Keyw0rk

PHP Security Guide
Most PHP applications interact with a database. This usually involves connecting to a database server and using access
credentials to authenticate:
<?php
$host = ‘example.org’;
$username = ‘myuser’;
$password = ‘mypass’;
$db = mysql_connect($host, $username, $password);
?>
This could be an example of a file called db.inc that is included whenever a connection to the database is needed. This
approach is convenient, [...]

Session Fixation
Session security is a sophisticated topic, and it’s no surprise that sessions are a frequent target of attack. Most session
attacks involve impersonation, where the attacker attempts to gain access to another user’s session by posing as that user.
The most crucial piece of information for an attacker is the session identifier, because this is required [...]

The date and gmdate commands return the value of the current date. The regular date returns information based on the online host server. The gmdate returns information based on the Greenwich Meridian (the center of the timezones).
date (“formatting“);
gmdate (“formatting“);
There are many variations to use in formatting the outcome of a date. Using the date command [...]

The include command is very similar to using an SSI include. It calls a block of information from a different page into the current webpage.
include (“filename.php“);
Include will pass the information from an external page into the current one. The information that is passed will be known and usable to the coding that appears after the [...]

Sometimes you may want to call a function and have a value returned back to the main coding area. This is done using the return command.
Example :
<?php
function addit($first_number,$second_number){
$total_sum = $first_number + $second_number;
return $total_sum;
}
$first_number = “1″;
$second_number =”2″;
$total = addit($first_number,$second_number);
echo “$total”;
?>
Result :
3
Leaving the return command out, the result would be blank.
In the above example, the variable $total [...]

Arguments. No it’s not about two functions getting into a fight. An argument is information being passed from the coding into the function.
The parentheses in the function area will hold varables. These variables will catch the information being sent into the function. Each variable is seperated by a comma.
function function_name ($variable1,$variable2,$variable3) {
some PHP commands;
some PHP [...]

A function is a block of commands or instructions. If you have a specific block of commands that you are going to be using over and over again, this may be a very useful tidbit to use.
function function_name ( ) {
some PHP commands;
some PHP commands;
}
The word function lets the coding know that this set of [...]

As seen on the previous tutorial pages, ereg( ) and eregi( ) are used to find patterns. Taking this to the next level will allow you to find a pattern and replace it with a new value. This is using ereg_replace( ) and eregi_replace( ). The i has the same effect as before, case insensitive.
The [...]

Character classes are a defined set of characters. PHP holds some pre-defined classes for expressions :

[[:alpha:]]
any letter

[[:digit:]]
any digit

[[:alnum:]]
any letter or digit

[[:space:]]
any white space

[[:upper:]]
any upper case letter

[[:lower:]]
any lower case letter

[[:punct:]]
any punctuation mark

Classes are created by putting a set of characters within the [square] brackets. Searching for a vowel may be done by using [aeiou] for example. [...]

Metacharacters are special add-on things for doing a search. Keeping the z as our example to search for, here is a list of different metacharacters you can use…

^z
searches for a part that begins with z.

z$
searches for a part that ends with z.

z+
searches for at least one z in a row.

z?
searches for zero or one z.

(yz)
searches [...]