Jeet Gill Jagjeet Singh Gill

Hi, i'm Jeet Gill!

Web Designer & Developer


Director, Co-founder of Esteplogic IT Solutions Pvt. Ltd.
Professional PHP developer. Expert in CSCart / Magento / Yii.

info@jeetgill.com   |   +91 998 849 3052   |   gill.tech

About

Full Name

Jagjeet Singh Gill

Birthdate

23 June,1987

About Me

Hi! I live and work in Chandigarh, beautifull city of India. Programming is part of my life. I like how the usual standard tasks and complex when you need to look out of the situation, find solutions to key problems of unusual. I always try to explain the concept in an easy way relating it with real world examples. A skillful reverse engineer with lots of experience in this field.

I am developing web applications over 7+ years. Using HTML, jQuery, AJAX, PHP6, OOP, WordPress, CSCart, Magento, Yii, CakePHP and MySQL. I participated in the development of highly systems with large amounts of data. I also engaged in the development of parsers sites, collecting and structuring information for databases, software and storage.

I am interested to work with different people around the world to share experiences and to learn useful skills. This resource is for me-not just the possibility of earning, but also the chance to productively use my high skill.

Resume

  Experience

Esteplogic IT Solutions Pvt. Ltd.

Director, Co-Founder - Jan, 2014 - PRESENT

* Design websites using XHTML, CSS3(DIV), WML, Web 2.0 standards
* Develop websites using ASP, PHP5, AJAX, JavaScript, J-Query, Mysql, MS SQL Server, Yii, CakePHP, Zend Framework, Shopping carts, Paypal Integration
* Custom CMS Development like Wordpress, Joomla
* Social Network Development
* Provide E-commerce Solution (Magento, CS-Cart, OpenCart, Prestashop)
* Redesign and Redevelop Websites
* Provide Web Promotion and Marketing Service like SEO, SMO, SEM, SMM, PPC, Advertising
* Server Support, Hosting & Database Administration

Orion eSolutions Private Limited

Team Lead (PHP) - July, 2012 - Apr, 2014

Expert in PHP6, MYSQL, Wordpress, Magento, CSCart, Paypal Integration, Shopping Carts, XML, Logic Building, Design Integration, Responsive Websites, Jquery Frameworks, AJAX

BIS Institute of Sciences & Technology, Moga

Sr. Computer Instructor - Aug, 2009 - June, 2012

Teach Web Design(HTML,CSS, JS), Programming(C, C++, C# ,Java, ASP, VB, XML, WAP, OPS),

  Certification

Computer Hardware & Networking Course

NICT, Chandigarh - 2005-2006

  Education

M.Sc. (Information Technology)

Punjab Technical University - 2009-2011

Web Design(HTML,CSS, JS), Programming(PHP, C, C++, C# ,Java, ASP, VB, XML, WAP, OPS), eCommrece, Database Administation (DBA), Software Development Life Circle, System Analysis Design (SAD), Operating Systems (WIndow, Linux, Unix), MIS

B.Sc. (Information Technology)

Punjab Technical University - 2006-2009

Web Design(HTML,CSS, JS), Programming(C, C++, Java, ASP, VB, XML, OPS), SQL, Software Development Life Circle, System Analysis Design (SAD)

12th, (Non Medical)

PSEB, Mohali 2004-2005

Math, Chemistry, Physics

Skills

   Core Skills

  • 100%
    HTML5
  • 96%
    CSS/Bootstrap
  • 97%
    PHP6
  • 95%
    MySQL
  • 92%
    JavaScript
  • 91%
    jQuery
  • 94%
    AJAX
  • 95%
    XML

   eCommerce

  • 97%
    CSCart
  • 85%
    Magento
  • 87%
    OpenCart
  • 80%
    Prestashop

   CMS

  • 90%
    Wordpress
  • 80%
    Joomla

   Framework

  • 80%
    CakePHP
  • 92%
    Yii
  • 85%
    CodeIgniter
  • 97%
    Smarty

   API Integrations

  • 96%
    Payment Gateways
  • 95%
    SMS
  • 95%
    Social Login
  • 87%
    Twilio API

Testimonials

Blog

If you have a blog for your online business, many congratulations ! If used wisely, blogs are one of the best tools to drive traffic and increase sales. Unfortunately, many business bloggers are ...

Dec 30, 2012 Read More

It is possible to use the header() function to send an "Authentication Required" message to the client browser causing it to pop up a Username/Password input window. Once the user has filled in a u ...

PHP 16095
Dec 30, 2012 Read More

I received many tutorial requests from clients that asked how to generate watermark image using PHP. In this post, I coded two functions such as watermark_text() and watermark_image() to generate ...

PHP 54903
Dec 30, 2012 Read More

In the spirit of the optimization wave this post is about CSS optimization. There are some simple rules that you can apply. I’m pretty sure most of us have already been familiar with that lis ...

PHP 6556
Dec 30, 2012 Read More

Base64 is an encoding format that represent binary data. Google new feature instant previews are in text format, here Google requesting images(screen shots) are in string format to reduce server ...

PHP 21683
Dec 30, 2012 Read More

When web applications like basecamp started appearing, a lot of attention started turning to Ruby on Rails. Suddenly small groups of technically driven people could release powerful applications in ...

Dec 30, 2012 Read More

I have developed these based on my freelancing experience. Though I have discontinued freelancing, but would like to share my practices with you. These are basic practices and have been developed o ...

Dec 30, 2012 Read More

The answer is very simple… added cash!!! But that was not the reason that I was referring to. Though earning cash is important and I don’t discount that fact. In addition to earning c ...

Freelance Tips 23178
Dec 30, 2012 Read More

validation.php Contains PHP code. eregi — Case insensitive regular expression match. <?php if($_POST) { $name = $_POST['name']; $email = $_POST['email']; $username = $_POST['user ...

PHP 18279
Dec 30, 2012 Read More

This article is intended for readers who have experience using PHP and MySQL. You should also have a general understanding of databases and programming (both procedural and object-oriented) as well ...

PHP 9186
Dec 30, 2012 Read More

How to use .htaccess file inside the folder. I'm using two .htaccess files in my hosting, one for labs.abc and another for touch.abc. Just take a look at this post how I had implemented. (domain: a ...

PHP 14807
Dec 30, 2012 Read More

Install Zend Framework (Debian way) $ apt-get install zendframework pop3filter.php {code} $ su - john $ mkdir -p bin/pop3filter $ touch bin/pop3filter/pop3filter.php {/code} {code}< ...

Dec 29, 2012 Read More

As CSS files are first downloaded to the client and then executed, the main optimization is to make those files smaller. But that doesn’tmean only minifing! The Minification Process While ...

CSS 6525
Dec 29, 2012 Read More

My HyperText Markup Language (HTML) skills are rusty for certain, but perhaps that qualifies me for this article. Back in the day when Friends was still on TV and AOL was sending out free coasters ...

Dec 29, 2012 Read More

A ZF project would not run out of the box on a fresh installation of WAMP. The purpose of this guide is to act as a checklist for the experienced, and a step by step guide for the more inexperience ...

Dec 27, 2012 Read More

Zend_Mail supports the use of SMTP authentication, which can be enabled be passing the 'auth' parameter to the configuration array in the Zend_Mail_Transport_Smtp constructor. The available built-i ...

Dec 27, 2012 Read More

I have always been a believer of the fact that to be successful in a business the only skills you need is spotting talent, convincing those with the talent to work with you and then managing them. ...

Freelance Tips 13358
Dec 26, 2012 Read More

I published the first post on jeetGill.com on 25 Dec, 2011. Nice date to start something, isn’t it. That also makes sure that I would never forget its birthday. So, one might ask why the hel ...

Tips 13471
Dec 26, 2012 Read More

Zend Framework supports modules, but in my opinion, not in a modular way. I have been trying to set up self-containing modules with their own configuration. The objective is to have an architecture ...

Dec 23, 2012 Read More

Firstally define the directory structure of zend framework. Create index.php file inside the project/ directory and write the following code: {code type="php"} define('ROOT_DIR', dirname(_ ...

Dec 18, 2012 Read More

Contact Me

 

  Address

Esteplogic IT Solutions Ptv Ltd
F29, First Floor, Phase 8 Industrial Area
Sector 73, Sahibzada Ajit Singh Nagar
Punjab 140308 [india]

  Phone

+91 998 849 3052

  Email

info@jeetgill.com

  Skype

gill.tech

  Send Me a Message

Prepared Statements in PHP and MySQLi

This article is intended for readers who have experience using PHP and MySQL. You should also have a general understanding of databases and programming (both procedural and object-oriented) as well as how to use PHP to execute a simple query to MySQL. I will not cover how to install PHP or MySQL, however at the end of the article are some links to help you get started with the installation process and for some further reading on the subject. I will be covering the basics of prepared statements in PHP and MySQLi and why you should consider using them in your own code as well as some technical explanation as to why you should use them.

