CONTENTS IN DETAIL INTRODUCTION 1 THE FAQS OF LIFE THE SCRIPTS EVERY PHP PROGRAMMER WANTS (OR NEEDS) TO KNOW 1 2 CONFIGURING PHP 19

Similar documents
WICKED COOL PHP. by William Steinmetz with Brian Ward. Real-World ScriptA Tl1at Solve DifficMlt ProblelMA. PRESS San Francisco NO STARCH

"Charting the Course... Intermediate PHP & MySQL Course Summary

Contents. xvii xix xxiil. xxvii

INDEX. Symbols. access control, access key IDs, AddAddress() method, 122 AddAttachment() function, AddChild() method, 152

Developing Web Applications

PHP & PHP++ Curriculum

Get in Touch Module 1 - Core PHP XHTML

Web Application Security. Philippe Bogaerts

Attacks Against Websites. Tom Chothia Computer Security, Lecture 11

Web insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.

Introduction. Installation. Version 2 Installation & User Guide. In the following steps you will:

Contents. Acknowledgments

Ruby on Rails Secure Coding Recommendations

P2_L12 Web Security Page 1

Mastering phpmyadmiri 3.4 for

Grapevine web hosting user manual. 12 August 2005

PHP and MySQL Programming

PHPBasket 4 Administrator Documentation

Alpha College of Engineering and Technology. Question Bank

Core PHP. PHP output mechanism. Introducing. Language basics. Installing & Configuring PHP. Introducing of PHP keywords. Operators & expressions

CERTIFICATE IN WEB PROGRAMMING

CNIT 129S: Securing Web Applications. Ch 4: Mapping the Application

Shankersinh Vaghela Bapu Institue of Technology

All India Council For Research & Training

Checklist for Testing of Web Application

Web Development. with Bootstrap, PHP & WordPress

IERG 4210 Tutorial 07. Securing web page (I): login page and admin user authentication Shizhan Zhu

Using Joomla O'REILLY. foreword by Louis Landry. Ron Severdia and Kenneth Crowder. Taipei Tokyo. Cambridge. Beijing. Farnham Kbln Sebastopol

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

Database Systems Fundamentals

CNIT 129S: Securing Web Applications. Ch 3: Web Application Technologies

Sitelok Manual. Copyright Vibralogix. All rights reserved.

Combating Common Web App Authentication Threats

epldt Web Builder Security March 2017

Joomla 3.X Global Settings Part III Server Settings

DevShala Technologies A-51, Sector 64 Noida, Uttar Pradesh PIN Contact us

An Introduction to JavaScript & Bootstrap Basic concept used in responsive website development Form Validation Creating templates

Advanced Web Technology 10) XSS, CSRF and SQL Injection

Web development using PHP & MySQL with HTML5, CSS, JavaScript

CSCE 548 Building Secure Software SQL Injection Attack

UNIT 28 WEBSITE PRODUCTION

CS 155 Project 2. Overview & Part A

Your Turn to Hack the OWASP Top 10!

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

EFM Community 3.1 Portal Administration Guide

Advanced Joomla! Dan Rahmel. Apress*

ASP.NET State Management Techniques

Assignment 6: Web Security

This FAQ is only applicable for hostings ordered after 23/6/2010

Web Attacks Lab. 35 Points Group Lab Due Date: Lesson 16

Dubai Financial Services Authority DFSA eportal User Guide v1.docx Page 1 of 21

release notes effective version 10.3 ( )

OWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example

Lecture 7: Web hacking 3, SQL injection, Xpath injection, Server side template injection, File inclusion

WEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang

Configuring Cisco Unified MeetingPlace Web Conferencing

CSCE 813 Internet Security Case Study II: XSS

Mobile Site Development

SECURE CODING ESSENTIALS

Beginning PHP. and MySQL. Fourth Edition. From Novice to Professional. W. Jason Gilmore. mmm

WEBD 236 Lab 5. Problem

Testing the Unit Test Plan for the Media Manager

Numara FootPrints Changelog January 26, 2009

Excerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt

Administrative Training Mura CMS Version 5.6

CS 161 Computer Security

Resellers Guide Managing your Reseller Account

Coding for Penetration

Sections and Articles

XCloner. Official User Manual. Copyright 2010 JoomlaPlug.com All rights reserved.

Project 2: Web Security

Please make sure that your server configuration fully meets the software requirements: PHP , or with Zend Guard Loader.

Smart Bulk SMS & Voice SMS Marketing Script with 2-Way Messaging. Quick-Start Manual

PHP INTERVIEW QUESTION-ANSWERS

This slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in

2 Webpage Markup with HTML HTML5 Page Structure Creating a Webpage HTML5 Elements and Entities

A Web-Based Introduction

Release Notes Version 7.8

CNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components

Fundamentals of Web Development. Web Development. Fundamentals of. Global edition. Global edition. Randy Connolly Ricardo Hoar

Web Development & SEO (Summer Training Program) 4 Weeks/30 Days

Managing WCS User Accounts

Web Security. Jace Baker, Nick Ramos, Hugo Espiritu, Andrew Le

Static Webpage Development

Security issues. Unit 27 Web Server Scripting Extended Diploma in ICT 2016 Lecture: Phil Smith

Portfolio Account Link (PAL ) User Guide

MoveIT DMZ User Guide

Bloggin For Linux User s Guide Advanced Internet Technologies, Inc. November 11 th, 2005

Jacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013

Google Chrome 4.0. AccuCMS

Sophos UTM Web Application Firewall For: Microsoft Exchange Services

Website Training Guide for Staff

Magento Survey Extension User Guide

Installation Guide. For use with all.net versions of PDshop Revised: 12/29/17. PDshop.com / Copyright All Rights Reserved.

EPRI Software Development 2016 Guide for Testing Your Software. Software Quality Assurance (SQA)

iservice USER GUIDE January 2016

Setting Up A WordPress Blog

Federated Identity Manager Business Gateway Version Configuration Guide GC

2 P age. Pete s Pagebuilder revised: March 2008

ABOUT WEB TECHNOLOGY COURSE SCOPE:

Transcription:

CONTENTS IN DETAIL INTRODUCTION xiii 1 THE FAQS OF LIFE THE SCRIPTS EVERY PHP PROGRAMMER WANTS (OR NEEDS) TO KNOW 1 #1: Including Another File as a Part of Your Script... 2 What Can Go Wrong?... 3 #2: Highlighting Alternate Row Colors in a Table... 4 Hacking the Script... 5 #3: Creating Previous/Next Links... 7 Using the Script... 10 #4: Printing the Contents of an Array... 11 #5: Turning an Array into a Nonarray Variable That Can Be Restored Later... 12 What Can Go Wrong?... 12 #6: Sorting Multidimensional Arrays... 13 Hacking the Script... 14 #7: Templating Your Site with Smarty... 14 Installing Smarty... 14 A Brief Smarty Tutorial... 15 What Can Go Wrong?... 16 Hacking the Script... 17 2 CONFIGURING PHP 19 Configuration Settings and the php.ini File... 20 Locating Your php.ini File... 20 #8: Revealing All of PHP s Settings... 21 #9: Reading an Individual Setting... 21 #10: Error Reporting... 22 Common Error Messages... 23 #11: Suppressing All Error Messages... 24 #12: Extending the Run Time of a Script... 24 What Can Go Wrong?... 25 #13: Preventing Users from Uploading Large Files... 25 #14: Turning Off Registered Global Variables... 25 #15: Enabling Magic Quotes... 26 What Can Go Wrong?... 26 #16: Restricting the Files that PHP Can Access... 26 What Can Go Wrong?... 27 #17: Shutting Down Specific Functions... 27 #18: Adding Extensions to PHP... 27 Adding PHP Extensions... 28 Installing Extensions with a Web-Based Control Panel... 29 What Can Go Wrong?... 32

3 PHP SECURITY 33 Recommended Security Configuration Options... 35 #19: SQL Injection Attacks... 35 #20: Preventing Basic XSS Attacks... 37 #21: Using SafeHTML... 38 What Can Go Wrong?... 39 #22: Protecting Data with a One-Way Hash... 40 Hacking the Script... 41 #23: Encrypting Data with Mcrypt... 41 Hacking the Script... 43 #24: Generating Random Passwords... 43 Using the Script... 44 4 WORKING WITH FORMS 45 Security Measures: Forms Are Not Trustworthy... 45 Verification Strategies... 46 Using $_POST, $_GET, $_REQUEST, and $_FILES to Access Form Data... 47 #25: Fetching Form Variables Consistently and Safely... 47 #26: Trimming Excess Whitespace... 47 #27: Importing Form Variables into an Array... 48 #28: Making Sure a Response Is One of a Set of Given Values... 51 Hacking the Script... 51 #29: Using Multiple Submit Buttons... 52 #30: Validating a Credit Card... 52 Using the Script... 54 Hacking the Script... 55 #31: Double-Checking a Credit Card s Expiration Date... 55 Using the Script... 56 #32: Checking Valid Email Addresses... 56 #33: Checking American Phone Numbers... 57 5 WORKING WITH TEXT AND HTML 59 #34: Extracting Part of a String... 59 Hacking the Script... 61 #35: Making a String Uppercase, Lowercase, or Capitalized... 62 What Can Go Wrong?... 62 #36: Finding Substrings... 63 What Can Go Wrong?... 64 #37: Replacing Substrings... 64 What Can Go Wrong?... 65 #38: Finding and Fixing Misspelled Words with pspell... 65 Working with the Default Dictionary... 66 Adding a Custom Dictionary to pspell... 68 What Can Go Wrong?... 69 viii

