-Options header to one of the following permitted values: ·  DENY: - Deny all attempts to frame the page ·  SAMEORIGIN: -The page can be framed by another page only if it belongs to the same origin as the page being framed ·  ALLOW-FROM origin: - Developer