PHP Security Guide
Most PHP applications interact with a database. This usually involves connecting to a database server and using access
credentials to authenticate:
<?php
$host = ‘example.org’;
$username = ‘myuser’;
$password = ‘mypass’;
$db = mysql_connect($host, $username, $password);
?>
This could be an example of a file called db.inc that is included whenever a connection to the database is needed. This
approach is convenient, [...]
Session Fixation
Session security is a sophisticated topic, and it’s no surprise that sessions are a frequent target of attack. Most session
attacks involve impersonation, where the attacker attempts to gain access to another user’s session by posing as that user.
The most crucial piece of information for an attacker is the session identifier, because this is required [...]
Posted on November 07th, 2009 in MySQL
Using databases to store user identification, image information, and so much more for dynamic websites is the easiest way to ease maintenance. MySQL is the most popular choice of database, and in this article, I’ll explain the most basic functions: connecting and using a MySQL database and its respective tables.
The first step in using [...]
Posted on November 07th, 2009 in Apache
Though not necessary, running PHP on your home machine can make development much quicker and easier. Without affecting the actual website, you can edit files and execute them locally, uploading all to the server when finished. This article will cover the installation of Apache and configuration of PHP on your local Windows machine.
There are several [...]
Posted on October 31st, 2009 in PHP
There are two varieties of email. Text and HTML. Text email is like regular text messages. HTML email is like viewing a webpage with colors and images. To create the effect of an HTML email, a couple of extra headers must be added.
<?php
$to = “yourplace@somewhere.com”;
$subject = “My HTML email test.”;
$headers = “From: myplace@here.com\r\n”;
$headers .= “Reply-To: [...]
Posted on October 31st, 2009 in PHP
Headers are the parts seen at the top of emails. Typically :
To :
A comma seperated list of recipient emails.
From :
The senders email address.
Reply-To :
The email address where replies should be sent to.
Return-Path :
Kinda the same thing as the Reply-To. Some email clients require this, others create a default.
Subject :
Subject of the email.
CC :
Carbon Copy. A [...]
Posted on October 31st, 2009 in PHP
Additional recipient emails can be added to the first variable separating them by commas, not semicolons.
$to = “yourplace@somewhere.com,another@elsewhere.com“;
A more advanced method is to put a newline separated email list into a text file, trim each entry, implode them into an array variable, and use the array variable as the $to value.
elist.txt
firstemail@here.com
secondemail@there.com
yourplace@somewhere.com
another@elsewhere.com
Revised email script
<?php
// read the [...]
Posted on October 31st, 2009 in PHP
PHP makes sending information to an email rather easy. It takes one main command :
mail (“recipient”,”subject”,”message”);
The first value is an email address. Where the information is going to be sent to.
The second value is a short sentense or note. It will appear in the SUBJECT field of the email.
The third value is the main [...]
Posted on October 31st, 2009 in PHP
Directories are a list of files. They are the same as a folder on your computer. The mkdir command is used for creating a directory.
mkdir (“path“,”permissions“);
The path will be the name and location of the directory. The permissions part is a zero followed by the normal 3 digit CHMOD number you have seen in previous [...]
Posted on October 31st, 2009 in PHP
The fopen command is used to open a specific file.
$myfile = fopen (“filename.ext“,”mode“);
The value from opening the file will be transferred into the variable ($myfile).
Before opening a file however, you have to decide on what will be happening to the file :
1. Do you want to open the file just to read the contents?
2. Do [...]