#39: Regular Expressions... 69 Regular Expression Basics... 69 Special Character Sequences... 70 Pattern Repeaters... 71 Grouping... 71 Character Classes... 71 Putting It All Together... 72 Matching and Extracting with Regular Expressions... 72 Replacing Substrings with Regular Expressions... 74 #40: Rearranging a Table... 75 #41: Creating a Screen Scraper... 75 Hacking the Script... 77 #42: Converting Plaintext into HTML-Ready Markup... 77 #43: Automatically Hyperlinking URLs... 80 #44: Stripping HTML Tags from Strings... 80 6 WORKING WITH DATES 81 How Unix Time Works... 81 #45: Getting the Current Timestamp... 82 #46: Getting the Timestamp of a Date in the Past or Future... 83 Creating Timestamps from a String... 83 Creating Timestamps from Date Values... 84 #47: Formatting Dates and Times... 85 #48: Calculating the Day of the Week from a Given Date... 88 #49: Finding the Difference Between Two Dates... 88 Using the Script... 89 Hacking the Script... 90 MySQL Date Formats... 90 7 WORKING WITH FILES 91 File Permissions... 91 Permissions with an FTP Program... 92 The Command Line... 93 What Can Go Wrong?... 93 #50: Placing a File s Contents into a Variable... 93 Hacking the Script... 95 What Can Go Wrong?... 95 #51: Creating and Writing to a File... 96 #52: Checking to See If a File Exists... 96 #53: Deleting Files... 97 #54: Uploading Images to a Directory... 97 Using the Script... 101 What Can Go Wrong?... 101 Hacking the Script... 101 #55: Reading a Comma-Separated File... 101 ix

8 USER AND SESSION TRACKING 103 Using Cookies and Sessions to Track User Data... 104 Cookies... 104 Sessions... 104 #56: Creating a Welcome Back, Username! Message with Cookies... 105 What Can Go Wrong?... 106 #57: Using Sessions to Temporarily Store Data... 107 What Can Go Wrong?... 109 #58: Checking to See If a User s Browser Accepts Cookies... 109 #59: Redirecting Users to Different Pages... 110 #60: Forcing a User to Use SSL-Encrypted Pages... 111 #61: Extracting Client Information... 111 #62: Session Timeouts... 115 #63: A Simple Login System... 116 9 WORKING WITH EMAIL 119 #64: Using PHPMailer to Send Mail... 120 Installing PHPMailer... 120 Using the Script... 121 Adding Attachments... 122 What Can Go Wrong?... 123 #65: Using Email to Verify User Accounts... 124 10 WORKING WITH IMAGES 129 #66: Creating a CAPTCHA (Security) Image... 129 #67: Creating Thumbnail Images... 136 11 USING curl TO INTERACT WITH WEB SERVICES 141 #68: Connecting to Other Websites... 142 #69: Using Cookies... 144 #70: Transforming XML into a Usable Form... 144 #71: Using Mapping Web Services... 146 #72: Using PHP and SOAP to Request Data from Amazon.com... 149 #73: Building a Web Service... 151 x

12 INTERMEDIATE PROJECTS 155 #74: A User Poll... 156 Creating a Ballot Form... 157 Processing the Ballot... 159 Getting Poll Results... 160 Hacking the Script... 162 #75: Electronic Greeting Cards... 162 Choosing a Card... 164 Sending the Card... 165 Viewing the Card... 169 Hacking the Script... 171 #76: A Blogging System... 171 Creating Blog Entries... 172 Displaying an Entry... 174 Adding Comments... 178 Creating a Blog Index... 178 Hacking the Script... 181 APPENDIX 183 INDEX 185 xi

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback