Essential PHP Security

Errata for Essential PHP Security

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released.

The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.

Color Key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update

Version Location Description Submitted by Date submitted
ePub Page all

This book is badly edited. The only people likely to understand it are geeks. I'm a graphic designer who uses PHP to create web sites. I cannot understand this book.

Little things, like how to turn off Register_Globals, are not explained.

Other little things like text with emphasis in the ebook, version-- the text is so minute compared to the main text that you need a magnifying glass on every line.

Books like these discourage learning-- at least for newbies like me.

Stu Ducklow  Feb 19, 2013 
Printed Page 21

If a multipart MIME message boundary is ----------12345, the actual boundary will be ------------12345 instead of ----------12345. (Please note that correct one has 12 '-', wrong one has 10 '-'.)

Therefore, the code at the bottom of page 21 should go like the following:

POST /upload.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----------12345
Content-Length: 251


Thank you,

Anonymous  Oct 21, 2009 
PDF Page 42
callout including a URL

The link to (HTTP cookie specification document) is no longer valid.

It has been re-hosted here (among other places):

Tom Stowell  Jun 23, 2014 
Printed Page 42
figure 4-2, box nearest lower-left

Use $_session
should be

tcordes  Nov 07, 2015 
Printed Page 60
last non-code paragraph

"Because $content is tainted,"
should be
"Because $contents is tainted,"

tcordes  Nov 07, 2015 
Printed Page 69
1st code block

$auth = $username . md5($password);
setcookie('auth', $cookie);

You create an auth token and put it in $auth, then in the next line setcookie with $cookie. $cookie should instead be $auth. As it stands you will set a cookie to a blank (or possibly some unintended, other) value and have a broken auth mechanism.

tcordes  Nov 07, 2015