All posts by Mahesh Yadav

Mahesh Yadav is a software developer by profession and like to posts technical programming tips and news updates in PHP, AJAX, MVC Framework etc, before that he have completed BE and MBA in Operations Research. He have vast experience in programming and development and he love his job.

Difference Between MySQL Table Type MyISAM and InnoDB?


  • The main difference between MyISAM and InnoDB is that InnoDB supports transaction.
  • InnoDB supports some newer features: Transactions, row-level locking, foreign keys.
  • InnoDB is for high volume, high performance.


MyISAM is of course the default table type i’m MySQL

Some says MyISAM is fast and some says that InnoDB is ?
Let me explain you, If your data is very large and you have to run more more query there per minutes, or we can say if you need transaction more.INSERT, UPDATE query are executed per minutes.
and table contains very data,then InnoDB will the best solution, according to all of your need , it will prove fetch,insert,update all will fast. InnoDB has been designed for maximum performance when processing large data volumes.



If your data integration so much high,then it’s better to user InnoDB.

But if you haven’t so much data and preparing small application, queries inseting fetching data is not too much,then it is better to use MyISAM, It will work faster rather then InnoDB in this case.


The InnoDB storage engine maintains its own buffer pool for caching data and indexes in main memory. InnoDB stores its tables and indexes in a table space, which may consist of several files (or raw disk partitions). This is different from, for example, MyISAM tables where each table is stored using separate files. InnoDB tables can be of any size even on operating systems where file size is limited to 4GB.


In hard disk tables of MyISAM is low weighted (contains less memory space) rather than InnoDB.


Locking Difference in MyISAM and InnoDB?

MyISAM provide the table level locking means if the data in one table has been modified by the other table ,the entire table will lock for the next process.But InnoDB provide the row level locking only the row of the table that is being updated is locked.


MyISAM provide a full variety of datatypes,but InnoDB will not do.


MyISAM provide full text search which is not supported by InnoDB.



Importance and Benefits of PHP Output Buffering & how can I set it?

PHP sends data from server to client/browser as soon as it is ready – this response might be line by line or by code blocks.Output buffering enables you to store up your output and send it when you are ready to go or to not send it at all, if you decide.


or simple


Output buffering puts your PHP script’s output/response in a buffer instead of sending it directly to the browser in pieces, allowing you to update your webpage as a whole before the user see.


1.Start Output Buffer

You have to start the output buffer before anything is sent to the browser.So one of the ways to ensure that is starting it right after you opened the php tag.


2.Send Output Buffer to Browser

If at any time you wish to send the content of the buffer to the browser you can do simply by the following line.

After this point however the output buffer will continue to buffer the content which is send to the browser.
If you which to simply send the content of the buffer and stop using it you can do this with the following code.



3.Delete Output Buffer

In some circumtances you might wish to delete whatever is stored in the output buffer.You can do this by using the following command.


4.Get Output Buffer Content

If you started the output buffer you can get the content of it at any time (unless you have deleted it or sent it to the browser.This is done by the following line

[php]<?php $myvar = ob_get_contents();?>[/php]

This means that everything you echo or would be sent otherwise to the browser between this line and the ob_start(); will now be in $myvar.

Here is small example of output buffering

$title = ‘Hello All’;
$myvar = ob_get_contents();
echo $myvar;

There are some more function , you can get more by this link click here


Force file download using PHP script and HTTP headers

Force file download using PHP algorithm


It is very frustrating to click on a link to a document you want to read, and then have to wait for it to download and finally it open on your computer/browser, but you had expected it to download. It is mainly for some file types as (eg: txt, jpg, png, gif, html, pdf, etc.)


If you have a file and want it to make available for people to download? If it is an HTML file or a PDF, you can’t just post link, as the web browsers open those automatically, instead you need to do some trickery using PHP script and below is the same, hope it will help you a lot.


PHP allows you to change the HTTP headers of files that you’re writing, so that you can force a file to be download. This is perfect for files like PDFs, document files, images, and video that you want your customers to download rather than open it in browser for view.




// Define the path to file,you want to make it downloadable
$file = ‘’;


// File doesn’t exist, output will show error
die(‘file not found’);


// Set headers
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=$file");
header("Content-Type: application/zip");
header("Content-Transfer-Encoding: binary");

// Read the file from disk



What is HTTP Headers and how to set php HTTP Headers?

The header() function sends a raw HTTP header to a client or browser or simply we can say it tells browser what type of content,it have to show. When a request sent from server to client/browser the HTTP informations has been sent to browser,The HTTP information may be small or large depends on the page and content shown.


A small HTTP information sent by browser are

HTTP/1.1 301 Moved Permanently =>

Date => Fri, 25 Aug 2011 02:00:03 GMT
Server => Apache
X-Powered-By => PHP/5.3.0
X-Pingback =>
Location =>
Content-Length => 0
Connection => close
Content-Type => text/html; charset=UTF-8


It is important to notice that header()  always be called before any actual output is sent (In PHP 4 and later, you can use output buffering to solve this problem):
for output buffering simply, a PHP function is used


PHP is not limited to output only html. PHP can output images, pdf, JavaScript files as well. Browsers determine what type of content is by analysing the headers sent.To send PHP header use the function header(). You have to call this function before output shown. Use the function headers_sent() to check whether the headers have been sent and output started.

There are various headers used, here are some examples.


// Status code (301,302,404,403) headers
// Use this header instruction to fix 404 headers
header(‘HTTP/1.1 200 OK’);


// Page was not found:
header(‘HTTP/1.1 404 Not Found’);


// Access forbidden:
header(‘HTTP/1.1 403 Forbidden’);


// The page moved permanently should be used for all redirections, because search engines always know
// what’s going on and it can easily update their urls in the web master tools
header(‘HTTP/1.1 301 Moved Permanently’);


// Server error
header(‘HTTP/1.1 500 Internal Server Error’);


// Redirect to a new location:


// Redirect with a delay:
header(‘Refresh: 10; url=’);
print ‘You will be redirected in 10 seconds’;


// you can also use the HTML syntax
// <meta http-equiv=”refresh” content=”10;” />

// override X-Powered-By value

header(‘X-Powered-By: PHP/4.4.0’);
header(‘X-Powered-By: Brain/0.6b’);


// content language (en = English)
header(‘Content-language: en’);


// last modified (good for caching)
$time = time() – 60; // or filemtime($fn), etc
header(‘Last-Modified: ‘.gmdate(‘D, d M Y H:i:s’, $time).’ GMT’);


// header for telling the browser that the content did not get changed
header(‘HTTP/1.1 304 Not Modified’);


// set content length (good for caching)
header(‘Content-Length: 5000’);


// Disable caching of the current document
header(‘Cache-Control: no-cache, no-store, max-age=0, must-revalidate’);
header(‘Expires: Mon, 26 Jul 1999 05:00:00 GMT’); // Date of  past
header(‘Pragma: no-cache’);


// set content type (page have content of type)
header(‘Content-Type: text/html; charset=iso-8859-1’);
header(‘Content-Type: text/html; charset=utf-8’);
header(‘Content-Type: text/plain’); // plain text file
header(‘Content-Type: application/x-shockwave-flash’); // Flash animation
header(‘Content-Type: image/jpeg’); // JPG picture
header(‘Content-Type: application/pdf’); // PDF file
header(‘Content-Type: audio/mpeg’); // Audio MPEG (MP3,…) file
header(‘Content-Type: application/zip’); // ZIP file


// show sign in box
header(‘HTTP/1.1 401 Unauthorized’);
header(‘WWW-Authenticate: Basic realm=”Top Secret”‘);
print ‘Text that will be displayed if the user hits cancel or ‘;
print ‘enters wrong login data’;


// Headers for an download
header(“Cache-Control: public”);
header(“Content-Description: File Transfer”);
header(“Content-Disposition: attachment; filename=$file”);
header(“Content-Type: application/zip”);
header(“Content-Transfer-Encoding: binary”);


Essential security tips to protect your website from Being Hacked

If you are a website owner or programmer, you are probably aware of the threat of hackers.Whether the website is the web representation for a large organization or a gallery showing your product range and inviting customers to come into the shop, or a personal site exhibiting your photos, web security always matters.
JavaScript validation is always not much secure.

There are so many ways to hack website,but there will always a solutions for threat, by using some strong validation (server-side),
we can protect our website from hacking.There are so many rules to make site secure, here are some for PHP Website.


1. A proper validation should be there in all the forms,use captch/recaptcha in forms.
In this type of attack a script fills the forms automatically and the unwanted data submitted in database in excess.
The data may be script that may cause the very important data deletion from your database,or update your website database automatically.


2. Proper permission should be given to files and folder.
In this attack, hacker put a small file,that will control your website.
A loose permission can update/delete your web script program,that may cause business loss (shopping cart) and mentally loss for programmer.


3. mysql_real_escape_string() function should be used in login forms to prevent the site from Sql Injestion
In this type of attack, user is able to execute the desired SQL queries in website’s database.
This attack is usually performed by entering text into a form field (mainly login form) which causes a subsequent SQL query,
generated from the PHP form processing code, to execute part of the content of the form field as though it were SQL.
The effects of this attack range from the harmless (simply using SELECT to pull another data set)
to the database deletion. It may also cause, the site data could be changed, or new data added.


4. Folder/Directory structure should not be shown publicly.we can do this by 2 method by putting blank index.html in all the directory or using .htaccess protection
This attack can occur anywhere in website file system  If a user specifies “../../../../scriptarticle” as form data, and your script appends that to a directory name
to obtain user-specific files, this string could lead to the inclusion of the password file contents.
It may also cause moving and deleting files, corrupt files,making arbitrary changes to your file system structure.


5. The form (File upload) sections must be proper validated with proper acceptable files.
Now a days, in 80% websites a myaccount section is given to the user,from where they can upload his photos for files.
Without a proper validation,hacker can upload a script and can run that script easily and can do almost all the operation,whatever he want.


6.htaccess must prevent the execution of script from address bar.
In this type of attack a hacker put the script in address bar and execute,then it will result create a file in the website folder.


These are some basic precaution,that should be taken,there are so many methods now a days has been used in web based software.
SSL is also a very secure method,These authentication protocols operate right over HTTP (or SSL/TSL), with credentials embedded
right in the request/response traffic,But It is costly for a personal portal of a personality.