PHP and MySQL Web Development 4th Ed-tqw-_darksiderg

Recommendations

Info

Securing Your Code 373 Consider the following text: $input_str = "The user gave us \"15000?\". // malicious JavaScript code goes here. "; If we run it through the following PHP script (we run the nl2br function on the output string strictly to ensure that it is formatted nicely in the browser): We would see the following text output: The user gave us "15000?". <script type="text/javascript"> // malicious JavaScript code goes here. </script>The user gave us "15000€". <script type="text/javascript"> // malicious JavaScript code goes here. </script> And it would look as follows in the browser: The user gave us "15000?". // malicious JavaScript code goes here. The user gave us "15000?". // malicious JavaScript code goes here. Note that the htmlentities function replaced the symbol for the Euro currency symbol ( ) with an entity (€), whereas htmlspecialchars left it alone.
374 Chapter 16 Web Application Security For those situations where we would like to permit users to enter some HTML, such as a message board where people might like to use characters to control font, color, and style (bold or italicized), we will have to actually pick our way through the strings to find those and not strip them out. Code Organization There are those who would argue that any file that is not directly accessible to the user from the Internet should not find a place in the document root of the website. For example, if the document root for our message board website is /home/httpd/messageboard/www, we should place all our include files and any other files we write for the site in some place such as /home/httpd/messageboard/code.Then, in our code, when we want to include those files, we can write: require_once('../code/user_object.php); The reasons for this degree of caution come down to what happens when a malicious user makes a request for a file that is not a .php or .html file. Many web servers will default to dumping the contents of that file to the output stream.Thus, if we were to keep user_object.php somewhere in the public document root, and the user were to request it, the user might see a full dump of our code in the web browser.This would let the user see the implementation, get at any intellectual property we might have in this file, and potentially find exploits that we might have missed. To fix this, we should be sure that the web server is configured to only allow the request of .php and .html files and that requests for other types of files should return an error from the server. Similarly, any other files, such as password files, text files, configuration files, or special directories, are likely best kept away from the public document root. Even if we think we have our web server configured properly, we might have missed something, or if, in the future, our web application is moved to a new server that is not properly configured, we might be exposed to exploitation. If we have allow_url_fopen enabled in our php.ini, then we could theoretically include or require files from remote servers.This would be another possible point of security failure in our application, and we would do well to avoid including files from separate machines, especially those over which we do not have full control.We should likewise not use user input when choosing which files to include or require, as bad input here could also cause problems. What Goes in Your Code Many of the code snippets we have shown thus far for accessing databases have included in the code the database name, username, and user password in plain text, as follows: $conn = @new mysqli("localhost", "bob", "secret", "somedb");