Introduction

If you are like me and most other people, you probably have not taken the time to learn about web security when you first started writing server-side code. This is very dangerous as most people never even go back and try to make their code secure (or they simply forget). Writing their code in the same way that they originally learned how to can cause some serious vulnerabilities in the code, allowing hacking techniques such as SQL Injections to be fairly easy. If you have no idea what MySQL injections or cross side scripting is, then you should do some research, for example just go to Google and type in "SQL Injections" and there will be plenty of reading for you. I also would recommend a book called, "How to Break Web Software", it is a fantastic book that one of my professors told one of my classes about. It can teach you a lot about security, it is highly recommended. I will have an article written shortly on SQL Injections, so check back soon! If you do know what some of these nasty hacking techniques are then you are probably wondering why you should want to use prepared statements. There are basically three reasons why you should seriously consider writing prepared statements to execute your queries.

1. Prepared statements are more secure.
2. Prepared statements have better performance.
3. Prepared statements are more convenient to write.

Now that we know why prepared statements are better, let’s build an example so you can see for yourself. We’ll build a simple login example using prepared statements. First, I’ll show you the way most people would write it, then I’ll show you the way you could do it with a prepared statement which will be more secure, have better performance and be more convenient to write. Let’s get started!

The Well-known Way

If you are reading this article, chances are you already know how to execute a simple MySQL query in PHP. For those of you who do not know how to do this, it would look similar to this:
/* Connect to the Database */
$dbLink = mysql_connect("localhost", "username", "password");

if (!dbLink) {
echo 'db link fail';
}

/* Select the database */
mysql_select_db("databaseName");

/* Query and get the results */
$query = "SELECT * FROM testUsers WHERE username='$user' AND
password='$pass'";
$result = mysql_query($query);

/* Loop through the results */
while($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
echo "Username: " . $row["username";
}
What is the problem with this code? Simple, someone could use a simple SQL injection to get around the password authentication. Why is this code angerous? If you know what an SQL injection does, it basically bypasses the password condition by commenting it out and uses an always true statement which allows access. Building strings on the fly like this should make you very nervous, but how do we make it more secure? Say hello to prepared statements.

Prepared Statements

What is so great about prepared statements and why are they more secure? The simple answer is because prepared statements can help increase security by separating the SQL logic from the data being supplied. In the previous example we saw how the data is basically built into the SQL logic by building the query as a string on the fly. Let’s take a look at what a prepared statement can look like.
/* Create a new mysqli object with database connection parameters */
$mysqli = new mysql('localhost', 'username', 'password', 'db');

if(mysqli_connect_errno()) {
echo "Connection Failed: " . mysqli_connect_errno();
exit();
}

/* Create a prepared statement */
if($stmt = $mysqli -> prepare("SELECT priv FROM testUsers WHERE username=?
AND password=?")) {

/* Bind parameters
s - string, b - boolean, i - int, etc */
$stmt -> bind_param("ss", $user, $pass);

/* Execute it */
$stmt -> execute();

/* Bind results */
$stmt -> bind_results($result);

/* Fetch the value */
$stmt -> fetch();

echo $user . "'s level of priviledges is " . $result;

/* Close statement */
$stmt -> close();
}

/* Close connection */
$mysqli -> close();
Doesn’t look too bad, right? In short, the above code basically creates a new mysqli object and connects to the database. We then create a prepared statement and bind the incoming parameters to that statement, execute it and get the result. We then close the statement and connect and we’re done! Pretty easy!

Let’s take a look at where the security happens in these few lines:
if($stmt = $mysqli -> prepare("SELECT priv FROM testUsers WHERE username=?
AND password=?")) {
$stmt -> bind_param("ss", $user, $pass);
Instead of grabbing and building the query string using things like $_GET['username'], we have ?'s instead. These ?'s separate the SQL logic from the data. The ?'s are place holders until the next line where we bind our parameters to be the username and password. The rest of the code is pretty much just calling methods which you can read about by following some of the links at the end of the article.