Codeigniter – Create a CAPTCHA with Sessions using the Codeigniter’s Captcha helper

Now and then there is the need to create a captcha spam protection to stop spiders from spamming your website’s forms.

Codeigniter framework has a captcha helper that you can use if you already have GD library installed on the server. Continue reading

CodeIgniter: How to retrieve data from a database

What is a dynamic site without databases, right? Yesterday someone asked me to make a tutorial about retrieving data from a database using CodeIgniter. As a self-respecting framework, CodeIgniter is adhering to the Model-View-Controller philosophy, i.e. is using the Models to interact with the database. For starters I will assume that you already have installed CodeIgniter, and you have a MySQL database installed on your webserver. Continue reading

Prevent website directory listing with .htaccess

What is directory listing?

There are those embarassing moments in life when you feel naked when someone sees at you something they aren’t suppose to see. The same happens with a site, when someone gets to a directory where there is no “index.php” or “index.html”. When those files are missing, the site shows the visitor the directory listing with all the files that are inside it. Continue reading

PDO Tutorial – 03: Insert data into a database with PDO

After the connection to database is successfully created and the PDO object instance is set, the object can be used to perform SQL queries.

There are two ways in which you can make SQL queries with PDO:
– directly using “exec()“, and “query()” methods,
– or with the “prepare()” … “execute()” statement.

Exec() and query()

The queries that modify rows in the table, without returning a result set with rows and columns (INSERTUPDATE, and DELETE), are sent with exec(). This method returns the number of affected rows, or FALSE on error.

The queries that select rows (SELECT) and return a result set with rows and columns are sent with the query() method. In case of error, returns FALSE.

How do I INSERT data into table with PDO

In its simplest form, the way to insert data into a table is as follows:

But you could have done that just as well without PDO, and just using the standard MySQL extension.

As I mentioned in the first lesson, the best thing about PDO is that you won’t have to deal with the sanitizing of the queries.

So, if you want to enjoy the main benefit of PDO, security, you should always use prepared statements, because the values you introduce is always sanitized. And that is only one advantage.

The other advantage is speed (about which I will talk in the next title: “Execute prepared statements in a loop”).

What you saw earlier was using named placeholders, i.e. naming each parameter with placeholders. In this example, the placeholders are named with “:field1″,”:field2″ etc.

If you don’t want to use named placeholders, you can use positional placeholders, like this:

As you see in the query above, we use question marks to designate the position of values in the prepared statement. These question marks are called positional placeholders. We must take care of proper order of the elements in the array that we are passing to the PDOStatement::execute() method.

Another way of doing things is by binding parameters:

Worth mentioning…

With bindParam(), you can only pass variables, not values. With bindValue(), you can pass both values, obviously, and variables. bindParam works only with variables because it allows parameters to be given as input/output, by “reference” (and a value is not a valid “reference” in PHP) : it is useful with drivers that (quoting the manual): support the invocation of stored procedures that return data as output parameters, and some also as input/output parameters that both send in data and are updated to receive it.

With some DB engines, stored procedures can have parameters that can be used for both input (giving a value from PHP to the procedure) and ouput (returning a value from the stored proc to PHP) ; to bind those parameters, you’ve got to use bindParam, and not bindValue.


Execute prepared statements in a loop

Prepared statements excel in being called multiple times in a row with different values. We are talking about speed here. When you use prepared statements, the PDO is first “preparing the statement”, i.e. the sql statement is compiled, and it can be called multiple times in a row having different arguments. That means a faster way to execute statements in PDO vs calling mysql_query over and over again!

Typically this is done binding parameters with bindParam. As I said earlier, BindParam() is much like bindValue() except instead of binding the value of a variable, it binds the variable itself, so that if the variable changes, it will be read at the time of execute.

Get number of returned rows

If you want to get the number of returned rows, you can use rowCount():

Get last inserted ID

There are some times when you need to find out the ID of the last inserted row. For this you have the lastInsertId() method:

Further reading



WordPress: How to link an image into a theme

The new themes in WordPress are so good that most of the time you don’t even need to know html or css to make a change.

But now and then appears the need to change something important like changing the logo of your blog, and the only way you can do that is by changing the theme in in editor.

Although seems a simple task, if you’ve just started developing WordPress themes, you’re in a quite a hurdle.

So, you want to display a logo on your blog

First you will upload your logo image on the server. I’d advise you to upload your logo inside the theme’s images folder which usually can be found inside “public_html/wp-contents/themes/your_theme/images”. If you have your blog inside another folder, you will figure out where that folder is.

After uploading the file, you would probably think that you can insert the logo image in the pages by simply writing a relative path to your blog, like this:

[javascript src=””]

But if you do that, it won’t work, no matter how many directories you escape. That is because the WordPress .htaccess file doesn’t allow you to access that file.

The solution is to use one of the many functions WordPress has: bloginfo(‘template_directory’).

So, it goes like this:

[javascript src=””]

Make a permanent redirect 301 page – save your visitors (and search engines) from a headache

There are times when is really necessary to change the way people get to your pages. If, for example, sometime in the past you wanted to bring people on a specific php page like, let’s say, ‘hello.php’ and now you want to bring them to ‘howareyou.php’, you make the file just as you want: howareyou.php. But what happens with those who in the past were visiting ‘hello.php’. Do you change the ‘hello.php’ file to look exactly as ‘howareyou.php’? That would be pointless. But nevertheless, you have to redirect the people to your new page. That is where the 301 redirect page comes into play.

So instead of writing the same content on ‘hello.php’ you go and write the following:

Why would you go and do that? Because the search engines will know that the page you’ve wrote in the past, are still on your site, but not in the same place; you just moved them permanently…

301 redirect is the most efficient and Search Engine Friendly method for webpage redirection. The code “301” is interpreted as “moved permanently“.

And now some quick and informative things about permanent redirects and chain redirections.


Further reading

How to create a 301 Redirect –