Page 2:
PHP and MySQL ® Web Development Fo
Page 5 and 6:
PHP and MySQL ® Web Development, F
Page 7 and 8:
Contents at a Glance Introduction 1
Page 9 and 10:
Table of Contents Introduction 1 I
Page 11 and 12:
xii Contents Writing to a File 67 P
Page 13 and 14:
xiv Contents Comparing Strings 119
Page 15 and 16:
xvi Contents Overriding 170 Prevent
Page 17 and 18:
xviii Contents Looking at the Datab
Page 19 and 20:
xx Contents Using Indexes 305 Using
Page 21 and 22:
xxii Contents Firewalls 357 Data Ba
Page 23 and 24:
xxiv Contents 18 Implementing Secur
Page 25 and 26:
xxvi Contents 22 Generating Images
Page 27 and 28:
xxviii Contents Using a Standard Di
Page 29 and 30:
xxx Contents Implementing Payment 6
Page 31 and 32:
xxxii Contents Using an Existing Sy
Page 33 and 34:
xxxiv Contents Learning More about
Page 35 and 36:
Acknowledgments We would like to th
Page 38 and 39:
Introduction WELCOME TO PHP AND MYS
Page 40 and 41:
Introduction 3 PHP is an Open Sourc
Page 42 and 43:
Introduction 5 Using the Open Datab
Page 44 and 45:
Introduction 7 installing it for ma
Page 46 and 47:
Introduction 9 What Is New in MySQL
Page 48:
I Using PHP 1 PHP Crash Course 2 St
Page 51 and 52:
14 Chapter 1 PHP Crash Course n n n
Page 53 and 54:
16 Chapter 1 PHP Crash Course Listi
Page 55 and 56:
18 Chapter 1 PHP Crash Course Bob
Page 57 and 58:
20 Chapter 1 PHP Crash Course Notic
Page 59 and 60:
22 Chapter 1 PHP Crash Course Figur
Page 61 and 62:
24 Chapter 1 PHP Crash Course n Lon
Page 63 and 64:
Page 65 and 66:
28 Chapter 1 PHP Crash Course Under
Page 67 and 68:
30 Chapter 1 PHP Crash Course This
Page 69 and 70:
32 Chapter 1 PHP Crash Course n n n
Page 71 and 72:
34 Chapter 1 PHP Crash Course You s
Page 73 and 74:
36 Chapter 1 PHP Crash Course If th
Page 75 and 76:
38 Chapter 1 PHP Crash Course Logic
Page 77 and 78:
40 Chapter 1 PHP Crash Course Or, e
Page 79 and 80:
Page 81 and 82:
44 Chapter 1 PHP Crash Course We ge
Page 83 and 84:
46 Chapter 1 PHP Crash Course Refre
Page 85 and 86:
48 Chapter 1 PHP Crash Course If yo
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
54 Chapter 1 PHP Crash Course Listi
Page 93 and 94:
56 Chapter 1 PHP Crash Course A do.
Page 96 and 97:
2 Storing and Retrieving Data NOW T
Page 98 and 99:
Opening a File 61 The form field fo
Page 100 and 101:
Opening a File 63 In a Unix environ
Page 102 and 103:
Opening a File 65 Remember that the
Page 104 and 105:
Writing to a File 67 Figure 2.3 Usi
Page 106 and 107:
Closing a File 69 Listing 2.1 order
Page 108 and 109:
Reading from a File 71 Listing 2.2
Page 110 and 111:
Reading from a File 73 Knowing When
Page 112 and 113:
Reading from a File 75 This line re
Page 114 and 115:
Using Other Useful File Functions 7
Page 116 and 117:
A Better Way: Database Management S
Page 118 and 119:
3 Using Arrays THIS CHAPTER SHOWS Y
Page 120 and 121:
Numerically Indexed Arrays 83 This
Page 122 and 123:
Arrays with Different Indices 85 Th
Page 124 and 125:
Array Operators 87 This line uses e
Page 126 and 127:
Multidimensional Arrays 89 You can
Page 128 and 129:
Multidimensional Arrays 91 Truck Pa
Page 130 and 131:
Sorting Multidimensional Arrays 93
Page 132 and 133:
Sorting Multidimensional Arrays 95
Page 134 and 135:
Reordering Arrays 97 Listing 3.1 Co
Page 136 and 137:
Loading Arrays from Files 99 Listin
Page 138 and 139:
Loading Arrays from Files 101 part
Page 140 and 141:
Performing Other Array Manipulation
Page 142 and 143:
Performing Other Array Manipulation
Page 144 and 145:
4 String Manipulation and Regular E
Page 146 and 147:
Creating a Sample Application: Smar
Page 148 and 149:
Formatting Strings 111 Figure 4.2 U
Page 150 and 151:
Formatting Strings 113 Table 4.1 Ty
Page 152 and 153:
Formatting Strings 115 Figure 4.3 A
Page 154 and 155:
Joining and Splitting Strings with
Page 156 and 157:
Comparing Strings 119 The length pa
Page 158 and 159:
Matching and Replacing Substrings w
Page 160 and 161:
Introducing Regular Expressions 123
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Finding Substrings with Regular Exp
Page 168:
Next 131 Note In general, the regul
Page 171 and 172:
134 Chapter 5 Reusing Code and Writ
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
160 Chapter 6 Object-Oriented PHP U
Page 199 and 200:
162 Chapter 6 Object-Oriented PHP I
Page 201 and 202:
164 Chapter 6 Object-Oriented PHP S
Page 203 and 204:
166 Chapter 6 Object-Oriented PHP H
Page 205 and 206:
168 Chapter 6 Object-Oriented PHP f
Page 207 and 208:
170 Chapter 6 Object-Oriented PHP c
Page 209 and 210:
172 Chapter 6 Object-Oriented PHP I
Page 211 and 212:
174 Chapter 6 Object-Oriented PHP }
Page 213 and 214:
176 Chapter 6 Object-Oriented PHP T
Page 215 and 216:
178 Chapter 6 Object-Oriented PHP L
Page 217 and 218:
180 Chapter 6 Object-Oriented PHP L
Page 219 and 220:
182 Chapter 6 Object-Oriented PHP o
Page 221 and 222:
184 Chapter 6 Object-Oriented PHP U
Page 223 and 224:
186 Chapter 6 Object-Oriented PHP F
Page 225 and 226:
Page 227 and 228:
Page 230 and 231:
7 Error and Exception Handling IN T
Page 232 and 233:
The Exception Class 195 In Listing
Page 234 and 235:
User-Defined Exceptions 197 Listing
Page 236 and 237:
Exceptions in Bob’s Auto Parts 19
Page 238 and 239:
Exceptions in Bob’s Auto Parts 20
Page 240:
Next 203 pression operator. If it f
Page 244 and 245:
8 Designing Your Web Database NOW T
Page 246 and 247:
Relational Database Concepts 209 Co
Page 248 and 249:
Designing Your Web Database 211 Rel
Page 250 and 251:
Designing Your Web Database 213 Ord
Page 252 and 253:
Designing Your Web Database 215 Thi
Page 254 and 255:
Web Database Architecture 217 Brows
Page 256 and 257:
9 Creating Your Web Database IN THI
Page 258 and 259:
Logging In to MySQL 221 we have use
Page 260 and 261:
Introducing MySQL’s Privilege Sys
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Creating Database Tables 229 Go ahe
Page 268 and 269:
Creating Database Tables 231 Listin
Page 270 and 271:
Creating Database Tables 233 The bo
Page 272 and 273:
Understanding MySQL Identifiers 235
Page 274 and 275:
Choosing Column Data Types 237 For
Page 276 and 277:
Choosing Column Data Types 239 Tabl
Page 278:
Next 241 Table 9.10 TEXT and BLOB T
Page 281 and 282:
244 Chapter 10 Working with Your My
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299 and 300:
Page 301 and 302:
Page 304 and 305:
11 Accessing Your MySQL Database fr
Page 306 and 307:
How Web Database Architectures Work
Page 308 and 309:
Querying a Database from the Web 27
Page 310 and 311:
Page 312 and 313:
Page 314 and 315:
Putting New Information in the Data
Page 316 and 317:
Putting New Information in the Data
Page 318 and 319:
Using Prepared Statements 281 Let
Page 320 and 321:
Using Other PHP-Database Interfaces
Page 322:
Next 285 The advantages of using MD
Page 325 and 326:
288 Chapter 12 Advanced MySQL Admin
Page 327 and 328:
Page 329 and 330:
Page 331 and 332:
Page 333 and 334:
Page 335 and 336:
Page 337 and 338:
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
Page 345 and 346:
Page 348 and 349:
13 Advanced MySQL Programming IN TH
Page 350 and 351:
Transactions 313 applications such
Page 352 and 353:
Foreign Keys 315 You should see the
Page 354 and 355:
Stored Procedures 317 changes the e
Page 356 and 357:
Stored Procedures 319 or drop funct
Page 358 and 359:
Stored Procedures 321 action specif
Page 360: Next 323 +------+ | @l | +------+ |
Page 364 and 365: 14 Running an E-commerce Site THIS
Page 366 and 367: Considering the Types of Commercial
Page 374 and 375: Understanding Risks and Threats 337
Page 376: Next 339 Evolving Governmental Poli
Page 379 and 380: 342 Chapter 15 E-commerce Security
Page 398 and 399: 16 Web Application Security IN THIS
Page 400 and 401: Identifying the Threats We Face 363
Page 402 and 403: Understanding Who We’re Dealing W
Page 404 and 405: Securing Your Code 367 the security
Page 406 and 407: Securing Your Code 369 However, the
Page 408 and 409: Securing Your Code 371 if (!checkda
Page 412 and 413: Securing Your Code 375 Although thi
Page 414 and 415: Securing Your Code 377 n n Have you
Page 416 and 417: Securing Your Web Server and PHP 37
Page 418 and 419: Securing Your Web Server and PHP 38
Page 420 and 421: Database Server Security 383 n Look
Page 422 and 423: Protecting the Network 385 Internet
Page 424 and 425: Computer and Operating System Secur
Page 426 and 427: Disaster Planning 389 hosted burned
Page 428 and 429: 17 Implementing Authentication with
Page 430 and 431: Implementing Access Control 393 Fig
Page 432 and 433: Implementing Access Control 395 Lis
Page 434 and 435: Implementing Access Control 397 Lis
Page 436 and 437: Using Basic Authentication 399 Look
Page 438 and 439: Using Basic Authentication in PHP 4
Page 440 and 441: Using Basic Authentication with Apa
Page 442 and 443: Using Basic Authentication with Apa
Page 444 and 445: Using mod_auth_mysql Authentication
Page 446 and 447: 18 Implementing Secure Transactions
Page 448 and 449: Providing Secure Transactions 411 N
Page 450 and 451: Using Secure Sockets Layer (SSL) 41
Page 452 and 453: Using Secure Sockets Layer (SSL) 41
Page 454 and 455: Providing Secure Storage 417 Screen
Page 456 and 457: Using Encryption in PHP 419 Storing
Page 458 and 459: Using Encryption in PHP 421 If you
Page 460 and 461:
Using Encryption in PHP 423 and cre
Page 462 and 463:
Using Encryption in PHP 425 Listing
Page 464 and 465:
Further Reading 427 The script you
Page 466:
IV Advanced PHP Techniques 19 Inter
Page 469 and 470:
432 Chapter 19 Interacting with the
Page 471 and 472:
Page 473 and 474:
Page 475 and 476:
Page 477 and 478:
Page 479 and 480:
Page 481 and 482:
Page 483 and 484:
Page 485 and 486:
Page 487 and 488:
Page 489 and 490:
452 Chapter 20 Using Network and Pr
Page 491 and 492:
Page 493 and 494:
Page 495 and 496:
Page 497 and 498:
Page 499 and 500:
Page 501 and 502:
Page 503 and 504:
Page 505 and 506:
Page 507 and 508:
470 Chapter 21 Managing the Date an
Page 509 and 510:
Page 511 and 512:
Page 513 and 514:
Page 515 and 516:
Page 517 and 518:
Page 520 and 521:
22 Generating Images ONE OF THE USE
Page 522 and 523:
Understanding Image Formats 485 JPE
Page 524 and 525:
Creating Images 487 Figure 22.1 The
Page 526 and 527:
Creating Images 489 It takes as par
Page 528 and 529:
Using Text and Fonts to Create Imag
Page 530 and 531:
Page 532 and 533:
Page 534 and 535:
Page 536 and 537:
Drawing Figures and Graphing Data 4
Page 538 and 539:
Page 540 and 541:
Page 542 and 543:
Page 544 and 545:
Further Reading 507 Listing 22.5.4
Page 546 and 547:
23 Using Session Control in PHP IN
Page 548 and 549:
Understanding Basic Session Functio
