Blog SolucionesUNO.com | Web Design, graphic, and SEO.

SolucionesUNO designed the corporate identity Carnival, carrying the logo design and web design.

Thanks to the success of the website sold out 3 days before the event.

Exhausted all merchandising products offered for sale brand CARNIVAL MARATHON. Read full story

Often in our work web design have a responsibility to ensure that failures do not occur on our sites, mainly in those where the passage of variables from one page to another is common.

In most cases, variables can contain strings that can break other networks where they are introduced, to be fragments of SQL code, HTML models, the textarea input fields.

Some cases more severe than others, SQL injections to be a security problem in those sites that have not taken steps.

Our language Web programming of choice is PHP, therefore we also have a preference for the MySql engine. So I show you some tips to use on these platforms.

What is escape?

Escape character is a backslash to put behind him.

$variable = “Text string ”quotes ”.”;
echo $variable;

As you will see, quotes the string corresponding to the character escape \, thus allowing that quotes can be stored in the string, avoid confusion with the closing. This output will look like:

Text string “quotes”.

Los caracteres reservados de un lenguaje deben ser escapados para que en su compilación no se abran las cadenas ni se mal interprete el código.

Mysql_real_escape_string() -> http://ar2.php.net/mysql_real_escape_string

It is surely one of the best-designed functions to concatenate variables within a query addressed to MySql.

- Representaremos un error:
En la url tenemos: http://www.unsitio.es/producto.php?idprod=‘ AND idusuario = ‘34

En php tenemos:
$idprod = $_GET[‘idprod'];
$SQL = “SELECT * FROM productos WHERE idprod = ‘$idprod”

Si compilamos esto quedaría:
SELECT * FROM productos WHERE idprod = ‘‘ AND idusuario = ‘34′

$idprod puede ser una variable introducida por $_GET mediante la url, es un uso habitual para mostrar detalles de productos en una plantilla php, pero mal utilizada por un navegante puede fácilmente rompe una cadena y devolver errores en pantalla y meticulosamente ir descubriendo la estructura de la Base de Datos.

Si hiciéramos:

$ id_user = mysql_real_escape_string($_GET[‘id_user']);
$SQL = “SELECT * FROM productos WHERE idprod = ‘$id_user”

Esto quedaría:
SELECT * FROM productos WHERE idprod = ‘\‘ AND idusuario = \‘34′

De esta forma logramos que la cadena ingresada sea estrictamente registrada como una cadena de texto, y así la consulta no se romperá. En el peor de los casos, no devolverá resultados.

Now, esto no es todo. Existen otros errores posibles que puede ocurrir cuando vamos a comparar parámetro por $_GET, que ha sufrido alguna modificación accidental.
For example:

$idprod = mysql_real_escape_string($_GET[‘idprod']);
SELECT * FROM productos WHERE idprod = ‘$idprod ‘;

Será: SELECT * FROM productos WHERE idprod= ‘54ç’

Esto no devolverá resultados, y veremos una planilla con la información sobre el producto, prácticamente vacía.
Lo correspondiente a realizar cuando necesitamos recibir un parámetro netamente entero, es parsear el valor, para ello utilizamos (int)

$idprod = (int)($_GET[‘idprod']);
SELECT * FROM productos WHERE idprod = ‘$idprod’;

Será: SELECT * FROM productos WHERE idproducto = ‘54′

En caso de que $_GET[‘idprod'] sea nulo o alfanumérico sin números en su cadena, el valor parseado será 0. Si tuviera algún número, will take it and use it.
Example:

$variable = (int)(“101dalmatas”);
echo $variable;

The output will be: 101

Another very important aspect is to hide any sample code you can leave the screen, or avoid display a page that is incomplete.

Example:

En la url tenemos: http://www.unsitio.es/producto.php?idprod = unacadenadetexto

$idprod = (int)$_GET[‘idprod'];
$SQL = “SELECT * FROM productos WHERE idprod = $id_prod”;
(namely: SELECT * FROM productos WHERE idprod = 0)

Normally there are no records with index 0, as for the languages ​​to be confused with a null. So this search does not return results.

To which the right thing is to check the result and avoid creating a page with no information:

$idprod = (int)$_GET[‘idprod'];
$SQL = “SELECT * FROM productos WHERE idprod = $id_prod”;
$rsd = mysql_query($SQL, $connection);
$row = mysql_fetch_assoc($rsd);

if (!$row){
header(“location: error.php”);
the(“product error showing”);
}

The function header() allows us to redirect to another page warning the user about the error. It may be that the return of results to fail if they are undergoing maintenance. Or that the product no longer exists.

The idea of ​​redirect, is to avoid falling into a dead link. This benefits the SEO Site, because the search engines to find no dead links advertise the site with a higher rank. Besides the possibility of creating a more friendly interface navigator.

The function header() should be performed prior the HTML header of the site. This may seem cumbersome, but gives no problems at all when the code is applied correctly.

The die function() to cut the process works, if for some reason does not work header(). It is good practice to use.

When you want to obtain statistics of the consumption of a dedicated server process, to foresee the future needs of the expansion of the server, We have found a great question:

After conducting extensive research on the use of performance monitoring server resources, THROUGH the charts Watchdog panel Plesk, we found that these values ​​differ very much driven directly by SSH console commands “top” and “¨ htpop Read full story

Marathon organizers Carnival, event which will become the largest and most massive carnival event in history, have relied on our services for your web design promotional.

We conducted our website of the first marathon carnival history: http://www.maratondecarnaval.es

We have also designed the corporate image of the event, taking as main concept the joy and color of the carnival:

Read full story

We created our own brand our hosting business line Uno-hosting.com. We have worked on the new corporate image, and we are working on the new web portal, where soon You will be able to hire and manage your contracted services, hosting plans, domains, virtual servers, dedicated, etc..

Read full story

While we know that the use of 100% google flash technology and do not yet support, appears that this has some kind of breakthrough.

Google has included in the list of results of searches, the option of skip flash intro, that has some web pages. This is really useful for users, and businesses that have a flash intro, since the intros usually are just to view the first time you visit the website. Read full story

Hola Amigos, clientes, suppliers, cotilleros…

Tras varios meses teniendo nuestro blog en  blogspot: http://diseno-web-profesional.blogspot.com/ hemos desidido instalar nuestro propio blog con tecnologia WordPress en nuestro dominio www.solucionesuno.com/blog/

We hope to be adding information of interest to all our customers, abreast of developments in our company and some useful tutorials for our customers and colleagues. Read full story

The website Hotelopia has relied on our writing services for the creation of descriptive texts of more than 1200 destinations that offer.

UNO has developed solutions for the popular hotel reservation portal over Hotelopia 1200 texts in describing the attractions of the destinations offered by the portal. Also, have been incorporated into the different keywords editorial (keywords) who favor greater search engine SEO. Read full story