syntax    name                  discription 
    x == y    Equality          True if x and y have the same key/value pairs
    x != y    Inequality            True if x is not equal to y
    x === y   Identity          True if x and y have the same key/value pairs in the same   order and of the same types
    x !== y   Non-identity          True if x is not identical to y
    ++ x      Pre-increment     Increments x by one, then returns x
    x ++      Post-increment    Returns x, then increments x by one
    -- x      Pre-decrement     Decrements x by one, then returns x
    x --      Post-decrement    Returns x, then decrements x by one
    x and y   And                   True if both x and y are true x=6 y=3 (x < 10 and y > 1) returns true
    x && y    And                   True if both x and y are true x=6 y=3 (x < 10 && y > 1) returns true
    a . b     Concatenation     Concatenate two strings     "Hi" . "Ha"

NOTE: This answer was originally posted at StackOverflow.com by Ankur Saxena

I am currently using this approach for most of my projects,

$public_key = sha1("mysite.com");

//While Registration
$user_salt = sha1(uniqid(time()).$public_key); //Time Based Unique ID
$user_name = "helloworld"; //Entered by user
$user_pass = "123456"; //Most novice users will use this.

$secret_pass = sha1($user_pass . $user_name . $user_salt);

In DB Store,
$user_name, $secret_pass, $user_salt

//While Login
$user_name = "helloworld";
$entered_pass = "123456";

Find $user_name from DB
If $user_name found than get $secret_pass and $user_salt from DB corresponding to that user

$current_pass = sha1($entered_pass . $user_name . $user_salt);
if($current_pass === $secret_pass)
    User is Authenticated

NOTE: This answer was originally posted at StackOverflow.com by whoru

If you can’t just reject the requirement to store recoverable passwords, how about this as your counter-argument.

We can either properly hash passwords and build a reset mechanism for the users, or we can remove all personally identifiable information from the system. You can use an email address to set up user preferences, but that’s about it. Use a cookie to automatically pull preferences on future visits and throw the data away after a reasonable period.

The one option that is often overlooked with password policy is whether a password is really even needed. If the only thing your password policy does is cause customer service calls, maybe you can get rid of it.

NOTE: This answer was originally posted at StackOverflow.com by anopres

PHP ORM Faces For PDO extension. See PHP Faces Framework.

$urun = new Product();
$urun->name='CPU'
$urun->prince='124';
$urun->save();

NOTE: This answer was originally posted at StackOverflow.com by Kurt

I found ORM related classes in the PHP library Flourish.

NOTE: This answer was originally posted at StackOverflow.com by VDVLeon

Doctrine is probably your best bet. Prior to Doctrine, DB_DataObject was essentially the only other utility that was open sourced.

NOTE: This answer was originally posted at StackOverflow.com by anon

Current thinking: hashes should be slowest available, not fastest possible. This suppresses rainbow table attacks.

Also related, but precautionary: An attacker should never have unlimited access to your login screen. To prevent that: Set up an IP tracking table that records every hit along with the URI. If more than 5 attempts to login come from the same IP in any five minute period, block with explanation. A secondary approach is to have a two-tiered password scheme, like banks do. Putting a lock-out for failures on the second pass boosts security.

Summary: slow down the attacker by using time-consuming hash functions. Also, block on too many accesses to your login, and add a second password tier.

NOTE: This answer was originally posted at StackOverflow.com by FYA

The simple alternative to this problem could be solved by granting appropriate permissions in the database itself.
For example: if you are using mysql database. then enter into the database through terminal or the ui provided and just follow this command:

    GRANT SELECT, INSERT, DELETE ON database TO username@'localhost' IDENTIFIED BY 'password';

This will restrict the user to only get confined with the specified query’s only. Remove the delete permission and so the data would never get deleted from the query fired from the php page.
The second thing to do is to flush the privileges so that the mysql refreshes the permissions and updates.

    FLUSH PRIVILEGES; 

more info on flush is given at url: http://www.itechp2pexchange.com/content/mysql-flush-privileges-statement

To see the current privileges for the user fire the following query.

    select * from mysql.user where User='username';

Learn about GRANT at url: http://kb.mediatemple.net/questions/788/HOWTO%3A+GRANT+privileges+in+MySQL#dv

NOTE: This answer was originally posted at StackOverflow.com by apurv nerlekar