Page 550 and 551:
Implementing Simple Sessions 513 Re
Page 552 and 553:
Creating a Simple Session Example 5
Page 554 and 555:
Implementing Authentication with Se
Page 556 and 557:
Page 558 and 559:
Page 560 and 561:
Page 562 and 563:
24 Other Useful Features SOME USEFU
Page 564 and 565:
Serializing Variables and Objects 5
Page 566 and 567:
Temporarily Altering the Runtime En
Page 568 and 569:
Using PHP on the Command Line 531 h
Page 570:
V Building Practical PHP and MySQL
Page 573 and 574:
536 Chapter 25 Using PHP and MySQL
Page 575 and 576:
Page 577 and 578:
Page 579 and 580:
Page 581 and 582:
Page 583 and 584:
Page 585 and 586:
Page 588 and 589:
26 Debugging THIS CHAPTER DEALS WIT
Page 590 and 591:
Programming Errors 553 run into thi
Page 592 and 593:
Programming Errors 555 That same st
Page 594 and 595:
Programming Errors 557 A SQL query
Page 596 and 597:
Variable Debugging Aid 559 Logic er
Page 598 and 599:
Variable Debugging Aid 561 This cod
Page 600 and 601:
Altering the Error Reporting Settin
Page 602 and 603:
Handling Errors Gracefully 565 You
Page 604:
Next 567 Figure 26.1 You can give f
Page 607 and 608:
570 Chapter 27 Building User Authen
Page 609 and 610:
Page 611 and 612:
Page 613 and 614:
Page 615 and 616:
Page 617 and 618:
Page 619 and 620:
Page 621 and 622:
Page 623 and 624:
Page 625 and 626:
Page 627 and 628:
Page 629 and 630:
Page 631 and 632:
Page 633 and 634:
Page 635 and 636:
Page 637 and 638:
Page 639 and 640:
Page 641 and 642:
Page 643 and 644:
Page 645 and 646:
608 Chapter 28 Building a Shopping
Page 647 and 648:
Page 649 and 650:
Page 651 and 652:
Page 653 and 654:
Page 655 and 656:
Page 657 and 658:
Page 659 and 660:
Page 661 and 662:
Page 663 and 664:
Page 665 and 666:
Page 667 and 668:
Page 669 and 670:
Page 671 and 672:
Page 673 and 674:
Page 675 and 676:
Page 677 and 678:
Page 679 and 680:
Page 681 and 682:
Page 683 and 684:
Page 685 and 686:
Page 687 and 688:
Page 689 and 690:
652 Chapter 29 Building a Web-Based
Page 691 and 692:
Page 693 and 694:
Page 695 and 696:
Page 697 and 698:
Page 699 and 700:
Page 701 and 702:
Page 703 and 704:
Page 705 and 706:
Page 707 and 708:
Page 709 and 710:
Page 711 and 712:
Page 713 and 714:
Page 715 and 716:
Page 717 and 718:
Page 719 and 720:
Page 721 and 722:
Page 723 and 724:
Page 725 and 726:
688 Chapter 30 Building a Mailing L
Page 727 and 728:
Page 729 and 730:
Page 731 and 732:
Page 733 and 734:
Page 735 and 736:
Page 737 and 738:
Page 739 and 740:
Page 741 and 742:
Page 743 and 744:
Page 745 and 746:
Page 747 and 748:
Page 749 and 750:
Page 751 and 752:
Page 753 and 754:
Page 755 and 756:
Page 757 and 758:
Page 759 and 760:
Page 761 and 762:
Page 763 and 764:
Page 765 and 766:
Page 767 and 768:
Page 769 and 770:
Page 771 and 772:
Page 773 and 774:
Page 775 and 776:
Page 777 and 778:
Page 779 and 780:
742 Chapter 31 Building Web Forums
Page 781 and 782:
Page 783 and 784:
Page 785 and 786:
Page 787 and 788:
Page 789 and 790:
Page 791 and 792:
Page 793 and 794:
Page 795 and 796:
Page 797 and 798:
Page 799 and 800:
Page 801 and 802:
Page 803 and 804:
Page 805 and 806:
Page 807 and 808:
Page 809 and 810:
772 Chapter 32 Generating Personali
Page 811 and 812:
Page 813 and 814:
Page 815 and 816:
Page 817 and 818:
Page 819 and 820:
Page 821 and 822:
Page 823 and 824:
Page 825 and 826:
Page 827 and 828:
Page 829 and 830:
Page 831 and 832:
Page 833 and 834:
Page 835 and 836:
Page 837 and 838:
Page 839 and 840:
Page 841 and 842:
Page 844 and 845:
33 Connecting to Web Services with
Page 846 and 847:
Project Overview: Working with XML
Page 848 and 849:
Project Overview: Working with XML
Page 850 and 851:
Solution Components 813 If you woul
Page 852 and 853:
Solution Overview 815 Caching As we
Page 854 and 855:
Solution Overview 817 Although it d
Page 856 and 857:
Solution Overview 819 Figure 33.5 B
Page 858 and 859:
Solution Overview 821 Listing 33.3
Page 860 and 861:
Solution Overview 823 Let’s work
Page 862 and 863:
Solution Overview 825 if(!eregi('^[
Page 864 and 865:
Page 866 and 867:
Page 868 and 869:
Page 870 and 871:
Page 872 and 873:
Page 874 and 875:
Page 876 and 877:
Solution Overview 839 data, but bec
Page 878 and 879:
Page 880 and 881:
Page 882 and 883:
Solution Overview 845 Using SOAP to
Page 884 and 885:
Solution Overview 847 } if($type ==
Page 886 and 887:
Solution Overview 849 in memory. No
Page 888 and 889:
Page 890 and 891:
Installing the Project Code 853 for
Page 892 and 893:
34 Building Web 2.0 Applications wi
Page 894 and 895:
What Is Ajax? 857 n Other common me
Page 896 and 897:
What Is Ajax? 859 display the h1 te
Page 898 and 899:
Fundamental Ajax 861 Note For secur
Page 900 and 901:
Fundamental Ajax 863 function getSe
Page 902 and 903:
Fundamental Ajax 865 The next step
Page 904 and 905:
Fundamental Ajax 867 Listing 34.3 C
Page 906 and 907:
Fundamental Ajax 869 Figure 34.2 Th
Page 908 and 909:
Adding Ajax Elements to Earlier Pro
Page 910 and 911:
Page 912 and 913:
Page 914 and 915:
Page 916 and 917:
Page 918 and 919:
Page 920 and 921:
Page 922:
For More Information 885 Some popul
Page 926 and 927:
A Installing PHP and MySQL APACHE,
Page 928 and 929:
Installing Apache, PHP, and MySQL U
Page 930 and 931:
Page 932 and 933:
Page 934 and 935:
Page 936 and 937:
Page 938 and 939:
Page 940 and 941:
Page 942 and 943:
Page 944 and 945:
B Web Resources THIS APPENDIX LISTS
Page 946 and 947:
Apache Resources 909 The PHP Resour
Page 948 and 949:
Index SYMBOLS ! (logical operator),
Page 950 and 951:
array_count_values() function 913 c
Page 952 and 953:
ottom.php files (Tahuayo applicatio
Page 954 and 955:
collapsing threads (Web forum appli
Page 956 and 957:
CVS (Concurrent Versions System) 91
Page 958 and 959:
date and time 921 user table, 289 W
Page 960 and 961:
downloading 923 directories browsin
Page 962 and 963:
escaping characters 925 reading, 45
Page 964 and 965:
files 927 FILE privilege, 226-227,
Page 966 and 967:
functions 929 foreign keys database
Page 968 and 969:
functions 931 escapeshellcmd(), 378
Page 970 and 971:
functions 933 prototypes, 144 puten
Page 972 and 973:
images 935 hardware failure (commer
Page 974 and 975:
keys 937 INSERT statement, 244 inse
Page 976 and 977:
MaxClients parameter (Apache) 939 l
Page 978 and 979:
mysqli_query() function 941 multidi
Page 980 and 981:
operators 943 O Object data type (v
Page 982 and 983:
PHP 945 paths absolute, 62 file, 44
Page 984 and 985:
php.ini file 947 gethostbyaddr(), 4
Page 986 and 987:
purchase.php script (Shopping Cart
Page 988 and 989:
eturning 951 Perl, 123 slash (\), 1
Page 990 and 991:
security 953 buttons, calling, 493
Page 992 and 993:
Shopping Cart application 955 Warm
Page 994 and 995:
statements 957 special characters l
Page 996 and 997:
tab control sequence (\t) 959 print
Page 998 and 999:
time and date 961 limitations, 79 l
Page 1000 and 1001:
usort() function 963 UPDATE privile
Page 1002 and 1003:
Web databases 965 views, File Detai
Page 1004 and 1005:
word processor formats 967 JPEG (Jo
Page 1006 and 1007:
What’s on the CD? The book’s co
show all

PHP and MySQL Web Development 4th Ed-tqw-_darksiderg

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?