Secure PHP Development- P144 ppt
Secure PHP Development- P144 ppt
... a PHP script, you can redirect users to the
URL from which they clicked the Web form by incorporating the following
lines in the Web form:
<input type=hidden name=”return_url” value=”< ?php ...
customize these messages as you see fit.
Now you are ready to test the ask .php form.
Listing 19-2: askform.conf
< ?php
// Name of the Web form
define(FORM_NAME, ‘Ask Form’);
// Name of...
Secure PHP Development- P3 ppt
... command line and
via a great tool called phpMyAdmin.
Linux is one of the most popular PHP platforms. In the Linux appendix, you
learn how you can install PHP and related tools on a Linux platform.
Tell ... respond
promptly. The most updated versions of all the PHP applications discussed in this
book can be found at http://www.evoknow.com/phpbook .php.
Preface ix
01549669 FM.qxd 4/4/03...
Secure PHP Development- P9 ppt
... Listing 1-4 Script
< ?php
// Set PHPLIB path
$PHPLIB_DIR = $_SERVER[‘DOCUMENT_ROOT’] . ‘/phplib’;
// Add PHPLIB path to PHP s include path
ini_set( ‘include_path’, ‘:’ . $PHPLIB_DIR . ‘:’
. ini_get(‘include_path’));
// ... Features of Practical PHP Applications 15
03 549669 ch01.qxd 4/4/03 9:24 AM Page 15
In Listing 1-2, we had the following lines:
$PHPLIB_DIR = $_SERVER[‘DOCUMENT_ROO...
Secure PHP Development- P11 ppt
... DESIGN secure PHP applications, you have to understand the secu-
rity risks involved and know how to deal with them. In this chapter, we will discuss
the most common risks involved with Web-based PHP ... also the most
exploited to make unauthorized, unintended use of applications. A poorly written
PHP application that handles user input as safe data provides ample opportunity for
secu...
Secure PHP Development- P16 pptx
... => $addr2,
‘CITY’ => $city,
‘STATE’ => $state,
‘ZIP’ => $zipcode
)
46 Part I: Designing PHP Applications
05 549669 ch03.qxd 4/4/03 9:24 AM Page 46
$result = $dbi->query($statement);
$result->fetchRow();
This ... $dbi->query($statement);
$result->fetchRow();
If myTable doesn’t have any data when this code executes, the fetchRow() method
causes PHP to throw an except...
Secure PHP Development- P17 pptx
... in a PHP script, the HTML can only be changed
by modifying the PHP code itself. This means the person changing the
code needs to know PHP, which means someone with good HTML skill but
no PHP skill ... using PHP but includes HTML tags:
//BAD:
$TEMPLATE_DIR = ‘/some/path’;
$MY_TEMPLATE = ‘bad_screen.ihtml’;
$cmdArray = array(
‘1’ => ‘Add’,
‘2’ => ‘Modify’,
‘3’ => ‘Delete’
);
C...
Secure PHP Development- P19 ppt
... reporting levels. You can
find all about these error reporting levels in http://www .php. net/manual/en/
ref.errorfunc .php# errorfunc.constants
Once you have thoroughly tested your application, you can ... using the error_log() function. You can learn about this
function at http://www .php. net/manual/en/function.error-log .php.
Restrict access to sensitive applications
When you have an app...
Secure PHP Development- P20 pptx
... (class.ErrorHandler .php) , the debugger (class.Debugger .php) ,
and the database abstraction (class.DBI .php) .
DB .php (from PEAR)
class.PHPApplication .php
class.Debugger.phpclass.ErrorHandler .php
class.DBI .php
Your ... this
chapter.
Figure 4-5: A real-world PHP Application Framework.
The core of this framework is the class.PHPApplication .php. This class provides
an abstract PHP...
Secure PHP Development- P22 pptx
... terminate() function in PHPApplication class (class.
PHPApplication .php
) calls the disconnect() function if the applica-
tion is connected to a database. See terminate() function in
PHPApplication class ... ;
// If you have installed PHPLIB in a different
// directory than %DocumentRoot%/phplib, change
// the setting below.
$PHPLIB_DIR = $_SERVER[‘DOCUMENT_ROOT’] . ‘/phplib’;
// If you hav...
Secure PHP Development- P24 pptx
... below.
$APP_FRAMEWORK_DIR=$_SERVER[‘DOCUMENT_ROOT’] . ‘/framework’;
// Insert the path in the PHP include_path so that PHP
// looks for our PEAR, PHPLIB and application framework
// classes in these directories
ini_set( ... below.
$APP_FRAMEWORK_DIR=$_SERVER[‘DOCUMENT_ROOT’] . ‘/framework’;
// Insert the path in the PHP include_path so that PHP
// looks for our PEAR, PHPLIB and applic...
Từ khóa: